From 1e5efac4ebc38518340e0035703ce452bf7a6fed Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 18 Nov 2024 11:03:21 +0000 Subject: [PATCH] Auto-Update: 2024-11-18T11:00:19.383135+00:00 --- CVE-2023/CVE-2023-391xx/CVE-2023-39176.json | 64 ++++++++++++++ CVE-2023/CVE-2023-391xx/CVE-2023-39179.json | 64 ++++++++++++++ CVE-2023/CVE-2023-391xx/CVE-2023-39180.json | 64 ++++++++++++++ CVE-2024/CVE-2024-384xx/CVE-2024-38472.json | 8 +- CVE-2024/CVE-2024-411xx/CVE-2024-41151.json | 37 ++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41967.json | 56 ++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41968.json | 56 ++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41969.json | 56 ++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41970.json | 56 ++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41971.json | 56 ++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41972.json | 56 ++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41973.json | 56 ++++++++++++ CVE-2024/CVE-2024-419xx/CVE-2024-41974.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42383.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42384.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42385.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42386.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42387.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42388.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42389.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42390.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42391.json | 56 ++++++++++++ CVE-2024/CVE-2024-423xx/CVE-2024-42392.json | 56 ++++++++++++ CVE-2024/CVE-2024-455xx/CVE-2024-45505.json | 37 ++++++++ CVE-2024/CVE-2024-457xx/CVE-2024-45791.json | 37 ++++++++ CVE-2024/CVE-2024-472xx/CVE-2024-47208.json | 49 +++++++++++ CVE-2024/CVE-2024-489xx/CVE-2024-48962.json | 98 +++++++++++++++++++++ README.md | 43 ++++++--- _state.csv | 42 +++++++-- 29 files changed, 1525 insertions(+), 26 deletions(-) create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39176.json create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39179.json create mode 100644 CVE-2023/CVE-2023-391xx/CVE-2023-39180.json create mode 100644 CVE-2024/CVE-2024-411xx/CVE-2024-41151.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41967.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41968.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41969.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41970.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41971.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41972.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41973.json create mode 100644 CVE-2024/CVE-2024-419xx/CVE-2024-41974.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42383.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42384.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42385.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42386.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42387.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42388.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42389.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42390.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42391.json create mode 100644 CVE-2024/CVE-2024-423xx/CVE-2024-42392.json create mode 100644 CVE-2024/CVE-2024-455xx/CVE-2024-45505.json create mode 100644 CVE-2024/CVE-2024-457xx/CVE-2024-45791.json create mode 100644 CVE-2024/CVE-2024-472xx/CVE-2024-47208.json create mode 100644 CVE-2024/CVE-2024-489xx/CVE-2024-48962.json diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39176.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39176.json new file mode 100644 index 00000000000..c3916db9362 --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39176.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-39176", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-11-18T10:15:04.667", + "lastModified": "2024-11-18T10:15:04.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-39176", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326503", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-586/", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39179.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39179.json new file mode 100644 index 00000000000..cd0959bd5d6 --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39179.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-39179", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-11-18T10:15:04.980", + "lastModified": "2024-11-18T10:15:04.980", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-39179", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326529", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-586/", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39180.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39180.json new file mode 100644 index 00000000000..b384f78448d --- /dev/null +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39180.