From 246f9500799b37e1387804bed26fd1c9e684a1d7 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Tue, 16 Apr 2024 23:58:23 +0000 Subject: [PATCH] Auto-Update: 2024-04-16T23:55:32.287910+00:00 --- CVE-2024/CVE-2024-09xx/CVE-2024-0914.json | 6 +- CVE-2024/CVE-2024-209xx/CVE-2024-20954.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20989.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20990.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20991.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20992.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20993.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20994.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20995.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20997.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20998.json | 43 +++++ CVE-2024/CVE-2024-209xx/CVE-2024-20999.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21000.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21001.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21002.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21003.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21004.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21005.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21006.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21007.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21008.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21009.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21010.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21011.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21012.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21013.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21014.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21015.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21016.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21017.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21018.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21019.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21020.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21021.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21022.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21023.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21024.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21025.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21026.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21027.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21028.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21029.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21030.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21031.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21032.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21033.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21034.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21035.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21036.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21037.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21038.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21039.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21040.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21041.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21042.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21043.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21044.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21045.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21046.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21047.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21048.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21049.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21050.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21051.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21052.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21053.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21054.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21055.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21056.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21057.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21058.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21059.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21060.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21061.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21062.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21063.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21064.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21065.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21066.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21067.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21068.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21069.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21070.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21071.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21072.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21073.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21074.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21075.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21076.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21077.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21078.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21079.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21080.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21081.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21082.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21083.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21084.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21085.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21086.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21087.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21088.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21089.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21090.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21091.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21092.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21093.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21094.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21095.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21096.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21097.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21098.json | 43 +++++ CVE-2024/CVE-2024-210xx/CVE-2024-21099.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21100.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21101.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21102.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21103.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21104.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21105.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21106.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21107.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21108.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21109.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21110.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21111.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21112.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21113.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21114.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21115.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21116.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21117.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21118.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21119.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21120.json | 43 +++++ CVE-2024/CVE-2024-211xx/CVE-2024-21121.json | 43 +++++ CVE-2024/CVE-2024-270xx/CVE-2024-27086.json | 63 +++++++ CVE-2024/CVE-2024-275xx/CVE-2024-27592.json | 6 +- CVE-2024/CVE-2024-292xx/CVE-2024-29291.json | 20 +++ CVE-2024/CVE-2024-294xx/CVE-2024-29402.json | 28 ++++ CVE-2024/CVE-2024-314xx/CVE-2024-31452.json | 59 +++++++ CVE-2024/CVE-2024-314xx/CVE-2024-31497.json | 18 +- CVE-2024/CVE-2024-317xx/CVE-2024-31759.json | 28 ++++ CVE-2024/CVE-2024-317xx/CVE-2024-31760.json | 28 ++++ CVE-2024/CVE-2024-318xx/CVE-2024-31887.json | 59 +++++++ CVE-2024/CVE-2024-320xx/CVE-2024-32036.json | 24 ++- README.md | 52 ++++-- _state.csv | 174 ++++++++++++++++++-- 146 files changed, 6232 insertions(+), 52 deletions(-) create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20954.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20989.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20990.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20991.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20992.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20993.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20994.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20995.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20997.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20998.json create mode 100644 CVE-2024/CVE-2024-209xx/CVE-2024-20999.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21000.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21001.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21002.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21003.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21004.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21005.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21006.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21007.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21008.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21009.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21010.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21011.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21012.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21013.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21014.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21015.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21016.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21017.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21018.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21019.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21020.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21021.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21022.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21023.