admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-06 18:52:58 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-07T20:00:18.017466+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-07 20:03:14 +00:00
parent d9f2a82c05
commit 2260d26f35
163 changed files with 3922 additions and 721 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CVE-2006/CVE-2006-16xx/CVE-2006-1651.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-1651",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-04-06T10:04:00.000",
"lastModified": "2024-05-17T00:28:08.883",
"lastModified": "2024-08-07T18:15:17.353",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-18xx/CVE-2006-1854.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-1854",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-04-19T16:06:00.000",
"lastModified": "2024-05-17T00:28:18.183",
"lastModified": "2024-08-07T18:15:20.730",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-19xx/CVE-2006-1930.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-1930",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-04-20T18:06:00.000",
"lastModified": "2024-05-17T00:28:21.257",
"lastModified": "2024-08-07T18:15:21.850",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-21xx/CVE-2006-2191.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-2191",
"sourceIdentifier": "security@debian.org",
"published": "2006-09-19T21:07:00.000",
"lastModified": "2024-05-17T00:28:32.397",
"lastModified": "2024-08-07T18:15:25.380",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-23xx/CVE-2006-2315.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-2315",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-05-12T00:02:00.000",
"lastModified": "2024-05-17T00:28:37.360",
"lastModified": "2024-08-07T18:15:27.110",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-24xx/CVE-2006-2473.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-2473",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-05-19T17:02:00.000",
"lastModified": "2024-05-17T00:28:43.433",
"lastModified": "2024-08-07T18:15:29.147",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-28xx/CVE-2006-2827.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-2827",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-05T17:02:00.000",
"lastModified": "2024-05-17T00:28:57.497",
"lastModified": "2024-08-07T18:15:34.150",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-28xx/CVE-2006-2842.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-2842",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-06T20:06:00.000",
"lastModified": "2024-05-17T00:28:58.157",
"lastModified": "2024-08-07T18:15:34.417",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-28xx/CVE-2006-2859.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-2859",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-06T20:06:00.000",
"lastModified": "2024-05-17T00:28:59.107",
"lastModified": "2024-08-07T18:15:34.817",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-28xx/CVE-2006-2865.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-2865",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-06T20:06:00.000",
"lastModified": "2024-05-17T00:28:59.407",
"lastModified": "2024-08-07T18:15:34.960",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-28xx/CVE-2006-2871.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-2871",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-06T20:06:00.000",
"lastModified": "2024-05-17T00:28:59.707",
"lastModified": "2024-08-07T18:15:35.210",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-30xx/CVE-2006-3040.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3040",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-15T10:02:00.000",
"lastModified": "2024-05-17T00:29:06.760",
"lastModified": "2024-08-07T19:15:25.037",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-30xx/CVE-2006-3041.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3041",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-15T10:02:00.000",
"lastModified": "2024-05-17T00:29:06.867",
"lastModified": "2024-08-07T19:15:25.123",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-30xx/CVE-2006-3042.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3042",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-15T10:02:00.000",
"lastModified": "2024-05-17T00:29:06.950",
"lastModified": "2024-08-07T19:15:25.187",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-30xx/CVE-2006-3053.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3053",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-16T10:02:00.000",
"lastModified": "2024-05-17T00:29:07.470",
"lastModified": "2024-08-07T19:15:25.383",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-30xx/CVE-2006-3069.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3069",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-19T10:02:00.000",
"lastModified": "2024-05-17T00:29:08.157",
"lastModified": "2024-08-07T19:15:25.657",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-31xx/CVE-2006-3136.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3136",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-22T22:06:00.000",
"lastModified": "2024-05-17T00:29:10.823",
"lastModified": "2024-08-07T19:15:26.790",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-32xx/CVE-2006-3209.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3209",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-24T01:06:00.000",
"lastModified": "2024-05-17T00:29:13.870",
"lastModified": "2024-08-07T19:15:27.800",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-32xx/CVE-2006-3249.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3249",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-27T10:05:00.000",
"lastModified": "2024-05-17T00:29:15.560",
"lastModified": "2024-08-07T19:15:28.353",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-32xx/CVE-2006-3253.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3253",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-06-28T01:45:00.000",
"lastModified": "2024-05-17T00:29:15.790",
"lastModified": "2024-08-07T19:15:28.470",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-33xx/CVE-2006-3352.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3352",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-06T01:05:00.000",
"lastModified": "2024-05-17T00:29:20.943",
"lastModified": "2024-08-07T19:15:29.803",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-34xx/CVE-2006-3416.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3416",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-07T00:05:00.000",
"lastModified": "2024-05-17T00:29:23.677",
"lastModified": "2024-08-07T19:15:30.707",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-34xx/CVE-2006-3486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3486",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-10T21:05:00.000",
"lastModified": "2024-05-17T00:29:26.480",
"lastModified": "2024-08-07T19:15:32.007",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-35xx/CVE-2006-3543.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3543",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-13T00:05:00.000",
"lastModified": "2024-05-17T00:29:28.917",
