admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-21T17:00:40.320556+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-21 17:04:09 +00:00
parent 65b84b095f
commit 08e337155a
134 changed files with 7519 additions and 497 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
CVE-2008/CVE-2008-71xx/CVE-2008-7109.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2008-7109", "id": "CVE-2008-7109",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2009-08-28T15:30:00.280", "published": "2009-08-28T15:30:00.280",
"lastModified": "2024-11-21T00:58:17.817", "lastModified": "2025-01-21T16:15:07.623",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-863" "value": "CWE-863"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
} }
], ],
"configurations": [ "configurations": [

24
CVE-2009/CVE-2009-00xx/CVE-2009-0082.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-0082", "id": "CVE-2009-0082",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2009-03-10T20:30:01.483", "published": "2009-03-10T20:30:01.483",
"lastModified": "2024-11-21T00:59:00.933", "lastModified": "2025-01-21T16:15:08.470",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [ "cvssMetricV2": [
{ {
"source": "nvd@nist.gov", "source": "nvd@nist.gov",

24
CVE-2009/CVE-2009-01xx/CVE-2009-0130.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-0130", "id": "CVE-2009-0130",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2009-01-15T17:30:00.640", "published": "2009-01-15T17:30:00.640",
"lastModified": "2024-11-21T00:59:07.410", "lastModified": "2025-01-21T16:15:08.717",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [ "cveTags": [
{ {
@ -23,6 +23,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [ "cvssMetricV2": [
{ {
"source": "nvd@nist.gov", "source": "nvd@nist.gov",

24
CVE-2009/CVE-2009-05xx/CVE-2009-0554.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-0554", "id": "CVE-2009-0554",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2009-04-15T08:00:00.687", "published": "2009-04-15T08:00:00.687",
"lastModified": "2024-11-21T01:00:18.450", "lastModified": "2025-01-21T16:15:08.967",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [ "cvssMetricV2": [
{ {
"source": "nvd@nist.gov", "source": "nvd@nist.gov",

34
CVE-2009/CVE-2009-15xx/CVE-2009-1532.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-1532", "id": "CVE-2009-1532",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2009-06-10T18:30:00.530", "published": "2009-06-10T18:30:00.530",
"lastModified": "2024-11-21T01:02:41.780", "lastModified": "2025-01-21T16:15:09.300",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [ "cvssMetricV2": [
{ {
"source": "nvd@nist.gov", "source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2009/CVE-2009-19xx/CVE-2009-1936.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-1936", "id": "CVE-2009-1936",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2009-06-05T18:30:00.187", "published": "2009-06-05T18:30:00.187",
"lastModified": "2024-11-21T01:03:44.170", "lastModified": "2025-01-21T16:15:09.737",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-22" "value": "CWE-22"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
} }
], ],
"configurations": [ "configurations": [

22
CVE-2009/CVE-2009-21xx/CVE-2009-2168.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-2168", "id": "CVE-2009-2168",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2009-06-22T20:30:00.327", "published": "2009-06-22T20:30:00.327",
"lastModified": "2024-11-21T01:04:17.133", "lastModified": "2025-01-21T16:15:10.100",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [

32
CVE-2009/CVE-2009-24xx/CVE-2009-2416.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-2416", "id": "CVE-2009-2416",
"sourceIdentifier": "secalert@redhat.com", "sourceIdentifier": "secalert@redhat.com",
"published": "2009-08-11T18:30:00.983", "published": "2009-08-11T18:30:00.983",
"lastModified": "2024-11-21T01:04:49.253", "lastModified": "2025-01-21T16:15:10.397",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-416" "value": "CWE-416"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
} }
], ],
"configurations": [ "configurations": [

34
CVE-2009/CVE-2009-24xx/CVE-2009-2494.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-2494", "id": "CVE-2009-2494",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2009-08-12T17:30:00.750", "published": "2009-08-12T17:30:00.750",
"lastModified": "2024-11-21T01:05:00.813", "lastModified": "2025-01-21T16:15:10.823",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [ "cvssMetricV2": [
{ {
"source": "nvd@nist.gov", "source": "nvd@nist.gov",
@ -52,6 +74,16 @@
"value": "CWE-94" "value": "CWE-94"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"configurations": [ "configurations": [

32
CVE-2009/CVE-2009-28xx/CVE-2009-2857.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2009-2857", "id": "CVE-2009-2857",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2009-08-19T17:30:01.170", "published": "2009-08-19T17:30:01.170",
"lastModified": "2024-11-21T01:05:54.947", "lastModified": "2025-01-21T16:15:11.127",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-667" "value": "CWE-667"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
} }
], ],
"configurations": [ "configurations": [

43
CVE-2018/CVE-2018-93xx/CVE-2018-9387.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2018-9387", "id": "CVE-2018-9387",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2025-01-18T00:15:23.930", "published": "2025-01-18T00:15:23.930",
"lastModified": "2025-01-18T00:15:23.930", "lastModified": "2025-01-21T16:15:11.453",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." "value": "In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En multiple functions de mnh-sm.c, existe una forma posible de provocar un desbordamiento de mont\u00f3n debido a un desbordamiento de enteros. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01", "url": "https://source.android.com/security/bulletin/pixel/2018-06-01",

43
CVE-2018/CVE-2018-94xx/CVE-2018-9401.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2018-9401", "id": "CVE-2018-9401",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2025-01-18T00:15:24.707", "published": "2025-01-18T00:15:24.707",
"lastModified": "2025-01-18T00:15:24.707", "lastModified": "2025-01-21T16:15:11.637",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." "value": "In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En muchas ubicaciones, existe una forma posible de acceder a la memoria del n\u00facleo en el espacio de usuario debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01", "url": "https://source.android.com/security/bulletin/pixel/2018-06-01",

43
CVE-2018/CVE-2018-94xx/CVE-2018-9405.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2018-9405", "id": "CVE-2018-9405",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2025-01-18T00:15:24.807", "published": "2025-01-18T00:15:24.807",
"lastModified": "2025-01-18T00:15:24.807", "lastModified": "2025-01-21T16:15:11.810",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation." "value": "In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En BnDmAgent::onTransact de dm_agent.cpp, existe una posible escritura fuera de los l\u00edmites debido a una neutra. Esto podr\u00eda provocar una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01", "url": "https://source.android.com/security/bulletin/pixel/2018-06-01",

43
CVE-2018/CVE-2018-94xx/CVE-2018-9461.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2018-9461", "id": "CVE-2018-9461",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2025-01-18T00:15:25.043", "published": "2025-01-18T00:15:25.043",
"lastModified": "2025-01-18T00:15:25.043", "lastModified": "2025-01-21T16:15:11.970",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." "value": "In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En onAttachFragment de ShareIntentActivity.java, existe una forma posible de que una aplicaci\u00f3n lea archivos en la aplicaci\u00f3n de mensajes debido a una condici\u00f3n ejecuci\u00f3n. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01", "url": "https://source.android.com/security/bulletin/pixel/2018-08-01",

43
CVE-2018/CVE-2018-94xx/CVE-2018-9464.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2018-9464", "id": "CVE-2018-9464",
"sourceIdentifier": "security@android.com", "sourceIdentifier": "security@android.com",
"published": "2025-01-18T00:15:25.163", "published": "2025-01-18T00:15:25.163",
"lastModified": "2025-01-18T00:15:25.163", "lastModified": "2025-01-21T16:15:12.133",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." "value": "In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En varias ubicaciones, existe una forma posible de leer archivos protegidos debido a la falta de una verificaci\u00f3n de permisos. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2018-08-01", "url": "https://source.android.com/security/bulletin/pixel/2018-08-01",

12
CVE-2023/CVE-2023-232xx/CVE-2023-23299.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23299", "id": "CVE-2023-23299",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-05-23T20:15:09.330", "published": "2023-05-23T20:15:09.330",
"lastModified": "2024-11-21T07:45:57.840", "lastModified": "2025-01-21T15:15:10.590",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo" "value": "NVD-CWE-noinfo"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
} }
], ],
"configurations": [ "configurations": [

66
CVE-2024/CVE-2024-07xx/CVE-2024-0795.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0795", "id": "CVE-2024-0795",
"sourceIdentifier": "security@huntr.dev", "sourceIdentifier": "security@huntr.dev",
"published": "2024-03-02T22:15:49.813", "published": "2024-03-02T22:15:49.813",
"lastModified": "2024-11-21T08:47:23.423", "lastModified": "2025-01-21T15:06:36.627",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "security@huntr.dev", "source": "security@huntr.dev",
@ -51,22 +73,54 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.0",
"matchCriteriaId": "0D667E32-5A5C-479C-BB81-47F3BCA38C13"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564", "url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec", "url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec",
"source": "security@huntr.dev" "source": "security@huntr.dev",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564", "url": "https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec", "url": "https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-11xx/CVE-2024-1169.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1169", "id": "CVE-2024-1169",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-07T11:15:06.943", "published": "2024-03-07T11:15:06.943",
"lastModified": "2024-11-21T08:49:57.153", "lastModified": "2025-01-21T16:59:48.077",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,33 +36,101 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themekraft:post_form:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8.8",
"matchCriteriaId": "0E5E7917-79DC-4AF6-A0B8-2E052BEAAE7A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466", "url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php", "url": "https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466", "url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php", "url": "https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-11xx/CVE-2024-1170.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1170", "id": "CVE-2024-1170",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-07T11:15:07.643", "published": "2024-03-07T11:15:07.643",
"lastModified": "2024-11-21T08:49:57.283", "lastModified": "2025-01-21T16:58:56.397",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,33 +36,101 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 4.2 "impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themekraft:post_form:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.8.8",
"matchCriteriaId": "0E5E7917-79DC-4AF6-A0B8-2E052BEAAE7A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493", "url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7", "url": "https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493", "url": "https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7", "url": "https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

