diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22068.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22068.json index 69a34727705..6ac8fb1cefe 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22068.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22068.json @@ -9,6 +9,10 @@ { "lang": "en", "value": "Improper Privilege Management vulnerability in ZTE ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series on 64 bit allows Functionality Bypass.This issue affects ZXR10 1800-2S series ,ZXR10 2800-4,ZXR10 3800-8,ZXR10 160 series: V4.00.10 and earlier." + }, + { + "lang": "es", + "value": "La vulnerabilidad de administraci\u00f3n de privilegios incorrecta en las series ZTE ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160 en 64 bits permite la omisi\u00f3n de funcionalidad. Este problema afecta a las series ZXR10 1800-2S, ZXR10 2800-4, ZXR10 3800-8, ZXR10 160: V4.00.10 y anteriores." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36989.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36989.json index a332c1f4a4c..9c5984fb1c9 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36989.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36989.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36989", "sourceIdentifier": "prodsec@splunk.com", "published": "2024-07-01T17:15:07.380", - "lastModified": "2024-08-02T15:11:57.347", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-10T11:58:28.630", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -22,20 +22,20 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", - "integrityImpact": "HIGH", + "integrityImpact": "LOW", "availabilityImpact": "NONE", - "baseScore": 6.5, + "baseScore": 4.3, "baseSeverity": "MEDIUM" }, "exploitabilityScore": 2.8, - "impactScore": 3.6 + "impactScore": 1.4 }, { "source": "prodsec@splunk.com", @@ -91,8 +91,9 @@ { "vulnerable": true, "criteria": "cpe:2.3:a:splunk:cloud:*:*:*:*:*:*:*:*", + "versionStartIncluding": "9.1.2312", "versionEndExcluding": "9.1.2312.200", - "matchCriteriaId": "A3914BCB-3374-40E9-B5F5-2377E2545ECE" + "matchCriteriaId": "D906AB2D-B882-4482-9A3B-53A01A28152A" }, { "vulnerable": true, @@ -125,7 +126,7 @@ "url": "https://advisory.splunk.com/advisories/SVD-2024-0709", "source": "prodsec@splunk.com", "tags": [ - "Mitigation" + "Vendor Advisory" ] }, { diff --git a/CVE-2024/CVE-2024-383xx/CVE-2024-38348.json b/CVE-2024/CVE-2024-383xx/CVE-2024-38348.json index e67c72a26dd..e030bff3f8e 100644 --- a/CVE-2024/CVE-2024-383xx/CVE-2024-38348.json +++ b/CVE-2024/CVE-2024-383xx/CVE-2024-38348.json @@ -2,8 +2,8 @@ "id": "CVE-2024-38348", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-18T17:15:52.677", - "lastModified": "2024-07-11T02:50:33.110", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-10T10:32:15.330", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -22,19 +22,19 @@ "type": "Primary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", - "privilegesRequired": "NONE", + "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "baseScore": 8.8, + "baseSeverity": "HIGH" }, - "exploitabilityScore": 3.9, + "exploitabilityScore": 2.8, "impactScore": 5.9 }, { diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45115.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45115.json new file mode 100644 index 00000000000..689f6f446eb --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45115.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45115", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:03.127", + "lastModified": "2024-10-10T10:15:03.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45116.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45116.json new file mode 100644 index 00000000000..f81e8076e84 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45116.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45116", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:03.930", + "lastModified": "2024-10-10T10:15:03.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code. If an admin attacker can trick a user into clicking a specially crafted link or submitting a form, malicious scripts may be executed within the context of the victim's browser and have high impact on confidentiality and integrity. Exploitation of this issue requires user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45117.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45117.json new file mode 100644 index 00000000000..11cbd52903f --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45117.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45117", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:04.150", + "lastModified": "2024-10-10T10:15:04.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An admin attacker could exploit this vulnerability to read files from the system outside of the intended directories via PHP filter chain and also can have a low-availability impact on the service. Exploitation of this issue does not require user interaction and scope is changed." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45118.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45118.json new file mode 100644 index 00000000000..fb02b3900f3 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45118.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45118", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:04.357", + "lastModified": "2024-10-10T10:15:04.357", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have high impact on integrity. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45119.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45119.json new file mode 100644 index 00000000000..5da5295fb84 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45119.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45119", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:04.563", + "lastModified": "2024-10-10T10:15:04.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45120.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45120.json new file mode 100644 index 00000000000..9a63b8cb860 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45120.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45120", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:04.787", + "lastModified": "2024-10-10T10:15:04.787", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability that could lead to a security feature bypass. An attacker could exploit this vulnerability to alter a condition between the check and the use of a resource, having a low impact on integrity. Exploitation of this issue requires user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-367" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45121.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45121.json new file mode 100644 index 00000000000..877a64e20e4 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45121.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45121", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:04.997", + "lastModified": "2024-10-10T10:15:04.997", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45122.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45122.json new file mode 100644 index 00000000000..3c7d0e55374 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45122.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45122", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:05.200", + "lastModified": "2024-10-10T10:15:05.200", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45123.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45123.json new file mode 100644 index 00000000000..a6dc7352a42 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45123.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45123", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:05.400", + "lastModified": "2024-10-10T10:15:05.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45124.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45124.json new file mode 100644 index 00000000000..b3293142ba2 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45124.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45124", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:05.607", + "lastModified": "2024-10-10T10:15:05.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45125.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45125.json new file mode 100644 index 00000000000..a44148e2072 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45125.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45125", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:05.797", + "lastModified": "2024-10-10T10:15:05.797", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A low-privileged attacker could exploit this vulnerability to have a low impact on integrity. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45127.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45127.json new file mode 100644 index 00000000000..3f61b1fcf6d --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45127.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45127", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:06.027", + "lastModified": "2024-10-10T10:15:06.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45128.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45128.json new file mode 100644 index 00000000000..b9e3a473253 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45128.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45128", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:06.230", + "lastModified": "2024-10-10T10:15:06.230", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity and availability. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45129.