"lastModified": "2024-08-07T19:15:32.777",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-35xx/CVE-2006-3544.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3544",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-13T00:05:00.000",
"lastModified": "2024-05-17T00:29:29.033",
"lastModified": "2024-08-07T19:15:32.877",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-35xx/CVE-2006-3545.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3545",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-13T00:05:00.000",
"lastModified": "2024-05-17T00:29:29.133",
"lastModified": "2024-08-07T19:15:32.960",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-35xx/CVE-2006-3547.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3547",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-13T00:05:00.000",
"lastModified": "2024-05-17T00:29:29.263",
"lastModified": "2024-08-07T19:15:33.040",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-36xx/CVE-2006-3662.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3662",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-18T15:47:00.000",
"lastModified": "2024-05-17T00:29:33.780",
"lastModified": "2024-08-07T19:15:34.533",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-36xx/CVE-2006-3689.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3689",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-21T14:03:00.000",
"lastModified": "2024-05-17T00:29:34.947",
"lastModified": "2024-08-07T19:15:34.960",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-36xx/CVE-2006-3692.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3692",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-21T14:03:00.000",
"lastModified": "2024-05-17T00:29:35.137",
"lastModified": "2024-08-07T19:15:35.073",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-37xx/CVE-2006-3794.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3794",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-24T12:19:00.000",
"lastModified": "2024-05-17T00:29:39.567",
"lastModified": "2024-08-07T19:15:36.973",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-38xx/CVE-2006-3850.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3850",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-25T23:04:00.000",
"lastModified": "2024-05-17T00:29:42.297",
"lastModified": "2024-08-07T19:15:38.363",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-38xx/CVE-2006-3880.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-3880",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-07-27T01:04:00.000",
"lastModified": "2024-05-17T00:29:43.337",
"lastModified": "2024-08-07T19:15:38.707",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-40xx/CVE-2006-4061.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4061",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-10T00:04:00.000",
"lastModified": "2024-05-17T00:29:50.360",
"lastModified": "2024-08-07T19:15:41.020",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-41xx/CVE-2006-4135.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4135",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-14T23:04:00.000",
"lastModified": "2024-05-17T00:29:53.287",
"lastModified": "2024-08-07T19:15:41.980",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-41xx/CVE-2006-4156.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4156",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-16T22:04:00.000",
"lastModified": "2024-05-17T00:29:53.913",
"lastModified": "2024-08-07T19:15:42.250",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-41xx/CVE-2006-4163.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4163",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-16T22:04:00.000",
"lastModified": "2024-05-17T00:29:54.250",
"lastModified": "2024-08-07T19:15:42.390",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-41xx/CVE-2006-4194.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4194",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-17T01:04:00.000",
"lastModified": "2024-05-17T00:29:55.310",
"lastModified": "2024-08-07T19:15:42.793",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-42xx/CVE-2006-4264.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4264",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-21T21:04:00.000",
"lastModified": "2024-05-17T00:29:58.067",
"lastModified": "2024-08-07T19:15:43.710",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-42xx/CVE-2006-4269.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4269",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-21T21:04:00.000",
"lastModified": "2024-05-17T00:29:58.330",
"lastModified": "2024-08-07T19:15:43.833",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-42xx/CVE-2006-4271.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4271",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-21T21:04:00.000",
"lastModified": "2024-05-17T00:29:58.467",
"lastModified": "2024-08-07T19:15:43.923",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-42xx/CVE-2006-4272.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4272",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-21T21:04:00.000",
"lastModified": "2024-05-17T00:29:58.567",
"lastModified": "2024-08-07T19:15:43.990",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-42xx/CVE-2006-4280.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4280",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-21T22:04:00.000",
"lastModified": "2024-05-17T00:29:58.907",
"lastModified": "2024-08-07T19:15:44.117",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-42xx/CVE-2006-4286.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4286",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-22T17:04:00.000",
"lastModified": "2024-05-17T00:29:59.210",
"lastModified": "2024-08-07T19:15:44.233",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-43xx/CVE-2006-4349.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4349",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-24T21:04:00.000",
"lastModified": "2024-05-17T00:30:05.910",
"lastModified": "2024-08-07T19:15:46.123",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-43xx/CVE-2006-4375.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4375",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-26T21:04:00.000",
"lastModified": "2024-05-17T00:30:07.240",
"lastModified": "2024-08-07T19:15:46.463",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-43xx/CVE-2006-4378.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4378",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-26T21:04:00.000",
"lastModified": "2024-05-17T00:30:07.437",
"lastModified": "2024-08-07T19:15:46.550",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-44xx/CVE-2006-4422.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4422",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-29T00:04:00.000",
"lastModified": "2024-05-17T00:30:09.287",
"lastModified": "2024-08-07T19:15:47.103",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-44xx/CVE-2006-4428.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4428",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-29T00:04:00.000",
"lastModified": "2024-05-17T00:30:09.620",
"lastModified": "2024-08-07T19:15:47.250",
"vulnStatus": "Modified",
"cveTags": [
{