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21024.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21025.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21026.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21027.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21028.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21029.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21030.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21031.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21032.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21033.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21034.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21035.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21036.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21037.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21038.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21039.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21040.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21041.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21042.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21043.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21044.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21045.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21046.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21047.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21048.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21049.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21050.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21051.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21052.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21053.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21054.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21055.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21056.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21057.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21058.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21059.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21060.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21061.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21062.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21063.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21064.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21065.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21066.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21067.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21068.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21069.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21070.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21071.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21072.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21073.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21074.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21075.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21076.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21077.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21078.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21079.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21080.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21081.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21082.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21083.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21084.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21085.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21086.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21087.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21088.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21089.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21090.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21091.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21092.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21093.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21094.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21095.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21096.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21097.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21098.json create mode 100644 CVE-2024/CVE-2024-210xx/CVE-2024-21099.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21100.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21101.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21102.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21103.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21104.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21105.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21106.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21107.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21108.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21109.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21110.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21111.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21112.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21113.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21114.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21115.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21116.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21117.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21118.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21119.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21120.json create mode 100644 CVE-2024/CVE-2024-211xx/CVE-2024-21121.json create mode 100644 CVE-2024/CVE-2024-270xx/CVE-2024-27086.json create mode 100644 CVE-2024/CVE-2024-292xx/CVE-2024-29291.json create mode 100644 CVE-2024/CVE-2024-294xx/CVE-2024-29402.json create mode 100644 CVE-2024/CVE-2024-314xx/CVE-2024-31452.json create mode 100644 CVE-2024/CVE-2024-317xx/CVE-2024-31759.json create mode 100644 CVE-2024/CVE-2024-317xx/CVE-2024-31760.json create mode 100644 CVE-2024/CVE-2024-318xx/CVE-2024-31887.json diff --git a/CVE-2024/CVE-2024-09xx/CVE-2024-0914.json b/CVE-2024/CVE-2024-09xx/CVE-2024-0914.json index 40c0be2826f..16442509c09 100644 --- a/CVE-2024/CVE-2024-09xx/CVE-2024-0914.json +++ b/CVE-2024/CVE-2024-09xx/CVE-2024-0914.json @@ -2,7 +2,7 @@ "id": "CVE-2024-0914", "sourceIdentifier": "secalert@redhat.com", "published": "2024-01-31T05:15:08.137", - "lastModified": "2024-04-02T19:15:46.680", + "lastModified": "2024-04-16T22:15:11.330", "vulnStatus": "Modified", "descriptions": [ { @@ -131,6 +131,10 @@ "url": "https://access.redhat.com/errata/RHSA-2024:1608", "source": "secalert@redhat.com" }, + { + "url": "https://access.redhat.com/errata/RHSA-2024:1856", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/security/cve/CVE-2024-0914", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20954.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20954.json new file mode 100644 index 00000000000..3e5b4f51516 --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20954.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20954", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:11.570", + "lastModified": "2024-04-16T22:15:11.570", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20989.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20989.json new file mode 100644 index 00000000000..dd339f77c6f --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20989.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20989", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:11.777", + "lastModified": "2024-04-16T22:15:11.777", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony POS). Supported versions that are affected are 19.1.0-19.5.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality Simphony accessible data as well as unauthorized update, insert or delete access to some of Oracle Hospitality Simphony accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Hospitality Simphony. CVSS 3.1 Base Score 7.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20990.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20990.json new file mode 100644 index 00000000000..52a52684fcc --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20990.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20990", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:11.950", + "lastModified": "2024-04-16T22:15:11.950", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Templates). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Applications Technology. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Applications Technology accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20991.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20991.json new file mode 100644 index 00000000000..c065fb0b54f --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20991.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20991", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:12.110", + "lastModified": "2024-04-16T22:15:12.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Web Listener). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HTTP Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle HTTP Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20992.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20992.json new file mode 100644 index 00000000000..7c6c9df7428 --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20992.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20992", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:12.280", + "lastModified": "2024-04-16T22:15:12.280", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Content integration). The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Portal accessible data as well as unauthorized read access to a subset of Oracle WebCenter Portal accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20993.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20993.json new file mode 100644 index 00000000000..a03e4878bbe --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20993.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20993", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:12.453", + "lastModified": "2024-04-16T22:15:12.453", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20994.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20994.json new file mode 100644 index 00000000000..9de51c31cc2 --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20994.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20994", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:12.623", + "lastModified": "2024-04-16T22:15:12.623", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20995.