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45129.json new file mode 100644 index 00000000000..8f55a1b28f9 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45129.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45129", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:06.423", + "lastModified": "2024-10-10T10:15:06.423", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45130.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45130.json new file mode 100644 index 00000000000..945a9f500e8 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45130.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45130", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:06.700", + "lastModified": "2024-10-10T10:15:06.700", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45131.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45131.json new file mode 100644 index 00000000000..6efd1470273 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45131.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45131", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:06.913", + "lastModified": "2024-10-10T10:15:06.913", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality and integrity. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45132.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45132.json new file mode 100644 index 00000000000..2ac1d33573d --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45132.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45132", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:07.140", + "lastModified": "2024-10-10T10:15:07.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in Privilege escalation. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect confidentiality. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45133.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45133.json new file mode 100644 index 00000000000..8c6327fb101 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45133.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45133", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:07.340", + "lastModified": "2024-10-10T10:15:07.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45134.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45134.json new file mode 100644 index 00000000000..071cdf36221 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45134.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45134", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:07.540", + "lastModified": "2024-10-10T10:15:07.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An admin attacker could leverage this vulnerability to have a low impact on confidentiality which may aid in further attacks. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45135.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45135.json new file mode 100644 index 00000000000..d33d90e0ea6 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45135.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45135", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:07.757", + "lastModified": "2024-10-10T10:15:07.757", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An admin attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45148.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45148.json new file mode 100644 index 00000000000..d119ccd687f --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45148.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45148", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:07.963", + "lastModified": "2024-10-10T10:15:07.963", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authentication vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to gain unauthorized access without proper credentials. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-287" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45149.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45149.json new file mode 100644 index 00000000000..8966d4071c5 --- /dev/null +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45149.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45149", + "sourceIdentifier": "psirt@adobe.com", + "published": "2024-10-10T10:15:08.170", + "lastModified": "2024-10-10T10:15:08.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@adobe.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://helpx.adobe.com/security/products/magento/apsb24-73.html", + "source": "psirt@adobe.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4639.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4639.json index e5880b039bf..f8111b9c0d6 100644 --- a/CVE-2024/CVE-2024-46xx/CVE-2024-4639.json +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4639.json @@ -2,8 +2,8 @@ "id": "CVE-2024-4639", "sourceIdentifier": "psirt@moxa.com", "published": "2024-06-25T10:15:19.897", - "lastModified": "2024-09-18T15:46:04.960", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-10-10T10:39:06.410", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48902.