84
CVE-2024/CVE-2024-17xx/CVE-2024-1720.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1720", "id": "CVE-2024-1720",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-07T06:15:50.630", "published": "2024-03-07T06:15:50.630",
"lastModified": "2024-11-21T08:51:09.613", "lastModified": "2025-01-21T16:55:34.067",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,33 +36,101 @@
}, },
"exploitabilityScore": 1.6, "exploitabilityScore": 1.6,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpuserregistration:user_registration_\\&_membership:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.5",
"matchCriteriaId": "8CE9F090-B5CE-4D9C-A1C9-5F9ECD078B33"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/class-ur-shortcodes.php#L288", "url": "https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/class-ur-shortcodes.php#L288",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3045419/user-registration/trunk/includes/class-ur-shortcodes.php", "url": "https://plugins.trac.wordpress.org/changeset/3045419/user-registration/trunk/includes/class-ur-shortcodes.php",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/class-ur-shortcodes.php#L288", "url": "https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/class-ur-shortcodes.php#L288",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3045419/user-registration/trunk/includes/class-ur-shortcodes.php", "url": "https://plugins.trac.wordpress.org/changeset/3045419/user-registration/trunk/includes/class-ur-shortcodes.php",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

74
CVE-2024/CVE-2024-17xx/CVE-2024-1761.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1761", "id": "CVE-2024-1761",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-03-07T05:15:54.140", "published": "2024-03-07T05:15:54.140",
"lastModified": "2024-11-21T08:51:15.300", "lastModified": "2025-01-21T16:53:47.587",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,25 +36,87 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ninjateam:wp_chat_app:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.6.1",
"matchCriteriaId": "DA248324-7961-40CC-A998-665661C74CE5"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044368%40wp-whatsapp%2Ftrunk&old=3029885%40wp-whatsapp%2Ftrunk&sfp_email=&sfph_mail=#file4", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044368%40wp-whatsapp%2Ftrunk&old=3029885%40wp-whatsapp%2Ftrunk&sfp_email=&sfph_mail=#file4",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85a94f32-e1e5-48ea-822e-c54d0592da28?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85a94f32-e1e5-48ea-822e-c54d0592da28?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044368%40wp-whatsapp%2Ftrunk&old=3029885%40wp-whatsapp%2Ftrunk&sfp_email=&sfph_mail=#file4", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044368%40wp-whatsapp%2Ftrunk&old=3029885%40wp-whatsapp%2Ftrunk&sfp_email=&sfph_mail=#file4",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85a94f32-e1e5-48ea-822e-c54d0592da28?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/85a94f32-e1e5-48ea-822e-c54d0592da28?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

75
CVE-2024/CVE-2024-20xx/CVE-2024-2021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2021", "id": "CVE-2024-2021",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T00:15:52.070", "published": "2024-03-01T00:15:52.070",
"lastModified": "2024-11-21T09:08:49.797", "lastModified": "2025-01-21T15:01:00.477",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -76,30 +96,69 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netentsec:application_security_gateway:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A708923-EF5F-4F53-86F3-DF0366E6FB58"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/dtxharry/cve/blob/main/cve.md", "url": "https://github.com/dtxharry/cve/blob/main/cve.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.255300", "url": "https://vuldb.com/?ctiid.255300",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.255300", "url": "https://vuldb.com/?id.255300",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/dtxharry/cve/blob/main/cve.md", "url": "https://github.com/dtxharry/cve/blob/main/cve.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.255300", "url": "https://vuldb.com/?ctiid.255300",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.255300", "url": "https://vuldb.com/?id.255300",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

75
CVE-2024/CVE-2024-20xx/CVE-2024-2022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2022", "id": "CVE-2024-2022",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T00:15:52.290", "published": "2024-03-01T00:15:52.290",
"lastModified": "2024-11-21T09:08:50.000", "lastModified": "2025-01-21T15:06:02.787",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 3.4 "impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -76,30 +96,69 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netentsec:application_security_gateway:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7A708923-EF5F-4F53-86F3-DF0366E6FB58"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/zouzuo1994321/cve/blob/main/cve.md", "url": "https://github.com/zouzuo1994321/cve/blob/main/cve.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.255301", "url": "https://vuldb.com/?ctiid.255301",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.255301", "url": "https://vuldb.com/?id.255301",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/zouzuo1994321/cve/blob/main/cve.md", "url": "https://github.com/zouzuo1994321/cve/blob/main/cve.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.255301", "url": "https://vuldb.com/?ctiid.255301",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
]
}, },
{ {
"url": "https://vuldb.com/?id.255301", "url": "https://vuldb.com/?id.255301",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

61
CVE-2024/CVE-2024-228xx/CVE-2024-22889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22889", "id": "CVE-2024-22889",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-06T00:15:52.633", "published": "2024-03-06T00:15:52.633",
"lastModified": "2024-11-21T08:56:44.683", "lastModified": "2025-01-21T16:53:16.990",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,14 +81,37 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plone:plone:6.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0E44CB-496D-4CCF-AEE3-A8013D0092B0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9", "url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9", "url": "https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

71
CVE-2024/CVE-2024-240xx/CVE-2024-24098.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24098", "id": "CVE-2024-24098",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T16:15:49.290", "published": "2024-03-05T16:15:49.290",
"lastModified": "2024-11-21T08:58:54.873", "lastModified": "2025-01-21T15:07:45.900",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,22 +81,51 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:scholars_tracking_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A1ABFE94-859C-4763-AF6F-3278761A395A"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://code-projects.org/scholars-tracking-system-in-php-with-source-code/", "url": "https://code-projects.org/scholars-tracking-system-in-php-with-source-code/",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/ASR511-OO7/CVE-2024-24098/blob/main/CVE-13", "url": "https://github.com/ASR511-OO7/CVE-2024-24098/blob/main/CVE-13",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://code-projects.org/scholars-tracking-system-in-php-with-source-code/", "url": "https://code-projects.org/scholars-tracking-system-in-php-with-source-code/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
}, },
{ {
"url": "https://github.com/ASR511-OO7/CVE-2024-24098/blob/main/CVE-13", "url": "https://github.com/ASR511-OO7/CVE-2024-24098/blob/main/CVE-13",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

72
CVE-2024/CVE-2024-258xx/CVE-2024-25865.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25865", "id": "CVE-2024-25865",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-02T22:15:50.293", "published": "2024-03-02T22:15:50.293",
"lastModified": "2024-11-21T09:01:28.413", "lastModified": "2025-01-21T15:06:54.557",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,77 @@
"value": "Vulnerabilidad de Cross Site Scripting (XSS) en hexo-theme-anzhiyu v1.6.12, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de b\u00fasqueda de algolia." "value": "Vulnerabilidad de Cross Site Scripting (XSS) en hexo-theme-anzhiyu v1.6.12, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n de b\u00fasqueda de algolia."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anzhiyu-c:hexo-theme-anzhiyu:1.6.12:*:*:*:*:*:*:*",
"matchCriteriaId": "771C3906-072E-404B-9559-6DC3722B8C67"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/anzhiyu-c/hexo-theme-anzhiyu/issues/200", "url": "https://github.com/anzhiyu-c/hexo-theme-anzhiyu/issues/200",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/anzhiyu-c/hexo-theme-anzhiyu/issues/200", "url": "https://github.com/anzhiyu-c/hexo-theme-anzhiyu/issues/200",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-275xx/CVE-2024-27561.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27561", "id": "CVE-2024-27561",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:06.887", "published": "2024-03-05T17:15:06.887",
"lastModified": "2024-11-21T09:04:44.453", "lastModified": "2025-01-21T15:08:34.140",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,14 +81,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wondercms:wondercms:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C34DD4B5-9079-44C3-B20C-1B5DC5236D30"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md", "url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md", "url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

63
CVE-2024/CVE-2024-275xx/CVE-2024-27563.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27563", "id": "CVE-2024-27563",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:06.947", "published": "2024-03-05T17:15:06.947",
"lastModified": "2024-11-21T09:04:44.700", "lastModified": "2025-01-21T15:08:45.213",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,14 +81,39 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wondercms:wondercms:3.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C34DD4B5-9079-44C3-B20C-1B5DC5236D30"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md", "url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md", "url": "https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

67
CVE-2024/CVE-2024-275xx/CVE-2024-27564.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27564", "id": "CVE-2024-27564",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:06.997", "published": "2024-03-05T17:15:06.997",
"lastModified": "2024-11-21T09:04:44.910", "lastModified": "2025-01-21T15:10:48.757",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,14 +81,43 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dirk1983:chatgpt:2023-05-23:*:*:*:*:*:*:*",
"matchCriteriaId": "5317B8B1-AEDD-4F2B-8345-3A4BCF6F07B1"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/dirk1983/chatgpt/issues/114", "url": "https://github.com/dirk1983/chatgpt/issues/114",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/dirk1983/chatgpt/issues/114", "url": "https://github.com/dirk1983/chatgpt/issues/114",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
]
} }
] ]
} }

67
CVE-2024/CVE-2024-275xx/CVE-2024-27565.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27565", "id": "CVE-2024-27565",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T17:15:07.050", "published": "2024-03-05T17:15:07.050",
"lastModified": "2024-11-21T09:04:45.113", "lastModified": "2025-01-21T15:11:29.370",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,14 +81,43 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dirk1983:chatgpt-wechat-personal:2023-03-29:*:*:*:*:*:*:*",
"matchCriteriaId": "039459E1-5EF4-4EDB-9236-906E55ADB7A6"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/dirk1983/chatgpt-wechat-personal/issues/4", "url": "https://github.com/dirk1983/chatgpt-wechat-personal/issues/4",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/dirk1983/chatgpt-wechat-personal/issues/4", "url": "https://github.com/dirk1983/chatgpt-wechat-personal/issues/4",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Mitigation",
"Vendor Advisory"
]
} }
] ]
} }

66
CVE-2024/CVE-2024-277xx/CVE-2024-27765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27765", "id": "CVE-2024-27765",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:08.050", "published": "2024-03-05T23:15:08.050",
"lastModified": "2024-11-21T09:05:00.727", "lastModified": "2025-01-21T16:52:29.603",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,14 +81,42 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jeewms:jeewms:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.7",
"matchCriteriaId": "5941D9D7-DA1E-4174-85A0-5C43D940CD9C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90", "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
}, },
{ {
"url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90", "url": "https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
]
} }
] ]
} }