2
CVE-2006/CVE-2006-44xx/CVE-2006-4429.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2006-4429",
"sourceIdentifier": "cve@mitre.org",
"published": "2006-08-29T00:04:00.000",
"lastModified": "2024-05-17T00:30:09.713",
"lastModified": "2024-08-07T19:15:47.320",
"vulnStatus": "Modified",
"cveTags": [
{

24
CVE-2022/CVE-2022-277xx/CVE-2022-27780.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-27780",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-06-02T14:15:44.267",
"lastModified": "2024-03-27T15:01:58.407",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-07T19:35:01.007",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [

130
CVE-2022/CVE-2022-487xx/CVE-2022-48787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48787",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.633",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:48:19.510",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: iwlwifi: corrige el use-after-free Si no hab\u00eda ning\u00fan firmware presente (o, presumiblemente, no se pudieron analizar todos los archivos de firmware), terminamos desvincul\u00e1ndolo llamando a device_release_driver( ), que llama a remove(), que luego en iwlwifi llama a iwl_drv_stop(), liberando la estructura 'drv'. Sin embargo, el nuevo c\u00f3digo que agregu\u00e9 seguir\u00e1 accediendo err\u00f3neamente a \u00e9l despu\u00e9s de que se haya liberado. Establezca 'failure=false' en este caso para evitar el acceso; todos los datos ya se liberaron de todos modos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14.263",
"versionEndExcluding": "4.14.268",
"matchCriteriaId": "D2BAC08D-1DF8-456A-A334-81FA58E954F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.226",
"versionEndExcluding": "4.19.231",
"matchCriteriaId": "97E335CA-D0B4-4E7E-95AE-31F09C68F24A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.174",
"versionEndExcluding": "5.4.181",
"matchCriteriaId": "7C87A014-0685-4F19-AFB4-92D70C2F5E86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.94",
"versionEndExcluding": "5.10.102",
"matchCriteriaId": "2F8484B5-4C78-484C-B905-1049FCB1A0A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.17",
"versionEndExcluding": "5.15.25",
"matchCriteriaId": "AFF9E8A8-A352-42D0-97A3-8EA0F1086775"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.3",
"versionEndExcluding": "5.16.11",
"matchCriteriaId": "85541B15-F4B0-4090-99DA-98AF1312A8B6"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/008508c16af0087cda0394e1ac6f0493b01b6063",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/494de920d98f125b099f27a2d274850750aff957",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7d6475179b85a83186ccce59cdc359d4f07d0bcb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9958b9cbb22145295ee1ffaea0904c383da2c05d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bea2662e7818e15d7607d17d57912ac984275d94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d3b98fe36f8a06ce654049540773256ab59cb53d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ddd46059f7d99119b62d44c519df7a79f2e6a515",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

110
CVE-2022/CVE-2022-487xx/CVE-2022-48788.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48788",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.703",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:48:51.780",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,123 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-rdma: soluciona el posible use-after-free en el transporte error_recovery work Mientras nvme_rdma_submit_async_event_work verifica el control y el estado de la cola antes de preparar el comando AER y programar io_work, para evitar completamente una ejecuci\u00f3n donde esta verificaci\u00f3n no es confiable, el trabajo de recuperaci\u00f3n de errores debe eliminar async_event_work antes de continuar destruyendo la cola de administraci\u00f3n despu\u00e9s de configurar el estado de control en RESETTING de manera que no haya ejecuci\u00f3n .submit_async_event y el propio controlador de recuperaci\u00f3n de errores cambie el estado de control."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.231",
"matchCriteriaId": "BED6719E-2004-42C8-8CA4-4E4CD159B63F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.181",
"matchCriteriaId": "FB33213E-1A45-4E3B-A129-58AAA2EB921D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.102",
"matchCriteriaId": "DAD66A9A-8D06-48D1-8AA8-FC060496FF53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.16.11",
"matchCriteriaId": "18380E49-F51F-4BF9-9377-04988FB2471C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/324f5bdc52ecb6a6dadb31a62823ef8c709d1439",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5593f72d1922403c11749532e3a0aa4cf61414e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/646952b2210f19e584d2bf9eb5d092abdca2fcc1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b6bb1722f34bbdbabed27acdceaf585d300c5fd2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d411b2a5da68b8a130c23097014434ac140a2ace",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ea86027ac467a055849c4945906f799e7f65ab99",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

93
CVE-2022/CVE-2022-487xx/CVE-2022-48791.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48791",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.910",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:41:54.260",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,102 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: scsi: pm8001: Correcci\u00f3n de use-after-free para TMF sas_task abortada Actualmente, puede ocurrir un use-after-free si se cancela una TMF sas_task antes de que manejemos la finalizaci\u00f3n de IO en mpi_ssp_completion( ). El aborto se produce debido al tiempo de espera. Cuando se agota el tiempo de espera, se establece el indicador SAS_TASK_STATE_ABORTED y sas_task se libera en pm8001_exec_internal_tmf_task(). Sin embargo, si la finalizaci\u00f3n de E/S se produce m\u00e1s tarde, la finalizaci\u00f3n de E/S todav\u00eda piensa que sas_task est\u00e1 disponible. Solucione este problema borrando la tarea ccb-> si se agota el tiempo de espera del TMF; el controlador de finalizaci\u00f3n de E/S no hace nada si se borra este puntero."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.102",
"matchCriteriaId": "FE2A35CB-3560-4AEF-9643-66B8EB899366"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.25",
"matchCriteriaId": "D098AA16-8E21-4EB7-AE2F-1EEB58E1A3A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.11",
"matchCriteriaId": "0D327234-5D4A-43DC-A6DF-BCA0CEBEC039"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3c334cdfd94945b8edb94022a0371a8665b17366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/510b21442c3a2e3ecc071ba3e666b320e7acdd61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/61f162aa4381845acbdc7f2be4dfb694d027c018",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d872e7b5fe38f325f5206b6872746fa02c2b4819",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