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20995.json new file mode 100644 index 00000000000..953f7edc476 --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20995.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20995", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:12.793", + "lastModified": "2024-04-16T22:15:12.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Oracle Database Sharding. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Database Sharding. CVSS 3.1 Base Score 2.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20997.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20997.json new file mode 100644 index 00000000000..8530586792b --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20997.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20997", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:12.970", + "lastModified": "2024-04-16T22:15:12.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20998.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20998.json new file mode 100644 index 00000000000..8f8631d4226 --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20998.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20998", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:13.140", + "lastModified": "2024-04-16T22:15:13.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20999.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20999.json new file mode 100644 index 00000000000..d6b30e92137 --- /dev/null +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20999.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-20999", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:13.350", + "lastModified": "2024-04-16T22:15:13.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Zones). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21000.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21000.json new file mode 100644 index 00000000000..79b644fd04e --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21000.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21000", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:13.520", + "lastModified": "2024-04-16T22:15:13.520", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21001.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21001.json new file mode 100644 index 00000000000..edca3d7f232 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21001.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21001", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:13.687", + "lastModified": "2024-04-16T22:15:13.687", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21002.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21002.json new file mode 100644 index 00000000000..b5c47bdc098 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21002.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21002", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:13.870", + "lastModified": "2024-04-16T22:15:13.870", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21003.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21003.json new file mode 100644 index 00000000000..3fe7b843513 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21003.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21003", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:14.040", + "lastModified": "2024-04-16T22:15:14.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21004.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21004.json new file mode 100644 index 00000000000..6f8891ce12c --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21004.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21004", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:14.210", + "lastModified": "2024-04-16T22:15:14.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.0, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21005.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21005.json new file mode 100644 index 00000000000..499b5203924 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21005.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21005", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:14.373", + "lastModified": "2024-04-16T22:15:14.373", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u401; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21006.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21006.json new file mode 100644 index 00000000000..27a0113edaf --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21006.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21006", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:14.580", + "lastModified": "2024-04-16T22:15:14.580", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21007.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21007.json new file mode 100644 index 00000000000..6409293ac5d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21007.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21007", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:14.750", + "lastModified": "2024-04-16T22:15:14.750", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21008.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21008.json new file mode 100644 index 00000000000..f9baf2442a1 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21008.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21008", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:14.920", + "lastModified": "2024-04-16T22:15:14.920", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21009.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21009.json new file mode 100644 index 00000000000..b25675ae821 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21009.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21009", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:15.090", + "lastModified": "2024-04-16T22:15:15.090", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21010.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21010.json new file mode 100644 index 00000000000..1a64095f120 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21010.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21010", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:15.260", + "lastModified": "2024-04-16T22:15:15.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality Simphony. While the vulnerability is in Oracle Hospitality Simphony, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21011.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21011.json new file mode 100644 index 00000000000..61c05cd9404 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21011.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21011", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:15.437", + "lastModified": "2024-04-16T22:15:15.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21012.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21012.json new file mode 100644 index 00000000000..911e9051300 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21012.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21012", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:15.617", + "lastModified": "2024-04-16T22:15:15.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21013.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21013.json new file mode 100644 index 00000000000..b2cb86c5eb1 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21013.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21013", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:15.793", + "lastModified": "2024-04-16T22:15:15.793", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21014.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21014.json new file mode 100644 index 00000000000..303ac118f38 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21014.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21014", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:15.967", + "lastModified": "2024-04-16T22:15:15.967", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality Simphony. Successful attacks of this vulnerability can result in takeover of Oracle Hospitality Simphony. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21015.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21015.json new file mode 100644 index 00000000000..70198136127 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21015.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21015", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:16.140", + "lastModified": "2024-04-16T22:15:16.140", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21016.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21016.json new file mode 100644 index 00000000000..7178442f585 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21016.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21016", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:16.310", + "lastModified": "2024-04-16T22:15:16.310", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21017.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21017.json new file mode 100644 index 00000000000..158f7f3aa5a --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21017.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21017", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:16.480", + "lastModified": "2024-04-16T22:15:16.480", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21018.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21018.json new file mode 100644 index 00000000000..e218ff35b1d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21018.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21018", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:16.657", + "lastModified": "2024-04-16T22:15:16.657", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21019.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21019.json new file mode 100644 index 00000000000..5780cd4775c --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21019.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21019", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:16.820", + "lastModified": "2024-04-16T22:15:16.820", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21020.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21020.json new file mode 100644 index 00000000000..b318e7ec42e --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21020.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21020", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:16.990", + "lastModified": "2024-04-16T22:15:16.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21021.