71
CVE-2024/CVE-2024-279xx/CVE-2024-27913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27913", "id": "CVE-2024-27913",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T07:15:09.677", "published": "2024-02-28T07:15:09.677",
"lastModified": "2024-11-21T09:05:24.547", "lastModified": "2025-01-21T14:55:08.587",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,76 @@
"value": "ospf_te_parse_te en ospfd/ospf_te.c en FRRouting (FRR) hasta 9.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del daemon ospfd) a trav\u00e9s de un paquete OSPF LSA mal formado, debido a un intento de acceso a un campo de atributo faltante." "value": "ospf_te_parse_te en ospfd/ospf_te.c en FRRouting (FRR) hasta 9.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del daemon ospfd) a trav\u00e9s de un paquete OSPF LSA mal formado, debido a un intento de acceso a un campo de atributo faltante."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:frrouting:frrouting:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.0",
"matchCriteriaId": "70C40213-CD55-4ED3-ACEC-365B40D4252C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/FRRouting/frr/pull/15431", "url": "https://github.com/FRRouting/frr/pull/15431",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
}, },
{ {
"url": "https://github.com/FRRouting/frr/pull/15431", "url": "https://github.com/FRRouting/frr/pull/15431",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
]
} }
] ]
} }

71
CVE-2024/CVE-2024-279xx/CVE-2024-27929.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27929", "id": "CVE-2024-27929",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-05T17:15:07.097", "published": "2024-03-05T17:15:07.097",
"lastModified": "2024-11-21T09:05:26.350", "lastModified": "2025-01-21T15:14:31.287",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.2 "impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
} }
] ]
}, },
@ -49,16 +69,59 @@
"value": "CWE-416" "value": "CWE-416"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.7",
"matchCriteriaId": "6E09C0AC-A735-4459-A0FC-F78229B384D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.0",
"versionEndExcluding": "3.1.3",
"matchCriteriaId": "78410C1A-0CE5-46D9-B989-97DE97235B30"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r", "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r", "url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

74
CVE-2024/CVE-2024-29xx/CVE-2024-2966.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2966", "id": "CVE-2024-2966",
"sourceIdentifier": "security@wordfence.com", "sourceIdentifier": "security@wordfence.com",
"published": "2024-04-11T08:15:50.310", "published": "2024-04-11T08:15:50.310",
"lastModified": "2024-11-21T09:10:57.000", "lastModified": "2025-01-21T15:21:38.397",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,25 +36,87 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bdthemes:element_pack:*:*:*:*:lite:wordpress:*:*",
"versionEndExcluding": "5.6.0",
"matchCriteriaId": "A447896C-6024-4E60-9D1B-0B61A8D1FEBB"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3066178/bdthemes-element-pack-lite", "url": "https://plugins.trac.wordpress.org/changeset/3066178/bdthemes-element-pack-lite",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39e0fd33-4071-4510-a7d5-b499a8a3543c?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39e0fd33-4071-4510-a7d5-b499a8a3543c?source=cve",
"source": "security@wordfence.com" "source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://plugins.trac.wordpress.org/changeset/3066178/bdthemes-element-pack-lite", "url": "https://plugins.trac.wordpress.org/changeset/3066178/bdthemes-element-pack-lite",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39e0fd33-4071-4510-a7d5-b499a8a3543c?source=cve", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/39e0fd33-4071-4510-a7d5-b499a8a3543c?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

119
CVE-2024/CVE-2024-319xx/CVE-2024-31981.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31981", "id": "CVE-2024-31981",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-10T20:15:08.280", "published": "2024-04-10T20:15:08.280",
"lastModified": "2024-11-21T09:14:16.483", "lastModified": "2025-01-21T16:26:42.277",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,48 +69,123 @@
"value": "CWE-862" "value": "CWE-862"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.1",
"versionEndExcluding": "14.10.19",
"matchCriteriaId": "7385D8A9-93D4-4B6D-8030-67F9E3F3CB83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.4",
"matchCriteriaId": "C15AC764-BCCE-4AF3-98F5-28EC637500A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "15.9",
"matchCriteriaId": "3E8A87CB-01A7-4C55-99FF-93FAAC70532B"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3", "url": "https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73", "url": "https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9", "url": "https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21337", "url": "https://jira.xwiki.org/browse/XWIKI-21337",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3", "url": "https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73", "url": "https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9", "url": "https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21337", "url": "https://jira.xwiki.org/browse/XWIKI-21337",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

131
CVE-2024/CVE-2024-319xx/CVE-2024-31982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31982", "id": "CVE-2024-31982",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-10T20:15:08.463", "published": "2024-04-10T20:15:08.463",
"lastModified": "2024-11-21T09:14:16.600", "lastModified": "2025-01-21T16:25:17.337",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,56 +69,139 @@
"value": "CWE-95" "value": "CWE-95"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.4",
"versionEndExcluding": "14.10.20",
"matchCriteriaId": "752515BB-B999-4BDA-ADF3-56F3A8F14090"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.4",
"matchCriteriaId": "C15AC764-BCCE-4AF3-98F5-28EC637500A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "15.10",
"matchCriteriaId": "B214D1C2-C7E5-44D2-95BD-4FFE947436C2"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31", "url": "https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8", "url": "https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565", "url": "https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21472", "url": "https://jira.xwiki.org/browse/XWIKI-21472",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982", "url": "https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31", "url": "https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8", "url": "https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565", "url": "https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21472", "url": "https://jira.xwiki.org/browse/XWIKI-21472",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982", "url": "https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

134
CVE-2024/CVE-2024-319xx/CVE-2024-31983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31983", "id": "CVE-2024-31983",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-10T20:15:08.650", "published": "2024-04-10T20:15:08.650",
"lastModified": "2024-11-21T09:14:16.737", "lastModified": "2025-01-21T16:22:36.987",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,48 +69,138 @@
"value": "CWE-862" "value": "CWE-862"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3.1",
"versionEndExcluding": "14.10.20",
"matchCriteriaId": "75B593EA-BB03-487B-822F-4E2C46F76D99"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.4",
"matchCriteriaId": "C15AC764-BCCE-4AF3-98F5-28EC637500A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "15.10",
"matchCriteriaId": "B214D1C2-C7E5-44D2-95BD-4FFE947436C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:4.3:-:*:*:*:*:*:*",
"matchCriteriaId": "E4A0B6CE-A44D-43B0-91C7-839D93608077"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:4.3:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "F3AAC6FA-548D-4A38-A8FA-67E6D79641D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:4.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1C62BF98-ADD8-49DA-BFAD-55C9C957FDBC"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9", "url": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb", "url": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54", "url": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21411", "url": "https://jira.xwiki.org/browse/XWIKI-21411",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9", "url": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb", "url": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54", "url": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21411", "url": "https://jira.xwiki.org/browse/XWIKI-21411",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

161
CVE-2024/CVE-2024-319xx/CVE-2024-31984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31984", "id": "CVE-2024-31984",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-10T20:15:08.830", "published": "2024-04-10T20:15:08.830",
"lastModified": "2024-11-21T09:14:16.870", "lastModified": "2025-01-21T16:20:37.297",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,72 +69,177 @@
"value": "CWE-95" "value": "CWE-95"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3",
"versionEndExcluding": "14.10.20",
"matchCriteriaId": "8F0F34EC-F8C0-4EA5-A311-1BAFC9296FFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.4",
"matchCriteriaId": "C15AC764-BCCE-4AF3-98F5-28EC637500A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "15.10",
"matchCriteriaId": "B214D1C2-C7E5-44D2-95BD-4FFE947436C2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:7.2:-:*:*:*:*:*:*",
"matchCriteriaId": "FA9A56D4-A6C6-4FD7-8C70-0E7AA419F05A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:7.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "08C1CFAF-FD09-428F-A022-3A662709784E"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0", "url": "https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767", "url": "https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5", "url": "https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62", "url": "https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb", "url": "https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940", "url": "https://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21471", "url": "https://jira.xwiki.org/browse/XWIKI-21471",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0", "url": "https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767", "url": "https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5", "url": "https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62", "url": "https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb", "url": "https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940", "url": "https://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21471", "url": "https://jira.xwiki.org/browse/XWIKI-21471",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

119
CVE-2024/CVE-2024-319xx/CVE-2024-31986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31986", "id": "CVE-2024-31986",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-10T21:15:06.917", "published": "2024-04-10T21:15:06.917",
"lastModified": "2024-11-21T09:14:17.133", "lastModified": "2025-01-21T15:43:52.013",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -53,48 +73,123 @@
"value": "CWE-352" "value": "CWE-352"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1.1",
"versionEndExcluding": "14.10.19",
"matchCriteriaId": "416D6CB0-EB32-45AC-B541-C081EC033EAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.4",
"matchCriteriaId": "C15AC764-BCCE-4AF3-98F5-28EC637500A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "15.9",
"matchCriteriaId": "3E8A87CB-01A7-4C55-99FF-93FAAC70532B"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf", "url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87", "url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269", "url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21416", "url": "https://jira.xwiki.org/browse/XWIKI-21416",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf", "url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87", "url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269", "url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21416", "url": "https://jira.xwiki.org/browse/XWIKI-21416",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

121
CVE-2024/CVE-2024-319xx/CVE-2024-31987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31987", "id": "CVE-2024-31987",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-10T21:15:07.110", "published": "2024-04-10T21:15:07.110",
"lastModified": "2024-11-21T09:14:17.267", "lastModified": "2025-01-21T15:35:42.450",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,48 +69,125 @@
"value": "CWE-862" "value": "CWE-862"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "14.10.19",
"matchCriteriaId": "5D465952-0ED2-4468-9064-2BF9FEF45E11"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.4",
"matchCriteriaId": "C15AC764-BCCE-4AF3-98F5-28EC637500A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "15.10",
"matchCriteriaId": "B214D1C2-C7E5-44D2-95BD-4FFE947436C2"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39", "url": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2", "url": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56", "url": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21478", "url": "https://jira.xwiki.org/browse/XWIKI-21478",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39", "url": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2", "url": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56", "url": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}, },
{ {
"url": "https://jira.xwiki.org/browse/XWIKI-21478", "url": "https://jira.xwiki.org/browse/XWIKI-21478",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-325xx/CVE-2024-32555.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-32555",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:07.027",
"lastModified": "2025-01-21T14:15:07.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in NotFound Easy Real Estate allows Privilege Escalation. This issue affects Easy Real Estate: from n/a through 2.2.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/easy-real-estate/vulnerability/wordpress-easy-real-estate-plugin-2-2-6-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