93
CVE-2022/CVE-2022-487xx/CVE-2022-48792.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48792",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:03.983",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:29:33.360",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,102 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: pm8001: Corrige el use-after-free para sas_task SSP/STP abortado. Actualmente, puede ocurrir un use-after-free si la capa superior cancela una sas_task antes de que manejemos el Finalizaci\u00f3n de E/S en mpi_ssp_completion() o mpi_sata_completion(). En este caso, los siguientes son los dos pasos para manejar esas finalizaciones de E/S: - Llamar a complete() para informar al controlador de la capa superior de la finalizaci\u00f3n de la E/S. - Liberar los recursos del controlador asociados con sas_task en la llamada pm8001_ccb_task_free(). Cuando se llama a complete(), la capa superior puede liberar sas_task. Como tal, no debemos tocar el sas_task asociado despu\u00e9s, pero lo hacemos en la llamada pm8001_ccb_task_free(). Se soluciona intercambiando el orden de las llamadas complete() y pm8001_ccb_task_free()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.102",
"matchCriteriaId": "FE2A35CB-3560-4AEF-9643-66B8EB899366"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.25",
"matchCriteriaId": "D098AA16-8E21-4EB7-AE2F-1EEB58E1A3A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.11",
"matchCriteriaId": "0D327234-5D4A-43DC-A6DF-BCA0CEBEC039"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/d9d93f32534a0a80a1c26bdb0746d90a7b19c2c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/df7abcaa1246e2537ab4016077b5443bb3c09378",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f61f9fccb2cb4bb275674a79d638704db6bc2171",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fe9ac3eaa2e387a5742b380b73a5a6bc237bf184",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2022/CVE-2022-487xx/CVE-2022-48793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48793",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:04.067",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:22:16.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: KVM: x86: nSVM: corrige una posible desreferencia NULL en la migraci\u00f3n anidada Resulta que, debido a los comentarios de revisi\u00f3n y/o cambios de base, accidentalmente mov\u00ed la llamada a nested_svm_load_cr3 para que fuera demasiado pronto, antes de NPT est\u00e1 habilitado, lo cual es muy incorrecto. KVM ni siquiera puede acceder a la memoria del invitado en ese momento, ya que para eso se necesita NPT anidado y, por supuesto, no inicializar\u00e1 walk_mmu, que es el principal problema que solucionaba el parche. Arregla esto de verdad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13",
"versionEndExcluding": "5.15.25",
"matchCriteriaId": "6467CE52-5FC4-4C7B-A594-75503B1F51B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.11",
"matchCriteriaId": "0D327234-5D4A-43DC-A6DF-BCA0CEBEC039"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/352193edda48e08e8824a7ece09aec830a603cfe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/74b426bea4f7e3b081add2b88d4fba16d3af7ab6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e1779c2714c3023e4629825762bcbc43a3b943df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

82
CVE-2022/CVE-2022-488xx/CVE-2022-48808.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48808",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:05.120",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:19:55.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: dsa: corrige el p\u00e1nico cuando el dispositivo maestro DSA se desvincula al apagar Rafael informa que en un sistema con conmutadores LX2160A y Marvell DSA, si se produce un reinicio mientras el DSA maestro (dpaa2-eth ) est\u00e1 activo, se puede ver el siguiente p\u00e1nico: systemd-shutdown[1]: Rebooting. No se puede manejar la solicitud de paginaci\u00f3n del kernel en la direcci\u00f3n virtual 00a0000800000041 [00a0000800000041] direcci\u00f3n entre los rangos de direcciones del usuario y del kernel Error interno: Ups: 96000004 [#1] CPU SMP PREEMPT: 6 PID: 1 Comm: systemd-shutdow No est\u00e1 contaminado 5.16.5-00042 -g8f5585009b24 #32 pc: dsa_slave_netdevice_event+0x130/0x3e4 lr: raw_notifier_call_chain+0x50/0x6c Rastreo de llamadas: dsa_slave_netdevice_event+0x130/0x3e4 raw_notifier_call_chain+0x50/0x6c call_netdevice_notifiers_info+ 0x54/0xa0 __dev_close_many+0x50/0x130 dev_close_many+0x84/0x120 unregister_netdevice_many+0x130/ 0x710 unregister_netdevice_queue+0x8c/0xd0 unregister_netdev+0x20/0x30 dpaa2_eth_remove+0x68/0x190 fsl_mc_driver_remove+0x20/0x5c __device_release_driver+0x21c/0x220 dispositivo_release_driver_internal+0xac/0x b0 device_links_unbind_consumers+0xd4/0x100 __device_release_driver+0x94/0x220 dispositivo_release_driver+0x28/0x40 bus_remove_device+0x118/ 0x124 dispositivo_del+0x174/0x420 fsl_mc_device_remove+0x24/0x40 __fsl_mc_device_remove+0xc/0x20 dispositivo_para_cada_ni\u00f1o+0x58/0xa0 dprc_remove+0x90/0xb0 fsl_mc_driver_remove+0x20/0x5c __ dispositivo_liberaci\u00f3n_controlador+0x21c/0x220 dispositivo_liberaci\u00f3n_controlador+0x28/0x40 bus_remove_device+0x118/0x124 dispositivo_del+0x174/ 0x420 fsl_mc_bus_remove+0x80/0x100 fsl_mc_bus_shutdown+0xc/0x1c platform_shutdown+0x20/0x30 dispositivo_shutdown+0x154/0x330 __do_sys_reboot+0x1cc/0x250 __arm64_sys_reboot+0x20/0x30 invoke_syscall.constprop.0+0x4c/0xe0 do_el0_svc+0x4c/0x150 el0_svc+0x24/0xb0 el0t_64_sync_handler+0xa8/0xb0 el0t_64_sync+0x178/0x17c Se puede ver en el seguimiento de la pila que el problema es que la cancelaci\u00f3n del registro del maestro provoca un dev_close(), que se notifica como NETDEV_GOING_DOWN a dsa_slave_netdevice_event(). Pero dsa_switch_shutdown() ya se ejecut\u00f3, y esto anul\u00f3 el registro de las interfaces esclavas DSA y, a\u00fan as\u00ed, el controlador NETDEV_GOING_DOWN intenta llamar a dev_close_many() en esas interfaces esclavas, lo que genera el problema. El intento anterior de evitar NETDEV_GOING_DOWN en el maestro despu\u00e9s de llamar a dsa_switch_shutdown() parece inadecuado. Anular el registro de las interfaces esclavas es innecesario e in\u00fatil. En cambio, despu\u00e9s de que los esclavos hayan dejado de ser superiores al maestro DSA, ahora podemos restablecer a NULL el puntero maestro->dsa_ptr, lo que har\u00e1 que DSA comience a ignorar todos los eventos notificadores futuros en el maestro."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.155",
"matchCriteriaId": "5EA785B4-F15F-4577-975F-43739EC89827"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.10",
"matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/89b60402d43cdab4387dbbf24afebda5cf092ae7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ee534378f00561207656663d93907583958339ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ff45899e732e57088985e3a497b1d9100571c0f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

