admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-02-13T17:00:40.639248+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-02-13 17:04:07 +00:00
parent 6bee899239
commit 087533d190
111 changed files with 3438 additions and 700 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CVE-2011/CVE-2011-45xx/CVE-2011-4595.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2011-4595", "id": "CVE-2011-4595",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2020-01-10T14:15:09.950", "published": "2020-01-10T14:15:09.950",
"lastModified": "2024-11-21T01:32:37.467", "lastModified": "2025-02-13T16:11:58.040",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -85,8 +85,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:caseproof:pretty_link:1.5.2:*:*:*:lite:wordpress:*:*", "criteria": "cpe:2.3:a:caseproof:prettylinks:1.5.2:*:*:*:free:wordpress:*:*",
"matchCriteriaId": "212AAB0D-CDB3-48EA-8D71-D47B50BFA1C9" "matchCriteriaId": "F4EB0693-AD62-4850-9712-5F9A8384A138"
} }
] ]
} }

14
CVE-2013/CVE-2013-16xx/CVE-2013-1636.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2013-1636", "id": "CVE-2013-1636",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2014-03-12T14:55:26.600", "published": "2014-03-12T14:55:26.600",
"lastModified": "2024-11-21T01:50:02.760", "lastModified": "2025-02-13T16:03:03.407",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -63,19 +63,19 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:blair_williams:pretty_link_lite:*:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:caseproof:prettylinks:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.6.2", "versionEndIncluding": "1.6.2",
"matchCriteriaId": "E9BBCB0D-945C-4DBE-8FE0-6BBFDAFB99BE" "matchCriteriaId": "E8B2E67D-328E-464E-9515-11CCA4981683"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:blair_williams:pretty_link_lite:1.6.0:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:caseproof:prettylinks:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8457DC09-67FD-4CB4-B8C3-26F8C06F7B50" "matchCriteriaId": "7DC8B0DD-82DA-4E41-A4B1-B3B80AF1C920"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:blair_williams:pretty_link_lite:1.6.1:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:caseproof:prettylinks:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "413F06E0-5DB1-411D-902D-C62CD70631E7" "matchCriteriaId": "F4F7FED3-B2CC-45A3-B681-6C8CB4A49A50"
} }
] ]
} }

6
CVE-2014/CVE-2014-04xx/CVE-2014-0496.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2014-0496", "id": "CVE-2014-0496",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2014-01-15T16:13:04.100", "published": "2014-01-15T16:13:04.100",
"lastModified": "2025-02-10T21:15:10.953", "lastModified": "2025-02-13T15:58:31.787",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -75,7 +75,7 @@
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-399" "value": "CWE-416"
} }
] ]
}, },

6
CVE-2015/CVE-2015-94xx/CVE-2015-9457.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2015-9457", "id": "CVE-2015-9457",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2019-10-10T16:15:10.940", "published": "2019-10-10T16:15:10.940",
"lastModified": "2024-11-21T02:40:40.910", "lastModified": "2025-02-13T16:11:58.040",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -85,9 +85,9 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:caseproof:pretty_link:*:*:*:*:lite:*:*:*", "criteria": "cpe:2.3:a:caseproof:prettylinks:*:*:*:*:free:*:*:*",
"versionEndExcluding": "1.6.8", "versionEndExcluding": "1.6.8",
"matchCriteriaId": "CADD39DB-4230-4A96-8BB3-48272B5EEAB5" "matchCriteriaId": "46780791-D64C-407D-BE90-EF0B259A5170"
} }
] ]
} }

10
CVE-2019/CVE-2019-167xx/CVE-2019-16782.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-16782", "id": "CVE-2019-16782",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2019-12-18T20:15:16.180", "published": "2019-12-18T20:15:16.180",
"lastModified": "2024-11-21T04:31:10.920", "lastModified": "2025-02-13T15:37:40.953",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -115,16 +115,16 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "1.6.12", "versionEndExcluding": "1.6.12",
"matchCriteriaId": "9D82859F-CE7F-46CD-B8AD-323A5DAF4DAF" "matchCriteriaId": "D920538B-B12B-4CB6-B04C-4ED0122B1ACE"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.0.0", "versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.0.8", "versionEndExcluding": "2.0.8",
"matchCriteriaId": "08C26D46-A794-46E5-B417-9FAC01552413" "matchCriteriaId": "75BDB863-165A-4446-855E-25243469A538"
} }
] ]
} }

13
CVE-2020/CVE-2020-175xx/CVE-2020-17519.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-17519", "id": "CVE-2020-17519",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2021-01-05T12:15:12.680", "published": "2021-01-05T12:15:12.680",
"lastModified": "2024-11-21T05:08:16.523", "lastModified": "2025-02-13T16:47:51.753",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -193,6 +193,7 @@
"url": "https://lists.apache.org/thread.html/r4e1b72bfa789ea5bc20b8afe56119200ed25bdab0eb80d664fa5bfe2%40%3Cdev.flink.apache.org%3E", "url": "https://lists.apache.org/thread.html/r4e1b72bfa789ea5bc20b8afe56119200ed25bdab0eb80d664fa5bfe2%40%3Cdev.flink.apache.org%3E",
"source": "security@apache.org", "source": "security@apache.org",
"tags": [ "tags": [
"Mailing List",
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
@ -200,6 +201,7 @@
"url": "https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cannounce.apache.org%3E", "url": "https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cannounce.apache.org%3E",
"source": "security@apache.org", "source": "security@apache.org",
"tags": [ "tags": [
"Mailing List",
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
@ -230,6 +232,7 @@
"url": "https://lists.apache.org/thread.html/r88b55f3ebf1f8f4e1cc61f030252aaef4b77060b56557a243abb92a1%40%3Cissues.flink.apache.org%3E", "url": "https://lists.apache.org/thread.html/r88b55f3ebf1f8f4e1cc61f030252aaef4b77060b56557a243abb92a1%40%3Cissues.flink.apache.org%3E",
"source": "security@apache.org", "source": "security@apache.org",
"tags": [ "tags": [
"Mailing List",
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
@ -237,6 +240,7 @@
"url": "https://lists.apache.org/thread.html/r88f427865fb6aa6e6378efe07632a1906b430365e15e3b9621aabe1d%40%3Cissues.flink.apache.org%3E", "url": "https://lists.apache.org/thread.html/r88f427865fb6aa6e6378efe07632a1906b430365e15e3b9621aabe1d%40%3Cissues.flink.apache.org%3E",
"source": "security@apache.org", "source": "security@apache.org",
"tags": [ "tags": [
"Mailing List",
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
@ -244,6 +248,7 @@
"url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E", "url": "https://lists.apache.org/thread.html/r90890afea72a9571d666820b2fe5942a0a5f86be406fa31da3dd0922%40%3Cannounce.apache.org%3E",
"source": "security@apache.org", "source": "security@apache.org",
"tags": [ "tags": [
"Mailing List",
"Not Applicable" "Not Applicable"
] ]
}, },
@ -317,6 +322,7 @@
"url": "https://lists.apache.org/thread.html/r4e1b72bfa789ea5bc20b8afe56119200ed25bdab0eb80d664fa5bfe2%40%3Cdev.flink.apache.org%3E", "url": "https://lists.apache.org/thread.html/r4e1b72bfa789ea5bc20b8afe56119200ed25bdab0eb80d664fa5bfe2%40%3Cdev.flink.apache.org%3E",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Mailing List",
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
@ -324,6 +330,7 @@
"url": "https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cannounce.apache.org%3E", "url": "https://lists.apache.org/thread.html/r6843202556a6d0bce9607ebc02e303f68fc88e9038235598bde3b50d%40%3Cannounce.apache.org%3E",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Mailing List",
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
@ -354,6 +361,7 @@
"url": "https://lists.apache.org/thread.html/r88b55f3ebf1f8f4e1cc61f030252aaef4b77060b56557a243abb92a1%40%3Cissues.flink.apache.org%3E", "url": "https://lists.apache.org/thread.html/r88b55f3ebf1f8f4e1cc61f030252aaef4b77060b56557a243abb92a1%40%3Cissues.flink.apache.org%3E",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Mailing List",
"Vendor Advisory" "Vendor Advisory"
] ]
}, },
@ -361,6 +369,7 @@
"url": "https://lists.apache.org/thread.html/r88f427865fb6aa6e6378efe07632a1906b430365e15e3b9621aabe1d%40%3Cissues.flink.apache.org%3E", "url": "https://lists.apache.org/thread.html/r88f427865fb6aa6e6378efe07632a1906b430365e15e3b9621aabe1d%40%3Cissues.flink.apache.org%3E",
"source": "af854a3a-2127-422b-91ae-364da2661108", "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [ "tags": [
"Mailing List",
"Vendor Advisory" "Vendor Advisory"
] ]
}, },

4
CVE-2021/CVE-2021-306xx/CVE-2021-30666.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-30666", "id": "CVE-2021-30666",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2021-09-08T15:15:13.553", "published": "2021-09-08T15:15:13.553",
"lastModified": "2025-01-29T18:15:40.907", "lastModified": "2025-02-13T16:49:28.897",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2021/CVE-2021-307xx/CVE-2021-30761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-30761", "id": "CVE-2021-30761",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2021-09-08T14:15:10.257", "published": "2021-09-08T14:15:10.257",
"lastModified": "2025-01-29T18:15:41.363", "lastModified": "2025-02-13T16:49:19.133",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2021/CVE-2021-307xx/CVE-2021-30762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-30762", "id": "CVE-2021-30762",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2021-09-08T14:15:10.300", "published": "2021-09-08T14:15:10.300",
"lastModified": "2025-01-29T18:15:41.597", "lastModified": "2025-02-13T16:49:10.863",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2021/CVE-2021-309xx/CVE-2021-30983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-30983", "id": "CVE-2021-30983",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2021-08-24T19:15:23.507", "published": "2021-08-24T19:15:23.507",
"lastModified": "2025-01-29T18:15:42.993", "lastModified": "2025-02-13T16:48:52.507",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

10
CVE-2022/CVE-2022-316xx/CVE-2022-31631.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2022-31631", "id": "CVE-2022-31631",
"sourceIdentifier": "security@php.net", "sourceIdentifier": "security@php.net",
"published": "2025-02-12T22:15:29.007", "published": "2025-02-12T22:15:29.007",
"lastModified": "2025-02-12T23:15:09.593", "lastModified": "2025-02-13T16:15:35.670",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities." "value": "In PHP versions 8.0.* before 8.0.27, 8.1.* before 8.1.15, 8.2.* before 8.2.2 when using PDO::quote() function to quote user-supplied data for SQLite, supplying an overly long string may cause the driver to incorrectly quote the data, which may further lead to SQL injection vulnerabilities."
},
{
"lang": "es",
"value": "En las versiones de PHP 8.0.* anteriores a 8.0.27, 8.1.* anteriores a 8.1.15, 8.2.* anteriores a 8.2.2, cuando se usa la funci\u00f3n PDO::quote() para citar datos proporcionados por el usuario para SQLite, proporcionar una cadena demasiado larga puede provocar que el controlador cite incorrectamente los datos, lo que puede generar vulnerabilidades de inyecci\u00f3n SQL."
} }
], ],
"metrics": { "metrics": {
@ -55,6 +59,10 @@
{ {
"url": "https://security.netapp.com/advisory/ntap-20230223-0007/", "url": "https://security.netapp.com/advisory/ntap-20230223-0007/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://bugs.php.net/bug.php?id=81740",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