52
CVE-2024/CVE-2024-327xx/CVE-2024-32794.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32794", "id": "CVE-2024-32794",
"sourceIdentifier": "audit@patchstack.com", "sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-24T15:15:47.350", "published": "2024-04-24T15:15:47.350",
"lastModified": "2024-11-21T09:15:44.157", "lastModified": "2025-01-21T14:49:53.260",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -51,14 +71,38 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:strangerstudios:paid_memberships_pro:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0",
"matchCriteriaId": "056698AA-9625-4637-B733-41DE0235F5E3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-2-12-10-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-2-12-10-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com" "source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}, },
{ {
"url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-2-12-10-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve", "url": "https://patchstack.com/database/vulnerability/paid-memberships-pro/wordpress-paid-memberships-pro-plugin-2-12-10-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

83
CVE-2024/CVE-2024-343xx/CVE-2024-34355.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34355", "id": "CVE-2024-34355",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-14T16:17:24.230", "published": "2024-05-14T16:17:24.230",
"lastModified": "2024-11-21T09:18:29.623", "lastModified": "2025-01-21T16:08:57.453",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.1, "exploitabilityScore": 2.1,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
@ -53,32 +73,79 @@
"value": "CWE-116" "value": "CWE-116"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.1.1",
"matchCriteriaId": "D2C76A9E-3FD0-4614-8743-F1E99CC6FC99"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375", "url": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc", "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-007", "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-007",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375", "url": "https://github.com/TYPO3/typo3/commit/56afa304ba8b5ad302e15df5def71bcc8d820375",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc", "url": "https://github.com/TYPO3/typo3/security/advisories/GHSA-xjwx-78x7-q6jc",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://typo3.org/security/advisory/typo3-core-sa-2024-007", "url": "https://typo3.org/security/advisory/typo3-core-sa-2024-007",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-347xx/CVE-2024-34716.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34716", "id": "CVE-2024-34716",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-14T16:17:28.073", "published": "2024-05-14T16:17:28.073",
"lastModified": "2024-11-21T09:19:15.370", "lastModified": "2025-01-21T16:06:58.623",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
} }
] ]
}, },
@ -49,24 +69,65 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.1.0",
"versionEndExcluding": "8.1.6",
"matchCriteriaId": "27D84E2B-407D-4315-A9A4-DF2308ED678F"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78", "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78", "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

71
CVE-2024/CVE-2024-347xx/CVE-2024-34717.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34717", "id": "CVE-2024-34717",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-05-14T16:17:28.540", "published": "2024-05-14T16:17:28.540",
"lastModified": "2024-11-21T09:19:15.500", "lastModified": "2025-01-21T16:04:37.930",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
} }
] ]
}, },
@ -49,24 +69,63 @@
"value": "CWE-200" "value": "CWE-200"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:prestashop:prestashop:8.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20D74243-769B-49FB-B200-5843009D0A0F"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7pjr-2rgh-fc5g", "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7pjr-2rgh-fc5g",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6", "url": "https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
}, },
{ {
"url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7pjr-2rgh-fc5g", "url": "https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-7pjr-2rgh-fc5g",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

75
CVE-2024/CVE-2024-371xx/CVE-2024-37164.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37164", "id": "CVE-2024-37164",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-13T15:15:52.990", "published": "2024-06-13T15:15:52.990",
"lastModified": "2024-11-21T09:23:20.460", "lastModified": "2025-01-21T14:35:52.867",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 4.7 "impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
} }
] ]
}, },
@ -49,24 +69,67 @@
"value": "CWE-918" "value": "CWE-918"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.1.0",
"versionEndExcluding": "2.14.3",
"matchCriteriaId": "79D9A221-39D1-431D-8E97-21847C8ACEB6"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c", "url": "https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6", "url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c", "url": "https://github.com/cvat-ai/cvat/commit/f2346934c80bd91740f55c2788ef7d535a291d4c",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6", "url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-q684-4jjh-83g6",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

75
CVE-2024/CVE-2024-373xx/CVE-2024-37306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37306", "id": "CVE-2024-37306",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-06-13T15:15:53.333", "published": "2024-06-13T15:15:53.333",
"lastModified": "2024-11-21T09:23:34.460", "lastModified": "2025-01-21T14:37:34.690",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 4.2 "impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
} }
] ]
}, },
@ -49,24 +69,67 @@
"value": "CWE-352" "value": "CWE-352"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.2.0",
"versionEndExcluding": "2.14.3",
"matchCriteriaId": "A2D2208D-9E3B-4621-896F-8CFAD83E10F6"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce", "url": "https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7", "url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}, },
{ {
"url": "https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce", "url": "https://github.com/cvat-ai/cvat/commit/5d36d10e493d92e893d7eae595544bcbe9cce1ce",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7", "url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-jpf9-646h-4px7",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-38xx/CVE-2024-3863.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3863", "id": "CVE-2024-3863",
"sourceIdentifier": "security@mozilla.org", "sourceIdentifier": "security@mozilla.org",
"published": "2024-04-16T16:15:08.870", "published": "2024-04-16T16:15:08.870",
"lastModified": "2024-11-21T09:30:34.970", "lastModified": "2025-01-21T16:52:27.313",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,128 @@
"value": "La advertencia del archivo ejecutable no se present\u00f3 al descargar archivos .xrm-ms. *Nota: Este problema solo afect\u00f3 a los sistemas operativos Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10." "value": "La advertencia del archivo ejecutable no se present\u00f3 al descargar archivos .xrm-ms. *Nota: Este problema solo afect\u00f3 a los sistemas operativos Windows. Otros sistemas operativos no se ven afectados.* Esta vulnerabilidad afecta a Firefox < 125 y Firefox ESR < 115.10."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*",
"versionEndExcluding": "115.10.0",
"matchCriteriaId": "3F21776B-01C2-4251-843F-0CC6AE208BAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*",
"versionEndExcluding": "125.0",
"matchCriteriaId": "4A9A567D-16CB-472A-A95B-31BCFB1DFC10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
"versionEndExcluding": "115.10",
"matchCriteriaId": "E0E4DEC0-5D13-48E9-B6A5-2DC8F30785DE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885855", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885855",
"source": "security@mozilla.org" "source": "security@mozilla.org",
"tags": [
"Issue Tracking"
]
}, },
{ {
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"source": "security@mozilla.org" "source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"source": "security@mozilla.org" "source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.mozilla.org/security/advisories/mfsa2024-20/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/",
"source": "security@mozilla.org" "source": "security@mozilla.org",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885855", "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885855",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
]
}, },
{ {
"url": "https://www.mozilla.org/security/advisories/mfsa2024-18/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-18/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.mozilla.org/security/advisories/mfsa2024-19/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-19/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.mozilla.org/security/advisories/mfsa2024-20/", "url": "https://www.mozilla.org/security/advisories/mfsa2024-20/",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