142
CVE-2022/CVE-2022-488xx/CVE-2022-48809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48809",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:05.190",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:18:21.437",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: soluciona un memleak al desaclonar un skb dst y sus metadatos Al desaclonar un skb dst y sus metadatos asociados, se asigna un nuevo dst+metadatos que luego reemplaza al antiguo en el skb. Esto es \u00fatil para tener metadatos dst+ no compartidos adjuntos a un skb espec\u00edfico. El problema es que los metadatos dst+ no clonados se inicializan con un recuento de 1, que se incrementa a 2 antes de adjuntarlo al skb. Cuando tun_dst_unclone regresa, solo se hace referencia a los metadatos dst+ desde un \u00fanico lugar (el skb) mientras su refcount es 2. Su refcount nunca bajar\u00e1 a 0 (cuando se consume el skb), lo que provoca una p\u00e9rdida de memoria. Solucione este problema eliminando la llamada a dst_hold en tun_dst_unclone, ya que el recuento de metadatos dst+ ya es 1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.3",
"versionEndExcluding": "4.9.302",
"matchCriteriaId": "72C5D0FA-1645-4649-A21B-6D40B49AA943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.267",
"matchCriteriaId": "FD3CEBEB-60B8-4EA2-B346-6ADF49F754D9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.230",
"matchCriteriaId": "62845903-4271-4AFA-B8B7-6517ED5BFEB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.180",
"matchCriteriaId": "6808B38F-AD73-4D55-A158-6EF605E8EB66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.101",
"matchCriteriaId": "A154171E-A3B9-42BE-9E97-C9B0EA43FC54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.24",
"matchCriteriaId": "866451F0-299E-416C-B0B8-AE6B33E62CCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.10",
"matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/00e6d6c3bc14dfe32824e2c515f0e0f2d6ecf2f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0be943916d781df2b652793bb2d3ae4f9624c10a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4ac84498fbe84a00e7aef185e2bb3e40ce71eca4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8b1087b998e273f07be13dcb5f3ca4c309c7f108",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9eeabdf17fa0ab75381045c867c370f4cc75a613",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a80817adc2a4c1ba26a7aa5f3ed886e4a18dff88",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c1ff27d100e2670b03cbfddb9117e5f9fc672540",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fdcb263fa5cda15b8cb24a641fa2718c47605314",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

130
CVE-2022/CVE-2022-488xx/CVE-2022-48822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48822",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:06.073",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:14:37.987",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: usb: f_fs: corrige el use-after-free para epfile Considere un caso en el que se llama a ffs_func_eps_disable desde ffs_func_disable como parte del cambio de composici\u00f3n y al mismo tiempo se llama a ffs_epfile_release desde el espacio de usuario. ffs_epfile_release liberar\u00e1 el b\u00fafer de lectura y llamar\u00e1 a ffs_data_closed, que a su vez destruir\u00e1 ffs->epfiles y lo marcar\u00e1 como NULL. Mientras esto suced\u00eda, el controlador ya inicializ\u00f3 el archivo ep local en ffs_func_eps_disable, que ahora est\u00e1 liberado y esperando adquirir el spinlock. Una vez adquirido el spinlock, el controlador contin\u00faa con el valor obsoleto de epfile e intenta liberar el b\u00fafer de lectura ya liberado, lo que provoca un use-after-free. La siguiente es la ilustraci\u00f3n de la ejecuci\u00f3n: CPU1 CPU2 ffs_func_eps_disable epfiles (copia local) ffs_epfile_release ffs_data_closed if (\u00faltimo archivo cerrado) ffs_data_reset ffs_data_clear ffs_epfiles_destroy spin_lock desreferenciar epfiles Arregle estas ejecuci\u00f3ns tomando la copia local de epfiles y asign\u00e1ndola bajo spinlock y si epfiles(local) es null luego actual\u00edcelo en ffs->epfiles y finalmente destr\u00fayalo. Ampliar el alcance m\u00e1s all\u00e1 de la ejecuci\u00f3n, proteger las estructuras relacionadas con ep y los accesos concurrentes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.9",
"versionEndExcluding": "4.14.267",
"matchCriteriaId": "55F57F74-D5B8-4F73-8F19-CA80ABA698E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.230",
"matchCriteriaId": "62845903-4271-4AFA-B8B7-6517ED5BFEB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.180",
"matchCriteriaId": "6808B38F-AD73-4D55-A158-6EF605E8EB66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.101",
"matchCriteriaId": "A154171E-A3B9-42BE-9E97-C9B0EA43FC54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.24",
"matchCriteriaId": "866451F0-299E-416C-B0B8-AE6B33E62CCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.10",
"matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0042178a69eb77a979e36a50dcce9794a3140ef8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/32048f4be071f9a6966744243f1786f45bb22dc2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3e078b18753669615301d946297bafd69294ad2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/72a8aee863af099d4434314c4536d6c9a61dcf3c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c9fc422c9a43e3d58d246334a71f3390401781dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cfe5f6fd335d882bcc829a1c8a7d462a455c626e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ebe2b1add1055b903e2acd86b290a85297edc0b3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