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21021.json new file mode 100644 index 00000000000..bee8f790f57 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21021.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21021", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:17.153", + "lastModified": "2024-04-16T22:15:17.153", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21022.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21022.json new file mode 100644 index 00000000000..108d03a5509 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21022.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21022", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:17.323", + "lastModified": "2024-04-16T22:15:17.323", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21023.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21023.json new file mode 100644 index 00000000000..d9b361a217d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21023.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21023", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:17.490", + "lastModified": "2024-04-16T22:15:17.490", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21024.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21024.json new file mode 100644 index 00000000000..e0c860d00af --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21024.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21024", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:17.663", + "lastModified": "2024-04-16T22:15:17.663", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21025.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21025.json new file mode 100644 index 00000000000..7541835ca47 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21025.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21025", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:17.837", + "lastModified": "2024-04-16T22:15:17.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21026.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21026.json new file mode 100644 index 00000000000..00708480f82 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21026.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21026", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:18.020", + "lastModified": "2024-04-16T22:15:18.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21027.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21027.json new file mode 100644 index 00000000000..70e6aabc728 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21027.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21027", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:18.183", + "lastModified": "2024-04-16T22:15:18.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21028.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21028.json new file mode 100644 index 00000000000..38766eb3254 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21028.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21028", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:18.350", + "lastModified": "2024-04-16T22:15:18.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21029.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21029.json new file mode 100644 index 00000000000..eaaeb295e82 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21029.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21029", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:18.527", + "lastModified": "2024-04-16T22:15:18.527", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21030.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21030.json new file mode 100644 index 00000000000..26bf312aabb --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21030.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21030", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:18.693", + "lastModified": "2024-04-16T22:15:18.693", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21031.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21031.json new file mode 100644 index 00000000000..86d23ecde6b --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21031.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21031", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:18.863", + "lastModified": "2024-04-16T22:15:18.863", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21032.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21032.json new file mode 100644 index 00000000000..ec0d24ae9e8 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21032.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21032", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:19.037", + "lastModified": "2024-04-16T22:15:19.037", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21033.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21033.json new file mode 100644 index 00000000000..f58465aa31b --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21033.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21033", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:19.210", + "lastModified": "2024-04-16T22:15:19.210", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21034.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21034.json new file mode 100644 index 00000000000..5f27a415e5d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21034.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21034", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:19.390", + "lastModified": "2024-04-16T22:15:19.390", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21035.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21035.json new file mode 100644 index 00000000000..68a39f5d813 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21035.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21035", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:19.597", + "lastModified": "2024-04-16T22:15:19.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21036.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21036.json new file mode 100644 index 00000000000..99062703a52 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21036.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21036", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:19.760", + "lastModified": "2024-04-16T22:15:19.760", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21037.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21037.json new file mode 100644 index 00000000000..666008254df --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21037.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21037", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:19.927", + "lastModified": "2024-04-16T22:15:19.927", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21038.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21038.json new file mode 100644 index 00000000000..f5211beb58f --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21038.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21038", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:20.093", + "lastModified": "2024-04-16T22:15:20.093", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21039.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21039.json new file mode 100644 index 00000000000..d45373db9a6 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21039.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21039", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:20.260", + "lastModified": "2024-04-16T22:15:20.260", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21040.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21040.json new file mode 100644 index 00000000000..2e7441cf5d8 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21040.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21040", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:20.427", + "lastModified": "2024-04-16T22:15:20.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21041.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21041.json new file mode 100644 index 00000000000..7c02b543d3a --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21041.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21041", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:20.597", + "lastModified": "2024-04-16T22:15:20.597", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21042.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21042.json new file mode 100644 index 00000000000..432f2055681 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21042.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21042", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:20.773", + "lastModified": "2024-04-16T22:15:20.773", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21043.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21043.json new file mode 100644 index 00000000000..fcc91519610 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21043.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21043", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:20.943", + "lastModified": "2024-04-16T22:15:20.943", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21044.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21044.json new file mode 100644 index 00000000000..e4e20720ab6 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21044.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21044", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:21.110", + "lastModified": "2024-04-16T22:15:21.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21045.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21045.json new file mode 100644 index 00000000000..c72bc9c7639 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21045.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21045", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:21.287", + "lastModified": "2024-04-16T22:15:21.287", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21046.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21046.json new file mode 100644 index 00000000000..e532cbbdb80 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21046.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21046", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:21.460", + "lastModified": "2024-04-16T22:15:21.460", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21047.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21047.json new file mode 100644 index 00000000000..93045e34bb7 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21047.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21047", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:21.643", + "lastModified": "2024-04-16T22:15:21.643", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21048.