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2023-39180", + "sourceIdentifier": "patrick@puiterwijk.org", + "published": "2024-11-18T10:15:05.217", + "lastModified": "2024-11-18T10:15:05.217", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "patrick@puiterwijk.org", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://access.redhat.com/security/cve/CVE-2023-39180", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326531", + "source": "patrick@puiterwijk.org" + }, + { + "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-589/", + "source": "patrick@puiterwijk.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38472.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38472.json index 461fed1ece4..b29e8330906 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38472.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38472.json @@ -2,13 +2,13 @@ "id": "CVE-2024-38472", "sourceIdentifier": "security@apache.org", "published": "2024-07-01T19:15:04.563", - "lastModified": "2024-07-12T14:15:15.043", + "lastModified": "2024-11-18T09:15:04.347", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and\u00a0malicious requests or content \nUsers are recommended to upgrade to version 2.4.60 which fixes this issue.\u00a0 Note: Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing." + "value": "SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and\u00a0malicious requests or content \nUsers are recommended to upgrade to version 2.4.60 which fixes this issue.\u00a0 Note: Existing configurations that access UNC paths will have to configure new directive \"UNCList\" to allow access during request processing." }, { "lang": "es", @@ -55,10 +55,6 @@ { "url": "https://httpd.apache.org/security/vulnerabilities_24.html", "source": "security@apache.org" - }, - { - "url": "https://security.netapp.com/advisory/ntap-20240712-0001/", - "source": "security@apache.org" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41151.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41151.json new file mode 100644 index 00000000000..51a96931d4e --- /dev/null +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41151.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-41151", + "sourceIdentifier": "security@apache.org", + "published": "2024-11-18T09:15:05.010", + "lastModified": "2024-11-18T09:15:05.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Apache HertzBeat.\n\nThis vulnerability can only be exploited by authorized attackers.\n\n\nThis issue affects Apache HertzBeat: before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/oor9nw6nh2ojnfw8d8oxrv40cbtk5mwj", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/p33tg0vo5nh6kscth4262ktsqo3h5lqo", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41967.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41967.json new file mode 100644 index 00000000000..45d50ce48ae --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41967.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41967", + "sourceIdentifier": "info@cert.vde.com", + "published": "2024-11-18T09:15:05.150", + "lastModified": "2024-11-18T09:15:05.150", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker\u00a0may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-047", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41968.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41968.json new file mode 100644 index 00000000000..06bb304fcf8 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41968.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41968", + "sourceIdentifier": "info@cert.vde.com", + "published": "2024-11-18T09:15:05.410", + "lastModified": "2024-11-18T09:15:05.410", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-047", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41969.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41969.json new file mode 100644 index 00000000000..981222941ad --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41969.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41969", + "sourceIdentifier": "info@cert.vde.com", + "published": "2024-11-18T09:15:05.637", + "lastModified": "2024-11-18T09:15:05.637", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker may\u00a0modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-047", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41970.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41970.json new file mode 100644 index 00000000000..2755b127909 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41970.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41970", + "sourceIdentifier": "info@cert.vde.com", + "published": "2024-11-18T10:15:05.487", + "lastModified": "2024-11-18T10:15:05.487", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker\u00a0may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-047", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41971.