24
CVE-2022/CVE-2022-387xx/CVE-2022-38745.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-38745", "id": "CVE-2022-38745",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-03-24T16:15:08.130", "published": "2023-03-24T16:15:08.130",
"lastModified": "2024-11-21T07:17:00.937", "lastModified": "2025-02-13T15:15:11.950",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,13 +32,33 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

18
CVE-2022/CVE-2022-445xx/CVE-2022-44570.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44570", "id": "CVE-2022-44570",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-02-09T20:15:11.090", "published": "2023-02-09T20:15:11.090",
"lastModified": "2024-11-21T07:28:08.923", "lastModified": "2025-02-13T15:37:40.953",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -66,31 +66,31 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "1.5.0", "versionStartIncluding": "1.5.0",
"versionEndExcluding": "2.0.9.2", "versionEndExcluding": "2.0.9.2",
"matchCriteriaId": "B5F0D19B-77F4-422D-B31F-7FBF40FE9DDA" "matchCriteriaId": "9BA75CAC-3827-43F4-BB00-E53CF292C99B"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.1.0", "versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.4.2", "versionEndExcluding": "2.1.4.2",
"matchCriteriaId": "C1B66022-6E77-4CFA-B55F-5BC1182A23E2" "matchCriteriaId": "88472664-E928-4495-B5F3-48791F54AA0F"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.2.0", "versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.6.1", "versionEndExcluding": "2.2.6.1",
"matchCriteriaId": "49B7FE1A-545A-451A-ACEE-075BD917FA1D" "matchCriteriaId": "D64B9931-BE5C-4284-8233-7572FB46B296"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "3.0.0", "versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.4.1", "versionEndExcluding": "3.0.4.1",
"matchCriteriaId": "35AF318D-7357-4AE6-9337-9CF86E817D49" "matchCriteriaId": "523AAE89-E040-4954-BDAF-9D738E44D02B"
} }
] ]
} }

18
CVE-2022/CVE-2022-445xx/CVE-2022-44571.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44571", "id": "CVE-2022-44571",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-02-09T20:15:11.153", "published": "2023-02-09T20:15:11.153",
"lastModified": "2024-11-21T07:28:09.063", "lastModified": "2025-02-13T15:37:40.953",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -66,31 +66,31 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.0.0", "versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.0.9.2", "versionEndExcluding": "2.0.9.2",
"matchCriteriaId": "1DF1BBB2-39B9-442F-86BC-243A2A951A24" "matchCriteriaId": "0FFB3E60-D2AF-42BC-9C54-4542F15FB5BC"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.1.0", "versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.4.2", "versionEndExcluding": "2.1.4.2",
"matchCriteriaId": "C1B66022-6E77-4CFA-B55F-5BC1182A23E2" "matchCriteriaId": "88472664-E928-4495-B5F3-48791F54AA0F"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.2.0", "versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.6.1", "versionEndExcluding": "2.2.6.1",
"matchCriteriaId": "49B7FE1A-545A-451A-ACEE-075BD917FA1D" "matchCriteriaId": "D64B9931-BE5C-4284-8233-7572FB46B296"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "3.0.0.0", "versionStartIncluding": "3.0.0.0",
"versionEndExcluding": "3.0.4.1", "versionEndExcluding": "3.0.4.1",
"matchCriteriaId": "3C1AC2F2-87C8-4BAD-A1BD-FEA1041998D1" "matchCriteriaId": "EFDFB2FB-F5BF-4138-AE0E-358E1D1424FB"
} }
] ]
} }

14
CVE-2022/CVE-2022-445xx/CVE-2022-44572.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-44572", "id": "CVE-2022-44572",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-02-09T20:15:11.220", "published": "2023-02-09T20:15:11.220",
"lastModified": "2024-11-21T07:28:09.180", "lastModified": "2025-02-13T15:37:40.953",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -66,23 +66,23 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "2.0.9.2", "versionEndExcluding": "2.0.9.2",
"matchCriteriaId": "C3DCA512-83FE-4A97-A7F7-FC664C52AE2A" "matchCriteriaId": "4726EA3A-2F00-4BE6-A0D5-1DCDF9E93CC7"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.1.0", "versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.4.2", "versionEndExcluding": "2.1.4.2",
"matchCriteriaId": "C1B66022-6E77-4CFA-B55F-5BC1182A23E2" "matchCriteriaId": "88472664-E928-4495-B5F3-48791F54AA0F"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.2.0", "versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.4.1", "versionEndExcluding": "2.2.4.1",
"matchCriteriaId": "7ADE4A55-881C-4242-B146-E2E0F9D03DB9" "matchCriteriaId": "68D93C0C-48AF-42AF-91C0-5E38C7FD73FE"
} }
] ]
} }

22
CVE-2023/CVE-2023-06xx/CVE-2023-0614.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0614", "id": "CVE-2023-0614",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-03T23:15:06.957", "published": "2023-04-03T23:15:06.957",
"lastModified": "2024-11-21T07:37:29.347", "lastModified": "2025-02-13T15:15:12.557",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
} }
] ]
}, },

32
CVE-2023/CVE-2023-07xx/CVE-2023-0738.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0738", "id": "CVE-2023-0738",
"sourceIdentifier": "help@fluidattacks.com", "sourceIdentifier": "help@fluidattacks.com",
"published": "2023-04-04T23:15:07.273", "published": "2023-04-04T23:15:07.273",
"lastModified": "2024-11-21T07:37:43.727", "lastModified": "2025-02-13T16:15:37.153",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2023/CVE-2023-08xx/CVE-2023-0835.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0835", "id": "CVE-2023-0835",
"sourceIdentifier": "help@fluidattacks.com", "sourceIdentifier": "help@fluidattacks.com",
"published": "2023-04-04T23:15:07.310", "published": "2023-04-04T23:15:07.310",
"lastModified": "2024-11-21T07:37:55.543", "lastModified": "2025-02-13T16:15:37.380",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 4.7 "impactScore": 4.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
} }
] ]
}, },

22
CVE-2023/CVE-2023-09xx/CVE-2023-0922.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0922", "id": "CVE-2023-0922",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-03T23:15:07.000", "published": "2023-04-03T23:15:07.000",
"lastModified": "2024-11-21T07:38:06.260", "lastModified": "2025-02-13T15:15:12.780",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.2, "exploitabilityScore": 2.2,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
} }
] ]
}, },

22
CVE-2023/CVE-2023-15xx/CVE-2023-1579.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1579", "id": "CVE-2023-1579",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-03T23:15:07.043", "published": "2023-04-03T23:15:07.043",
"lastModified": "2024-11-21T07:39:28.990", "lastModified": "2025-02-13T15:15:12.980",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },

22
CVE-2023/CVE-2023-15xx/CVE-2023-1582.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1582", "id": "CVE-2023-1582",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-05T20:15:07.663", "published": "2023-04-05T20:15:07.663",
"lastModified": "2024-11-21T07:39:29.237", "lastModified": "2025-02-13T15:15:13.173",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.0, "exploitabilityScore": 1.0,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
} }
] ]
}, },

22
CVE-2023/CVE-2023-16xx/CVE-2023-1611.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1611", "id": "CVE-2023-1611",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2023-04-03T22:15:06.967", "published": "2023-04-03T22:15:06.967",
"lastModified": "2024-11-21T07:39:32.193", "lastModified": "2025-02-13T15:15:13.357",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.0, "exploitabilityScore": 1.0,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
} }
] ]
}, },

32
CVE-2023/CVE-2023-206xx/CVE-2023-20652.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20652", "id": "CVE-2023-20652",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-04-06T18:15:08.353", "published": "2023-04-06T18:15:08.353",
"lastModified": "2024-11-21T07:41:17.753", "lastModified": "2025-02-13T16:15:37.597",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-206xx/CVE-2023-20653.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20653", "id": "CVE-2023-20653",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-04-06T18:15:08.407", "published": "2023-04-06T18:15:08.407",
"lastModified": "2024-11-21T07:41:17.877", "lastModified": "2025-02-13T16:15:37.793",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-206xx/CVE-2023-20663.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20663", "id": "CVE-2023-20663",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-04-06T18:15:08.973", "published": "2023-04-06T18:15:08.973",
"lastModified": "2024-11-21T07:41:19.120", "lastModified": "2025-02-13T16:15:37.993",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-190" "value": "CWE-190"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-206xx/CVE-2023-20664.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20664", "id": "CVE-2023-20664",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-04-06T18:15:09.023", "published": "2023-04-06T18:15:09.023",
"lastModified": "2024-11-21T07:41:19.240", "lastModified": "2025-02-13T15:15:13.603",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-416" "value": "CWE-416"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-206xx/CVE-2023-20665.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20665", "id": "CVE-2023-20665",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-04-06T18:15:09.077", "published": "2023-04-06T18:15:09.077",
"lastModified": "2024-11-21T07:41:19.363", "lastModified": "2025-02-13T15:15:13.987",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-125" "value": "CWE-125"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-206xx/CVE-2023-20666.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20666", "id": "CVE-2023-20666",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-04-06T18:15:09.130", "published": "2023-04-06T18:15:09.130",
"lastModified": "2024-11-21T07:41:19.483", "lastModified": "2025-02-13T15:15:14.217",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-206xx/CVE-2023-20670.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20670", "id": "CVE-2023-20670",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2023-04-06T18:15:09.183", "published": "2023-04-06T18:15:09.183",
"lastModified": "2024-11-21T07:41:19.597", "lastModified": "2025-02-13T15:15:14.440",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-247xx/CVE-2023-24797.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24797", "id": "CVE-2023-24797",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-07T02:15:07.647", "published": "2023-04-07T02:15:07.647",
"lastModified": "2024-11-21T07:48:25.187", "lastModified": "2025-02-13T15:15:14.623",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-247xx/CVE-2023-24798.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24798", "id": "CVE-2023-24798",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-07T02:15:07.687", "published": "2023-04-07T02:15:07.687",
"lastModified": "2024-11-21T07:48:25.343", "lastModified": "2025-02-13T15:15:14.830",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-247xx/CVE-2023-24799.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24799", "id": "CVE-2023-24799",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-07T02:15:07.720", "published": "2023-04-07T02:15:07.720",
"lastModified": "2024-11-21T07:48:25.490", "lastModified": "2025-02-13T15:15:15.033",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-248xx/CVE-2023-24800.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24800", "id": "CVE-2023-24800",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-07T02:15:07.757", "published": "2023-04-07T02:15:07.757",
"lastModified": "2024-11-21T07:48:25.623", "lastModified": "2025-02-13T15:15:15.230",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-252xx/CVE-2023-25210.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25210", "id": "CVE-2023-25210",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-07T02:15:07.793", "published": "2023-04-07T02:15:07.793",
"lastModified": "2024-11-21T07:49:18.817", "lastModified": "2025-02-13T15:15:15.430",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-252xx/CVE-2023-25211.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25211", "id": "CVE-2023-25211",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-07T02:15:07.827", "published": "2023-04-07T02:15:07.827",
"lastModified": "2024-11-21T07:49:18.947", "lastModified": "2025-02-13T15:15:15.660",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-252xx/CVE-2023-25212.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25212", "id": "CVE-2023-25212",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-07T02:15:07.867", "published": "2023-04-07T02:15:07.867",
"lastModified": "2024-11-21T07:49:19.073", "lastModified": "2025-02-13T15:15:15.907",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-253xx/CVE-2023-25303.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25303", "id": "CVE-2023-25303",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T13:15:08.603", "published": "2023-04-04T13:15:08.603",
"lastModified": "2024-11-21T07:49:23.910", "lastModified": "2025-02-13T16:15:38.373",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-22" "value": "CWE-22"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-253xx/CVE-2023-25305.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25305", "id": "CVE-2023-25305",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T13:15:08.643", "published": "2023-04-04T13:15:08.643",
"lastModified": "2024-11-21T07:49:24.173", "lastModified": "2025-02-13T16:15:38.540",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-22" "value": "CWE-22"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-253xx/CVE-2023-25355.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25355", "id": "CVE-2023-25355",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T13:15:08.680", "published": "2023-04-04T13:15:08.680",
"lastModified": "2024-11-21T07:49:26.080", "lastModified": "2025-02-13T16:15:38.707",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-276" "value": "CWE-276"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-253xx/CVE-2023-25356.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25356", "id": "CVE-2023-25356",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T13:15:08.713", "published": "2023-04-04T13:15:08.713",
"lastModified": "2024-11-21T07:49:26.200", "lastModified": "2025-02-13T16:15:38.870",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-88" "value": "CWE-88"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-88"
}
]
} }
], ],
"configurations": [ "configurations": [