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48902.json new file mode 100644 index 00000000000..b23154de92b --- /dev/null +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48902.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-48902", + "sourceIdentifier": "cve@jetbrains.com", + "published": "2024-10-10T11:15:13.540", + "lastModified": "2024-10-10T11:15:13.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve@jetbrains.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], + "references": [ + { + "url": "https://www.jetbrains.com/privacy-security/issues-fixed/", + "source": "cve@jetbrains.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8977.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8977.json new file mode 100644 index 00000000000..f40b48ff2a5 --- /dev/null +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8977.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-8977", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-10-10T10:15:08.367", + "lastModified": "2024-10-10T10:15:08.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 15.10 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. Instances with Product Analytics Dashboard configured and enabled could be vulnerable to SSRF attacks." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/491060", + "source": "cve@gitlab.com" + }, + { + "url": "https://hackerone.com/reports/2697456", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9201.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9201.json new file mode 100644 index 00000000000..f99f671d760 --- /dev/null +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9201.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-9201", + "sourceIdentifier": "cve-coordination@incibe.es", + "published": "2024-10-10T11:15:13.760", + "lastModified": "2024-10-10T11:15:13.760", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The SEUR plugin, in its versions prior to 2.5.11, is vulnerable to time-based SQL injection through the use of the \u2018id_order\u2019 parameter of the \u2018/modules/seur/ajax/saveCodFee.php\u2019 endpoint." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve-coordination@incibe.es", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "LOW", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "cve-coordination@incibe.es", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-seur-plugin", + "source": "cve-coordination@incibe.es" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9596.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9596.json new file mode 100644 index 00000000000..18f26be13c8 --- /dev/null +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9596.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-9596", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-10-10T10:15:08.563", + "lastModified": "2024-10-10T10:15:08.563", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.2.9, from 17.3 prior to 17.3.5, and from 17.4 prior to 17.4.2. It was possible for an unauthenticated attacker to determine the GitLab version number for a GitLab instance." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-540" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/493355", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9623.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9623.json new file mode 100644 index 00000000000..7e822001c68 --- /dev/null +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9623.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-9623", + "sourceIdentifier": "cve@gitlab.com", + "published": "2024-10-10T10:15:08.770", + "lastModified": "2024-10-10T10:15:08.770", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An issue was discovered in GitLab CE/EE affecting all versions starting from 8.16 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows deploy keys to push to an archived repository." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "cve@gitlab.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://gitlab.com/gitlab-org/gitlab/-/issues/459995", + "source": "cve@gitlab.