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41971.json new file mode 100644 index 00000000000..161dcef5e7d --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41971.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41971", + "sourceIdentifier": "info@cert.vde.com", + "published": "2024-11-18T10:15:05.750", + "lastModified": "2024-11-18T10:15:05.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-047", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41972.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41972.json new file mode 100644 index 00000000000..fa28fc8e37e --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41972.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41972", + "sourceIdentifier": "info@cert.vde.com", + "published": "2024-11-18T10:15:05.967", + "lastModified": "2024-11-18T10:15:05.967", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker can\u00a0overwrite an arbitrary file on the filesystem which\u00a0may lead to an arbitrary file read with root privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-047", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41973.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41973.json new file mode 100644 index 00000000000..f03451b6016 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41973.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41973", + "sourceIdentifier": "info@cert.vde.com", + "published": "2024-11-18T10:15:06.213", + "lastModified": "2024-11-18T10:15:06.213", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker can\u00a0specify an arbitrary file on the filesystem which\u00a0may lead to an arbitrary file writes with root privileges." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-047", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41974.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41974.json new file mode 100644 index 00000000000..69d59341476 --- /dev/null +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41974.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-41974", + "sourceIdentifier": "info@cert.vde.com", + "published": "2024-11-18T10:15:06.447", + "lastModified": "2024-11-18T10:15:06.447", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A low privileged remote attacker\u00a0may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "info@cert.vde.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://cert.vde.com/en/advisories/VDE-2024-047", + "source": "info@cert.vde.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42383.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42383.json new file mode 100644 index 00000000000..07c769a3735 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42383.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42383", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:06.667", + "lastModified": "2024-11-18T10:15:06.667", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-823" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42383", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42384.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42384.json new file mode 100644 index 00000000000..75f87e48922 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42384.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42384", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:06.943", + "lastModified": "2024-11-18T10:15:06.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42384", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42385.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42385.json new file mode 100644 index 00000000000..bde101f8e28 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42385.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42385", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:07.187", + "lastModified": "2024-11-18T10:15:07.187", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-140" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42385", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42386.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42386.json new file mode 100644 index 00000000000..29806cf8797 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42386.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42386", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:07.427", + "lastModified": "2024-11-18T10:15:07.427", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-823" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42386", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42387.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42387.json new file mode 100644 index 00000000000..40915d90d9c --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42387.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42387", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:07.647", + "lastModified": "2024-11-18T10:15:07.647", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-823" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42387", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42388.