62
CVE-2024/CVE-2024-38xx/CVE-2024-3872.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3872", "id": "CVE-2024-3872",
"sourceIdentifier": "responsibledisclosure@mattermost.com", "sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-04-16T09:15:08.817", "published": "2024-04-16T09:15:08.817",
"lastModified": "2024-11-21T09:30:36.187", "lastModified": "2025-01-21T16:57:31.850",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 1.6, "exploitabilityScore": 1.6,
"impactScore": 1.4 "impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
} }
] ]
}, },
@ -49,16 +69,50 @@
"value": "CWE-400" "value": "CWE-400"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_mobile:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.13.0",
"matchCriteriaId": "107A8E88-CC28-4D4D-BCFB-32643EEFE433"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://mattermost.com/security-updates", "url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com" "source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://mattermost.com/security-updates", "url": "https://mattermost.com/security-updates",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-38xx/CVE-2024-3875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3875", "id": "CVE-2024-3875",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-16T18:15:14.397", "published": "2024-04-16T18:15:14.397",
"lastModified": "2024-11-21T09:30:36.597", "lastModified": "2025-01-21T16:44:42.840",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D11FC4-85C7-4F6C-81A2-AF9CB6BE1507"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromNatlimit.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromNatlimit.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.260909", "url": "https://vuldb.com/?ctiid.260909",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.260909", "url": "https://vuldb.com/?id.260909",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.312817", "url": "https://vuldb.com/?submit.312817",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromNatlimit.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromNatlimit.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.260909", "url": "https://vuldb.com/?ctiid.260909",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.260909", "url": "https://vuldb.com/?id.260909",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.312817", "url": "https://vuldb.com/?submit.312817",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-38xx/CVE-2024-3876.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3876", "id": "CVE-2024-3876",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-16T18:15:14.623", "published": "2024-04-16T18:15:14.623",
"lastModified": "2024-11-21T09:30:36.723", "lastModified": "2025-01-21T16:38:31.227",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D11FC4-85C7-4F6C-81A2-AF9CB6BE1507"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromVirtualSer.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromVirtualSer.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.260910", "url": "https://vuldb.com/?ctiid.260910",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.260910", "url": "https://vuldb.com/?id.260910",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.312818", "url": "https://vuldb.com/?submit.312818",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromVirtualSer.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromVirtualSer.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.260910", "url": "https://vuldb.com/?ctiid.260910",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.260910", "url": "https://vuldb.com/?id.260910",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.312818", "url": "https://vuldb.com/?submit.312818",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-38xx/CVE-2024-3877.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3877", "id": "CVE-2024-3877",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-16T19:15:07.667", "published": "2024-04-16T19:15:07.667",
"lastModified": "2024-11-21T09:30:36.857", "lastModified": "2025-01-21T16:34:51.410",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D11FC4-85C7-4F6C-81A2-AF9CB6BE1507"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromqossetting.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromqossetting.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.260911", "url": "https://vuldb.com/?ctiid.260911",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.260911", "url": "https://vuldb.com/?id.260911",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.312820", "url": "https://vuldb.com/?submit.312820",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromqossetting.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromqossetting.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.260911", "url": "https://vuldb.com/?ctiid.260911",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.260911", "url": "https://vuldb.com/?id.260911",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.312820", "url": "https://vuldb.com/?submit.312820",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-38xx/CVE-2024-3878.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3878", "id": "CVE-2024-3878",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-16T19:15:07.920", "published": "2024-04-16T19:15:07.920",
"lastModified": "2024-11-21T09:30:36.983", "lastModified": "2025-01-21T16:32:56.933",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:f1202_firmware:1.2.0.20\\(408\\):*:*:*:*:*:*:*",
"matchCriteriaId": "25D11FC4-85C7-4F6C-81A2-AF9CB6BE1507"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:f1202:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37DF507C-5EDA-46A0-851E-ED8BC0B54F88"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.260912", "url": "https://vuldb.com/?ctiid.260912",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.260912", "url": "https://vuldb.com/?id.260912",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.312821", "url": "https://vuldb.com/?submit.312821",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/F/F1202/fromwebExcptypemanFilter.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.260912", "url": "https://vuldb.com/?ctiid.260912",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.260912", "url": "https://vuldb.com/?id.260912",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.312821", "url": "https://vuldb.com/?submit.312821",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-41xx/CVE-2024-4166.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4166", "id": "CVE-2024-4166",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-25T12:15:07.770", "published": "2024-04-25T12:15:07.770",
"lastModified": "2024-11-21T09:42:18.970", "lastModified": "2025-01-21T14:45:35.713",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A63A3E-E6B1-42C8-ABA8-5E19777392B5"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261985", "url": "https://vuldb.com/?ctiid.261985",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261985", "url": "https://vuldb.com/?id.261985",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318981", "url": "https://vuldb.com/?submit.318981",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_41E858_GO.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261985", "url": "https://vuldb.com/?ctiid.261985",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261985", "url": "https://vuldb.com/?id.261985",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318981", "url": "https://vuldb.com/?submit.318981",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-41xx/CVE-2024-4167.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4167", "id": "CVE-2024-4167",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-25T12:15:07.990", "published": "2024-04-25T12:15:07.990",
"lastModified": "2024-11-21T09:42:19.103", "lastModified": "2025-01-21T14:41:18.070",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A63A3E-E6B1-42C8-ABA8-5E19777392B5"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261986", "url": "https://vuldb.com/?ctiid.261986",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261986", "url": "https://vuldb.com/?id.261986",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318983", "url": "https://vuldb.com/?submit.318983",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_422AA4.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261986", "url": "https://vuldb.com/?ctiid.261986",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261986", "url": "https://vuldb.com/?id.261986",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318983", "url": "https://vuldb.com/?submit.318983",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-41xx/CVE-2024-4168.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4168", "id": "CVE-2024-4168",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-25T12:15:08.217", "published": "2024-04-25T12:15:08.217",
"lastModified": "2024-11-21T09:42:19.240", "lastModified": "2025-01-21T14:34:05.903",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A63A3E-E6B1-42C8-ABA8-5E19777392B5"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_4260F0.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_4260F0.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261987", "url": "https://vuldb.com/?ctiid.261987",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261987", "url": "https://vuldb.com/?id.261987",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318987", "url": "https://vuldb.com/?submit.318987",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_4260F0.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_4260F0.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261987", "url": "https://vuldb.com/?ctiid.261987",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261987", "url": "https://vuldb.com/?id.261987",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318987", "url": "https://vuldb.com/?submit.318987",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-41xx/CVE-2024-4169.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4169", "id": "CVE-2024-4169",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-25T13:15:51.780", "published": "2024-04-25T13:15:51.780",
"lastModified": "2024-11-21T09:42:19.377", "lastModified": "2025-01-21T14:20:59.187",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A63A3E-E6B1-42C8-ABA8-5E19777392B5"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261988", "url": "https://vuldb.com/?ctiid.261988",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261988", "url": "https://vuldb.com/?id.261988",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318988", "url": "https://vuldb.com/?submit.318988",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_42775C.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261988", "url": "https://vuldb.com/?ctiid.261988",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261988", "url": "https://vuldb.com/?id.261988",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318988", "url": "https://vuldb.com/?submit.318988",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

111
CVE-2024/CVE-2024-41xx/CVE-2024-4170.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4170", "id": "CVE-2024-4170",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2024-04-25T13:15:51.993", "published": "2024-04-25T13:15:51.993",
"lastModified": "2024-11-21T09:42:19.523", "lastModified": "2025-01-21T14:15:32.487",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
], ],
"cvssMetricV2": [ "cvssMetricV2": [
@ -74,40 +94,111 @@
"value": "CWE-121" "value": "CWE-121"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:4g300_firmware:1.01.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7A11C718-6F74-46FD-8C72-6E9FF1FA9FE4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:4g300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A63A3E-E6B1-42C8-ABA8-5E19777392B5"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261989", "url": "https://vuldb.com/?ctiid.261989",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261989", "url": "https://vuldb.com/?id.261989",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318991", "url": "https://vuldb.com/?submit.318991",
"source": "cna@vuldb.com" "source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/G3/4G300/sub_429A30.md",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
]
}, },
{ {
"url": "https://vuldb.com/?ctiid.261989", "url": "https://vuldb.com/?ctiid.261989",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?id.261989", "url": "https://vuldb.com/?id.261989",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}, },
{ {
"url": "https://vuldb.com/?submit.318991", "url": "https://vuldb.com/?submit.318991",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
} }
] ]
} }

62
CVE-2024/CVE-2024-41xx/CVE-2024-4196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4196", "id": "CVE-2024-4196",
"sourceIdentifier": "securityalerts@avaya.com", "sourceIdentifier": "securityalerts@avaya.com",
"published": "2024-06-25T04:15:16.580", "published": "2024-06-25T04:15:16.580",
"lastModified": "2024-11-21T09:42:22.210", "lastModified": "2025-01-21T14:31:31.413",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,16 +69,50 @@
"value": "CWE-20" "value": "CWE-20"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.3.1",
"matchCriteriaId": "D254641E-9158-4E16-8B8C-800AEC6F8FBB"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://download.avaya.com/css/public/documents/101090768", "url": "https://download.avaya.com/css/public/documents/101090768",
"source": "securityalerts@avaya.com" "source": "securityalerts@avaya.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://download.avaya.com/css/public/documents/101090768", "url": "https://download.avaya.com/css/public/documents/101090768",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

62
CVE-2024/CVE-2024-41xx/CVE-2024-4197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4197", "id": "CVE-2024-4197",
"sourceIdentifier": "securityalerts@avaya.com", "sourceIdentifier": "securityalerts@avaya.com",
"published": "2024-06-25T04:15:17.007", "published": "2024-06-25T04:15:17.007",
"lastModified": "2024-11-21T09:42:22.343", "lastModified": "2025-01-21T14:31:21.327",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 6.0 "impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,16 +69,50 @@
"value": "CWE-434" "value": "CWE-434"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:avaya:ip_office:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1.3.1",
"matchCriteriaId": "D254641E-9158-4E16-8B8C-800AEC6F8FBB"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://download.avaya.com/css/public/documents/101090768", "url": "https://download.avaya.com/css/public/documents/101090768",
"source": "securityalerts@avaya.com" "source": "securityalerts@avaya.com",
"tags": [
"Vendor Advisory"
]
}, },
{ {
"url": "https://download.avaya.com/css/public/documents/101090768", "url": "https://download.avaya.com/css/public/documents/101090768",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

64
CVE-2024/CVE-2024-453xx/CVE-2024-45393.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45393", "id": "CVE-2024-45393",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-10T15:15:18.657", "published": "2024-09-10T15:15:18.657",
"lastModified": "2024-09-10T15:50:47.237", "lastModified": "2025-01-21T14:33:37.030",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.1, "exploitabilityScore": 3.1,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
} }
] ]
}, },
@ -49,16 +69,52 @@
"value": "CWE-862" "value": "CWE-862"
} }
] ]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cvat:computer_vision_annotation_tool:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.3.0",
"versionEndExcluding": "2.18.0",
"matchCriteriaId": "64FBBA01-CF76-4A84-9DE0-4F96B8BEC0D5"
}
]
}
]
} }
], ],
"references": [ "references": [
{ {
"url": "https://github.com/cvat-ai/cvat/commit/0fafb797fdf022fb83ce81c6405ba19b583a236f", "url": "https://github.com/cvat-ai/cvat/commit/0fafb797fdf022fb83ce81c6405ba19b583a236f",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-p3c9-m7jr-jxxj", "url": "https://github.com/cvat-ai/cvat/security/advisories/GHSA-p3c9-m7jr-jxxj",
"source": "security-advisories@github.com" "source": "security-advisories@github.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

41
CVE-2024/CVE-2024-471xx/CVE-2024-47115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47115", "id": "CVE-2024-47115",
"sourceIdentifier": "psirt@us.ibm.com", "sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-12-07T13:19:14.783", "published": "2024-12-07T13:19:14.783",
"lastModified": "2024-12-07T13:19:14.783", "lastModified": "2025-01-21T16:15:46.587",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,10 +51,45 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:vios:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6F61BE89-FBDE-4312-8422-86D1A9F57C9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:vios:4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "37B9B26F-4749-4086-9477-655F6635CAC6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:aix:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6791504A-A48A-4ED0-94AF-4C8A3B91516F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ibm:aix:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "35DF3DE0-1AE4-4B25-843F-BC08DBBFDF78"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.ibm.com/support/pages/node/7178033", "url": "https://www.ibm.com/support/pages/node/7178033",
"source": "psirt@us.ibm.com" "source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-493xx/CVE-2024-49300.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49300",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:07.817",
"lastModified": "2025-01-21T14:15:07.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows Reflected XSS. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/hmenu/vulnerability/wordpress-hero-menu-plugin-1-16-5-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-493xx/CVE-2024-49303.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49303",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:07.987",
"lastModified": "2025-01-21T14:15:07.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/hmenu/vulnerability/wordpress-hero-menu-plugin-1-16-5-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-493xx/CVE-2024-49333.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49333",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:08.143",
"lastModified": "2025-01-21T14:15:08.143",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Hero Mega Menu - Responsive WordPress Menu Plugin allows SQL Injection. This issue affects Hero Mega Menu - Responsive WordPress Menu Plugin: from n/a through 1.16.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/hmenu/vulnerability/wordpress-hero-menu-plugin-1-16-5-sql-injection-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-496xx/CVE-2024-49655.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49655",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:08.310",
"lastModified": "2025-01-21T14:15:08.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-496xx/CVE-2024-49666.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49666",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:08.450",
"lastModified": "2025-01-21T14:15:08.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound ARPrice allows SQL Injection. This issue affects ARPrice: from n/a through 4.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-496xx/CVE-2024-49688.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49688",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:08.613",
"lastModified": "2025-01-21T14:15:08.613",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-496xx/CVE-2024-49699.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49699",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:08.780",
"lastModified": "2025-01-21T14:15:08.780",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in NotFound ARPrice allows Object Injection. This issue affects ARPrice: from n/a through 4.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-497xx/CVE-2024-49700.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49700",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:08.937",
"lastModified": "2025-01-21T14:15:08.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ARPrice allows Reflected XSS. This issue affects ARPrice: from n/a through 4.0.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/arprice/vulnerability/wordpress-arprice-plugin-4-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