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21048.json new file mode 100644 index 00000000000..3512227fc0b --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21048.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21048", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:21.810", + "lastModified": "2024-04-16T22:15:21.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: XML input). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21049.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21049.json new file mode 100644 index 00000000000..042f18a44ba --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21049.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21049", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:21.990", + "lastModified": "2024-04-16T22:15:21.990", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21050.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21050.json new file mode 100644 index 00000000000..9907cbe12f5 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21050.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21050", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:22.157", + "lastModified": "2024-04-16T22:15:22.157", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21051.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21051.json new file mode 100644 index 00000000000..3ac7df2202b --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21051.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21051", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:22.330", + "lastModified": "2024-04-16T22:15:22.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21052.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21052.json new file mode 100644 index 00000000000..a45d17ad932 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21052.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21052", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:22.500", + "lastModified": "2024-04-16T22:15:22.500", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21053.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21053.json new file mode 100644 index 00000000000..81563da9464 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21053.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21053", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:22.673", + "lastModified": "2024-04-16T22:15:22.673", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21054.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21054.json new file mode 100644 index 00000000000..2321bde2718 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21054.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21054", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:22.840", + "lastModified": "2024-04-16T22:15:22.840", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21055.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21055.json new file mode 100644 index 00000000000..c1eb2ca306d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21055.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21055", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:23.010", + "lastModified": "2024-04-16T22:15:23.010", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21056.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21056.json new file mode 100644 index 00000000000..f2f615a6f12 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21056.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21056", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:23.183", + "lastModified": "2024-04-16T22:15:23.183", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21057.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21057.json new file mode 100644 index 00000000000..ae5c03d66ee --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21057.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21057", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:23.350", + "lastModified": "2024-04-16T22:15:23.350", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json new file mode 100644 index 00000000000..c9a3eda2ecc --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21058", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:23.570", + "lastModified": "2024-04-16T22:15:23.570", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Unified Audit accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21059.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21059.json new file mode 100644 index 00000000000..a6ee636937c --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21059.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21059", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:23.740", + "lastModified": "2024-04-16T22:15:23.740", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.1, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21060.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21060.json new file mode 100644 index 00000000000..66869cab7df --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21060.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21060", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:23.910", + "lastModified": "2024-04-16T22:15:23.910", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21061.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21061.json new file mode 100644 index 00000000000..4242064bab0 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21061.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21061", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:24.080", + "lastModified": "2024-04-16T22:15:24.080", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Audit Plug-in). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21062.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21062.json new file mode 100644 index 00000000000..563570678ac --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21062.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21062", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:24.247", + "lastModified": "2024-04-16T22:15:24.247", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21063.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21063.json new file mode 100644 index 00000000000..053d19b998d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21063.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21063", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:24.417", + "lastModified": "2024-04-16T22:15:24.417", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the PeopleSoft Enterprise HCM Benefits Administration product of Oracle PeopleSoft (component: Benefits Administration). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where PeopleSoft Enterprise HCM Benefits Administration executes to compromise PeopleSoft Enterprise HCM Benefits Administration. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise HCM Benefits Administration accessible data as well as unauthorized update, insert or delete access to some of PeopleSoft Enterprise HCM Benefits Administration accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise HCM Benefits Administration. CVSS 3.1 Base Score 6.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.3, + "impactScore": 4.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21064.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21064.json new file mode 100644 index 00000000000..0ff0b9b79e8 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21064.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21064", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:24.607", + "lastModified": "2024-04-16T22:15:24.607", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Analytics Web Answers). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21065.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21065.json new file mode 100644 index 00000000000..fba2ce7b314 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21065.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21065", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:24.780", + "lastModified": "2024-04-16T22:15:24.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21066.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21066.json new file mode 100644 index 00000000000..00338aed745 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21066.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21066", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:24.957", + "lastModified": "2024-04-16T22:15:24.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Easily exploitable vulnerability allows high privileged attacker having Authenticated User privilege with logon to the infrastructure where RDBMS executes to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all RDBMS accessible data. CVSS 3.1 Base Score 4.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21067.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21067.json new file mode 100644 index 00000000000..60bc69b3132 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21067.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21067", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:25.123", + "lastModified": "2024-04-16T22:15:25.123", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Host Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21068.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21068.json new file mode 100644 index 00000000000..3352b280d9e --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21068.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21068", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:25.307", + "lastModified": "2024-04-16T22:15:25.307", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle GraalVM Enterprise Edition: 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21069.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21069.json new file mode 100644 index 00000000000..38ea0d7350a --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21069.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21069", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:25.473", + "lastModified": "2024-04-16T22:15:25.473", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21070.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21070.json new file mode 100644 index 00000000000..72883f12943 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21070.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21070", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:25.650", + "lastModified": "2024-04-16T22:15:25.650", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Search Framework). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21071.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21071.json new file mode 100644 index 00000000000..8b1704e9051 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21071.