105
CVE-2022/CVE-2022-488xx/CVE-2022-48824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48824",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-16T12:15:06.210",
"lastModified": "2024-07-16T13:43:58.773",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-08-07T19:14:11.263",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,116 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: myrs: soluciona el fallo en caso de error En myrs_detect(), cs->disable_intr es NULL cuando privdata->hw_init() falla con un valor distinto de cero. En este caso, myrs_cleanup(cs) llamar\u00e1 a un ptr NULL y bloquear\u00e1 el kernel. [1.105606] myrs 0000:00:03.0: Error de inicializaci\u00f3n desconocido 5A [1.105872] myrs 0000:00:03.0: Error al inicializar el controlador [1.106082] ERROR: desreferencia del puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000000 [1.110774] Seguimiento de llamadas : [1.110950] myrs_cleanup+0xe4/0x150 [myrs] [ 1.111135] myrs_probe.cold+0x91/0x56a [myrs] [ 1.111302] ? DAC960_GEM_intr_handler+0x1f0/0x1f0 [a\u00f1os] [ 1.111500] local_pci_probe+0x48/0x90"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.4.180",
"matchCriteriaId": "48DC4419-4891-4731-891B-B538A96B7D58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.101",
"matchCriteriaId": "A154171E-A3B9-42BE-9E97-C9B0EA43FC54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.24",
"matchCriteriaId": "866451F0-299E-416C-B0B8-AE6B33E62CCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.10",
"matchCriteriaId": "679523BA-1392-404B-AB85-F5A5408B1ECC"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0e42c4a3d732517edc3766dd45a14e60d29dd929",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1d6cd26605b4d662063a83c15c776b5299a1cb23",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4db09593af0b0b4d7d4805ebb3273df51d7cc30d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5c5ceea00c8c9df150708e66cb9f2891192c1162",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6207f35c213f6cb2fc3f13b5e77f08c710e1de19",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

47
CVE-2023/CVE-2023-373xx/CVE-2023-37394.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37394",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-14T00:15:11.247",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T18:50:21.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wp_dummy_content_generator_project:wp_dummy_content_generator:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.0.0",
"matchCriteriaId": "DE5765EB-63F0-44DF-BD0A-C528EFA144A9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-2-3-0-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-513xx/CVE-2023-51377.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51377",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-14T06:15:09.687",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T18:59:35.350",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpeverest:everest_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.3.1",
"matchCriteriaId": "DAA065BC-8B95-47C1-9F2D-E472FFDFA9C9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/everest-forms/wordpress-everest-forms-plugin-2-0-3-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-514xx/CVE-2023-51495.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51495",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-14T06:15:10.103",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:03:30.903",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:returns_and_warranty_requests:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.0",
"matchCriteriaId": "57610E26-C0CA-4653-A9AB-9C5622AB16C1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-2-7-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-514xx/CVE-2023-51496.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51496",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-14T06:15:10.407",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:04:13.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:returns_and_warranty_requests:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.3.0",
"matchCriteriaId": "57610E26-C0CA-4653-A9AB-9C5622AB16C1"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-warranty/wordpress-woocommerce-warranty-requests-plugin-2-2-7-broken-access-control-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-514xx/CVE-2023-51497.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51497",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-14T06:15:10.673",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:04:40.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:shipping_multiple_addresses:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.8.10",
"matchCriteriaId": "45E7F86C-2F42-44B1-8F44-970F40B33782"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/woocommerce-shipping-multiple-addresses/wordpress-woocommerce-ship-to-multiple-addresses-plugin-3-8-9-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-515xx/CVE-2023-51507.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51507",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-14T02:15:09.177",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T18:51:36.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:expresstech:quiz_and_survey_master:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "8.1.17",
"matchCriteriaId": "2B493C11-BE88-4A54-92CF-2EE7310ADD13"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-1-16-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2023/CVE-2023-515xx/CVE-2023-51516.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51516",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-14T02:15:09.423",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T18:55:36.290",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:businessdirectoryplugin:business_directory:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.3.10",
"matchCriteriaId": "8A5F5379-9DA2-4C41-8C44-747B2E136B5E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/business-directory-plugin/wordpress-business-directory-plugin-easy-listing-directories-for-wordpress-plugin-6-3-9-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-66xx/CVE-2023-6633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6633",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-01-29T15:15:09.687",
"lastModified": "2024-02-02T23:49:18.407",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-07T19:35:02.583",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},

76
CVE-2024/CVE-2024-12xx/CVE-2024-1295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1295",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:10.937",
"lastModified": "2024-08-01T13:46:04.293",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:06:16.393",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,10 +59,60 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.4.0.1",
"matchCriteriaId": "10690677-7DF4-4F8D-883E-86BCE8A1C591"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tri:the_events_calendar:*:*:pro:*:*:wordpress:*:*",
"versionEndExcluding": "6.4.0.1",
"matchCriteriaId": "2CE12E8D-36C5-4F0E-84AB-345AFAC81079"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-204xx/CVE-2024-20443.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20443",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.053",
"lastModified": "2024-08-07T17:15:50.053",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-204xx/CVE-2024-20450.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20450",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.283",
"lastModified": "2024-08-07T17:15:50.283",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-204xx/CVE-2024-20451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20451",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.493",
"lastModified": "2024-08-07T17:15:50.493",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-204xx/CVE-2024-20454.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20454",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.713",
"lastModified": "2024-08-07T17:15:50.713",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-204xx/CVE-2024-20479.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20479",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-08-07T17:15:50.930",
"lastModified": "2024-08-07T17:15:50.930",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