24
CVE-2023/CVE-2023-256xx/CVE-2023-25693.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25693", "id": "CVE-2023-25693",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-02-24T12:15:30.720", "published": "2023-02-24T12:15:30.720",
"lastModified": "2024-11-21T07:49:57.050", "lastModified": "2025-02-13T15:15:16.190",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,13 +32,33 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

24
CVE-2023/CVE-2023-256xx/CVE-2023-25695.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25695", "id": "CVE-2023-25695",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-03-15T10:15:09.940", "published": "2023-03-15T10:15:09.940",
"lastModified": "2024-11-21T07:49:57.180", "lastModified": "2025-02-13T15:15:16.487",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,13 +32,33 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
} }
] ]
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

32
CVE-2023/CVE-2023-267xx/CVE-2023-26733.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26733", "id": "CVE-2023-26733",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:08.940", "published": "2023-04-04T15:15:08.940",
"lastModified": "2024-11-21T07:51:53.427", "lastModified": "2025-02-13T16:15:39.107",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-120" "value": "CWE-120"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-267xx/CVE-2023-26750.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26750", "id": "CVE-2023-26750",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:08.983", "published": "2023-04-04T15:15:08.983",
"lastModified": "2024-11-21T07:51:53.710", "lastModified": "2025-02-13T16:15:39.263",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [ "cveTags": [
{ {
@ -39,6 +39,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -52,6 +72,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-267xx/CVE-2023-26776.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26776", "id": "CVE-2023-26776",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:09.063", "published": "2023-04-04T15:15:09.063",
"lastModified": "2024-11-21T07:51:55.793", "lastModified": "2025-02-13T16:15:39.447",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-267xx/CVE-2023-26777.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26777", "id": "CVE-2023-26777",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:09.103", "published": "2023-04-04T15:15:09.103",
"lastModified": "2024-11-21T07:51:55.937", "lastModified": "2025-02-13T16:15:39.623",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-268xx/CVE-2023-26855.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26855", "id": "CVE-2023-26855",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T02:15:07.113", "published": "2023-04-04T02:15:07.113",
"lastModified": "2024-11-21T07:52:00.573", "lastModified": "2025-02-13T16:15:39.787",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-330" "value": "CWE-330"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-330"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-268xx/CVE-2023-26856.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26856", "id": "CVE-2023-26856",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-05T14:15:07.517", "published": "2023-04-05T14:15:07.517",
"lastModified": "2024-11-21T07:52:00.700", "lastModified": "2025-02-13T16:15:39.953",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-89" "value": "CWE-89"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-268xx/CVE-2023-26857.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26857", "id": "CVE-2023-26857",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-05T14:15:07.547", "published": "2023-04-05T14:15:07.547",
"lastModified": "2024-11-21T07:52:00.830", "lastModified": "2025-02-13T16:15:40.150",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-434" "value": "CWE-434"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-268xx/CVE-2023-26866.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26866", "id": "CVE-2023-26866",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T13:15:08.750", "published": "2023-04-04T13:15:08.750",
"lastModified": "2024-11-21T07:52:01.840", "lastModified": "2025-02-13T16:15:40.353",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-77" "value": "CWE-77"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-269xx/CVE-2023-26921.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26921", "id": "CVE-2023-26921",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:09.143", "published": "2023-04-04T15:15:09.143",
"lastModified": "2024-11-21T07:52:04.213", "lastModified": "2025-02-13T16:15:40.510",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-78" "value": "CWE-78"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-269xx/CVE-2023-26974.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26974", "id": "CVE-2023-26974",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T16:15:07.307", "published": "2023-04-04T16:15:07.307",
"lastModified": "2024-11-21T07:52:08.363", "lastModified": "2025-02-13T16:15:40.673",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-119" "value": "CWE-119"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-269xx/CVE-2023-26976.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26976", "id": "CVE-2023-26976",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T02:15:07.157", "published": "2023-04-04T02:15:07.157",
"lastModified": "2024-11-21T07:52:08.503", "lastModified": "2025-02-13T16:15:40.840",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

18
CVE-2023/CVE-2023-275xx/CVE-2023-27530.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27530", "id": "CVE-2023-27530",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2023-03-10T22:15:10.497", "published": "2023-03-10T22:15:10.497",
"lastModified": "2024-11-21T07:53:06.430", "lastModified": "2025-02-13T15:37:40.953",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -96,30 +96,30 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionEndExcluding": "2.0.9.3", "versionEndExcluding": "2.0.9.3",
"matchCriteriaId": "ABB9DD7F-2F39-4C38-9683-57AA06B525C3" "matchCriteriaId": "C1EDB027-19EA-4F3A-A3A1-46E03D679C7C"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.1.0", "versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.1.4.3", "versionEndExcluding": "2.1.4.3",
"matchCriteriaId": "6E69D220-E282-40B2-938F-F416FF5F2FE3" "matchCriteriaId": "8ECC0192-9B71-4425-AE18-EDE8A7488392"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "2.2.0", "versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.2.6.3", "versionEndExcluding": "2.2.6.3",
"matchCriteriaId": "35858B11-E928-4F12-ADF8-6F61BA96352B" "matchCriteriaId": "FCBE71F2-9736-4E4D-8A71-2D1FF559A9F1"
}, },
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:ruby:*:*", "criteria": "cpe:2.3:a:rack:rack:*:*:*:*:*:ruby:*:*",
"versionStartIncluding": "3.0.0", "versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.0.4.2", "versionEndExcluding": "3.0.4.2",
"matchCriteriaId": "79788C0A-E1F1-42EE-9858-B04B10F8FA6B" "matchCriteriaId": "33317DE1-F0A7-4DB2-9F7C-20084C9035BD"
} }
] ]
} }

32
CVE-2023/CVE-2023-277xx/CVE-2023-27770.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27770", "id": "CVE-2023-27770",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-04T15:15:09.710", "published": "2023-04-04T15:15:09.710",
"lastModified": "2024-11-21T07:53:27.690", "lastModified": "2025-02-13T16:15:41.010",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-426" "value": "CWE-426"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2023/CVE-2023-283xx/CVE-2023-28342.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28342", "id": "CVE-2023-28342",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-04-05T19:15:09.517", "published": "2023-04-05T19:15:09.517",
"lastModified": "2024-11-21T07:54:53.183", "lastModified": "2025-02-13T16:15:41.173",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
} }
], ],
"configurations": [ "configurations": [

24
CVE-2023/CVE-2023-287xx/CVE-2023-28708.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28708", "id": "CVE-2023-28708",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2023-03-22T11:15:10.623", "published": "2023-03-22T11:15:10.623",
"lastModified": "2024-11-21T07:55:50.893", "lastModified": "2025-02-13T15:15:16.783",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,13 +32,33 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
} }
] ]
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",

12
CVE-2023/CVE-2023-482xx/CVE-2023-48267.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-48267", "id": "CVE-2023-48267",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:30.303", "published": "2025-02-12T22:15:30.303",
"lastModified": "2025-02-12T22:15:30.303", "lastModified": "2025-02-13T16:15:43.243",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access." "value": "Improper buffer restrictions in some Intel(R) System Security Report and System Resources Defense firmware may allow a privileged user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "Restricciones de b\u00fafer inadecuadas en algunos Intel(R) System Security Report and System Resources Defense pueden permitir que un usuario privilegiado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -82,7 +86,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "secure@intel.com", "source": "secure@intel.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -95,6 +99,10 @@
{ {
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01203.html",
"source": "secure@intel.com" "source": "secure@intel.com"
},
{
"url": "https://www.dell.com/support/kbdoc/en-us/000236851/dsa-2025-002",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

86
CVE-2024/CVE-2024-06xx/CVE-2024-0604.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0604", "id": "CVE-2024-0604",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:23.123", "published": "2024-02-29T01:43:23.123",
"lastModified": "2024-11-21T08:46:59.047", "lastModified": "2025-02-13T16:54:45.640",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,33 +36,103 @@
}, },
"exploitabilityScore": 1.3, "exploitabilityScore": 1.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fooplugins:foogallery:*:*:*:*:-:wordpress:*:*",
"versionEndIncluding": "2.4.7",
"matchCriteriaId": "26955972-3FCC-4CE0-B1B1-CC70ADC812B0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://advisory.abay.sh/cve-2024-0604", "url": "https://advisory.abay.sh/cve-2024-0604",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://advisory.abay.sh/cve-2024-0604", "url": "https://advisory.abay.sh/cve-2024-0604",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