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21071", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:25.837", + "lastModified": "2024-04-16T22:15:25.837", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Workflow. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21072.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21072.json new file mode 100644 index 00000000000..0d96e4c6490 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21072.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21072", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:26.020", + "lastModified": "2024-04-16T22:15:26.020", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Data Provider UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21073.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21073.json new file mode 100644 index 00000000000..5d4a6ead9fd --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21073.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21073", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:26.190", + "lastModified": "2024-04-16T22:15:26.190", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21074.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21074.json new file mode 100644 index 00000000000..3347e9defb5 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21074.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21074", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:26.370", + "lastModified": "2024-04-16T22:15:26.370", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Finance LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21075.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21075.json new file mode 100644 index 00000000000..30285151bb5 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21075.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21075", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:26.543", + "lastModified": "2024-04-16T22:15:26.543", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Claim Line LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21076.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21076.json new file mode 100644 index 00000000000..e5c98d72270 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21076.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21076", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:26.720", + "lastModified": "2024-04-16T22:15:26.720", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21077.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21077.json new file mode 100644 index 00000000000..ccae79aa66d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21077.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21077", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:26.887", + "lastModified": "2024-04-16T22:15:26.887", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: GL Accounts LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json new file mode 100644 index 00000000000..7f2cf213c49 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21078.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21078", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:27.060", + "lastModified": "2024-04-16T22:15:27.060", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json new file mode 100644 index 00000000000..2945df7fccc --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21079.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21079", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:27.240", + "lastModified": "2024-04-16T22:15:27.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Campaign LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Marketing accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21080.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21080.json new file mode 100644 index 00000000000..a5679dea5fc --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21080.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21080", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:27.423", + "lastModified": "2024-04-16T22:15:27.423", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: REST Services). Supported versions that are affected are 12.2.9-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Applications Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21081.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21081.json new file mode 100644 index 00000000000..8d2c0f66204 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21081.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21081", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:27.603", + "lastModified": "2024-04-16T22:15:27.603", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Partner Management product of Oracle E-Business Suite (component: Attribute Admin Setup). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Partner Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Partner Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Partner Management accessible data. CVSS 3.1 Base Score 4.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json new file mode 100644 index 00000000000..6e2665a2be9 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21082.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21082", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:27.780", + "lastModified": "2024-04-16T22:15:27.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json new file mode 100644 index 00000000000..7275063c446 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21083.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21083", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:27.953", + "lastModified": "2024-04-16T22:15:27.953", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Script Engine). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in takeover of Oracle BI Publisher. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21084.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21084.json new file mode 100644 index 00000000000..187dc28f346 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21084.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21084", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:28.120", + "lastModified": "2024-04-16T22:15:28.120", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Service Gateway). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher. While the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21085.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21085.json new file mode 100644 index 00000000000..80157c5a2f3 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21085.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21085", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:28.293", + "lastModified": "2024-04-16T22:15:28.293", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Concurrency). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21086.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21086.json new file mode 100644 index 00000000000..03a7990181e --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21086.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21086", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:28.463", + "lastModified": "2024-04-16T22:15:28.463", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle CRM Technical Foundation accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21087.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21087.json new file mode 100644 index 00000000000..9a3fd7b533b --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21087.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21087", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:28.640", + "lastModified": "2024-04-16T22:15:28.640", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Group Replication Plugin). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21088.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21088.json new file mode 100644 index 00000000000..1b0fed8b99d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21088.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21088", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:28.810", + "lastModified": "2024-04-16T22:15:28.810", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Production Scheduling product of Oracle E-Business Suite (component: Import Utility). Supported versions that are affected are 12.2.4-12.2.12. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Production Scheduling. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Production Scheduling accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21089.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21089.json new file mode 100644 index 00000000000..06adf071c03 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21089.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21089", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:28.987", + "lastModified": "2024-04-16T22:15:28.987", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: Request Submission and Scheduling). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Concurrent Processing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21090.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21090.json new file mode 100644 index 00000000000..c3652dc9e2d --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21090.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21090", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:29.153", + "lastModified": "2024-04-16T22:15:29.153", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 8.3.0 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21091.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21091.json new file mode 100644 index 00000000000..d30ee80314f --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21091.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21091", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:29.330", + "lastModified": "2024-04-16T22:15:29.330", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Data Import). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21092.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21092.json new file mode 100644 index 00000000000..b376282efff --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21092.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21092", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:29.493", + "lastModified": "2024-04-16T22:15:29.493", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized access to critical data or complete access to all Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21093.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21093.json new file mode 100644 index 00000000000..7dbb3eba23c --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21093.