47
CVE-2024/CVE-2024-506xx/CVE-2024-50633.json
View File

@ -2,13 +2,20 @@
"id": "CVE-2024-50633", "id": "CVE-2024-50633",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-16T18:15:24.337", "published": "2025-01-16T18:15:24.337",
"lastModified": "2025-01-17T18:15:26.043", "lastModified": "2025-01-21T15:15:12.907",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
"tags": [
"disputed"
]
}
],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals." "value": "A Broken Object Level Authorization (BOLA) vulnerability in Indico through 3.3.5 allows attackers to read information by sending a crafted POST request to the component /api/principals. NOTE: this is disputed by the Supplier because the product intentionally lets all users retrieve certain information about other user accounts (this functionality is, in the current design, not restricted to any privileged roles such as event organizer)."
}, },
{ {
"lang": "es", "lang": "es",
@ -17,6 +24,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"baseScore": 0.0,
"baseSeverity": "NONE",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 0.0
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -40,6 +67,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "cve@mitre.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -55,6 +92,10 @@
{ {
"url": "https://github.com/cetinpy/CVE-2024-50633", "url": "https://github.com/cetinpy/CVE-2024-50633",
"source": "cve@mitre.org" "source": "cve@mitre.org"
},
{
"url": "https://github.com/cetinpy/CVE-2024-50633/issues/1",
"source": "cve@mitre.org"
} }
] ]
} }

56
CVE-2024/CVE-2024-518xx/CVE-2024-51818.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51818",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:09.087",
"lastModified": "2025-01-21T14:15:09.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-518xx/CVE-2024-51888.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51888",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:09.260",
"lastModified": "2025-01-21T14:15:09.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in NotFound Homey Login Register allows Privilege Escalation. This issue affects Homey Login Register: from n/a through 2.4.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/homey-login-register/vulnerability/wordpress-homey-login-register-plugin-2-4-0-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-519xx/CVE-2024-51919.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51919",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:09.417",
"lastModified": "2025-01-21T14:15:09.417",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Fancy Product Designer. This issue affects Fancy Product Designer: from n/a through 6.4.3."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/fancy-product-designer/vulnerability/wordpress-fancy-product-designer-plugin-6-4-3-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2024/CVE-2024-538xx/CVE-2024-53829.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-53829",
"sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"published": "2025-01-21T15:15:13.200",
"lastModified": "2025-01-21T15:15:13.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. \nCross-site request forgery allows an unauthenticated attacker to hijack the authentication of a logged in user, and use the web API with the same permissions,\u00a0including but not limited to adding, removing or editing products. The attacker needs to know the ID of the available products to modify or delete them. The attacker cannot directly exfiltrate data (view) from CodeChecker, due to being limited to form-based CSRF.\n\nThis issue affects CodeChecker: through 6.24.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:H/A:N",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/Ericsson/codechecker/security/advisories/GHSA-f8c8-4pm7-w885",
"source": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf"
}
]
}

39
CVE-2024/CVE-2024-547xx/CVE-2024-54724.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-54724", "id": "CVE-2024-54724",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2025-01-09T20:15:38.863", "published": "2025-01-09T20:15:38.863",
"lastModified": "2025-01-09T20:15:38.863", "lastModified": "2025-01-21T16:15:13.583",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "PHPYun anterior a 7.0.2 es vulnerable a la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de la escritura arbitraria de archivos y la inclusi\u00f3n de archivos restringidas por puerta trasera." "value": "PHPYun anterior a 7.0.2 es vulnerable a la ejecuci\u00f3n de c\u00f3digo a trav\u00e9s de la escritura arbitraria de archivos y la inclusi\u00f3n de archivos restringidas por puerta trasera."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://phpyun.com", "url": "http://phpyun.com",

56
CVE-2024/CVE-2024-562xx/CVE-2024-56277.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-56277",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-21T14:15:09.593",
"lastModified": "2025-01-21T14:15:09.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Encoding or Escaping of Output vulnerability in Poll Maker Team Poll Maker. This issue affects Poll Maker: from n/a through n/a."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/poll-maker/vulnerability/wordpress-poll-maker-plugin-5-5-5-html-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

21
CVE-2024/CVE-2024-569xx/CVE-2024-56990.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-56990",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-21T16:15:13.947",
"lastModified": "2025-01-21T16:15:13.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /view-medhistory.php and /admin/view-patient.php."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kirito999/HMS_stored_XSS/blob/main/stored%20XSS1%20%20in%20HMS4.0/stored%20XSS%20%20in%20HMS.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-569xx/CVE-2024-56997.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-56997",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-21T15:15:13.343",
"lastModified": "2025-01-21T15:15:13.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /doctor/index.php via the 'Email' parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kirito999/HMS_stored_XSS/blob/main/stored%20XSS5%20in%20HMS4.0/stored%20XSS5%20in%20HMS.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-569xx/CVE-2024-56998.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-56998",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-21T15:15:13.467",
"lastModified": "2025-01-21T15:15:13.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PHPGurukul Hospital Management System 4.0 is vulnerable to Cross Site Scripting (XSS) in /edit-profile.php via the parameter $address."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/kirito999/HMS_stored_XSS/blob/main/stored%20XSS2%20in%20HMS4.0/stored%20XSS2%20in%20HMS.md",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-570xx/CVE-2024-57036.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-57036",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-01-21T16:15:14.143",
"lastModified": "2025-01-21T16:15:14.143",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK A810R V4.1.2cu.5032_B20200407 was found to contain a command insertion vulnerability in downloadFile.cgi main function. This vulnerability allows an attacker to execute arbitrary commands by sending HTTP request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/luckysmallbird/Totolink-A810R-Vulnerability-1/blob/main/3.md",
"source": "cve@mitre.org"
}
]
}