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index be2175b38a6..c0172f55c35 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-10-10T10:00:21.436449+00:00 +2024-10-10T12:00:19.320087+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-10-10T09:15:03.190000+00:00 +2024-10-10T11:58:28.630000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -265200 +265227 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `27` -- [CVE-2024-22068](CVE-2024/CVE-2024-220xx/CVE-2024-22068.json) (`2024-10-10T09:15:03.190`) -- [CVE-2024-6747](CVE-2024/CVE-2024-67xx/CVE-2024-6747.json) (`2024-10-10T08:15:03.630`) -- [CVE-2024-7049](CVE-2024/CVE-2024-70xx/CVE-2024-7049.json) (`2024-10-10T08:15:03.910`) -- [CVE-2024-9796](CVE-2024/CVE-2024-97xx/CVE-2024-9796.json) (`2024-10-10T08:15:04.140`) -- [CVE-2024-9798](CVE-2024/CVE-2024-97xx/CVE-2024-9798.json) (`2024-10-10T08:15:04.207`) -- [CVE-2024-9802](CVE-2024/CVE-2024-98xx/CVE-2024-9802.json) (`2024-10-10T08:15:04.387`) +- [CVE-2024-45117](CVE-2024/CVE-2024-451xx/CVE-2024-45117.json) (`2024-10-10T10:15:04.150`) +- [CVE-2024-45118](CVE-2024/CVE-2024-451xx/CVE-2024-45118.json) (`2024-10-10T10:15:04.357`) +- [CVE-2024-45119](CVE-2024/CVE-2024-451xx/CVE-2024-45119.json) (`2024-10-10T10:15:04.563`) +- [CVE-2024-45120](CVE-2024/CVE-2024-451xx/CVE-2024-45120.json) (`2024-10-10T10:15:04.787`) +- [CVE-2024-45121](CVE-2024/CVE-2024-451xx/CVE-2024-45121.json) (`2024-10-10T10:15:04.997`) +- [CVE-2024-45122](CVE-2024/CVE-2024-451xx/CVE-2024-45122.json) (`2024-10-10T10:15:05.200`) +- [CVE-2024-45123](CVE-2024/CVE-2024-451xx/CVE-2024-45123.json) (`2024-10-10T10:15:05.400`) +- [CVE-2024-45124](CVE-2024/CVE-2024-451xx/CVE-2024-45124.json) (`2024-10-10T10:15:05.607`) +- [CVE-2024-45125](CVE-2024/CVE-2024-451xx/CVE-2024-45125.json) (`2024-10-10T10:15:05.797`) +- [CVE-2024-45127](CVE-2024/CVE-2024-451xx/CVE-2024-45127.json) (`2024-10-10T10:15:06.027`) +- [CVE-2024-45128](CVE-2024/CVE-2024-451xx/CVE-2024-45128.json) (`2024-10-10T10:15:06.230`) +- [CVE-2024-45129](CVE-2024/CVE-2024-451xx/CVE-2024-45129.json) (`2024-10-10T10:15:06.423`) +- [CVE-2024-45130](CVE-2024/CVE-2024-451xx/CVE-2024-45130.json) (`2024-10-10T10:15:06.700`) +- [CVE-2024-45131](CVE-2024/CVE-2024-451xx/CVE-2024-45131.json) (`2024-10-10T10:15:06.913`) +- [CVE-2024-45132](CVE-2024/CVE-2024-451xx/CVE-2024-45132.json) (`2024-10-10T10:15:07.140`) +- [CVE-2024-45133](CVE-2024/CVE-2024-451xx/CVE-2024-45133.json) (`2024-10-10T10:15:07.340`) +- [CVE-2024-45134](CVE-2024/CVE-2024-451xx/CVE-2024-45134.json) (`2024-10-10T10:15:07.540`) +- [CVE-2024-45135](CVE-2024/CVE-2024-451xx/CVE-2024-45135.json) (`2024-10-10T10:15:07.757`) +- [CVE-2024-45148](CVE-2024/CVE-2024-451xx/CVE-2024-45148.json) (`2024-10-10T10:15:07.963`) +- [CVE-2024-45149](CVE-2024/CVE-2024-451xx/CVE-2024-45149.json) (`2024-10-10T10:15:08.170`) +- [CVE-2024-48902](CVE-2024/CVE-2024-489xx/CVE-2024-48902.json) (`2024-10-10T11:15:13.540`) +- [CVE-2024-8977](CVE-2024/CVE-2024-89xx/CVE-2024-8977.json) (`2024-10-10T10:15:08.367`) +- [CVE-2024-9201](CVE-2024/CVE-2024-92xx/CVE-2024-9201.json) (`2024-10-10T11:15:13.760`) +- [CVE-2024-9596](CVE-2024/CVE-2024-95xx/CVE-2024-9596.json) (`2024-10-10T10:15:08.563`) +- [CVE-2024-9623](CVE-2024/CVE-2024-96xx/CVE-2024-9623.json) (`2024-10-10T10:15:08.770`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `4` -- [CVE-2024-38817](CVE-2024/CVE-2024-388xx/CVE-2024-38817.json) (`2024-10-10T08:15:03.443`) +- [CVE-2024-22068](CVE-2024/CVE-2024-220xx/CVE-2024-22068.json) (`2024-10-10T09:15:03.190`) +- [CVE-2024-36989](CVE-2024/CVE-2024-369xx/CVE-2024-36989.json) (`2024-10-10T11:58:28.630`) +- [CVE-2024-38348](CVE-2024/CVE-2024-383xx/CVE-2024-38348.json) (`2024-10-10T10:32:15.330`) +- [CVE-2024-4639](CVE-2024/CVE-2024-46xx/CVE-2024-4639.json) (`2024-10-10T10:39:06.410`) ## Download and Usage diff --git a/_state.csv b/_state.csv index b6317f7fdf8..3b7e8025d23 100644 --- a/_state.csv +++ b/_state.csv @@ -244609,7 +244609,7 @@ CVE-2024-22060,0,0,7f79d2875f5a614fca219746c1bbf5a9acd1ca84384af60f4f2ea354a4c82 CVE-2024-22061,0,0,a2f8b1edabd606da9b855ff3e3612ece1cc2a51d553a7dadaf2301f49cdc94da,2024-07-03T01:47:02.763000 CVE-2024-22062,0,0,cc06929fe5df33d033a09c6d5b184881dcbf0939fe62637d4555c345e1a11ac3,2024-07-09T18:19:14.047000 CVE-2024-22064,0,0,4ab6f1fd7aac8f5f705eb95fc6fb847518aebb95babd98d77adf15137fe26c27,2024-05-14T16:13:02.773000 -CVE-2024-22068,1,1,a4b2158da0e5acf6aca89fe01862025b73e1e0ccbcaadeea2c436cd275d0727a,2024-10-10T09:15:03.190000 +CVE-2024-22068,0,1,30a068a37c8f86c60c5f8722c7b135885c78bee8435bb094db05945fff9e8805,2024-10-10T09:15:03.190000 CVE-2024-22069,0,0,4264d807f7b5f6c2c545419e352dc9886522b6dff10818d72b9f5fb46c144466,2024-08-20T17:22:39.500000 CVE-2024-22074,0,0,a1a776748154594eabd5bedbe0254430e590ea44ffb88bfb446bfd71a59f69e3,2024-06-07T14:56:05.647000 CVE-2024-22075,0,0,a5af4a36684a159511579f89d3ce85206e57c3558ab3a4b37d02f2a846a5e5f1,2024-01-10T15:06:42.563000 @@ -255253,7 +255253,7 @@ CVE-2024-36984,0,0,e0e9241900a224e3ad6fe1ba063f84bef1aef3bc909574846a1878b8e10e5 CVE-2024-36985,0,0,79ad0407ff845adba2267085ae08be5487982d62becef69388cf8c25525fe83e,2024-07-08T14:18:40.360000 CVE-2024-36986,0,0,19150827ddb5a5edfc4814b01ab21fdc0631b6b8b842914dd22329d1e779f69a,2024-08-02T15:24:42.677000 CVE-2024-36987,0,0,1d55b78de0429e0f9217425a916f7a81cae7e1ecd4aabcd3cf4385f4839c5aca,2024-08-02T15:21:54.573000 -CVE-2024-36989,0,0,689147655bf3300037b6b26d03b3db08b60063c952195c56a665f47f4c0b9812,2024-08-02T15:11:57.347000 +CVE-2024-36989,0,1,e29df74fff69a124cbba202c433c463e6aee8ba4fb035b75e2a80ecf4b180960,2024-10-10T11:58:28.630000 