74
CVE-2024/CVE-2024-10xx/CVE-2024-1049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1049", "id": "CVE-2024-1049",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-23T04:15:08.190", "published": "2024-03-23T04:15:08.190",
"lastModified": "2024-11-21T08:49:40.920", "lastModified": "2025-02-13T16:48:07.857",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,25 +36,87 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:godaddy:coblocks:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.1.6",
"matchCriteriaId": "8BBAC74A-D6B9-4783-8265-628F20AD1C15"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail=",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d1d152-946f-47c9-b0d5-76513370677f?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d1d152-946f-47c9-b0d5-76513370677f?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d1d152-946f-47c9-b0d5-76513370677f?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/56d1d152-946f-47c9-b0d5-76513370677f?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-120xx/CVE-2024-12011.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-12011",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2025-02-13T16:15:43.750",
"lastModified": "2025-02-13T16:15:43.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-126 \u201cBuffer Over-read\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The information disclosure can be triggered by leveraging a memory leak affecting the web server. A remote unauthenticated attacker can exploit this vulnerability in order to leak valid authentication tokens from the process memory associated to users currently logged to the system and bypass the authentication mechanism."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-126"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12011",
"source": "prodsec@nozominetworks.com"
}
]
}

56
CVE-2024/CVE-2024-120xx/CVE-2024-12012.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-12012",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2025-02-13T16:15:43.913",
"lastModified": "2025-02-13T16:15:43.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-598 \u201cUse of GET Request Method with Sensitive Query Strings\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. Both the SHA-1 hash of the password as well as the session tokens are included as part of the URL and therefore exposed to information leakage scenarios. An attacker capable of accessing such values (e.g., victim browser, network traffic inspection) can exploit this vulnerability to leak both the password hash as well as session tokens and bypass the authentication mechanism using a pass-the-hash attack."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-598"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12012",
"source": "prodsec@nozominetworks.com"
}
]
}

56
CVE-2024/CVE-2024-120xx/CVE-2024-12013.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-12013",
"sourceIdentifier": "prodsec@nozominetworks.com",
"published": "2025-02-13T16:15:44.050",
"lastModified": "2025-02-13T16:15:44.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A CWE-1392 \u201cUse of Default Credentials\u201d was discovered affecting the 130.8005 TCP/IP Gateway running firmware version 12h. The device exposes an FTP server with default and easy-to-guess admin credentials. A remote attacker capable of interacting with the FTP server could gain access and perform changes over resources exposed by the service such as configuration files where password hashes are saved or where network settings are stored."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "prodsec@nozominetworks.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "prodsec@nozominetworks.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1392"
}
]
}
],
"references": [
{
"url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-12013",
"source": "prodsec@nozominetworks.com"
}
]
}

39
CVE-2024/CVE-2024-125xx/CVE-2024-12586.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-12586", "id": "CVE-2024-12586",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-02-13T06:15:20.607", "published": "2025-02-13T06:15:20.607",
"lastModified": "2025-02-13T06:15:20.607", "lastModified": "2025-02-13T15:15:17.200",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -11,7 +11,42 @@
"value": "The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin." "value": "The Chalet-Montagne.com Tools WordPress plugin through 2.7.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/2ce05a44-762b-4aaf-b88a-92c830fd8ec4/", "url": "https://wpscan.com/vulnerability/2ce05a44-762b-4aaf-b88a-92c830fd8ec4/",

39
CVE-2024/CVE-2024-131xx/CVE-2024-13119.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-13119", "id": "CVE-2024-13119",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-02-13T06:15:20.763", "published": "2025-02-13T06:15:20.763",
"lastModified": "2025-02-13T06:15:20.763", "lastModified": "2025-02-13T15:15:17.360",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -11,7 +11,42 @@
"value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/32600a45-a8cd-446c-9aa2-0621a02a9754/", "url": "https://wpscan.com/vulnerability/32600a45-a8cd-446c-9aa2-0621a02a9754/",

39
CVE-2024/CVE-2024-131xx/CVE-2024-13120.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-13120", "id": "CVE-2024-13120",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2025-02-13T06:15:20.917", "published": "2025-02-13T06:15:20.917",
"lastModified": "2025-02-13T06:15:20.917", "lastModified": "2025-02-13T15:15:17.520",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -11,7 +11,42 @@
"value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." "value": "The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/5b70798c-c30d-42e6-ac72-821c5568b9b5/", "url": "https://wpscan.com/vulnerability/5b70798c-c30d-42e6-ac72-821c5568b9b5/",

94
CVE-2024/CVE-2024-14xx/CVE-2024-1447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1447", "id": "CVE-2024-1447",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-02-29T01:43:50.990", "published": "2024-02-29T01:43:50.990",
"lastModified": "2024-11-21T08:50:36.220", "lastModified": "2025-02-13T16:49:07.203",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,41 +36,115 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:athemes:sydney_toolbox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.26",
"matchCriteriaId": "55C7AA70-0F5C-4F5B-B743-C9967A3A3065"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L679", "url": "https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L679",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L692", "url": "https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L692",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L679", "url": "https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L679",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L692", "url": "https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L692",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-16xx/CVE-2024-1697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1697", "id": "CVE-2024-1697",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-23T02:15:46.940", "published": "2024-03-23T02:15:46.940",
"lastModified": "2024-11-21T08:51:06.673", "lastModified": "2025-02-13T16:48:38.990",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,33 +36,101 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themelocation:custom_woocommerce_checkout_fields_editor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.3.1",
"matchCriteriaId": "C96B21C1-7ED6-4145-A9E1-D4F333A00275"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775", "url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788", "url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775", "url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788", "url": "https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-22xx/CVE-2024-2202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2202", "id": "CVE-2024-2202",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-23T03:15:12.523", "published": "2024-03-23T03:15:12.523",
"lastModified": "2024-11-21T09:09:14.840", "lastModified": "2025-02-13T16:48:25.923",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,33 +36,101 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siteorigin:page_builder:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.29.7",
"matchCriteriaId": "EB9CD59B-7E80-4040-9549-FA995BEF788D"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/siteorigin-panels/trunk/widgets/widgets.php#L911", "url": "https://plugins.trac.wordpress.org/browser/siteorigin-panels/trunk/widgets/widgets.php#L911",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/siteorigin-panels/trunk/widgets/widgets.php#L911", "url": "https://plugins.trac.wordpress.org/browser/siteorigin-panels/trunk/widgets/widgets.php#L911",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

54
CVE-2024/CVE-2024-23xx/CVE-2024-2326.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2326", "id": "CVE-2024-2326",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-23T04:15:08.757", "published": "2024-03-23T04:15:08.757",
"lastModified": "2024-11-21T09:09:30.590", "lastModified": "2025-02-13T16:32:17.897",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -39,22 +39,64 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:caseproof:prettylinks:*:*:*:*:free:wordpress:*:*",
"versionEndIncluding": "3.6.3",
"matchCriteriaId": "6842B1E1-1B7B-4499-A833-EBFDEC4F19AF"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail=",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

26
CVE-2024/CVE-2024-23xx/CVE-2024-2362.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2362", "id": "CVE-2024-2362",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2024-06-06T19:15:54.767", "published": "2024-06-06T19:15:54.767",
"lastModified": "2024-11-21T09:09:35.783", "lastModified": "2025-02-13T16:09:46.350",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -85,6 +85,7 @@
], ],
"configurations": [ "configurations": [
{ {
"operator": "AND",
"nodes": [ "nodes": [
{ {
"operator": "OR", "operator": "OR",
@ -92,13 +93,24 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:lollms:lollms_web_ui:9.3:*:*:*:*:linux:*:*", "criteria": "cpe:2.3:a:lollms:lollms_web_ui:9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E666F6FD-3676-45F0-B9AD-8F379DD828E9" "matchCriteriaId": "E23D6C42-9640-4B38-9791-7E87866C7A7C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}, },
{ {
"vulnerable": true, "vulnerable": false,
"criteria": "cpe:2.3:a:lollms:lollms_web_ui:9.3:*:*:*:*:windows:*:*", "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8141A73F-A080-4E27-9C0B-6F8EA1CD0BC2" "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
} }
] ]
} }

36
CVE-2024/CVE-2024-280xx/CVE-2024-28047.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-28047", "id": "CVE-2024-28047",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:31.983", "published": "2025-02-12T22:15:31.983",
"lastModified": "2025-02-12T22:15:31.983", "lastModified": "2025-02-13T15:15:17.957",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access." "value": "Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "La validaci\u00f3n de entrada incorrecta en el firmware UEFI para algunos procesadores Intel(R) puede permitir que un usuario privilegiado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -76,6 +80,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 4.0 "impactScore": 4.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 4.0
} }
] ]
}, },
@ -89,6 +113,16 @@
"value": "CWE-20" "value": "CWE-20"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
} }
], ],
"references": [ "references": [

74
CVE-2024/CVE-2024-29xx/CVE-2024-2936.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2936", "id": "CVE-2024-2936",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-29T06:15:08.450", "published": "2024-03-29T06:15:08.450",
"lastModified": "2024-11-21T09:10:52.830", "lastModified": "2025-02-13T16:31:06.233",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,25 +36,87 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:athemes:sydney_toolbox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.27",
"matchCriteriaId": "F50BCB63-E3B7-4CEA-BDE7-DF0A5DB5DA19"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059286%40sydney-toolbox&new=3059286%40sydney-toolbox&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059286%40sydney-toolbox&new=3059286%40sydney-toolbox&sfp_email=&sfph_mail=",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b20d638-82cb-48ce-96fa-fd42d06f649f?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b20d638-82cb-48ce-96fa-fd42d06f649f?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059286%40sydney-toolbox&new=3059286%40sydney-toolbox&sfp_email=&sfph_mail=", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3059286%40sydney-toolbox&new=3059286%40sydney-toolbox&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b20d638-82cb-48ce-96fa-fd42d06f649f?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0b20d638-82cb-48ce-96fa-fd42d06f649f?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

20
CVE-2024/CVE-2024-334xx/CVE-2024-33469.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-33469", "id": "CVE-2024-33469",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-02-11T23:15:08.903", "published": "2025-02-11T23:15:08.903",
"lastModified": "2025-02-12T22:15:33.940", "lastModified": "2025-02-13T15:15:18.157",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java." "value": "An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java."
},
{
"lang": "es",
"value": "Un problema en Team Amaze Amaze File Manager v.3.8.5 y solucionado en v.3.10 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s del m\u00e9todo onCreate de DatabaseViewerActivity.java."
} }
], ],
"metrics": { "metrics": {
@ -18,20 +22,20 @@
"type": "Secondary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N",
"baseScore": 5.1, "baseScore": 7.9,
"baseSeverity": "MEDIUM", "baseSeverity": "HIGH",
"attackVector": "LOCAL", "attackVector": "LOCAL",
"attackComplexity": "LOW", "attackComplexity": "LOW",
"privilegesRequired": "NONE", "privilegesRequired": "NONE",
"userInteraction": "NONE", "userInteraction": "NONE",
"scope": "UNCHANGED", "scope": "CHANGED",
"confidentialityImpact": "LOW", "confidentialityImpact": "LOW",
"integrityImpact": "LOW", "integrityImpact": "HIGH",
"availabilityImpact": "NONE" "availabilityImpact": "NONE"
}, },
"exploitabilityScore": 2.5, "exploitabilityScore": 2.5,
"impactScore": 2.5 "impactScore": 4.7
} }
] ]
}, },
@ -42,7 +46,7 @@
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
"value": "CWE-94" "value": "CWE-77"
} }
] ]
} }