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21093", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:29.680", + "lastModified": "2024-04-16T22:15:29.680", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.22 and 21.3-21.13. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.6, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21094.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21094.json new file mode 100644 index 00000000000..820fcb26226 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21094.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21094", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:29.857", + "lastModified": "2024-04-16T22:15:29.857", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u401, 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21095.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21095.json new file mode 100644 index 00000000000..6038f1f4c85 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21095.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21095", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:30.040", + "lastModified": "2024-04-16T22:15:30.040", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 19.12.0-19.12.22, 20.12.0-20.12.21, 21.12.0-21.12.18, 22.12.0-22.12.12 and 23.12.0-23.12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.1 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 8.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.2 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json new file mode 100644 index 00000000000..2829aff3fa5 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21096.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21096", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:30.207", + "lastModified": "2024-04-16T22:15:30.207", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where MySQL Server executes to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to a subset of MySQL Server accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.4, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21097.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21097.json new file mode 100644 index 00000000000..a584ba5c2ff --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21097.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21097", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:30.380", + "lastModified": "2024-04-16T22:15:30.380", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.59, 8.60 and 8.61. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21098.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21098.json new file mode 100644 index 00000000000..5460f1862e9 --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21098.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21098", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:30.550", + "lastModified": "2024-04-16T22:15:30.550", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.10, 21.0.2, 22; Oracle GraalVM Enterprise Edition: 20.3.13 and 21.3.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. CVSS 3.1 Base Score 3.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21099.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21099.json new file mode 100644 index 00000000000..5c74ef965ec --- /dev/null +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21099.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21099", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:30.723", + "lastModified": "2024-04-16T22:15:30.723", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Data Visualization). The supported version that is affected is 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21100.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21100.json new file mode 100644 index 00000000000..2f5db101b61 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21100.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21100", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:30.903", + "lastModified": "2024-04-16T22:15:30.903", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Platform). Supported versions that are affected are 11.3.0, 11.3.1 and 11.3.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Commerce Platform. While the vulnerability is in Oracle Commerce Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Commerce Platform accessible data. CVSS 3.1 Base Score 4.0 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.0, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21101.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21101.json new file mode 100644 index 00000000000..61ca2b988cb --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21101.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21101", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:31.087", + "lastModified": "2024-04-16T22:15:31.087", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 and prior, 7.6.29 and prior, 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Cluster. Successful attacks of this vulnerability can result in unauthorized read access to a subset of MySQL Cluster accessible data. CVSS 3.1 Base Score 2.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.2, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.7, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21102.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21102.json new file mode 100644 index 00000000000..a7cc89a694e --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21102.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21102", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:31.270", + "lastModified": "2024-04-16T22:15:31.270", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Thread Pooling). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21103.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21103.json new file mode 100644 index 00000000000..a289e62481a --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21103.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21103", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:31.437", + "lastModified": "2024-04-16T22:15:31.437", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21104.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21104.json new file mode 100644 index 00000000000..774189440f4 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21104.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21104", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:31.600", + "lastModified": "2024-04-16T22:15:31.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 6.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.6, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21105.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21105.json new file mode 100644 index 00000000000..99779753bc0 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21105.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21105", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:31.770", + "lastModified": "2024-04-16T22:15:31.770", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Solaris product of Oracle Systems (component: Utility). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 2.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 2.0, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.6, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21106.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21106.json new file mode 100644 index 00000000000..45979ed0100 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21106.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21106", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:31.940", + "lastModified": "2024-04-16T22:15:31.940", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21107.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21107.json new file mode 100644 index 00000000000..30d750d03b0 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21107.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21107", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:32.110", + "lastModified": "2024-04-16T22:15:32.110", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21108.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21108.json new file mode 100644 index 00000000000..2a89283c59c --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21108.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21108", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:32.277", + "lastModified": "2024-04-16T22:15:32.277", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21109.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21109.json new file mode 100644 index 00000000000..231692e6cc8 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21109.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21109", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:32.440", + "lastModified": "2024-04-16T22:15:32.440", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21110.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21110.json new file mode 100644 index 00000000000..a10ee356b43 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21110.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21110", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:32.617", + "lastModified": "2024-04-16T22:15:32.617", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21111.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21111.json new file mode 100644 index 00000000000..1e216778544 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21111.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21111", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:32.780", + "lastModified": "2024-04-16T22:15:32.780", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21112.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21112.json new file mode 100644 index 00000000000..0e7862ba783 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21112.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21112", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:32.957", + "lastModified": "2024-04-16T22:15:32.957", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21113.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21113.json new file mode 100644 index 00000000000..ff51d76b33c --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21113.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21113", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:33.127", + "lastModified": "2024-04-16T22:15:33.127", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21114.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21114.json new file mode 100644 index 00000000000..c2b9bb1e86d --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21114.