CVE-2024-3699,0,0,30b1531f872c88b7cbea0828fb395914bc791e58c332296f8abe3de89de3423a,2024-06-12T17:53:09.130000 CVE-2024-36990,0,0,c6ebb7eedce1b1630f254f51b2ec2bdff0ad362c70cf722357a5198ef0b015f1,2024-08-21T14:29:07.173000 CVE-2024-36991,0,0,170802115c918c2bd8567732564fe4924a4eadc0df36a7df6beeafa80b77c812,2024-07-22T15:00:45.110000 @@ -256249,7 +256249,7 @@ CVE-2024-38344,0,0,9ab5a9367a4478293ac2379112f78ca200a2cb316c550e5b0a6b06a397872 CVE-2024-38345,0,0,52f2293d17b88d6e356144e0e15c86a25194f7d79ea68829ed7fb7a553e8b4d2,2024-07-09T16:22:44.523000 CVE-2024-38346,0,0,689d401df5aa75c70def7483ddda9de7aa5563e129adce9d2b51b58b0f05d227,2024-07-08T15:48:17.710000 CVE-2024-38347,0,0,0d1068ef932ec6d98ae8718125de6f9e1999f5db75d75126f90312b4a6428d62,2024-08-01T13:54:48 -CVE-2024-38348,0,0,d76ac40595953765ae6aa7072c9f7b614003a66a456cd40d15acbc09f7e58829,2024-07-11T02:50:33.110000 +CVE-2024-38348,0,1,c68f29b8b54dbd080bd10c6b15e67607347944ca7ab996033605bdc92e34a190,2024-10-10T10:32:15.330000 CVE-2024-38351,0,0,aaba7fc1ee76a182696aae0d74ae2a9df7cc50ae99868ceebc0a7900d3128075,2024-06-20T12:44:01.637000 CVE-2024-38352,0,0,7f53bae2899f27af7757d718c996f6001cd5095044ca01f36a87e887235b42f5,2024-06-19T18:15:11.507000 CVE-2024-38353,0,0,c7fbc5157bea63c7f1f1bd15e83eaa811940abad1a21b06d85ae750a0936fa30,2024-07-11T13:05:54.930000 @@ -256637,7 +256637,7 @@ CVE-2024-38812,0,0,34d8657a2d86accb47b9e7e7219bd48126133821add77e5ea4911708e30f2 CVE-2024-38813,0,0,3d08a10b622d3af5696a9ed2c2a45317011023f873f91120d4c5c5927c60a9b1,2024-10-02T13:59:52.887000 CVE-2024-38815,0,0,c52fd8da3142c021b606c8728a62b21f9f99058f51b7269cc44cfebc965b0ea7,2024-10-09T20:15:07.820000 CVE-2024-38816,0,0,6659455d4c0832fae3abce29bdd91d446a380e8317fc9229e602957b66269232,2024-09-13T14:06:04.777000 -CVE-2024-38817,0,1,eac281247a6eb9c602e6725bbd5183b4d7f90c4f35e79b61a7471769e0187b43,2024-10-10T08:15:03.443000 +CVE-2024-38817,0,0,eac281247a6eb9c602e6725bbd5183b4d7f90c4f35e79b61a7471769e0187b43,2024-10-10T08:15:03.443000 CVE-2024-38818,0,0,079453aabf40bf52c505c5cc3562c6294af68ca7630ca2a0ef4eab9539bf3138,2024-10-09T20:15:08.230000 CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000 CVE-2024-3883,0,0,e6bda202b9fd54c10f25f29dd8ae0cebb83b1538aee636944c2fd66bf4045fff,2024-05-02T13:27:25.103000 @@ -260318,8 +260318,28 @@ CVE-2024-4511,0,0,4d9dcedc762dab13753e2b0a6fba06d0880c8f0afe543668ff587ed1c4cea3 CVE-2024-45111,0,0,9fb0acaa2cfe1365ae260bae686a5d90e02d1dda50ec2516e7d6462b0987e021,2024-09-13T17:20:53.993000 CVE-2024-45112,0,0,fe220e89b9c90418cf9256ec0d1a61e1fb615761854b12c59226a9746bbe3106,2024-09-19T14:56:53.697000 CVE-2024-45113,0,0,9a4e89176a7b5c7d3845f7aafd6d39f3276ba5c23e86960f62b502204f186b6b,2024-09-13T16:56:53.673000 +CVE-2024-45115,1,1,9196f088541ce557fe770e6334d5d980d1e88bc25d23c810f69ae193266a9e9d,2024-10-10T10:15:03.127000 +CVE-2024-45116,1,1,81e480d9220c3494ee7a38f661c5a788882df12641e6f664c45ac18da59ece21,2024-10-10T10:15:03.930000 +CVE-2024-45117,1,1,a7f76cf6cead3665cdb1851f741d2bc2150727f01865c8cea22ef63825381938,2024-10-10T10:15:04.150000 +CVE-2024-45118,1,1,f8aca8a42f346c648cf13b9e598cd64dc98fdc761e968926d473e7e588e4815b,2024-10-10T10:15:04.357000 +CVE-2024-45119,1,1,4c636425b3d19f2f824200109033f154500868f589843bc5e35b9138bd5c095d,2024-10-10T10:15:04.563000 CVE-2024-4512,0,0,26a6b6bccaf4c25a8f55831184ccf900ec4db9044766abdc62f8dfefbc7cb546,2024-06-04T19:20:40.540000 +CVE-2024-45120,1,1,be04ce0e2054bb9c7a146a05f5b0423e8c560bf77887944cfa5bfdace25b8392,2024-10-10T10:15:04.787000 +CVE-2024-45121,1,1,cc04dc22e93e84635582d8d2c0d49e5943b1b8a3456c1d8f7dfadda6d2dfb969,2024-10-10T10:15:04.997000 +CVE-2024-45122,1,1,24ff7797cad61a0471cb3e602a709e7d323fbfa20611b33f6e6a80f3f1ef5de6,2024-10-10T10:15:05.200000 +CVE-2024-45123,1,1,c71ae568cab3c8105242b199224398a3a583b39dda0f3d151b5442bdb5ec5766,2024-10-10T10:15:05.400000 +CVE-2024-45124,1,1,5dd39d6753be17c004cf477f02238c2dba901025030cead11a18866ba1a78496,2024-10-10T10:15:05.607000 +CVE-2024-45125,1,1,4f30d26a2322c2cfcc77279d5c8b5604c54c9d1901cf77ff46fdcbde0b7da651,2024-10-10T10:15:05.797000 +CVE-2024-45127,1,1,4de42963c417f1a0951fa2a2ea11a61ab9195845174f226317af4e77bdaf6e23,2024-10-10T10:15:06.027000 +CVE-2024-45128,1,1,bd4580259aa9c2c766e33ccae4d679034fe7ae7bed897659d56b8581673d8a6c,2024-10-10T10:15:06.230000 +CVE-2024-45129,1,1,9dc38eb72dcf43b649f10c4d8fb02bbbbe1d61ec7baba13dd9a280cd6e2b1af9,2024-10-10T10:15:06.423000 CVE-2024-4513,0,0,6c3f318b0d8a8c538c1f3920692d132bd9a92a5cfece17f174b91ed826f80818,2024-06-04T19:20:40.633000 +CVE-2024-45130,1,1,cd0ea62d2b15ea75706653c32c9ed53e3799d88e9b199b78b7dc11015667f5ed,2024-10-10T10:15:06.700000 +CVE-2024-45131,1,1,b95273be31a9aee9e71912c7d9416cd960ce52a58fe21e99a7006555b131b0b1,2024-10-10T10:15:06.913000 +CVE-2024-45132,1,1,d26bb368309854a2bd219bbf8d3ebb74850ca9d9fbf5fa0550c406fece87968e,2024-10-10T10:15:07.140000 +CVE-2024-45133,1,1,bef12aa7338d389ef0f7e2ed47b0b0262a559d3813e78f05a524992836ee72c5,2024-10-10T10:15:07.340000 +CVE-2024-45134,1,1,14e941ef258a3bc7e2cff4325c2ec4f4d57912e4b2548922f98a62324e945dd0,2024-10-10T10:15:07.540000 +CVE-2024-45135,1,1,796ed1aa8964eeced568d5592530bf4041ffa42b206c01fe4c107b7c4d36b30a,2024-10-10T10:15:07.757000 CVE-2024-45136,0,0,c9ad2ecb5aba03476e693f364218ac1e02907c0fc3349e68bd00e3e57272dbc9,2024-10-09T15:15:13.163000 CVE-2024-45137,0,0,c532f6d28b470f19ed88150d3638d180f83be193ed8d709e9c53c69c0e6d2651,2024-10-09T15:15:13.373000 CVE-2024-45138,0,0,9643d62ee569a15af59da4d4f77a741533114c7562d96218c0fbaa211e368315,2024-10-09T14:15:05.723000 @@ -260332,6 +260352,8 @@ CVE-2024-45143,0,0,f53a00d9ea7fcf9e6680d47e9a33610e8a55c38027b5725cb1c2b87e282b7 CVE-2024-45144,0,0,c77cc8e3145c010c2698b406e4456870206bce15b9e6a16d5e1c20e3eeccc9b6,2024-10-09T14:15:06.973000 CVE-2024-45145,0,0,b36d6bb4b4247eb059c115ad97c447cca0f70b08025fc2179ef91ba7e7a7f114,2024-10-09T10:15:03.283000 CVE-2024-45146,0,0,2a5b5a0d648806ca5e54b8bd1a0a8e9a0eaa835e972130f7015e02de53d4b2a8,2024-10-09T09:15:05.693000 +CVE-2024-45148,1,1,9ec5ecbfbf981b12f5dc5c054b5a6d0e3992c82495e31da089859e5818ba562f,2024-10-10T10:15:07.963000 +CVE-2024-45149,1,1,2d023078254f7433642bf306066bc08777aa2bc32aeb55b1fee84a005a872cb7,2024-10-10T10:15:08.170000 CVE-2024-4515,0,0,745b5001aba1f09f57fb481d2a3d2000635a4a96793fd9115da6678f1f7fddb3,2024-06-04T19:20:40.830000 CVE-2024-45150,0,0,bd12df0ca2dd5e008526d6f546a4cd15e1f7b87d2c471afa5048e25665848888,2024-10-09T09:15:06.210000 CVE-2024-45152,0,0,148ff5ca6e5b548257f7595f40141b53f137dc764010dfe2834f6689ff458988,2024-10-09T14:15:07.183000 @@ -260839,7 +260861,7 @@ CVE-2024-46376,0,0,f3c4758540f2ac7c03838f8eccd3f67c9d25fd080cb7169c664824c92406d CVE-2024-46377,0,0,dbd66064786bd129c8f0daf0f8e37ec51d021bf976974fef51557cd63106242d,2024-09-20T12:30:17.483000 CVE-2024-4638,0,0,fdd077899626129e208d16f53a9a5482358eca01d91f2895388a2a3863f13467,2024-09-24T17:13:43.997000 CVE-2024-46382,0,0,65cd8f8715b62b5a7598d3b8d6186f6e2f4b087b931ac8f129c8f64b10f1fd55,2024-09-25T16:56:09.927000 -CVE-2024-4639,0,0,63d049eee594beebe77a9774e9d66b077e03fa99e5b29364c893c36c24e6ccaf,2024-09-18T15:46:04.960000 +CVE-2024-4639,0,1,f02b5c58ae5a71f4f7afea4e263ab89427639817f2fb26164569232dacb74959,2024-10-10T10:39:06.410000 CVE-2024-46394,0,0,2516725e4bff704e46174a8f5632e7834a8075c579df9c6725759cf5ecdadeb1,2024-09-25T16:55:15.023000 CVE-2024-4640,0,0,561eb45560c6a2512cf49113a4a8a4e86a4cf3daabba823a155e6305f710bfc9,2024-09-18T15:48:43.557000 CVE-2024-46409,0,0,aba2a412f8aa901356da8f12961372170796df83780b5d94df8dbeba2142d0ca,2024-10-07T19:37:28.597000 @@ -261705,6 +261727,7 @@ CVE-2024-4887,0,0,cd16cdbf0d661e24b4ec24b0cab770c7eb42c6fb6d3f727954351a4e088495 CVE-2024-4888,0,0,fec1e03b9425eafa3abf9c794b417e5dd9f4ec5c0ccb57ecd621528833d262c0,2024-06-07T14:56:05.647000 CVE-2024-4889,0,0,e1db15d22cd014db7823bf12ffdd16045472c9266c0e44b11059f83de00383eb,2024-06-07T14:56:05.647000 CVE-2024-4890,0,0,53ca3d470669469343718a89aecd8ceb01b5d306faed13dac96d630215f97f2a,2024-06-07T14:56:05.647000 +CVE-2024-48902,1,1,c9c2f9bfe54ba56a23dbe681ae9aa1b390e0a0a9bf635821c08583074efb275b,2024-10-10T11:15:13.540000 CVE-2024-4891,0,0,f3940d673165429e16eea192398cf8ad711af9d91140d48fc15ea6e438b5c077,2024-05-20T13:00:34.807000 CVE-2024-4892,0,0,86d55410ceaf3ecac0b7906bf27b918d65f0ae499a5475505564f001e752dae0,2024-06-13T18:36:09.013000 CVE-2024-4893,0,0,c4900f559bdc4a1c952ec15ffc0a407a7d0fc758594c29af597940962bf437f6,2024-05-15T16:40:19.330000 @@ -263316,7 +263339,7 @@ CVE-2024-6743,0,0,d20423ae34ef7edd843a6cb67ab6563bdeae21fb73206254415d2c0219c744 CVE-2024-6744,0,0,db4e7b937d3d03ea3e3b2b15edbfe780a0b875b3fdcc47905faa685f3164112e,2024-07-16T18:06:51.390000 CVE-2024-6745,0,0,1617c1b62a6985e7cfd1493a4e6106081b5b226c76f4caaa1064224772ef702b,2024-07-19T18:04:47.363000 CVE-2024-6746,0,0,a07904c7ab441e8aefcdf67187efe0701752648d282a9adf495048d9805d0f66,2024-07-19T18:02:29.417000 -CVE-2024-6747,1,1,5f5747258ea41f5ed1130e6dd9655be7ff3676d5f619a4f9ba4d2c75476c6c5a,2024-10-10T08:15:03.630000 +CVE-2024-6747,0,0,5f5747258ea41f5ed1130e6dd9655be7ff3676d5f619a4f9ba4d2c75476c6c5a,2024-10-10T08:15:03.630000 CVE-2024-6748,0,0,3165cdb659bfb317f070ab6b5ff0ffe08f8676c2d4210e086188fb527771a712,2024-07-30T13:33:30.653000 CVE-2024-6750,0,0,259befaacfd3ee023627d5e60a86696c98cc4bb58920e9f36a409d03ab7792d0,2024-09-03T21:40:22.460000 CVE-2024-6751,0,0,65709f0db2fc5964de358cedefb78e4090d836ca670fed7f74fbf34d4a07dbbd,2024-09-03T21:39:06.433000 @@ -263544,7 +263567,7 @@ CVE-2024-7038,0,0,182f910a9ab2ef469a30f74b37ebb0cc91121622585133274525ddf4bf610a CVE-2024-7041,0,0,688ed132bbfb1befffc795f35ed82a14fecd87e0cf303674c9fedf4eb1b11763,2024-10-09T20:15:09.683000 CVE-2024-7047,0,0,21985a71701c23251b30e756f6f2c4f75baa147c34a8c282b34b811aa42e2336,2024-08-26T16:07:27.837000 CVE-2024-7048,0,0,12f3403896e9a4059ff750f1971d744793a0e26cafaae7be39b178ed44bc9bc4,2024-10-10T02:15:03.113000 -CVE-2024-7049,1,1,f0ad5dbc7cefb074f37840f2b9434ba86926741ebb65b581c0afb8321da2fdd4,2024-10-10T08:15:03.910000 +CVE-2024-7049,0,0,f0ad5dbc7cefb074f37840f2b9434ba86926741ebb65b581c0afb8321da2fdd4,2024-10-10T08:15:03.910000 CVE-2024-7050,0,0,f402c0a89ba2917236fe6639793bd54ee4751807250eba7a4dde84d4a362ffd7,2024-07-29T14:12:08.783000 CVE-2024-7051,0,0,d0158d1d3b2cdd12dcaf8ff0c61b0f7cdef559e08a0a05011bfe1940648c764c,2024-08-30T16:15:10.960000 CVE-2024-7054,0,0,c2f192d88d8b2a817d17540b8fda16fcd38e463cdb3b6d5e52e3cf243830add6,2024-08-20T15:44:20.567000 @@ -264896,6 +264919,7 @@ CVE-2024-8967,0,0,0e61388d89e65d4552c8513d8ec8c307c7a4bc14fde1f860df9e7663ba49f2 CVE-2024-8969,0,0,98dd6be27cce2c3412495467ecb9257ef6e673bce29c0f376bf0c342ca11f9e9,2024-09-20T12:30:51.220000 CVE-2024-8974,0,0,47fcb9de64a47ab7d6fd39981189c5f91c3407e2aae34c6aae2197da9ba195e7,2024-10-04T17:30:18.803000 CVE-2024-8975,0,0,e9dab26a838a0dd237537c2cbdba69bbaa5b6602743bc0ca17e054f95d0f2b70,2024-10-01T19:20:21.103000 +CVE-2024-8977,1,1,71642f624dfd713de445adce2cbd559e2cd3fbf4d46242bc23afc3dd675a7c37,2024-10-10T10:15:08.367000 CVE-2024-8981,0,0,72a5e946545b01f6f5b55bd9be0a66c4964926bf866e85b9f0e826b5c8f5cfe7,2024-10-04T13:51:25.567000 CVE-2024-8983,0,0,b5ad10e9e9fe7aabd9cdc2054c7af15f8a7e59c36886f8fb214efeae5019cab1,2024-10-09T16:35:09.290000 CVE-2024-8986,0,0,072cf1f180fb390d1b4b3d2d50dea4c4259a9c38757ddb70b883e21ef9d81f01,2024-09-20T12:30:17.483000 @@ -265011,6 +265035,7 @@ CVE-2024-9189,0,0,589dc859bd1b4dfe4aefe62d286159acb6f430185a125dd81b1568310ee1bb CVE-2024-9194,0,0,94d0f5f267ad180c0cf40bc9b87cc59bf3002f59241057e5b89ba1ec25bacf82,2024-10-04T13:51:25.567000 CVE-2024-9198,0,0,f43e7cbf5ad8264654a856d8df5069cea0145a66becd85052219123b3f2b7d6c,2024-10-02T14:33:52.780000 CVE-2024-9199,0,0,0d70434db3b8e5067294d8da03c36e695141f2bf7d8322fbb68a3bc3177abf45,2024-10-02T14:33:54.607000 +CVE-2024-9201,1,1,a3af60bbfa9488b65ace049793bf49981aef39b64686e629c589022ae66f2833,2024-10-10T11:15:13.760000 CVE-2024-9202,0,0,808b8091e3582386849f2f7767feb40805cba585b6581ba135c1d621ab219188,2024-09-30T12:46:20.237000 CVE-2024-9203,0,0,e6eb6874bd83da6550f594261cd60c3d082a0ed5dbc17d4c1b083dd114dee5d8,2024-09-30T12:46:20.237000 CVE-2024-9204,0,0,8709d8f31d12084fc2eba23d41169bb9ba345e1a3d3bed7d676463fdbec26c9b,2024-10-04T13:50:43.727000 @@ -265185,17 +265210,19 @@ CVE-2024-9574,0,0,a60670a65a4470a80e62c618e77fec3e5e5071e32e3c874874eb23f89671df CVE-2024-9575,0,0,5319fb13c91be15843abb76d87e6d17457d37aebb68186f1a71e2b47b9eefe17,2024-10-09T14:35:13.220000 CVE-2024-9576,0,0,349b41d5d275d2b69494dd85fe115130849861d9cddaab63cccbcfe5be8a03f5,2024-10-07T17:47:48.410000 CVE-2024-9581,0,0,ef6b4fcb9791fefb373c8eb2076fff904758b37ce78821eb9f889a1bd5051ed7,2024-10-10T02:15:06.227000 +CVE-2024-9596,1,1,dc8c1387457a8e98db5f2a5a8eedfe6a78638893039c62d0a30c2544d623641d,2024-10-10T10:15:08.563000 CVE-2024-9602,0,0,13c5133d85587ec02f04ab3df6b135286d0f9133ef132335e7faeadbfb7036e6,2024-10-09T17:35:16.980000 CVE-2024-9603,0,0,5064a175167ae9dbaab5d5f0ba6b6e0d26b4de70a429a695addd7ebd760abbdf,2024-10-09T16:35:09.623000 CVE-2024-9620,0,0,0379fb1d0864218f96bae79eafc674616cceed6a1d6b1c374718286d73008692,2024-10-08T17:15:57.357000 CVE-2024-9621,0,0,93a648e082c2d430d057ddc9e3ada713aaa0a2bb50686998ccd1adc379bccdce,2024-10-08T17:15:57.573000 CVE-2024-9622,0,0,c63b888866eff50e6fa5697d58bf1e64edc668dfb35cefc907fc3210c84ae5d9,2024-10-08T17:15:57.790000 +CVE-2024-9623,1,1,b27bd9bd0c476e42d5793aaaa4b30874b72637acdcc9c9d220688162fccd7f46,2024-10-10T10:15:08.770000 CVE-2024-9671,0,0,f49c886ce75776b8468067e0383f68033c06188472cd5b55ea14fd7e423e32a2,2024-10-09T15:15:17.513000 CVE-2024-9675,0,0,32e8840bd27965b8df5e5b7176aa0ce26bda0a9f22dcbac8c66cb0601f52b1b1,2024-10-09T15:15:17.837000 CVE-2024-9680,0,0,1073a61fe81991e41ed256928cc5d8d5bc03a3ffd6b7dabd943fe9be59020a5c,2024-10-09T16:35:10.390000 CVE-2024-9685,0,0,587a16c28fef49a7c446d42e2f8c2399f7acfb5c44d717d8aa46528c6e160880,2024-10-10T02:15:06.440000 CVE-2024-9780,0,0,bcdc26cebf41023411248a54ca1298593aad5de98135e414a43471278624a0df,2024-10-10T07:15:03.727000 CVE-2024-9781,0,0,c4c43c2fe5298eaa775adcc9f1acc016cd7959f1e1b149a4b1f5e918320967e5,2024-10-10T07:15:04.100000 -CVE-2024-9796,1,1,899ce6c3db81a82c7e5873c58310ea8e9092cff195c99edba907ddfafe6969eb,2024-10-10T08:15:04.140000 -CVE-2024-9798,1,1,e3f94feda8194e3e67a24aa2383dbfaa87f537350e2ae7e749d3032d5ec1a350,2024-10-10T08:15:04.207000 -CVE-2024-9802,1,1,74e669d15ae6598ed12c396496c8779e1b2ec0797d50945f4108f40ea2c373dd,2024-10-10T08:15:04.387000 +CVE-2024-9796,0,0,899ce6c3db81a82c7e5873c58310ea8e9092cff195c99edba907ddfafe6969eb,2024-10-10T08:15:04.140000 +CVE-2024-9798,0,0,e3f94feda8194e3e67a24aa2383dbfaa87f537350e2ae7e749d3032d5ec1a350,2024-10-10T08:15:04.207000 +CVE-2024-9802,0,0,74e669d15ae6598ed12c396496c8779e1b2ec0797d50945f4108f40ea2c373dd,2024-10-10T08:15:04.387000