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42388.json new file mode 100644 index 00000000000..bdea9579466 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42388.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42388", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:07.873", + "lastModified": "2024-11-18T10:15:07.873", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-823" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42388", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42389.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42389.json new file mode 100644 index 00000000000..8a16349e330 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42389.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42389", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:08.090", + "lastModified": "2024-11-18T10:15:08.090", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-823" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42389", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42390.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42390.json new file mode 100644 index 00000000000..d641ee697d6 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42390.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42390", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:08.307", + "lastModified": "2024-11-18T10:15:08.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-823" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42390", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42391.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42391.json new file mode 100644 index 00000000000..8cbeecb718f --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42391.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42391", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:08.540", + "lastModified": "2024-11-18T10:15:08.540", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-823" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42391", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42392.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42392.json new file mode 100644 index 00000000000..5023df158cc --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42392.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42392", + "sourceIdentifier": "prodsec@nozominetworks.com", + "published": "2024-11-18T10:15:08.753", + "lastModified": "2024-11-18T10:15:08.753", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.3, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "prodsec@nozominetworks.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-140" + } + ] + } + ], + "references": [ + { + "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-42392", + "source": "prodsec@nozominetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45505.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45505.json new file mode 100644 index 00000000000..c58a311f7c6 --- /dev/null +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45505.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-45505", + "sourceIdentifier": "security@apache.org", + "published": "2024-11-18T09:15:05.870", + "lastModified": "2024-11-18T09:15:05.870", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/gvbc68krhqhht7mkkkx7k13k6k6fdhy0", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/h8k14o1bfyod66p113pkgnt1s52p6p19", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45791.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45791.json new file mode 100644 index 00000000000..27b98f1fad2 --- /dev/null +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45791.json @@ -0,0 +1,37 @@ +{ + "id": "CVE-2024-45791", + "sourceIdentifier": "security@apache.org", + "published": "2024-11-18T09:15:05.990", + "lastModified": "2024-11-18T09:15:05.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.\n\nThis issue affects Apache HertzBeat: before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://lists.apache.org/thread/jmbsfjsvrfnvosh1ftrm3ry4j3sb7doz", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/lvsczrp8kdynppmzyxtkh4ord4gpw1ph", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-472xx/CVE-2024-47208.json b/CVE-2024/CVE-2024-472xx/CVE-2024-47208.json new file mode 100644 index 00000000000..563074e815a --- /dev/null +++ b/CVE-2024/CVE-2024-472xx/CVE-2024-47208.json @@ -0,0 +1,49 @@ +{ + "id": "CVE-2024-47208", + "sourceIdentifier": "security@apache.org", + "published": "2024-11-18T09:15:06.100", + "lastModified": "2024-11-18T09:15:06.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.17.\n\nUsers are recommended to upgrade to version 18.12.17, which fixes the issue." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://issues.apache.org/jira/browse/OFBIZ-13158", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/022r19skfofhv3lzql33vowlrvqndh11", + "source": "security@apache.org" + }, + { + "url": "https://ofbiz.apache.org/download.html", + "source": "security@apache.org" + }, + { + "url": "https://ofbiz.apache.org/security.html", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48962.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48962.json new file mode 100644 index 00000000000..415c9a8dfc6 --- /dev/null +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48962.json @@ -0,0 +1,98 @@ +{ + "id": "CVE-2024-48962", + "sourceIdentifier": "security@apache.org", + "published": "2024-11-18T09:15:06.237", + "lastModified": "2024-11-18T09:15:06.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz.\n\nThis issue affects Apache OFBiz: before 18.12.17.\n\nUsers are recommended to upgrade to version 18.12.17, which fixes the issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@apache.org", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:A/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Amber", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NO", + "recovery": "USER", + "valueDensity": "CONCENTRATED", + "vulnerabilityResponseEffort": "HIGH", + "providerUrgency": "AMBER", + "baseScore": 8.9, + "baseSeverity": "HIGH" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@apache.org", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1336" + }, + { + "lang": "en", + "value": "CWE-352" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://issues.apache.org/jira/browse/OFBIZ-13162", + "source": "security@apache.org" + }, + { + "url": "https://lists.apache.org/thread/6sddh4pts90cp8ktshqb4xykdp6lb6q6", + "source": "security@apache.org" + }, + { + "url": "https://ofbiz.apache.org/download.html", + "source": "security@apache.org" + }, + { + "url": "https://ofbiz.apache.org/security.html", + "source": "security@apache.org" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 861776cc9d0..18da33ae01d 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-18T09:00:34.595517+00:00 +2024-11-18T11:00:19.383135+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-18T08:15:03.550000+00:00 +2024-11-18T10:15:08.753000+00:00 ``` ### Last Data Feed Release @@ -33,26 +33,45 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -270112 +270138 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `26` -- [CVE-2024-11311](CVE-2024/CVE-2024-113xx/CVE-2024-11311.json) (`2024-11-18T07:15:13.063`) -- [CVE-2024-11312](CVE-2024/CVE-2024-113xx/CVE-2024-11312.json) (`2024-11-18T07:15:14.903`) -- [CVE-2024-11313](CVE-2024/CVE-2024-113xx/CVE-2024-11313.json) (`2024-11-18T07:15:15.420`) -- [CVE-2024-11314](CVE-2024/CVE-2024-113xx/CVE-2024-11314.json) (`2024-11-18T07:15:15.993`) -- [CVE-2024-11315](CVE-2024/CVE-2024-113xx/CVE-2024-11315.json) (`2024-11-18T07:15:16.673`) -- [CVE-2024-22067](CVE-2024/CVE-2024-220xx/CVE-2024-22067.json) (`2024-11-18T07:15:17.370`) -- [CVE-2024-49574](CVE-2024/CVE-2024-495xx/CVE-2024-49574.json) (`2024-11-18T08:15:03.550`) +- [CVE-2023-39179](CVE-2023/CVE-2023-391xx/CVE-2023-39179.json) (`2024-11-18T10:15:04.980`) +- [CVE-2023-39180](CVE-2023/CVE-2023-391xx/CVE-2023-39180.json) (`2024-11-18T10:15:05.217`) +- [CVE-2024-41151](CVE-2024/CVE-2024-411xx/CVE-2024-41151.json) (`2024-11-18T09:15:05.010`) +- [CVE-2024-41967](CVE-2024/CVE-2024-419xx/CVE-2024-41967.json) (`2024-11-18T09:15:05.150`) +- [CVE-2024-41968](CVE-2024/CVE-2024-419xx/CVE-2024-41968.json) (`2024-11-18T09:15:05.410`) +- [CVE-2024-41969](CVE-2024/CVE-2024-419xx/CVE-2024-41969.json) (`2024-11-18T09:15:05.637`) +- [CVE-2024-41970](CVE-2024/CVE-2024-419xx/CVE-2024-41970.json) (`2024-11-18T10:15:05.487`) +- [CVE-2024-41971](CVE-2024/CVE-2024-419xx/CVE-2024-41971.json) (`2024-11-18T10:15:05.750`) +- [CVE-2024-41972](CVE-2024/CVE-2024-419xx/CVE-2024-41972.json) (`2024-11-18T10:15:05.967`) +- [CVE-2024-41973](CVE-2024/CVE-2024-419xx/CVE-2024-41973.json) (`2024-11-18T10:15:06.213`) +- [CVE-2024-41974](CVE-2024/CVE-2024-419xx/CVE-2024-41974.json) (`2024-11-18T10:15:06.447`) +- [CVE-2024-42383](CVE-2024/CVE-2024-423xx/CVE-2024-42383.json) (`2024-11-18T10:15:06.667`) +- [CVE-2024-42384](CVE-2024/CVE-2024-423xx/CVE-2024-42384.json) (`2024-11-18T10:15:06.943`) +- [CVE-2024-42385](CVE-2024/CVE-2024-423xx/CVE-2024-42385.json) (`2024-11-18T10:15:07.187`) +- [CVE-2024-42386](CVE-2024/CVE-2024-423xx/CVE-2024-42386.json) (`2024-11-18T10:15:07.427`) +- [CVE-2024-42387](CVE-2024/CVE-2024-423xx/CVE-2024-42387.json) (`2024-11-18T10:15:07.647`) +- [CVE-2024-42388](CVE-2024/CVE-2024-423xx/CVE-2024-42388.json) (`2024-11-18T10:15:07.873`) +- [CVE-2024-42389](CVE-2024/CVE-2024-423xx/CVE-2024-42389.json) (`2024-11-18T10:15:08.090`) +- [CVE-2024-42390](CVE-2024/CVE-2024-423xx/CVE-2024-42390.json) (`2024-11-18T10:15:08.307`) +- [CVE-2024-42391](CVE-2024/CVE-2024-423xx/CVE-2024-42391.json) (`2024-11-18T10:15:08.540`) +- [CVE-2024-42392](CVE-2024/CVE-2024-423xx/CVE-2024-42392.json) (`2024-11-18T10:15:08.753`) +- [CVE-2024-45505](CVE-2024/CVE-2024-455xx/CVE-2024-45505.json) (`2024-11-18T09:15:05.870`) +- [CVE-2024-45791](CVE-2024/CVE-2024-457xx/CVE-2024-45791.json) (`2024-11-18T09:15:05.990`) +- [CVE-2024-47208](CVE-2024/CVE-2024-472xx/CVE-2024-47208.json) (`2024-11-18T09:15:06.100`) +- [CVE-2024-48962](CVE-2024/CVE-2024-489xx/CVE-2024-48962.json) (`2024-11-18T09:15:06.237`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `1` +- [CVE-2024-38472](CVE-2024/CVE-2024-384xx/CVE-2024-38472.json) (`2024-11-18T09:15:04.347`) ## Download