12
CVE-2024/CVE-2024-362xx/CVE-2024-36293.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-36293", "id": "CVE-2024-36293",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:35.040", "published": "2025-02-12T22:15:35.040",
"lastModified": "2025-02-12T22:15:35.040", "lastModified": "2025-02-13T16:16:23.727",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access." "value": "Improper access control in the EDECCSSA user leaf function for some Intel(R) Processors with Intel(R) SGX may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "Un control de acceso inadecuado en la funci\u00f3n de hoja de usuario EDECCSSA para algunos procesadores Intel(R) con Intel(R) SGX puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -82,7 +86,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "secure@intel.com", "source": "secure@intel.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -95,6 +99,10 @@
{ {
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01213.html", "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01213.html",
"source": "secure@intel.com" "source": "secure@intel.com"
},
{
"url": "https://www.dell.com/support/kbdoc/en-us/000283897/dsa-2025-041-security-update-for-dell-poweredge-server-for-intel-2025-security-advisories-2025-1-ipu",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

36
CVE-2024/CVE-2024-370xx/CVE-2024-37020.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-37020", "id": "CVE-2024-37020",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:35.190", "published": "2025-02-12T22:15:35.190",
"lastModified": "2025-02-12T22:15:35.190", "lastModified": "2025-02-13T15:15:18.320",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access." "value": "Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access."
},
{
"lang": "es",
"value": "La secuencia de instrucciones del procesador genera un comportamiento inesperado en Intel(R) DSA V1.0 para algunos procesadores Intel(R) Xeon(R) y puede permitir que un usuario autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -76,6 +80,26 @@
}, },
"exploitabilityScore": 2.0, "exploitabilityScore": 2.0,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"baseScore": 3.8,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.0,
"impactScore": 1.4
} }
] ]
}, },
@ -89,6 +113,16 @@
"value": "CWE-1281" "value": "CWE-1281"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1281"
}
]
} }
], ],
"references": [ "references": [

36
CVE-2024/CVE-2024-392xx/CVE-2024-39286.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39286", "id": "CVE-2024-39286",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:36.223", "published": "2025-02-12T22:15:36.223",
"lastModified": "2025-02-12T22:15:36.223", "lastModified": "2025-02-13T16:16:29.157",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access." "value": "Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access."
},
{
"lang": "es",
"value": "Los permisos de ejecuci\u00f3n asignados incorrectamente en el controlador de modo kernel de linux para el controlador Ethernet Intel(R) serie 800 anterior a la versi\u00f3n 1.15.4 pueden permitir que un usuario autenticado habilite potencialmente la divulgaci\u00f3n de informaci\u00f3n a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -76,6 +80,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
} }
] ]
}, },
@ -89,6 +113,16 @@
"value": "CWE-279" "value": "CWE-279"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-279"
}
]
} }
], ],
"references": [ "references": [

36
CVE-2024/CVE-2024-393xx/CVE-2024-39356.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39356", "id": "CVE-2024-39356",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:36.527", "published": "2025-02-12T22:15:36.527",
"lastModified": "2025-02-12T22:15:36.527", "lastModified": "2025-02-13T15:15:18.507",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killer\u00e2\u201e\u00a2 WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access." "value": "NULL pointer dereference in some Intel(R) PROSet/Wireless WiFi and Killer\u00e2\u201e\u00a2 WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access."
},
{
"lang": "es",
"value": "La desreferencia de puntero NULL en algunos programas Intel(R) PROSet/Wireless WiFi y Killer\u2122 WiFi para Windows anteriores a la versi\u00f3n 23.80 puede permitir que un usuario no autenticado habilite potencialmente la denegaci\u00f3n de servicio a trav\u00e9s del acceso adyacente."
} }
], ],
"metrics": { "metrics": {
@ -76,6 +80,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 4.0 "impactScore": 4.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
} }
] ]
}, },
@ -89,6 +113,16 @@
"value": "CWE-476" "value": "CWE-476"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
} }
], ],
"references": [ "references": [

36
CVE-2024/CVE-2024-393xx/CVE-2024-39365.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39365", "id": "CVE-2024-39365",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:36.670", "published": "2025-02-12T22:15:36.670",
"lastModified": "2025-02-12T22:15:36.670", "lastModified": "2025-02-13T15:15:18.687",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access." "value": "Uncontrolled search path for the FPGA Support Package for the Intel(R) oneAPI DPC++/C++ Compiler software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no controlada para el paquete de soporte FPGA para el software del compilador Intel(R) oneAPI DPC++/C++ para Windows anterior a la versi\u00f3n 2024.2 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -76,6 +80,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -89,6 +113,16 @@
"value": "CWE-427" "value": "CWE-427"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
} }
], ],
"references": [ "references": [

36
CVE-2024/CVE-2024-398xx/CVE-2024-39813.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39813", "id": "CVE-2024-39813",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:37.567", "published": "2025-02-12T22:15:37.567",
"lastModified": "2025-02-12T22:15:37.567", "lastModified": "2025-02-13T15:15:18.883",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access." "value": "Uncontrolled search path for some EPCT software before version 1.42.8.0 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no controlada para algunos programas EPCT anteriores a la versi\u00f3n 1.42.8.0 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -76,6 +80,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -89,6 +113,16 @@
"value": "CWE-427" "value": "CWE-427"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
} }
], ],
"references": [ "references": [

36
CVE-2024/CVE-2024-419xx/CVE-2024-41917.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-41917", "id": "CVE-2024-41917",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:38.160", "published": "2025-02-12T22:15:38.160",
"lastModified": "2025-02-12T22:15:38.160", "lastModified": "2025-02-13T16:16:29.390",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access." "value": "Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La condici\u00f3n de tiempo de uso y tiempo de verificaci\u00f3n ejecuci\u00f3n para algunos programas de software de Intel(R) Battery Life Diagnostic Tool anteriores a la versi\u00f3n 2.4.1 puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -76,6 +80,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
} }
] ]
}, },
@ -89,6 +113,16 @@
"value": "CWE-367" "value": "CWE-367"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
} }
], ],
"references": [ "references": [

36
CVE-2024/CVE-2024-424xx/CVE-2024-42405.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-42405", "id": "CVE-2024-42405",
"sourceIdentifier": "secure@intel.com", "sourceIdentifier": "secure@intel.com",
"published": "2025-02-12T22:15:38.477", "published": "2025-02-12T22:15:38.477",
"lastModified": "2025-02-12T22:15:38.477", "lastModified": "2025-02-13T15:15:19.117",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access." "value": "Uncontrolled search path for some Intel(R) Quartus(R) Prime Software before version 23.1.1 Patch 1.01std may allow an authenticated user to potentially enable escalation of privilege via local access."
},
{
"lang": "es",
"value": "La ruta de b\u00fasqueda no controlada para alg\u00fan software Intel(R) Quartus(R) Prime anterior a la versi\u00f3n 23.1.1 Patch 1.01std puede permitir que un usuario autenticado habilite potencialmente la escalada de privilegios a trav\u00e9s del acceso local."
} }
], ],
"metrics": { "metrics": {
@ -76,6 +80,26 @@
}, },
"exploitabilityScore": 0.8, "exploitabilityScore": 0.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
} }
] ]
}, },
@ -89,6 +113,16 @@
"value": "CWE-427" "value": "CWE-427"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
} }
], ],
"references": [ "references": [

32
CVE-2024/CVE-2024-472xx/CVE-2024-47264.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47264", "id": "CVE-2024-47264",
"sourceIdentifier": "security@synology.com", "sourceIdentifier": "security@synology.com",
"published": "2025-02-13T07:15:09.990", "published": "2025-02-13T07:15:09.990",
"lastModified": "2025-02-13T07:15:09.990", "lastModified": "2025-02-13T15:15:19.400",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 1.2, "exploitabilityScore": 1.2,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-22" "value": "CWE-22"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"references": [ "references": [

32
CVE-2024/CVE-2024-472xx/CVE-2024-47265.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47265", "id": "CVE-2024-47265",
"sourceIdentifier": "security@synology.com", "sourceIdentifier": "security@synology.com",
"published": "2025-02-13T07:15:10.207", "published": "2025-02-13T07:15:10.207",
"lastModified": "2025-02-13T07:15:10.207", "lastModified": "2025-02-13T15:15:19.600",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -32,6 +32,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -45,6 +65,16 @@
"value": "CWE-22" "value": "CWE-22"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"references": [ "references": [