33
CVE-2024/CVE-2024-579xx/CVE-2024-57939.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-57939",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:07.903",
"lastModified": "2025-01-21T13:15:07.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: Fix sleeping in invalid context in die()\n\ndie() can be called in exception handler, and therefore cannot sleep.\nHowever, die() takes spinlock_t which can sleep with PREEMPT_RT enabled.\nThat causes the following warning:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 285, name: mutex\npreempt_count: 110001, expected: 0\nRCU nest depth: 0, expected: 0\nCPU: 0 UID: 0 PID: 285 Comm: mutex Not tainted 6.12.0-rc7-00022-ge19049cf7d56-dirty #234\nHardware name: riscv-virtio,qemu (DT)\nCall Trace:\n dump_backtrace+0x1c/0x24\n show_stack+0x2c/0x38\n dump_stack_lvl+0x5a/0x72\n dump_stack+0x14/0x1c\n __might_resched+0x130/0x13a\n rt_spin_lock+0x2a/0x5c\n die+0x24/0x112\n do_trap_insn_illegal+0xa0/0xea\n _new_vmalloc_restore_context_a0+0xcc/0xd8\nOops - illegal instruction [#1]\n\nSwitch to use raw_spinlock_t, which does not sleep even with PREEMPT_RT\nenabled."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6a97f4118ac07cfdc316433f385dbdc12af5025e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/76ab0afcdbe8c9685b589016ee1c0e25fe596707",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c21df31fc2a4afc02a6e56511364e9e793ea92ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f48f060a4b36b5e96628f6c3fb1540f1e8dedb69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2024/CVE-2024-579xx/CVE-2024-57940.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-57940",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:08.540",
"lastModified": "2025-01-21T13:15:08.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix the infinite loop in exfat_readdir()\n\nIf the file system is corrupted so that a cluster is linked to\nitself in the cluster chain, and there is an unused directory\nentry in the cluster, 'dentry' will not be incremented, causing\ncondition 'dentry < max_dentries' unable to prevent an infinite\nloop.\n\nThis infinite loop causes s_lock not to be released, and other\ntasks will hang, such as exfat_sync_fs().\n\nThis commit stops traversing the cluster chain when there is unused\ndirectory entry in the cluster to avoid this infinite loop."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/31beabd0f47f8c3ed9965ba861c9e5b252d4920a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d9ea94f5cd117d56e573696d0045ab3044185a15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dc1d7afceb982e8f666e70a582e6b5aa806de063",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fee873761bd978d077d8c55334b4966ac4cb7b59",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-579xx/CVE-2024-57941.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-57941",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:08.640",
"lastModified": "2025-01-21T13:15:08.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix the (non-)cancellation of copy when cache is temporarily disabled\n\nWhen the caching for a cookie is temporarily disabled (e.g. due to a DIO\nwrite on that file), future copying to the cache for that file is disabled\nuntil all fds open on that file are closed. However, if netfslib is using\nthe deprecated PG_private_2 method (such as is currently used by ceph), and\ndecides it wants to copy to the cache, netfs_advance_write() will just bail\nat the first check seeing that the cache stream is unavailable, and\nindicate that it dealt with all the content.\n\nThis means that we have no subrequests to provide notifications to drive\nthe state machine or even to pin the request and the request just gets\ndiscarded, leaving the folios with PG_private_2 set.\n\nFix this by jumping directly to cancel the request if the cache is not\navailable. That way, we don't remove mark3 from the folio_queue list and\nnetfs_pgpriv2_cancel() will clean up the folios.\n\nThis was found by running the generic/013 xfstest against ceph with an\nactive cache and the \"-o fsc\" option passed to ceph. That would usually\nhang"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/ba37bdfe59fb43e80dd79290340a21864ba4b61e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0327c824338cdccad058723a31d038ecd553409",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-579xx/CVE-2024-57942.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-57942",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:08.743",
"lastModified": "2025-01-21T13:15:08.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfs: Fix ceph copy to cache on write-begin\n\nAt the end of netfs_unlock_read_folio() in which folios are marked\nappropriately for copying to the cache (either with by being marked dirty\nand having their private data set or by having PG_private_2 set) and then\nunlocked, the folio_queue struct has the entry pointing to the folio\ncleared. This presents a problem for netfs_pgpriv2_write_to_the_cache(),\nwhich is used to write folios marked with PG_private_2 to the cache as it\nexpects to be able to trawl the folio_queue list thereafter to find the\nrelevant folios, leading to a hang.\n\nFix this by not clearing the folio_queue entry if we're going to do the\ndeprecated copy-to-cache. The clearance will be done instead as the folios\nare written to the cache.\n\nThis can be reproduced by starting cachefiles, mounting a ceph filesystem\nwith \"-o fsc\" and writing to it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/38cf8e945721ffe708fa675507465da7f4f2a9f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/43b8d3249b0b71bad239d42dbe08ce6c938ba000",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-579xx/CVE-2024-57943.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-57943",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:08.837",
"lastModified": "2025-01-21T13:15:08.837",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix the new buffer was not zeroed before writing\n\nBefore writing, if a buffer_head marked as new, its data must\nbe zeroed, otherwise uninitialized data in the page cache will\nbe written.\n\nSo this commit uses folio_zero_new_buffers() to zero the new\nbuffers before ->write_end()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/942c6f91ab8d82a41650e717940b4e577173762f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98e2fb26d1a9eafe79f46d15d54e68e014d81d8c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2024/CVE-2024-579xx/CVE-2024-57944.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-57944",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:08.937",
"lastModified": "2025-01-21T13:15:08.937",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ti-ads1298: Add NULL check in ads1298_init\n\ndevm_kasprintf() can return a NULL pointer on failure. A check on the\nreturn value of such a call in ads1298_init() is missing. Add it."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/69b680bbac9bd611aaa308769d6c71e3e70eb3c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bcb394bb28e55312cace75362b8e489eb0e02a30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2024/CVE-2024-579xx/CVE-2024-57945.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-57945",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.033",
"lastModified": "2025-01-21T13:15:09.033",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nriscv: mm: Fix the out of bound issue of vmemmap address\n\nIn sparse vmemmap model, the virtual address of vmemmap is calculated as:\n((struct page *)VMEMMAP_START - (phys_ram_base >> PAGE_SHIFT)).\nAnd the struct page's va can be calculated with an offset:\n(vmemmap + (pfn)).\n\nHowever, when initializing struct pages, kernel actually starts from the\nfirst page from the same section that phys_ram_base belongs to. If the\nfirst page's physical address is not (phys_ram_base >> PAGE_SHIFT), then\nwe get an va below VMEMMAP_START when calculating va for it's struct page.\n\nFor example, if phys_ram_base starts from 0x82000000 with pfn 0x82000, the\nfirst page in the same section is actually pfn 0x80000. During\ninit_unavailable_range(), we will initialize struct page for pfn 0x80000\nwith virtual address ((struct page *)VMEMMAP_START - 0x2000), which is\nbelow VMEMMAP_START as well as PCI_IO_END.\n\nThis commit fixes this bug by introducing a new variable\n'vmemmap_start_pfn' which is aligned with memory section size and using\nit to calculate vmemmap address instead of phys_ram_base."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/a4a7ac3d266008018f05fae53060fcb331151a14",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2bd51954ac8377c2f1eb1813e694788998add66",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f754f27e98f88428aaf6be6e00f5cbce97f62d4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

45
CVE-2024/CVE-2024-579xx/CVE-2024-57946.json Normal file
View File

@ -0,0 +1,45 @@
{
"id": "CVE-2024-57946",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.137",
"lastModified": "2025-01-21T13:15:09.137",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvirtio-blk: don't keep queue frozen during system suspend\n\nCommit 4ce6e2db00de (\"virtio-blk: Ensure no requests in virtqueues before\ndeleting vqs.\") replaces queue quiesce with queue freeze in virtio-blk's\nPM callbacks. And the motivation is to drain inflight IOs before suspending.\n\nblock layer's queue freeze looks very handy, but it is also easy to cause\ndeadlock, such as, any attempt to call into bio_queue_enter() may run into\ndeadlock if the queue is frozen in current context. There are all kinds\nof ->suspend() called in suspend context, so keeping queue frozen in the\nwhole suspend context isn't one good idea. And Marek reported lockdep\nwarning[1] caused by virtio-blk's freeze queue in virtblk_freeze().\n\n[1] https://lore.kernel.org/linux-block/ca16370e-d646-4eee-b9cc-87277c89c43c@samsung.com/\n\nGiven the motivation is to drain in-flight IOs, it can be done by calling\nfreeze & unfreeze, meantime restore to previous behavior by keeping queue\nquiesced during suspend."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/12c0ddd6c551c1e438b087f874b4f1223a75f7ea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6dea8e3de59928974bf157dd0499d3958d744ae4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7678abee0867e6b7fb89aa40f6e9f575f755fb37",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/92d5139b91147ab372a17daf5dc27a5b9278e516",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9ca428c6397abaa8c38f5c69133a2299e1efbbf2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9e323f856cf4963120e0e3892a84ef8bd764a0e4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d738f3215bb4f88911ff4579780a44960c8e0ca5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

116
CVE-2024/CVE-2024-73xx/CVE-2024-7344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7344", "id": "CVE-2024-7344",
"sourceIdentifier": "cret@cert.org", "sourceIdentifier": "cret@cert.org",
"published": "2025-01-14T14:15:34.930", "published": "2025-01-14T14:15:34.930",
"lastModified": "2025-01-14T17:15:20.383", "lastModified": "2025-01-21T16:50:20.583",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Undergoing Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -39,26 +59,108 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cs-grp:neo_impact:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.024-20241127",
"matchCriteriaId": "661C4664-9989-497C-9758-595D667A5E61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:greenware:greenguard:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.023-20240927",
"matchCriteriaId": "C26295FA-07B6-42D8-B5E9-7B54FA3D4559"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:howyar:sysreturn:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.2.023_20240919",
"matchCriteriaId": "070699E9-BA08-4DFA-B2D7-61289CFDF865"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:radix:smartrecovery:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.2.023-20240927",
"matchCriteriaId": "DEF3C7E4-3FB4-4CC2-809F-A600D003E699"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sanfong:ez-back_system:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3.024-20241127",
"matchCriteriaId": "A794B06A-1AAC-49D4-8AD5-813A84B6DA60"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:signalcomputer:hdd_king:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.3.021-20241127",
"matchCriteriaId": "FD9C4071-6E0B-472B-89BB-88D324D47534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wasay:erecoveryrx:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.4.022-20241127",
"matchCriteriaId": "DDA5BBD9-2DCD-4F4B-94A2-28E62180ADA3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://uefi.org/revocationlistfile", "url": "https://uefi.org/revocationlistfile",
"source": "cret@cert.org" "source": "cret@cert.org",
"tags": [
"Patch"
]
}, },
{ {
"url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html", "url": "https://uefi.org/specs/UEFI/2.10/03_Boot_Manager.html",
"source": "cret@cert.org" "source": "cret@cert.org",
"tags": [
"Related"
]
}, },
{ {
"url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html", "url": "https://uefi.org/specs/UEFI/2.10/32_Secure_Boot_and_Driver_Signing.html",
"source": "cret@cert.org" "source": "cret@cert.org",
"tags": [
"Related"
]
}, },
{ {
"url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/", "url": "https://www.eset.com/blog/enterprise/preparing-for-uefi-bootkits-eset-discovery-shows-the-importance-of-cyber-intelligence/",
"source": "cret@cert.org" "source": "cret@cert.org",
"tags": [
"Related"
]
}, },
{ {
"url": "https://www.kb.cert.org/vuls/id/529659", "url": "https://www.kb.cert.org/vuls/id/529659",
"source": "af854a3a-2127-422b-91ae-364da2661108" "source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
} }
] ]
} }

56
CVE-2025/CVE-2025-03xx/CVE-2025-0377.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-0377",
"sourceIdentifier": "security@hashicorp.com",
"published": "2025-01-21T16:15:14.290",
"lastModified": "2025-01-21T16:15:14.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HashiCorp\u2019s go-slug library is vulnerable to a zip-slip style attack when a non-existing user-provided path is extracted from the tar entry."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@hashicorp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2025-01-hashicorp-go-slug-vulnerable-to-zip-slip-attack",
"source": "security@hashicorp.com"
}
]
}

14
CVE-2025/CVE-2025-05xx/CVE-2025-0532.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-0532", "id": "CVE-2025-0532",
"sourceIdentifier": "cna@vuldb.com", "sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-17T18:15:31.237", "published": "2025-01-17T18:15:31.237",
"lastModified": "2025-01-17T18:15:31.237", "lastModified": "2025-01-21T16:15:14.560",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." "value": "A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Codezips Gym Management System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /dashboard/admin/new_submit.php. La manipulaci\u00f3n del argumento m_id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
} }
], ],
"metrics": { "metrics": {
@ -59,7 +63,7 @@
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
@ -107,7 +111,7 @@
"weaknesses": [ "weaknesses": [
{ {
"source": "cna@vuldb.com", "source": "cna@vuldb.com",
"type": "Primary", "type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -136,6 +140,10 @@
{ {
"url": "https://vuldb.com/?submit.479100", "url": "https://vuldb.com/?submit.479100",
"source": "cna@vuldb.com" "source": "cna@vuldb.com"
},
{
"url": "https://github.com/TIANN0/CVE/issues/1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
} }
] ]
} }