and Usage diff --git a/_state.csv b/_state.csv index cee1bc30edb..173925d83ff 100644 --- a/_state.csv +++ b/_state.csv @@ -229891,6 +229891,9 @@ CVE-2023-39172,0,0,5d1f3f2b677b0a85af1f0e1718122f63379f727c5f55286cdaefc4f2cdf31 CVE-2023-39173,0,0,94988e678dfa2aa507f7074d6091cd6c6a4eec57d4e8fabf0754fee84b8e4907,2023-08-01T01:02:33.797000 CVE-2023-39174,0,0,c6d2e823a977d91e23e51acd8d719844156eb21bb7500fe830b5bef64c5b8759,2023-08-01T01:10:49.157000 CVE-2023-39175,0,0,bc456592ae9ac6c2adcc5162a962f99df7fdd9b829de4a2da8a4cbf033cf9c8e,2023-08-01T01:08:48.417000 +CVE-2023-39176,1,1,aa563df238200eb898c9484b61b6445b97e9c0ed2befabe3252028130688420b,2024-11-18T10:15:04.667000 +CVE-2023-39179,1,1,80222f972e2daa94434b13860108378b7ce180e0683db0fb066e37927d819acd,2024-11-18T10:15:04.980000 +CVE-2023-39180,1,1,22caad6df3b2bbbd75cf24534daad75037755088aa22f2cce57a87e2a9eff3ff,2024-11-18T10:15:05.217000 CVE-2023-39181,0,0,5779a7e12127c05426caed1b79cbad0420f35a50b8e5299eea089f21f74c95df,2023-08-10T15:56:38.890000 CVE-2023-39182,0,0,55a8ec3c40df58e32d7c6d55926b018855a6b6f54a0171e66bfc574495807417,2023-08-10T16:02:54.477000 CVE-2023-39183,0,0,964d0db7c48d041c6935cc07d25789a2cd8767124a64f3f9f2f3583c72690437,2023-08-10T16:04:10.890000 @@ -243285,11 +243288,11 @@ CVE-2024-11306,0,0,f77aaaa67be9242d576d27dffde714b37bfb854f091ee9b96d0ca7ce4c9e0 CVE-2024-11308,0,0,7e0a566461a1a25058b504b1b076a10b434fc2fde4d7646a8b9f4bf31fc5a5d5,2024-11-18T06:15:04.263000 CVE-2024-11309,0,0,9411965c35ece716f8c90dd545a21d618e8ac858b01683f6ff41a9045699a6fe,2024-11-18T06:15:04.673000 CVE-2024-11310,0,0,2d4d611d5e61ee3d47de293865eca5b79be60453c907c37cedc531a8bacc72a0,2024-11-18T06:15:04.987000 -CVE-2024-11311,1,1,47f486cfaf2f8e67141b65904d6812610644729332839ae7b425a509d1ee80a1,2024-11-18T07:15:13.063000 -CVE-2024-11312,1,1,71db06e2a096f0449f94df279bc5cb863b993686028b0aa9e878b169c9d8d472,2024-11-18T07:15:14.903000 -CVE-2024-11313,1,1,890f011cbf9b34450e7704907c25d098bdda5249e8660c02c0f3a68f1c57debc,2024-11-18T07:15:15.420000 -CVE-2024-11314,1,1,77b62bdc6299b6d60a12b7a7152852e6fe05a08406e9a701a9a1af91def37fef,2024-11-18T07:15:15.993000 -CVE-2024-11315,1,1,cc9ed50e7db63318901354c8ed077ff950a09534cf38b4d91deb60ae50f13e1d,2024-11-18T07:15:16.673000 +CVE-2024-11311,0,0,47f486cfaf2f8e67141b65904d6812610644729332839ae7b425a509d1ee80a1,2024-11-18T07:15:13.063000 +CVE-2024-11312,0,0,71db06e2a096f0449f94df279bc5cb863b993686028b0aa9e878b169c9d8d472,2024-11-18T07:15:14.903000 +CVE-2024-11313,0,0,890f011cbf9b34450e7704907c25d098bdda5249e8660c02c0f3a68f1c57debc,2024-11-18T07:15:15.420000 +CVE-2024-11314,0,0,77b62bdc6299b6d60a12b7a7152852e6fe05a08406e9a701a9a1af91def37fef,2024-11-18T07:15:15.993000 +CVE-2024-11315,0,0,cc9ed50e7db63318901354c8ed077ff950a09534cf38b4d91deb60ae50f13e1d,2024-11-18T07:15:16.673000 CVE-2024-1132,0,0,3de6e62885ac8497a4c1d8f4950ebedc171b13b33dfedd6a9eea9ae164fd993a,2024-07-03T01:45:01.507000 CVE-2024-1133,0,0,b8b851364368259dd533f1c71b437f741276dcf99770b03558b5d9cd5d3f095a,2024-02-29T13:49:29.390000 CVE-2024-1134,0,0,92ca7b611a6a52333e888fa3a581b5dbc5c29b22a5e7e62eb553cb40e2cb6d77,2024-05-24T13:03:05.093000 @@ -245860,7 +245863,7 @@ CVE-2024-22062,0,0,cc06929fe5df33d033a09c6d5b184881dcbf0939fe62637d4555c345e1a11 CVE-2024-22064,0,0,4ab6f1fd7aac8f5f705eb95fc6fb847518aebb95babd98d77adf15137fe26c27,2024-05-14T16:13:02.773000 CVE-2024-22065,0,0,0787c7694397a7c698dcdd055072a6446d70ea428a21429fa1b1a63fb95542eb,2024-10-29T14:34:04.427000 CVE-2024-22066,0,0,04a1f5193e3d1cd4c2ff5e8b00e85bd78f3fa88fdda81531a689089e114ff7c4,2024-11-08T14:31:32.933000 -CVE-2024-22067,1,1,0df063e4cfb4727625a4769f0e9465766089f4a68a4efbd16211cd7af62d0a5f,2024-11-18T07:15:17.370000 +CVE-2024-22067,0,0,0df063e4cfb4727625a4769f0e9465766089f4a68a4efbd16211cd7af62d0a5f,2024-11-18T07:15:17.370000 CVE-2024-22068,0,0,0d00619c52fbf410991eb6fb75db8e695c1b871ad9ed5a9a9a67d1976582dc23,2024-10-10T12:51:56.987000 CVE-2024-22069,0,0,4264d807f7b5f6c2c545419e352dc9886522b6dff10818d72b9f5fb46c144466,2024-08-20T17:22:39.500000 CVE-2024-2207,0,0,8ee5e243bdeb55079a285867c41b1d92102261a83307cfe5423cbfee70a33969,2024-11-13T17:01:16.850000 @@ -257940,7 +257943,7 @@ CVE-2024-38469,0,0,511cfa020ce0415f6c58505919037fce87bd20a70c430acbe541f3249cbfb CVE-2024-3847,0,0,95f9ad8fbf5c3c80550e0a325ff7f48c02be2f78865a75992b282f70c630bcf1,2024-07-03T02:06:43.977000 CVE-2024-38470,0,0,e532fc2610ce0ba05d395b2565b3921da00db5c8c8ee1a62b50a319ed8de746e,2024-07-03T02:05:07.477000 