93
CVE-2024/CVE-2024-536xx/CVE-2024-53689.json
View File

@ -2,98 +2,15 @@
"id": "CVE-2024-53689", "id": "CVE-2024-53689",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-11T13:15:26.313", "published": "2025-01-11T13:15:26.313",
"lastModified": "2025-01-16T16:21:09.993", "lastModified": "2025-02-13T16:16:29.787",
"vulnStatus": "Analyzed", "vulnStatus": "Rejected",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Fix potential deadlock while freezing queue and acquiring sysfs_lock\n\nFor storing a value to a queue attribute, the queue_attr_store function\nfirst freezes the queue (->q_usage_counter(io)) and then acquire\n->sysfs_lock. This seems not correct as the usual ordering should be to\nacquire ->sysfs_lock before freezing the queue. This incorrect ordering\ncauses the following lockdep splat which we are able to reproduce always\nsimply by accessing /sys/kernel/debug file using ls command:\n\n[ 57.597146] WARNING: possible circular locking dependency detected\n[ 57.597154] 6.12.0-10553-gb86545e02e8c #20 Tainted: G W\n[ 57.597162] ------------------------------------------------------\n[ 57.597168] ls/4605 is trying to acquire lock:\n[ 57.597176] c00000003eb56710 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0x58/0xc0\n[ 57.597200]\n but task is already holding lock:\n[ 57.597207] c0000018e27c6810 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: iterate_dir+0x94/0x1d4\n[ 57.597226]\n which lock already depends on the new lock.\n\n[ 57.597233]\n the existing dependency chain (in reverse order) is:\n[ 57.597241]\n -> #5 (&sb->s_type->i_mutex_key#3){++++}-{4:4}:\n[ 57.597255] down_write+0x6c/0x18c\n[ 57.597264] start_creating+0xb4/0x24c\n[ 57.597274] debugfs_create_dir+0x2c/0x1e8\n[ 57.597283] blk_register_queue+0xec/0x294\n[ 57.597292] add_disk_fwnode+0x2e4/0x548\n[ 57.597302] brd_alloc+0x2c8/0x338\n[ 57.597309] brd_init+0x100/0x178\n[ 57.597317] do_one_initcall+0x88/0x3e4\n[ 57.597326] kernel_init_freeable+0x3cc/0x6e0\n[ 57.597334] kernel_init+0x34/0x1cc\n[ 57.597342] ret_from_kernel_user_thread+0x14/0x1c\n[ 57.597350]\n -> #4 (&q->debugfs_mutex){+.+.}-{4:4}:\n[ 57.597362] __mutex_lock+0xfc/0x12a0\n[ 57.597370] blk_register_queue+0xd4/0x294\n[ 57.597379] add_disk_fwnode+0x2e4/0x548\n[ 57.597388] brd_alloc+0x2c8/0x338\n[ 57.597395] brd_init+0x100/0x178\n[ 57.597402] do_one_initcall+0x88/0x3e4\n[ 57.597410] kernel_init_freeable+0x3cc/0x6e0\n[ 57.597418] kernel_init+0x34/0x1cc\n[ 57.597426] ret_from_kernel_user_thread+0x14/0x1c\n[ 57.597434]\n -> #3 (&q->sysfs_lock){+.+.}-{4:4}:\n[ 57.597446] __mutex_lock+0xfc/0x12a0\n[ 57.597454] queue_attr_store+0x9c/0x110\n[ 57.597462] sysfs_kf_write+0x70/0xb0\n[ 57.597471] kernfs_fop_write_iter+0x1b0/0x2ac\n[ 57.597480] vfs_write+0x3dc/0x6e8\n[ 57.597488] ksys_write+0x84/0x140\n[ 57.597495] system_call_exception+0x130/0x360\n[ 57.597504] system_call_common+0x160/0x2c4\n[ 57.597516]\n -> #2 (&q->q_usage_counter(io)#21){++++}-{0:0}:\n[ 57.597530] __submit_bio+0x5ec/0x828\n[ 57.597538] submit_bio_noacct_nocheck+0x1e4/0x4f0\n[ 57.597547] iomap_readahead+0x2a0/0x448\n[ 57.597556] xfs_vm_readahead+0x28/0x3c\n[ 57.597564] read_pages+0x88/0x41c\n[ 57.597571] page_cache_ra_unbounded+0x1ac/0x2d8\n[ 57.597580] filemap_get_pages+0x188/0x984\n[ 57.597588] filemap_read+0x13c/0x4bc\n[ 57.597596] xfs_file_buffered_read+0x88/0x17c\n[ 57.597605] xfs_file_read_iter+0xac/0x158\n[ 57.597614] vfs_read+0x2d4/0x3b4\n[ 57.597622] ksys_read+0x84/0x144\n[ 57.597629] system_call_exception+0x130/0x360\n[ 57.597637] system_call_common+0x160/0x2c4\n[ 57.597647]\n -> #1 (mapping.invalidate_lock#2){++++}-{4:4}:\n[ 57.597661] down_read+0x6c/0x220\n[ 57.597669] filemap_fault+0x870/0x100c\n[ 57.597677] xfs_filemap_fault+0xc4/0x18c\n[ 57.597684] __do_fault+0x64/0x164\n[ 57.597693] __handle_mm_fault+0x1274/0x1dac\n[ 57.597702] handle_mm_fault+0x248/0x48\n---truncated---" "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: block: Fix potential deadlock while frozen queue and acquires sysfs_lock Para almacenar un valor en un atributo de cola, la funci\u00f3n queue_attr_store primero congela la cola (->q_usage_counter(io)) y luego adquiere ->sysfs_lock. Esto no parece correcto ya que el orden habitual deber\u00eda ser adquirir ->sysfs_lock antes de congelar la cola. Este orden incorrecto provoca el siguiente splat lockdep que siempre podemos reproducir simplemente accediendo al archivo /sys/kernel/debug usando el comando ls: [ 57.597146] ADVERTENCIA: posible dependencia de bloqueo circular detectada [ 57.597154] 6.12.0-10553-gb86545e02e8c #20 Tainted: GW [ 57.597162] ------------------------------------------------------ [ 57.597168] ls/4605 est\u00e1 intentando adquirir el bloqueo: [ 57.597176] c00000003eb56710 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0x58/0xc0 [ 57.597200] pero la tarea ya tiene el bloqueo: [ 57.597207] c0000018e27c6810 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, en: iterate_dir+0x94/0x1d4 [ 57.597226] cuyo bloqueo ya depende del nuevo bloqueo. [ 57.597233] la cadena de dependencia existente (en orden inverso) es: [ 57.597241] -> #5 (&sb->s_type->i_mutex_key#3){++++}-{4:4}: [ 57.597255] down_write+0x6c/0x18c [ 57.597264] start_creating+0xb4/0x24c [ 57.597274] debugfs_create_dir+0x2c/0x1e8 [ 57.597283] blk_register_queue+0xec/0x294 [ 57.597292] add_disk_fwnode+0x2e4/0x548 [ 57.597302] brd_alloc+0x2c8/0x338 [ 57.597309] brd_init+0x100/0x178 [ 57.597317] hacer_una_initcall+0x88/0x3e4 [ 57.597326] kernel_init_freeable+0x3cc/0x6e0 [ 57.597334] kernel_init+0x34/0x1cc [ 57.597342] retirar_del_subproceso_usuario_kernel+0x14/0x1c [ 57.597350] -> #4 (&q->debugfs_mutex){+.+.}-{4:4}: [ 57.597362] __mutex_lock+0xfc/0x12a0 [ 57.597370] blk_register_queue+0xd4/0x294 [ 57.597379] add_disk_fwnode+0x2e4/0x548 [ 57.597388] brd_alloc+0x2c8/0x338 [ 57.597395] brd_init+0x100/0x178 [ 57.597402] hacer_una_llamada_inicio+0x88/0x3e4 [ 57.597410] kernel_init_freeable+0x3cc/0x6e0 [ 57.597418] kernel_init+0x34/0x1cc [ 57.597426] ret_desde_hilo_usuario_kernel+0x14/0x1c [ 57.597434] -> #3 (&q->sysfs_lock){+.+.}-{4:4}: [ 57.597446] __mutex_lock+0xfc/0x12a0 [ 57.597454] queue_attr_store+0x9c/0x110 [ 57.597462] sysfs_kf_write+0x70/0xb0 [ 57.597471] kernfs_fop_write_iter+0x1b0/0x2ac [ 57.597480] vfs_write+0x3dc/0x6e8 [ 57.597488] ksys_write+0x84/0x140 [ 57.597495] excepci\u00f3n_de_llamada_del_sistema+0x130/0x360 [ 57.597504] llamada_del_sistema_com\u00fan+0x160/0x2c4 [ 57.597516] -> #2 (&q->q_contador_de_uso(io)#21){++++}-{0:0}: [ 57.597530] __submit_bio+0x5ec/0x828 [ 57.597538] enviar_bio_noacct_nocheck+0x1e4/0x4f0 [ 57.597547] iomap_readahead+0x2a0/0x448 [ 57.597556] xfs_vm_readahead+0x28/0x3c [ 57.597564] leer_p\u00e1ginas+0x88/0x41c [ 57.597571] page_cache_ra_unbounded+0x1ac/0x2d8 [ 57.597580] filemap_get_pages+0x188/0x984 [ 57.597588] filemap_read+0x13c/0x4bc [ 57.597596] xfs_file_buffered_read+0x88/0x17c [ 57.597605] xfs_file_read_iter+0xac/0x158 [ 57.597614] vfs_read+0x2d4/0x3b4 [ 57.597622] ksys_read+0x84/0x144 [ 57.597629] excepci\u00f3n_llamada_sistema+0x130/0x360 [ 57.597637] llamada_sistema_com\u00fan+0x160/0x2c4 [ 57.597647] -> #1 (asignaci\u00f3n.invalidar_bloqueo#2){++++}-{4:4}: [ 57.597661] lectura_abajo+0x6c/0x220 [ 57.597669] error_mapa_archivo+0x870/0x100c [ 57.597677] error_mapa_archivo_xfs+0xc4/0x18c [ 57.597684] __error_do+0x64/0x164 [ 57.597693] __error_gestionar_mm+0x1274/0x1dac [ 57.597702] handle_mm_fault+0x248/0x48 ---truncado---"
} }
], ],
"metrics": { "metrics": {},
"cvssMetricV31": [ "references": []
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.12.6",
"matchCriteriaId": "97C759FD-3999-4EA7-B961-1CADF641F560"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/be26ba96421ab0a8fa2055ccf7db7832a13c44d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f1a494df8350da2e673618627cb392a8669825dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
} }