27
CVE-2024/CVE-2024-232xx/CVE-2024-23226.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23226",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:47.633",
"lastModified": "2024-03-13T23:15:46.243",
"lastModified": "2024-08-07T18:35:01.913",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 y iPadOS 17.4, watchOS 10.4, tvOS 17.4. El procesamiento de contenido web puede dar lugar a la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21",

47
CVE-2024/CVE-2024-235xx/CVE-2024-23504.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23504",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-14T06:15:11.023",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:07:45.187",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpmanageninja:ninja_tables:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.0.6",
"matchCriteriaId": "1C38E65A-E85E-42CE-8E88-1B5627B32B8F"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ninja-tables/wordpress-ninja-tables-plugin-5-0-5-broken-access-control-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-235xx/CVE-2024-23557.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23557",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-04-18T19:15:09.327",
"lastModified": "2024-04-19T13:10:25.637",
"lastModified": "2024-08-07T19:35:03.190",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0112488",

27
CVE-2024/CVE-2024-273xx/CVE-2024-27356.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27356",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T01:15:07.197",
"lastModified": "2024-02-27T14:20:06.637",
"lastModified": "2024-08-07T18:35:02.437",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se descubri\u00f3 un problema en ciertos dispositivos GL-iNet. Los atacantes pueden descargar archivos, como registros, mediante comandos, obteniendo potencialmente informaci\u00f3n cr\u00edtica del usuario. Esto afecta a MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3. 10 , X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216 y X1200 3.203."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md",

58
CVE-2024/CVE-2024-332xx/CVE-2024-33253.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33253",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-13T23:15:50.403",
"lastModified": "2024-08-01T13:51:48.870",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T18:24:45.317",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openeclass:openeclass:*:*:*:*:*:*:*:*",
"versionEndIncluding": "3.15",
"matchCriteriaId": "45900311-03AD-4215-809B-0565B400E43A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/FreySolarEye/CVE/blob/master/GUnet%20OpenEclass%20E-learning%20platform%203.15%20-%20%27certbadge.php%27%20Stored%20Cross%20Site%20Scripting",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-344xx/CVE-2024-34479.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34479",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T16:15:44.327",
"lastModified": "2024-08-07T16:15:44.327",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-344xx/CVE-2024-34480.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34480",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T16:15:44.393",
"lastModified": "2024-08-07T16:15:44.393",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

2
CVE-2024/CVE-2024-381xx/CVE-2024-38166.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38166",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-06T22:15:54.163",
"lastModified": "2024-08-07T15:17:46.717",
"lastModified": "2024-08-07T19:15:47.797",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{

2
CVE-2024/CVE-2024-382xx/CVE-2024-38206.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38206",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-06T22:15:54.430",
"lastModified": "2024-08-07T15:17:46.717",
"lastModified": "2024-08-07T19:15:47.890",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{

95
CVE-2024/CVE-2024-384xx/CVE-2024-38439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38439",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-16T13:15:53.030",
"lastModified": "2024-06-30T12:15:02.293",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:28:25.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,104 @@
"value": "Netatalk 3.2.0 tiene un error de uno en uno y el resultado es un desbordamiento del b\u00fafer basado en el mont\u00f3n debido a la configuraci\u00f3n de ibuf[PASSWDLEN] en '\\0' en FPLoginExt al iniciar sesi\u00f3n en etc/uams/uams_pam.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.0.0",
"versionEndExcluding": "2.4.1",
"matchCriteriaId": "C3F4245E-9F2F-485B-BF45-D12C4880C133"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netatalk:netatalk:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.1.19",
"matchCriteriaId": "90E0D788-492A-4368-BB70-288288E9048F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:netatalk:netatalk:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "252F610A-8297-4142-BD3C-45BEF57E33AB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Netatalk/netatalk/blob/90d91a9ac9a7d6132ab7620d31c8c23400949206/etc/uams/uams_pam.c#L316",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/Netatalk/netatalk/issues/1096",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Not Applicable"
]
},
{
"url": "https://github.com/Netatalk/netatalk/security/advisories/GHSA-8r68-857c-4rqc",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://netatalk.io/security/CVE-2024-38439",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-384xx/CVE-2024-38460.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38460",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-16T15:15:51.910",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T18:58:04.703",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@mitre.org",
"type": "Secondary",
@ -39,14 +59,59 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:*",
"versionEndExcluding": "9.9.4",
"matchCriteriaId": "B1150BB6-C571-48F0-B51C-B03FBA5FD5C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sonarsource:sonarqube:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0.68432",
"versionEndExcluding": "10.4",
"matchCriteriaId": "1151660E-EA3E-4CED-8AFE-CACD8280CD68"
}
]
}
]
}
],
"references": [
{
"url": "https://community.sonarsource.com/t/sonarqube-ce-10-3-0-leaking-encrypted-values-in-web-server-logs/108187",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://sonarsource.atlassian.net/browse/SONAR-21559",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

74
CVE-2024/CVE-2024-384xx/CVE-2024-38461.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38461",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-16T16:15:09.537",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T18:50:36.303",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,81 @@
"value": "irodsServerMonPerf en iRODS anteriores a 4.3.2 intenta continuar con el uso de una ruta incluso si no es un directorio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irods:irods:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "3B450EAB-6C4F-4515-8110-7716F5B2141B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/irods/irods/issues/7652",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/irods/irods/releases/tag/4.3.2",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://irods.org/2024/05/irods-4-3-2-is-released",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