31
CVE-2025/CVE-2025-05xx/CVE-2025-0590.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2025-0590", "id": "CVE-2025-0590",
"sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "sourceIdentifier": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",
"published": "2025-01-20T07:17:10.383", "published": "2025-01-20T07:17:10.383",
"lastModified": "2025-01-20T07:17:10.383", "lastModified": "2025-01-21T15:15:14.117",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Improper permission settings for mobile applications (com.transsion.carlcare) may lead to \n\ninformation leakage risk." "value": "Improper permission settings for mobile applications (com.transsion.carlcare) may lead to \n\ninformation leakage risk."
},
{
"lang": "es",
"value": "La configuraci\u00f3n de permisos incorrecta para aplicaciones m\u00f3viles (com.transsion.carlcare) puede generar riesgo de fuga de informaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea", "source": "907edf6c-bf03-423e-ab1a-8da27e1aa1ea",

29
CVE-2025/CVE-2025-216xx/CVE-2025-21656.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-21656",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.240",
"lastModified": "2025-01-21T13:15:09.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nhwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur\n\nscsi_execute_cmd() function can return both negative (linux codes) and\npositive (scsi_cmnd result field) error codes.\n\nCurrently the driver just passes error codes of scsi_execute_cmd() to\nhwmon core, which is incorrect because hwmon only checks for negative\nerror codes. This leads to hwmon reporting uninitialized data to\nuserspace in case of SCSI errors (for example if the disk drive was\ndisconnected).\n\nThis patch checks scsi_execute_cmd() output and returns -EIO if it's\nerror code is positive.\n\n[groeck: Avoid inline variable declaration for portability]"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/42268d885e44af875a6474f7bba519cc6cea6a9d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/53e25b10a28edaf8c2a1d3916fd8929501a50dfc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/82163d63ae7a4c36142cd252388737205bb7e4b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-216xx/CVE-2025-21657.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-21657",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.340",
"lastModified": "2025-01-21T13:15:09.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched_ext: Replace rq_lock() to raw_spin_rq_lock() in scx_ops_bypass()\n\nscx_ops_bypass() iterates all CPUs to re-enqueue all the scx tasks.\nFor each CPU, it acquires a lock using rq_lock() regardless of whether\na CPU is offline or the CPU is currently running a task in a higher\nscheduler class (e.g., deadline). The rq_lock() is supposed to be used\nfor online CPUs, and the use of rq_lock() may trigger an unnecessary\nwarning in rq_pin_lock(). Therefore, replace rq_lock() to\nraw_spin_rq_lock() in scx_ops_bypass().\n\nWithout this change, we observe the following warning:\n\n===== START =====\n[ 6.615205] rq->balance_callback && rq->balance_callback != &balance_push_callback\n[ 6.615208] WARNING: CPU: 2 PID: 0 at kernel/sched/sched.h:1730 __schedule+0x1130/0x1c90\n===== END ====="
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/6268d5bc10354fc2ab8d44a0cd3b042d49a0417e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d9e446dd63cee7161717a6a8414ba9c6435af764",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

29
CVE-2025/CVE-2025-216xx/CVE-2025-21658.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2025-21658",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.437",
"lastModified": "2025-01-21T13:15:09.437",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: avoid NULL pointer dereference if no valid extent tree\n\n[BUG]\nSyzbot reported a crash with the following call trace:\n\n BTRFS info (device loop0): scrub: started on devid 1\n BUG: kernel NULL pointer dereference, address: 0000000000000208\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 106e70067 P4D 106e70067 PUD 107143067 PMD 0\n Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI\n CPU: 1 UID: 0 PID: 689 Comm: repro Kdump: loaded Tainted: G O 6.13.0-rc4-custom+ #206\n Tainted: [O]=OOT_MODULE\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS unknown 02/02/2022\n RIP: 0010:find_first_extent_item+0x26/0x1f0 [btrfs]\n Call Trace:\n <TASK>\n scrub_find_fill_first_stripe+0x13d/0x3b0 [btrfs]\n scrub_simple_mirror+0x175/0x260 [btrfs]\n scrub_stripe+0x5d4/0x6c0 [btrfs]\n scrub_chunk+0xbb/0x170 [btrfs]\n scrub_enumerate_chunks+0x2f4/0x5f0 [btrfs]\n btrfs_scrub_dev+0x240/0x600 [btrfs]\n btrfs_ioctl+0x1dc8/0x2fa0 [btrfs]\n ? do_sys_openat2+0xa5/0xf0\n __x64_sys_ioctl+0x97/0xc0\n do_syscall_64+0x4f/0x120\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n </TASK>\n\n[CAUSE]\nThe reproducer is using a corrupted image where extent tree root is\ncorrupted, thus forcing to use \"rescue=all,ro\" mount option to mount the\nimage.\n\nThen it triggered a scrub, but since scrub relies on extent tree to find\nwhere the data/metadata extents are, scrub_find_fill_first_stripe()\nrelies on an non-empty extent root.\n\nBut unfortunately scrub_find_fill_first_stripe() doesn't really expect\nan NULL pointer for extent root, it use extent_root to grab fs_info and\ntriggered a NULL pointer dereference.\n\n[FIX]\nAdd an extra check for a valid extent root at the beginning of\nscrub_find_fill_first_stripe().\n\nThe new error path is introduced by 42437a6386ff (\"btrfs: introduce\nmount option rescue=ignorebadroots\"), but that's pretty old, and later\ncommit b979547513ff (\"btrfs: scrub: introduce helper to find and fill\nsector info for a scrub_stripe\") changed how we do scrub.\n\nSo for kernels older than 6.6, the fix will need manual backport."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/24b85a8b0310e0144da9ab30be42e87e6476638a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6aecd91a5c5b68939cf4169e32bc49f3cd2dd329",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aee5f69f3e6cd82bfefaca1b70b40b6cd8f3f784",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-216xx/CVE-2025-21659.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-21659",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.540",
"lastModified": "2025-01-21T13:15:09.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdev: prevent accessing NAPI instances from another namespace\n\nThe NAPI IDs were not fully exposed to user space prior to the netlink\nAPI, so they were never namespaced. The netlink API must ensure that\nat the very least NAPI instance belongs to the same netns as the owner\nof the genl sock.\n\nnapi_by_id() can become static now, but it needs to move because of\ndev_get_by_napi_id()."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/b683ba0df11ff563cc237eb1b74d6adfa77226bf",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d1cacd74776895f6435941f86a1130e58f6dd226",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-216xx/CVE-2025-21660.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-21660",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.643",
"lastModified": "2025-01-21T13:15:09.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked\n\nWhen `ksmbd_vfs_kern_path_locked` met an error and it is not the last\nentry, it will exit without restoring changed path buffer. But later this\nbuffer may be used as the filename for creation."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13e41c58c74baa71f34c0830eaa3c29d53a6e964",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2ac538e40278a2c0c051cca81bcaafc547d61372",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/51669f4af5f7959565b48e55691ba92fabf5c587",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/65b31b9d992c0fb0685c51a0cf09993832734fc4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

25
CVE-2025/CVE-2025-216xx/CVE-2025-21661.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2025-21661",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.747",
"lastModified": "2025-01-21T13:15:09.747",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: virtuser: fix missing lookup table cleanups\n\nWhen a virtuser device is created via configfs and the probe fails due\nto an incorrect lookup table, the table is not removed. This prevents\nsubsequent probe attempts from succeeding, even if the issue is\ncorrected, unless the device is released. Additionally, cleanup is also\nneeded in the less likely case of platform_device_register_full()\nfailure.\n\nBesides, a consistent memory leak in lookup_table->dev_id was spotted\nusing kmemleak by toggling the live state between 0 and 1 with a correct\nlookup table.\n\nIntroduce gpio_virtuser_remove_lookup_table() as the counterpart to the\nexisting gpio_virtuser_make_lookup_table() and call it from all\nnecessary points to ensure proper cleanup."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/a619cba8c69c434258ff4101d463322cd63e1bdc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d72d0126b1f6981f6ce8b4247305f359958c11b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

33
CVE-2025/CVE-2025-216xx/CVE-2025-21662.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2025-21662",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-21T13:15:09.847",
"lastModified": "2025-01-21T13:15:09.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Fix variable not being completed when function returns\n\nWhen cmd_alloc_index(), fails cmd_work_handler() needs\nto complete ent->slotted before returning early.\nOtherwise the task which issued the command may hang:\n\n mlx5_core 0000:01:00.0: cmd_work_handler:877:(pid 3880418): failed to allocate command entry\n INFO: task kworker/13:2:4055883 blocked for more than 120 seconds.\n Not tainted 4.19.90-25.44.v2101.ky10.aarch64 #1\n \"echo 0 > /proc/sys/kernel/hung_task_timeout_secs\" disables this message.\n kworker/13:2 D 0 4055883 2 0x00000228\n Workqueue: events mlx5e_tx_dim_work [mlx5_core]\n Call trace:\n __switch_to+0xe8/0x150\n __schedule+0x2a8/0x9b8\n schedule+0x2c/0x88\n schedule_timeout+0x204/0x478\n wait_for_common+0x154/0x250\n wait_for_completion+0x28/0x38\n cmd_exec+0x7a0/0xa00 [mlx5_core]\n mlx5_cmd_exec+0x54/0x80 [mlx5_core]\n mlx5_core_modify_cq+0x6c/0x80 [mlx5_core]\n mlx5_core_modify_cq_moderation+0xa0/0xb8 [mlx5_core]\n mlx5e_tx_dim_work+0x54/0x68 [mlx5_core]\n process_one_work+0x1b0/0x448\n worker_thread+0x54/0x468\n kthread+0x134/0x138\n ret_from_fork+0x10/0x18"
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e2909c6bec9048f49d0c8e16887c63b50b14647",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/229cc10284373fbe754e623b7033dca7e7470ec8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/36124081f6ffd9dfaad48830bdf106bb82a9457d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0a2808767ac39f64b1d9a0ff865c255073cf3d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

Some files were not shown because too many files have changed in this diff Show More