37
CVE-2024/CVE-2024-565xx/CVE-2024-56571.json
View File

@ -2,44 +2,15 @@
"id": "CVE-2024-56571", "id": "CVE-2024-56571",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-12-27T15:15:16.077", "published": "2024-12-27T15:15:16.077",
"lastModified": "2024-12-27T15:15:16.077", "lastModified": "2025-02-13T16:16:43.213",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Rejected",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: uvcvideo: Require entities to have a non-zero unique ID\n\nPer UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero\nunique ID.\n\n```\nEach Unit and Terminal within the video function is assigned a unique\nidentification number, the Unit ID (UID) or Terminal ID (TID), contained in\nthe bUnitID or bTerminalID field of the descriptor. The value 0x00 is\nreserved for undefined ID,\n```\n\nSo, deny allocating an entity with ID 0 or an ID that belongs to a unit\nthat is already added to the list of entities.\n\nThis also prevents some syzkaller reproducers from triggering warnings due\nto a chain of entities referring to themselves. In one particular case, an\nOutput Unit is connected to an Input Unit, both with the same ID of 1. But\nwhen looking up for the source ID of the Output Unit, that same entity is\nfound instead of the input entity, which leads to such warnings.\n\nIn another case, a backward chain was considered finished as the source ID\nwas 0. Later on, that entity was found, but its pads were not valid.\n\nHere is a sample stack trace for one of those cases.\n\n[ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd\n[ 20.830206] usb 1-1: Using ep0 maxpacket: 8\n[ 20.833501] usb 1-1: config 0 descriptor??\n[ 21.038518] usb 1-1: string descriptor 0 read error: -71\n[ 21.038893] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201)\n[ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized!\n[ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized!\n[ 21.042218] ------------[ cut here ]------------\n[ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0\n[ 21.043195] Modules linked in:\n[ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444\n[ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014\n[ 21.044639] Workqueue: usb_hub_wq hub_event\n[ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0\n[ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00\n[ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246\n[ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1\n[ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290\n[ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000\n[ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003\n[ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000\n[ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000\n[ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n[ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0\n[ 21.051136] PKRU: 55555554\n[ 21.051331] Call Trace:\n[ 21.051480] <TASK>\n[ 21.051611] ? __warn+0xc4/0x210\n[ 21.051861] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.052252] ? report_bug+0x11b/0x1a0\n[ 21.052540] ? trace_hardirqs_on+0x31/0x40\n[ 21.052901] ? handle_bug+0x3d/0x70\n[ 21.053197] ? exc_invalid_op+0x1a/0x50\n[ 21.053511] ? asm_exc_invalid_op+0x1a/0x20\n[ 21.053924] ? media_create_pad_link+0x91/0x2e0\n[ 21.054364] ? media_create_pad_link+0x2c4/0x2e0\n[ 21.054834] ? media_create_pad_link+0x91/0x2e0\n[ 21.055131] ? _raw_spin_unlock+0x1e/0x40\n[ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210\n[ 21.055837] uvc_mc_register_entities+0x358/0x400\n[ 21.056144] uvc_register_chains+0x1fd/0x290\n[ 21.056413] uvc_probe+0x380e/0x3dc0\n[ 21.056676] ? __lock_acquire+0x5aa/0x26e0\n[ 21.056946] ? find_held_lock+0x33/0xa0\n[ 21.057196] ? kernfs_activate+0x70/0x80\n[ 21.057533] ? usb_match_dy\n---truncated---" "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: uvcvideo: Requerir que las entidades tengan un ID \u00fanico distinto de cero Seg\u00fan la especificaci\u00f3n UVC 1.1+ 3.7.2, las unidades y terminales deben tener un ID \u00fanico distinto de cero. ``` A cada Unidad y Terminal dentro de la funci\u00f3n de video se le asigna un n\u00famero de identificaci\u00f3n \u00fanico, el ID de Unidad (UID) o el ID de Terminal (TID), contenido en el campo bUnitID o bTerminalID del descriptor. El valor 0x00 est\u00e1 reservado para ID indefinido, ``` Por lo tanto, deniega la asignaci\u00f3n de una entidad con ID 0 o un ID que pertenezca a una unidad que ya se haya a\u00f1adido a la lista de entidades. Esto tambi\u00e9n evita que algunos reproductores syzkaller activen advertencias debido a una cadena de entidades que se refieren a s\u00ed mismos. En un caso particular, una Unidad de Salida est\u00e1 conectada a una Unidad de Entrada, ambas con el mismo ID de 1. Pero al buscar el ID de origen de la Unidad de Salida, se encuentra esa misma entidad en lugar de la entidad de entrada, lo que genera dichas advertencias. En otro caso, una cadena hacia atr\u00e1s se consider\u00f3 terminada ya que el ID de origen era 0. M\u00e1s tarde, se encontr\u00f3 esa entidad, pero sus pads no eran v\u00e1lidos. Aqu\u00ed hay un seguimiento de pila de muestra para uno de esos casos. [ 20.650953] usb 1-1: nuevo dispositivo USB de alta velocidad n\u00famero 2 usando dummy_hcd [ 20.830206] usb 1-1: Usando ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? [ 21.038518] usb 1-1: descriptor de cadena 0 error de lectura: -71 [ 21.038893] usb 1-1: Se encontr\u00f3 el dispositivo UVC 0.00 (2833:0201) [ 21.039299] uvcvideo 1-1:0.0: \u00a1El tipo de entidad para la entidad Output 1 no se inicializ\u00f3! [ 21.041583] uvcvideo 1-1:0.0: \u00a1El tipo de entidad para la entidad Entrada 1 no se inicializ\u00f3! [ 21.042218] ------------[ cortar aqu\u00ed ]------------ [ 21.042536] ADVERTENCIA: CPU: 0 PID: 9 en drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0 [ 21.043195] M\u00f3dulos vinculados en: [ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 No contaminado 6.11.0-rc7-00030-g3480e43aeccf #444 [ 21.044101] Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 21.044639] Cola de trabajo: usb_hub_wq evento_hub [ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0 [ 21.045508] C\u00f3digo: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 &lt;0f&gt; 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00 [ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246 [ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1 [ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290 [ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000 [ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003 [ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000 [ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000 [ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0 [ 21.051136] PKRU: 55555554 [ 21.051331] Rastreo de llamadas: [ 21.051480] [ 21.051611] ? __warn+0xc4/0x210 [ 21.051861] ? media_create_pad_link+0x2c4/0x2e0 [ 21.052252] ? report_bug+0x11b/0x1a0 [ 21.052540] ? trace_hardirqs_on+0x31/0x40 [ 21.052901] ? handle_bug+0x3d/0x70 [ 21.053197] ? exc_invalid_op+0x1a/0x50 [ 21.053511] ? asm_exc_invalid_op+0x1a/0x20 [ 21.053924] ? media_create_pad_link+0x91/0x2e0 [ 21.054364] ? media_create_pad_link+0x2c4/0x2e0 [ 21.054834] ? __v4l2_device_register_subdev+0x202/0x210 [ 21.055837] uvc_mc_register_entities+0x358/0x400 [ 21.056144] uvc_register_chains+0x1fd/0x290 [ 21.056413] uvc_probe+0x380e/0x3dc0 [ 21.056676] ? __lock_acquire+0x5aa/0x26e0 [ 21.056946] ? find_held_lock+0x33/0xa0 [ 21.057196] ? kernfs_activate+0x70/0x80 [ 21.057533] ? usb_match_dy ---truncado---"
} }
], ],
"metrics": {}, "metrics": {},
"references": [ "references": []
{
"url": "https://git.kernel.org/stable/c/19464d73225224dca31e2fd6e7d6418facf5facb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3dd075fe8ebbc6fcbf998f81a75b8c4b159a6195",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f74bd307f078c0605b9f6f1edb8337dee35fa2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72ed66623953106d15825513c82533a03ba29ecd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b11813bc2f4eee92695075148c9ba996f54feeba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bde4e7c1527151b596089b3f984818ab537eeb7f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
} }

156
CVE-2024/CVE-2024-579xx/CVE-2024-57915.json
View File

@ -2,161 +2,15 @@
"id": "CVE-2024-57915", "id": "CVE-2024-57915",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-19T12:15:25.673", "published": "2025-01-19T12:15:25.673",
"lastModified": "2025-02-02T11:15:13.920", "lastModified": "2025-02-13T16:16:43.287",
"vulnStatus": "Modified", "vulnStatus": "Rejected",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null\n\nConsidering that in some extreme cases, when performing the\nunbinding operation, gserial_disconnect has cleared gser->ioport,\nwhich triggers gadget reconfiguration, and then calls gs_read_complete,\nresulting in access to a null pointer. Therefore, ep is disabled before\ngserial_disconnect sets port to null to prevent this from happening.\n\nCall trace:\n gs_read_complete+0x58/0x240\n usb_gadget_giveback_request+0x40/0x160\n dwc3_remove_requests+0x170/0x484\n dwc3_ep0_out_start+0xb0/0x1d4\n __dwc3_gadget_start+0x25c/0x720\n kretprobe_trampoline.cfi_jt+0x0/0x8\n kretprobe_trampoline.cfi_jt+0x0/0x8\n udc_bind_to_driver+0x1d8/0x300\n usb_gadget_probe_driver+0xa8/0x1dc\n gadget_dev_desc_UDC_store+0x13c/0x188\n configfs_write_iter+0x160/0x1f4\n vfs_write+0x2d0/0x40c\n ksys_write+0x7c/0xf0\n __arm64_sys_write+0x20/0x30\n invoke_syscall+0x60/0x150\n el0_svc_common+0x8c/0xf8\n do_el0_svc+0x28/0xa0\n el0_svc+0x24/0x84" "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: gadget: u_serial: Deshabilitar ep antes de configurar el puerto como nulo para corregir el bloqueo causado por el puerto nulo Teniendo en cuenta que en algunos casos extremos, al realizar la operaci\u00f3n de desvinculaci\u00f3n, gserial_disconnect ha borrado gser-&gt;ioport, lo que desencadena la reconfiguraci\u00f3n del gadget y luego llama a gs_read_complete, lo que da como resultado el acceso a un puntero nulo. Por lo tanto, ep se deshabilita antes de que gserial_disconnect configure el puerto como nulo para evitar que esto suceda. Rastreo de llamadas: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invocar_llamada_al_sistema+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84"
} }
], ],
"metrics": { "metrics": {},
"cvssMetricV31": [ "references": []
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.27",
"versionEndExcluding": "6.1.125",
"matchCriteriaId": "E4E3F6ED-7590-470C-831C-BC7A27AB02D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.72",
"matchCriteriaId": "33E12097-C88A-45B4-9677-2A961A08DD3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.12.10",
"matchCriteriaId": "02D604F6-10D1-4F7B-A022-0888406A1121"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "62567B3C-6CEE-46D0-BC2E-B3717FBF7D13"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "5A073481-106D-4B15-B4C7-FB0213B8E1D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc3:*:*:*:*:*:*",
"matchCriteriaId": "DE491969-75AE-4A6B-9A58-8FC5AF98798F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc4:*:*:*:*:*:*",
"matchCriteriaId": "93C0660D-7FB8-4FBA-892A-B064BA71E49E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc5:*:*:*:*:*:*",
"matchCriteriaId": "034C36A6-C481-41F3-AE9A-D116E5BE6895"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.13:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8AF9DC49-2085-4FFB-A7E3-73DFAFECC7F2"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0c50f00cc29948184af05bda31392fff5821f4f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1062b648bff63ed62b2d47a045e08ea9741d98ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/13014969cbf07f18d62ceea40bd8ca8ec9d36cec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3d730e8758c75b68a0152ee1ac48a270ea6725b4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8e122d780a0f19aefd700dbd0b0e3ed3af0ae97f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d2de56cc45ee447f005d63217e84988b4f02faa9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f5f33fb57aae12e4b0add79e0242f458ea0bc510",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
} }

8
CVE-2024/CVE-2024-59xx/CVE-2024-5933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5933", "id": "CVE-2024-5933",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2024-06-27T19:15:17.840", "published": "2024-06-27T19:15:17.840",
"lastModified": "2024-11-21T09:48:36.263", "lastModified": "2025-02-13T15:43:43.267",
"vulnStatus": "Modified", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -82,8 +82,8 @@
"cpeMatch": [ "cpeMatch": [
{ {
"vulnerable": true, "vulnerable": true,
"criteria": "cpe:2.3:a:lollms:lollms_webui:-:*:*:*:*:*:*:*", "criteria": "cpe:2.3:a:lollms:lollms_web_ui:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA7C0A-5EEC-4F3F-BA31-A87414C9217E" "matchCriteriaId": "E0447480-50CE-4682-B3B1-B8F021C5C731"
} }
] ]
} }