80
CVE-2024/CVE-2024-384xx/CVE-2024-38462.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38462",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-16T16:15:09.627",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T18:33:52.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,89 @@
"value": "iRODS anterior a 4.3.2 proporciona una funci\u00f3n msiSendMail con una dependencia problem\u00e1tica del binario de correo, como en la referencia mailMS.cpp#L94-L106."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irods:irods:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "3B450EAB-6C4F-4515-8110-7716F5B2141B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/irods/irods/blob/97eb33f130349db5e01a4b85e89dd1da81460345/server/re/src/mailMS.cpp#L94-L106",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/irods/irods/issues/7562",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/irods/irods/issues/7651",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://irods.org/2024/05/irods-4-3-2-is-released/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes"
]
}
]
}

52
CVE-2024/CVE-2024-398xx/CVE-2024-39875.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39875",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-09T12:15:19.803",
"lastModified": "2024-07-09T18:19:14.047",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:23:39.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -95,10 +115,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2",
"matchCriteriaId": "BA2839E7-E397-4D69-865B-439F0017D540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6CBBACB4-9C5A-4616-BD70-FEDEE9978BFC"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

52
CVE-2024/CVE-2024-398xx/CVE-2024-39876.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39876",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-09T12:15:20.047",
"lastModified": "2024-07-09T18:19:14.047",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:26:42.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -95,10 +115,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.2",
"matchCriteriaId": "BA2839E7-E397-4D69-865B-439F0017D540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:-:*:*:*:*:*:*",
"matchCriteriaId": "6CBBACB4-9C5A-4616-BD70-FEDEE9978BFC"
}
]
}
]
}
],
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-381581.html",
"source": "productcert@siemens.com"
"source": "productcert@siemens.com",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-39xx/CVE-2024-3992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3992",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:12.607",
"lastModified": "2024-06-17T12:42:04.623",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-07T19:08:22.713",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "El complemento Amen WordPress hasta la versi\u00f3n 3.3.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:joshua_vandercar:amen:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.1",
"matchCriteriaId": "96BED0D9-7D72-4C14-90F8-8584C24616B1"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/e9fe3101-8033-4eee-8b37-06856872e9ef/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-405xx/CVE-2024-40531.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-40531",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-05T16:15:36.800",
"lastModified": "2024-08-06T16:30:24.547",
"lastModified": "2024-08-07T19:35:06.233",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en UAB Lexita PanteraCRM CMS v.401.152 y Patera CRM CMS v.402.072 permite a un atacante remoto escalar privilegios a trav\u00e9s de la funci\u00f3n de gesti\u00f3n de perfiles de usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://critical.lt/blog/authorization-bypass-and-mass-assignment-in-pantera-crm/",

25
CVE-2024/CVE-2024-412xx/CVE-2024-41237.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41237",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T19:15:48.033",
"lastModified": "2024-08-07T19:15:48.033",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in /smsa/teacher_login.php in Kashipara Responsive School Management System v1.0 allows an attacker to execute arbitrary SQL commands via the \"username\" parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/SQL%20Injection%20-%20Teacher.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-412xx/CVE-2024-41239.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-41239",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T19:15:48.093",
"lastModified": "2024-08-07T19:35:07.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stored Cross Site Scripting (XSS) vulnerability was found in \"/smsa/add_class_submit.php\" in Kashipara Responsive School Management System v1.0, which allows remote attackers to execute arbitrary code via \"class_name\" parameter field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Stored%20XSS.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-412xx/CVE-2024-41240.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41240",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T18:15:37.627",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in \" /smsa/teacher_login.php\" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via the \"error\" parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Reflected%20XSS%20-%20Teacher.pdf",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-412xx/CVE-2024-41241.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-41241",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T18:15:37.703",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in \" /smsa/admin_login.php\" in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via \"error\" parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Reflected%20XSS%20-%20Admin.pdf",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-412xx/CVE-2024-41242.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-41242",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T18:15:37.757",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross Site Scripting (XSS) vulnerability was found in /smsa/student_login.php in Kashipara Responsive School Management System v3.2.0, which allows remote attackers to execute arbitrary code via \"error\" parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Reflected%20XSS%20-%20Student.pdf",
"source": "cve@mitre.org"
},
{
"url": "https://www.kashipara.com/project/php/12362/responsive-school-management-system-php-project-source-code",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-412xx/CVE-2024-41243.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41243",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T17:15:51.620",
"lastModified": "2024-08-07T17:15:51.620",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-412xx/CVE-2024-41244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41244",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T17:15:51.687",
"lastModified": "2024-08-07T17:15:51.687",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-412xx/CVE-2024-41245.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41245",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T17:15:51.763",
"lastModified": "2024-08-07T17:15:51.763",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:09:46.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

16
CVE-2024/CVE-2024-412xx/CVE-2024-41246.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41246",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-07T16:15:45.600",
"lastModified": "2024-08-07T16:15:45.600",
"vulnStatus": "Received",
"lastModified": "2024-08-07T19:35:07.937",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -12,6 +12,18 @@
}
],
"metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/takekaramey/CVE_Writeup/blob/main/Kashipara/Responsive%20School%20Management%20System%20v3.2.0/Broken%20Access%20Control%20-%20Admin%20Dashboard.pdf",

Some files were not shown because too many files have changed in this diff Show More