CVE-2024-38471,0,0,3da065067273e795c22a9430ea2650425c29da7d06ad6ab18b550114c797a95a,2024-07-08T14:18:45.747000 -CVE-2024-38472,0,0,0483e32b4907ebc7f547fb87caf5b24bef6a9183e30ea4e30b4ad6dc0faa92cd,2024-07-12T14:15:15.043000 +CVE-2024-38472,0,1,e2da2567ed5c1bd58671597c1e4c6860b639e273ff91bc91c02bde109665e5ec,2024-11-18T09:15:04.347000 CVE-2024-38473,0,0,36c5b6d67728da1356289c3874d586ffc56f76a7fbb2f457e14a9e4a12de691d,2024-08-01T13:54:52.397000 CVE-2024-38474,0,0,4f088cfc0bc3e33027842b99d0e9469f8c62a5c78773b6fa11ed87f2035049e0,2024-08-21T15:03:30.407000 CVE-2024-38475,0,0,4434bbc9e26235e103b2ea8722d70e74e682dd306d9d4b03d295c12ec512ff31,2024-07-12T14:15:15.277000 @@ -259722,6 +259725,7 @@ CVE-2024-41143,0,0,e8899d473fa3a8ea11660d6f2ba88aff617e29347ef6b002447e4155241e1 CVE-2024-41144,0,0,a99ced5ff39791199789f8b7404cf70d5ada3bff5c6dc65a7803cc1121e905e5,2024-09-04T17:25:48.123000 CVE-2024-4115,0,0,89bc89df66a101d446d6568b359dec67345256fa579984420e2e2fe7ea4994ac,2024-06-04T19:20:29.937000 CVE-2024-41150,0,0,f29e18c57230cbc3b76f00f0b7fe1001f55bb08bda82442884bf5072f9726b00,2024-08-27T14:35:09.013000 +CVE-2024-41151,1,1,ac2e20cfe18937f41a25987ff4765d4d73273b765d5092fe92ec19e25f2d0d10,2024-11-18T09:15:05.010000 CVE-2024-41153,0,0,dafb89be97200d81ac5d60fe35f2a445ceac861b85bb58f78c85df804ae27889,2024-10-31T14:37:48.533000 CVE-2024-41156,0,0,c0093084afabf89304f87b01eeae3792e9c6bc73b0c168ddc8c792fe08c67a19,2024-10-31T14:49:39.800000 CVE-2024-41157,0,0,7a282611d45c2fbb6f2dc936e4617dedd23e7f4d2ca4cbf354d2844aba4fb55d,2024-09-04T16:30:40.737000 @@ -260200,7 +260204,15 @@ CVE-2024-41961,0,0,3c3cbde88cd825de8bae83de9e23bceebed48c0b620332721ebe0297499b9 CVE-2024-41962,0,0,db50354a8566471f488ea803a7a6894035b73491a2359165637f817d330c25eb,2024-08-16T16:34:48.873000 CVE-2024-41964,0,0,54621a6adee825c0636e7afd8773c219e1650b44db222dda2ec93364b11574bb,2024-09-06T22:56:18.010000 CVE-2024-41965,0,0,2d1c3b12d760b98aa2eaba7bc040a10a4b90c52e44f9dfa32fdcb4160559d799,2024-08-09T14:09:32.507000 +CVE-2024-41967,1,1,184e0f2ba651c36a054866910b0eb27e9f356f1dc19e4cc3cc69170f7684a3f6,2024-11-18T09:15:05.150000 +CVE-2024-41968,1,1,d53797c226739a273870d4357b7038db28e813f5b27527044d2f13ae864304d1,2024-11-18T09:15:05.410000 +CVE-2024-41969,1,1,7dc6266ab9626a4c38828c6835444366d20b2710b43478972117e8e83cb7a2fd,2024-11-18T09:15:05.637000 CVE-2024-4197,0,0,45da0b07f911473fe59b939894a184bd20b4010bb74cc514ccd6533e9d15c77b,2024-06-25T12:24:17.873000 +CVE-2024-41970,1,1,8673d3ab86077ee00005d5cbb5e2dbeda32e664a8bd13b294fdbb12264160151,2024-11-18T10:15:05.487000 +CVE-2024-41971,1,1,0552f83e80023a5f54896fd682060a73475ec804288cffa5c074debb374a9763,2024-11-18T10:15:05.750000 +CVE-2024-41972,1,1,442ae43a9cfbdb24a9b592741605314ddc5f327d54bf282b64631b0f858b82d7,2024-11-18T10:15:05.967000 +CVE-2024-41973,1,1,c343f1d2d3c85dc9f5ab3be159f4e4290b4a608eab096e50bcd9a718dca4324b,2024-11-18T10:15:06.213000 +CVE-2024-41974,1,1,f10a5335cdd9e654d8b744f59fd419b5661c7eba3d880d5437eaffb04a2c10a6,2024-11-18T10:15:06.447000 CVE-2024-41976,0,0,28d622db4b0702423d465fd5f760fc3d4baf285e2f7024720bdb5fee42ef0c33,2024-08-23T18:40:16.173000 CVE-2024-41977,0,0,d5d8e1f89415d399848bf3d43d8f9a317c22096ecf54afde801686a9741da6f6,2024-08-23T18:39:13.990000 CVE-2024-41978,0,0,bd0d09a1a56dc8d7414c845b0662922159c0a17b71c017862473bb9d2c3c7ab8,2024-08-23T18:34:36.283000 @@ -260556,7 +260568,17 @@ CVE-2024-42379,0,0,3df4e462d3527273fa2a98871af6d02d089a425040231b6521435b06449dc CVE-2024-4238,0,0,188cceccdce16b8df034bef32fee010a6dd0f801c6690e1589421c7cadfb521c,2024-06-04T19:20:33.063000 CVE-2024-42380,0,0,5abd276ef303a0a04718583183567bd8e789e2a4185f71fabf777d854e3f8a5a,2024-09-10T12:09:50.377000 CVE-2024-42381,0,0,a5fa1277b5fe346d1dd5469d0c93ac780c7d0547ab1d06a7617c27606bb89aa8,2024-08-01T13:59:22.207000 +CVE-2024-42383,1,1,2be8df96a7cb26e915a93e0ac962c943b1279aec7c7832bdba0fad33874b43c8,2024-11-18T10:15:06.667000 +CVE-2024-42384,1,1,f298384383fd30ae2a676184dcfadad14b2336c7aac64e9943db3390b7c509d4,2024-11-18T10:15:06.943000 +CVE-2024-42385,1,1,d012d2bdbf72b21bf4483a06699490531ba125461a838fe81dba188e35e233f3,2024-11-18T10:15:07.187000 +CVE-2024-42386,1,1,44f57a2c936a836d67fe05b3af9d82caf4656480fd48b884b0b3b000defba598,2024-11-18T10:15:07.427000 +CVE-2024-42387,1,1,5f59394f84bb46308f3282a3d35e78b4794b618dde523fac815221485650fbb0,2024-11-18T10:15:07.647000 +CVE-2024-42388,1,1,e425093e5c6384aa19a1931f42570a44509c2be277bc2cb694b8225954a0793c,2024-11-18T10:15:07.873000 +CVE-2024-42389,1,1,4f2ec49962c6317efe1419a4a1be9d77c36081fd8705d58d5d7c326f96fdcac7,2024-11-18T10:15:08.090000 CVE-2024-4239,0,0,cecc2be82896f12bf6cdae75a3b125d58c075d387f3da865cfaf565a2c454897,2024-06-04T19:20:33.163000 +CVE-2024-42390,1,1,2be89beae2069d663b7f8f2695054cea57a3204bc4d91dc76cf6eace46faad42,2024-11-18T10:15:08.307000 +CVE-2024-42391,1,1,a78ad1fa98ddcc8a458d297cf38256ed8ff3f6b292dc5e3a3d1a0644ab4fc8d3,2024-11-18T10:15:08.540000 +CVE-2024-42392,1,1,ffb29d55a2df75b4531a31e3d1e0de35b4379f522f2b242fb409b7093d75af8c,2024-11-18T10:15:08.753000 CVE-2024-42393,0,0,dccd6d06051b1376b790b00ce1bb00ad00ff605de076bb7cd98815c096883960,2024-08-12T18:22:45.023000 CVE-2024-42394,0,0,3fe51273497ddc687f2c439e086f8a7a30ea6afb40f9bca0dc53718488d7bc49,2024-08-12T18:23:19.533000 CVE-2024-42395,0,0,5ee69c7240e27d4f3c6f1cb04e94fbb984a7c6f59b13e977c958944ad3c06ea4,2024-08-12T18:23:57.077000 @@ -262662,6 +262684,7 @@ CVE-2024-45496,0,0,cb4145e26d358c15cb434585f9bcb20449ce473167aa6d60e18e039ff47cf CVE-2024-45498,0,0,ead799fee90d0be791c926b84a8db9a257cc85e76c202f16fed08488baf7d590,2024-11-04T17:35:22.900000 CVE-2024-4550,0,0,ea2693a2208898e22f1b33bfbea2ea7879154431a660b6be5aad9a2659ccd071,2024-09-14T11:47:14.677000 CVE-2024-45504,0,0,3b58dca9312966af1f86033b4db5d926602e7a6d36304d3cb72a6a0485059e81,2024-11-04T21:35:09.173000 +CVE-2024-45505,1,1,9e6cef572aaacd043b7ed07f99d88565dede9c8ee3f5be1766039ff6fd59c83a,2024-11-18T09:15:05.870000 CVE-2024-45506,0,0,53228a9659d8b3663e59f7b6cd3ffdc01b4518a34e19971e095f98575a886619,2024-10-14T03:15:10.123000 CVE-2024-45507,0,0,b2cf0920dcb75db868de7b4afd51449cea360da72164b9b7e7a575176b0c17c4,2024-09-05T17:53:39.760000 CVE-2024-45508,0,0,a7bf13ff5f2bf318e53d0cc8b12c1b5ac7eae45f1991e7b683a2e3673a166bb9,2024-09-04T16:44:08.247000 @@ -262795,6 +262818,7 @@ CVE-2024-45788,0,0,7ba304e58f1e132a77e708ed9119516e49dd167750ae6faec1e1736fde9ea CVE-2024-45789,0,0,85b2a3e63aad506ab70a8ae8f934d73422c76c344971f05123a4397c0e8661da,2024-09-18T19:55:58.287000 CVE-2024-4579,0,0,b44e5adee861e75c9f2de9111724b513cf79b7a7dcd7134192d107fac1782253,2024-05-14T15:44:07.607000 CVE-2024-45790,0,0,339d5c59c4b08184225ef02e77057a5607db1e407fbacc8325ce6de4811d4a59,2024-09-18T18:38:04.393000 +CVE-2024-45791,1,1,e00e08370eee4826bcdd5006dbdac3841f2b3e17be5d254ae3b822a74efd5814,2024-11-18T09:15:05.990000 CVE-2024-45792,0,0,5abb7de999f910eaa61796ecbea33f574a65653e2aa062ee4c5c2e229e356bd5,2024-10-04T13:51:25.567000 CVE-2024-45793,0,0,9df195d476b9f18fe89dd15d9de75cbf87671a956c83113b39ce1c0cbc87094f,2024-09-26T13:32:55.343000 CVE-2024-45794,0,0,19fba7f9f80e8b5484ce94a7454fbad3ec8a7fa0a22390c43e093d2565218be6,2024-11-08T19:01:03.880000 @@ -263585,6 +263609,7 @@ CVE-2024-47195,0,0,13778db546c78cfe27d2d127a511510e1d599b625eb31f21fc4e65992e212 CVE-2024-47196,0,0,854c9d23e22c82e5339f8a331c929fb519fa43506b02445ee87a1d94228daed1,2024-10-16T18:07:38.850000 CVE-2024-47197,0,0,e4a1d8789bd0c967523f7418fe544ba10b0b511b96a39b8a241e5a1afb5230b4,2024-10-02T17:25:36.990000 CVE-2024-4720,0,0,eb5b6c06efbc2e8e5b700d46905e09781ba603e4dc4e18ff8664640e85fa6762,2024-06-04T19:20:47.440000 +CVE-2024-47208,1,1,b620527cf6de3641c13e3c2764db4b26a2727b76a61053f90f030844e2a0ed6b,2024-11-18T09:15:06.100000 CVE-2024-4721,0,0,58190a4c7e114543454f0451ab9386f5b2fe1b56ab67d3c8b011dbecb251f4fd,2024-05-17T02:40:34.750000 CVE-2024-47210,0,0,ca2b900fbd9eb194b293e1ce40d6ad1fe1c427789838eaeabb19878edb5f2c77,2024-09-26T13:32:55.343000 CVE-2024-47211,0,0,8d8dc13d8cf35ee447487a09511da084431dcb4b69bd4c3291b15cb655fdb03c,2024-11-05T15:35:15.623000 @@ -264546,6 +264571,7 @@ CVE-2024-48955,0,0,84de7be29efb285e46fc24626f552063b1e23de7f9dbbe9943b534f430e23 CVE-2024-48957,0,0,73c8e1634cf56d3192b3375f11aa72eac69f0bcf8a4cb1f3b137dcc189616d8f,2024-10-11T21:36:47.930000 CVE-2024-48958,0,0,92a426e369946b14ff79b98b6fb42dd0c692d3b7d45d68198a4072bdaadf4922,2024-10-11T21:36:48.687000 CVE-2024-4896,0,0,20cc2dc19f323150528d4fb3a23b846b2e602fa65e075afe5dc2b86cb95d9c94,2024-05-22T12:46:53.887000 +CVE-2024-48962,1,1,bd3ff5aade929483229f8c352353f0b6d241b60852765987754d0db5e23c2ccb,2024-11-18T09:15:06.237000 CVE-2024-48963,0,0,6d60ed9d1e7a308212fb6ea5de6f1d94d8559909dd9cb5f4650d856671de0962,2024-10-30T14:54:53.937000 CVE-2024-48964,0,0,7d209543eb23e2e6809a7e4f01bdb09a7ba8fb1b32d439bae945ab7d5b6dd3de,2024-10-30T13:46:31.657000 CVE-2024-48966,0,0,6ce21af485b8f7bde854dc6fa73e4754262c2c902a98462d651b3be5a8dc03bb,2024-11-15T13:58:08.913000 @@ -264854,7 +264880,7 @@ CVE-2024-49558,0,0,3c676b75de26a8476d548ed8b3e232d51677ecb4a62749082177600c22312 CVE-2024-4956,0,0,319b39cd7f80ef1a8cfcc633b91e7d5f141facd950994947b42a7565c106a7a4,2024-05-17T18:36:31.297000 CVE-2024-49560,0,0,0903f1d2d4b8ea486a494eda9aaa463e3a0d845c10ed5808d6808c17d2b3d951,2024-11-15T17:35:25.407000 CVE-2024-4957,0,0,e3bb8e47c8dfba146bed7647eff25fc6cc8427bb0bd54429262b4324d627abed,2024-07-03T02:08:22.473000 -CVE-2024-49574,1,1,1be1ee4ae3282a118752790130cac8d3d756131f62b6f0d2bf633054b33d6aad,2024-11-18T08:15:03.550000 +CVE-2024-49574,0,0,1be1ee4ae3282a118752790130cac8d3d756131f62b6f0d2bf633054b33d6aad,2024-11-18T08:15:03.550000 CVE-2024-49579,0,0,0f0dd66a3db0fe299ae55b9b0e6c22f11c400dc3ee27d05103041b63e67e9d3e,2024-11-14T19:24:45.603000 CVE-2024-4958,0,0,15591ba73d7708bbd560fadc0281274b5c7c2c12545797826fbf6e13e1222639,2024-06-03T14:46:24.250000 CVE-2024-49580,0,0,89085af96d96dbfcdc87aa1d40157bd1a1b8615e2e8f40b207dbbe916ae159de,2024-11-14T19:25:47.433000