60
CVE-2025/CVE-2025-04xx/CVE-2025-0426.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-0426",
"sourceIdentifier": "jordan@liggitt.net",
"published": "2025-02-13T16:16:48.417",
"lastModified": "2025-02-13T16:16:48.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A security issue was discovered in Kubernetes where a large number of container checkpoint requests made to the unauthenticated kubelet read-only HTTP endpoint may cause a Node Denial of Service by filling the Node's disk."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "jordan@liggitt.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://github.com/kubernetes/kubernetes/issues/130016",
"source": "jordan@liggitt.net"
},
{
"url": "https://groups.google.com/g/kubernetes-security-announce/c/KiODfu8i6w8",
"source": "jordan@liggitt.net"
}
]
}

14
CVE-2025/CVE-2025-12xx/CVE-2025-1224.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-1224", "id": "CVE-2025-1224",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-02-12T20:15:40.030", "published": "2025-02-12T20:15:40.030",
"lastModified": "2025-02-12T20:15:40.030", "lastModified": "2025-02-13T15:15:20.500",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component." "value": "A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 2024.07.04 is able to address this issue. It is recommended to upgrade the affected component."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en ywoa hasta la versi\u00f3n 2024.07.03. Esta vulnerabilidad afecta a la funci\u00f3n listNameBySql del archivo com/cloudweb/oa/mapper/xml/UserMapper.xml. La manipulaci\u00f3n conduce a una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. La actualizaci\u00f3n a la versi\u00f3n 2024.07.04 puede solucionar este problema. Se recomienda actualizar el componente afectado."
} }
], ],
"metrics": { "metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +111,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -132,6 +136,10 @@
{ {
"url": "https://vuldb.com/?id.295210", "url": "https://vuldb.com/?id.295210",
"source": "cna@vuldb.com" "source": "cna@vuldb.com"
},
{
"url": "https://gitee.com/r1bbit/yimioa/issues/IBI731",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

41
CVE-2025/CVE-2025-216xx/CVE-2025-21698.json
View File

@ -2,48 +2,15 @@
"id": "CVE-2025-21698", "id": "CVE-2025-21698",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-12T14:15:32.900", "published": "2025-02-12T14:15:32.900",
"lastModified": "2025-02-12T14:15:32.900", "lastModified": "2025-02-13T16:16:48.690",
"vulnStatus": "Received", "vulnStatus": "Rejected",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRevert \"usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null\"\n\nThis reverts commit 13014969cbf07f18d62ceea40bd8ca8ec9d36cec.\n\nIt is reported to cause crashes on Tegra systems, so revert it for now." "value": "Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority."
} }
], ],
"metrics": {}, "metrics": {},
"references": [ "references": []
{
"url": "https://git.kernel.org/stable/c/086fd062bc3883ae1ce4166cff5355db315ad879",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/20ce02f2f73af331dec76d3b8b78b18f4699db05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/33233b06ad15730d0463e8f152db2eca15c7f498",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3d8f4dc8c78ffd77a4106614977c1e51531690f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76e7577bb89b327abdf72d4c0d486074a17f712a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/99c866bea85efdebfb6953a8a305f21ef5ca4991",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bb50dc2aa49dcb5cc81205d814c08337b5da28ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f8b8883ad76d36ee890b18311096af7af7d7a921",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
} }

33
CVE-2025/CVE-2025-217xx/CVE-2025-21701.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-21701",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-02-13T15:15:20.867",
"lastModified": "2025-02-13T15:15:20.867",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: avoid race between device unregistration and ethnl ops\n\nThe following trace can be seen if a device is being unregistered while\nits number of channels are being modified.\n\n DEBUG_LOCKS_WARN_ON(lock->magic != lock)\n WARNING: CPU: 3 PID: 3754 at kernel/locking/mutex.c:564 __mutex_lock+0xc8a/0x1120\n CPU: 3 UID: 0 PID: 3754 Comm: ethtool Not tainted 6.13.0-rc6+ #771\n RIP: 0010:__mutex_lock+0xc8a/0x1120\n Call Trace:\n <TASK>\n ethtool_check_max_channel+0x1ea/0x880\n ethnl_set_channels+0x3c3/0xb10\n ethnl_default_set_doit+0x306/0x650\n genl_family_rcv_msg_doit+0x1e3/0x2c0\n genl_rcv_msg+0x432/0x6f0\n netlink_rcv_skb+0x13d/0x3b0\n genl_rcv+0x28/0x40\n netlink_unicast+0x42e/0x720\n netlink_sendmsg+0x765/0xc20\n __sys_sendto+0x3ac/0x420\n __x64_sys_sendto+0xe0/0x1c0\n do_syscall_64+0x95/0x180\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThis is because unregister_netdevice_many_notify might run before the\nrtnl lock section of ethnl operations, eg. set_channels in the above\nexample. In this example the rss lock would be destroyed by the device\nunregistration path before being used again, but in general running\nethnl operations while dismantle has started is not a good idea.\n\nFix this by denying any operation on devices being unregistered. A check\nwas already there in ethnl_ops_begin, but not wide enough.\n\nNote that the same issue cannot be seen on the ioctl version\n(__dev_ethtool) because the device reference is retrieved from within\nthe rtnl lock section there. Once dismantle started, the net device is\nunlisted and no reference will be found."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/12e070eb6964b341b41677fd260af5a305316a1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f29127e94ae9fdc7497331003d6860e9551cdf3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4dc880245f9b529fa8f476b5553c799d2848b47b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b382ab9b885cbb665e0e70a727f101c981b4edf3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

56
CVE-2025/CVE-2025-224xx/CVE-2025-22480.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22480",
"sourceIdentifier": "security_alert@emc.com",
"published": "2025-02-13T16:16:48.777",
"lastModified": "2025-02-13T16:16:48.777",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell SupportAssist OS Recovery versions prior to 5.5.13.1 contain a symbolic link attack vulnerability. A low-privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary file deletion and Elevation of Privileges."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-61"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000275712/dsa-2025-051",
"source": "security_alert@emc.com"
}
]
}

89
CVE-2025/CVE-2025-242xx/CVE-2025-24200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2025-24200", "id": "CVE-2025-24200",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2025-02-10T19:15:40.107", "published": "2025-02-10T19:15:40.107",
"lastModified": "2025-02-13T02:00:01.817", "lastModified": "2025-02-13T16:24:24.953",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -44,6 +64,16 @@
"cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.", "cisaRequiredAction": "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
"cisaVulnerabilityName": "Apple iOS and iPadOS Incorrect Authorization Vulnerability", "cisaVulnerabilityName": "Apple iOS and iPadOS Incorrect Authorization Vulnerability",
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -55,22 +85,69 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.5",
"matchCriteriaId": "2D76DB6B-CB2C-4E13-B6A0-8EAAF97BA82A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0",
"versionEndExcluding": "18.3.1",
"matchCriteriaId": "A77F4D69-3C11-4074-A7E6-C85767F026EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.3.1",
"matchCriteriaId": "FCFC977D-A942-42CC-80CD-6DE07C4870AB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/122173", "url": "https://support.apple.com/en-us/122173",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/122174", "url": "https://support.apple.com/en-us/122174",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2025/Feb/7", "url": "http://seclists.org/fulldisclosure/2025/Feb/7",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2025/Feb/8", "url": "http://seclists.org/fulldisclosure/2025/Feb/8",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
} }
] ]
} }

60
CVE-2025/CVE-2025-249xx/CVE-2025-24903.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-24903",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-02-13T16:16:48.913",
"lastModified": "2025-02-13T16:16:48.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user. The origin of sync messages is not checked. Patched libsignal-service can be found after commit 82d70f6720e762898f34ae76b0894b0297d9b2f8. The `Metadata` struct contains an additional `was_encrypted` field, which breaks the API, but should be easily resolvable. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
}
],
"references": [
{
"url": "https://github.com/whisperfish/libsignal-service-rs/commit/82d70f6720e762898f34ae76b0894b0297d9b2f8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/whisperfish/libsignal-service-rs/security/advisories/GHSA-r58q-66g9-h6g8",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2025/CVE-2025-249xx/CVE-2025-24904.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2025-24904",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-02-13T16:16:49.053",
"lastModified": "2025-02-13T16:16:49.053",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or a malicious client, and may have been able to bypass the end-to-end encryption and authentication. The vulnerability is fixed per 82d70f6720e762898f34ae76b0894b0297d9b2f8. The `Metadata` struct contains an additional `was_encrypted` field, which breaks the API, but should be easily resolvable. No known workarounds are available."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/whisperfish/libsignal-service-rs/commit/82d70f6720e762898f34ae76b0894b0297d9b2f8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/whisperfish/libsignal-service-rs/security/advisories/GHSA-hrrc-wpfw-5hj2",
"source": "security-advisories@github.com"
}
]
}

68
CVE-2025/CVE-2025-252xx/CVE-2025-25287.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2025-25287",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-02-13T16:16:49.187",
"lastModified": "2025-02-13T16:16:49.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Lakeus is a simple skin made for MediaWiki. Starting in version 1.8.0 and prior to versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0, Lakeus is vulnerable to store cross-site scripting via malicious system messages, though editing the messages requires high privileges. Those with `(editinterface)` rights can edit system messages that are improperly handled in order to send raw HTML. In the case of `lakeus-footermessage`, this will affect all users if the server is configured to link back to this repository. Otherwise, the system messages in themeDesigner.js are only used when the user enables it in their preferences. Versions 1.3.1+REL1.39, 1.3.1+REL1.42, and 1.4.0 contain a patch."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/lakejason0/mediawiki-skins-Lakeus/blob/82ad2cd341f85b814a6a0f37969e6210ebf2521d/includes/SkinLakeus.php#L27",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lakejason0/mediawiki-skins-Lakeus/blob/82ad2cd341f85b814a6a0f37969e6210ebf2521d/resources/themeDesigner.js",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lakejason0/mediawiki-skins-Lakeus/commit/fb79928f06efa47677fff27e0f4755eb32b1c8d9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/lakejason0/mediawiki-skins-Lakeus/security/advisories/GHSA-mq77-3q68-v64v",
"source": "security-advisories@github.com"
}
]
}

21
CVE-2025/CVE-2025-253xx/CVE-2025-25352.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-25352",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-13T16:16:49.343",
"lastModified": "2025-02-13T16:16:49.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability was found in /admin/aboutus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the pagetitle POST request parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/SQL%20Injection%20About.pdf",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-253xx/CVE-2025-25354.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-25354",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-13T16:16:49.433",
"lastModified": "2025-02-13T16:16:49.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection was found in /admin/admin-profile.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the contactnumber POST request parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/SQL%20Injection%20contact.pdf",
"source": "cve@mitre.org"
}
]
}

21
CVE-2025/CVE-2025-253xx/CVE-2025-25355.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2025-25355",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-02-13T16:16:49.530",
"lastModified": "2025-02-13T16:16:49.530",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability was found in /admin/bwdates-reports-details.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the fromdate POST request parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/SQL%20Injection%20fromdate.pdf",
"source": "cve@mitre.org"
}
]
}

Some files were not shown because too many files have changed in this diff Show More