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21114", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:33.300", + "lastModified": "2024-04-16T22:15:33.300", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21115.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21115.json new file mode 100644 index 00000000000..b95db275426 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21115.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21115", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:33.467", + "lastModified": "2024-04-16T22:15:33.467", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 6.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21116.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21116.json new file mode 100644 index 00000000000..226e565ded3 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21116.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21116", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:33.653", + "lastModified": "2024-04-16T22:15:33.653", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Linux hosts only. CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21117.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21117.json new file mode 100644 index 00000000000..4dff6bb98c9 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21117.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21117", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:33.860", + "lastModified": "2024-04-16T22:15:33.860", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21118.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21118.json new file mode 100644 index 00000000000..e15ff457320 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21118.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21118", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:34.027", + "lastModified": "2024-04-16T22:15:34.027", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21119.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21119.json new file mode 100644 index 00000000000..f5090f7e441 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21119.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21119", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:34.197", + "lastModified": "2024-04-16T22:15:34.197", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21120.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21120.json new file mode 100644 index 00000000000..29f14d34b60 --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21120.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21120", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:34.427", + "lastModified": "2024-04-16T22:15:34.427", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Core). Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In Technology executes to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 5.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.4 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-211xx/CVE-2024-21121.json b/CVE-2024/CVE-2024-211xx/CVE-2024-21121.json new file mode 100644 index 00000000000..90cefb9368a --- /dev/null +++ b/CVE-2024/CVE-2024-211xx/CVE-2024-21121.json @@ -0,0 +1,43 @@ +{ + "id": "CVE-2024-21121", + "sourceIdentifier": "secalert_us@oracle.com", + "published": "2024-04-16T22:15:34.600", + "lastModified": "2024-04-16T22:15:34.600", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N)." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "secalert_us@oracle.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.0, + "impactScore": 4.0 + } + ] + }, + "references": [ + { + "url": "https://www.oracle.com/security-alerts/cpuapr2024.html", + "source": "secalert_us@oracle.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-270xx/CVE-2024-27086.json b/CVE-2024/CVE-2024-270xx/CVE-2024-27086.json new file mode 100644 index 00000000000..eb60b7a90b3 --- /dev/null +++ b/CVE-2024/CVE-2024-270xx/CVE-2024-27086.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-27086", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-04-16T22:15:34.783", + "lastModified": "2024-04-16T22:15:34.783", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The MSAL library enabled acquisition of security tokens to call protected APIs. MSAL.NET applications targeting Xamarin Android and .NET Android (e.g., MAUI) using the library from versions 4.48.0 to 4.60.0 are impacted by a low severity vulnerability. \nA malicious application running on a customer Android device can cause local denial of service against applications that were built using MSAL.NET for authentication on the same device (i.e., prevent the user of the legitimate application from logging in) due to incorrect activity export configuration. MSAL.NET version 4.60.1 includes the fix. As a workaround, a developer may explicitly mark the MSAL.NET activity non-exported." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 3.9, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.3, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + }, + { + "lang": "en", + "value": "CWE-926" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/commit/413e319472ccf48c86647f19fa2aa49ff6038488", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/AzureAD/microsoft-authentication-library-for-dotnet/security/advisories/GHSA-x674-v45j-fwxw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27592.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27592.json index ce71997bc93..f5c6b6b1e1a 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27592.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27592.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27592", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-11T21:15:08.027", - "lastModified": "2024-04-12T12:43:57.400", + "lastModified": "2024-04-16T23:15:08.690", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,6 +16,10 @@ ], "metrics": {}, "references": [ + { + "url": "https://github.com/corezoid/helm/issues/110", + "source": "cve@mitre.org" + }, { "url": "https://medium.com/%40nicatabbasov00002/open-redirect-vulnerability-62986ccaf0f7", "source": "cve@mitre.org" diff --git a/CVE-2024/CVE-2024-292xx/CVE-2024-29291.json b/CVE-2024/CVE-2024-292xx/CVE-2024-29291.json new file mode 100644 index 00000000000..458b151f350 --- /dev/null +++ b/CVE-2024/CVE-2024-292xx/CVE-2024-29291.json @@ -0,0 +1,20 @@ +{ + "id": "CVE-2024-29291", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-16T23:15:08.767", + "lastModified": "2024-04-16T23:15:08.767", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in Laravel Framework 8 through 11 might allow a remote attacker to discover database credentials in storage/logs/laravel.log." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/whiteman007/43bd7fa1fa0e47554b33f0cf93066784", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-294xx/CVE-2024-29402.json b/CVE-2024/CVE-2024-294xx/CVE-2024-29402.json new file mode 100644 index 00000000000..4f68c87f434 --- /dev/null +++ b/CVE-2024/CVE-2024-294xx/CVE-2024-29402.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-29402", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-16T23:15:08.827", + "lastModified": "2024-04-16T23:15:08.827", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "cskefu v7 suffers from Insufficient Session Expiration, which allows attackers to exploit the old session for malicious activity." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/cskefu/cskefu/issues/781", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/cskefu/cskefu/pull/803", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31452.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31452.json new file mode 100644 index 00000000000..bdaa2fdf656 --- /dev/null +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31452.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-31452", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-04-16T22:15:35.003", + "lastModified": "2024-04-16T22:15:35.003", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "OpenFGA is a high-performance and flexible authorization/permission engine. Some end users of OpenFGA v1.5.0 or later are vulnerable to authorization bypass when calling Check or ListObjects APIs. You are very likely affected if your model involves exclusion (e.g. `a but not b`) or intersection (e.g. `a and b`). This vulnerability is fixed in v1.5.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/openfga/openfga/commit/b6a6d99b2bdbf8c3781503989576076289f48ed2", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/openfga/openfga/security/advisories/GHSA-8cph-m685-6v6r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31497.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31497.json index aecfdfdc380..38d6eea7678 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31497.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31497.json @@ -2,7 +2,7 @@ "id": "CVE-2024-31497", "sourceIdentifier": "cve@mitre.org", "published": "2024-04-15T20:15:11.077", - "lastModified": "2024-04-16T13:24:07.103", + "lastModified": "2024-04-16T23:15:08.903", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -40,6 +40,10 @@ "url": "https://github.com/advisories/GHSA-6p4c-r453-8743", "source": "cve@mitre.org" }, + { + "url": "https://github.com/daedalus/BreakingECDSAwithLLL", + "source": "cve@mitre.org" + }, { "url": "https://news.ycombinator.com/item?id=40044665", "source": "cve@mitre.org" @@ -48,6 +52,10 @@ "url": "https://security-tracker.debian.org/tracker/CVE-2024-31497", "source": "cve@mitre.org" }, + { + "url": "https://securityonline.info/cve-2024-31497-critical-putty-vulnerability-exposes-private-keys-immediate-action-required/", + "source": "cve@mitre.org" + }, { "url": "https://tartarus.org/~simon/putty-snapshots/htmldoc/Chapter9.html#pageant-forward", "source": "cve@mitre.org" @@ -56,6 +64,10 @@ "url": "https://tortoisegit.org", "source": "cve@mitre.org" }, + { + "url": "https://twitter.com/CCBalert/status/1780229237569470549", + "source": "cve@mitre.org" + }, { "url": "https://twitter.com/lambdafu/status/1779969509522133272", "source": "cve@mitre.org" @@ -64,6 +76,10 @@ "url": "https://winscp.net/eng/news.php", "source": "cve@mitre.org" }, + { + "url": "https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/", + "source": "cve@mitre.org" + }, { "url": "https://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html", "source": "cve@mitre.org" diff --git a/CVE-2024/CVE-2024-317xx/CVE-2024-31759.json b/CVE-2024/CVE-2024-317xx/CVE-2024-31759.json new file mode 100644 index 00000000000..e64c4afaefc --- /dev/null +++ b/CVE-2024/CVE-2024-317xx/CVE-2024-31759.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-31759", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-16T23:15:09.047", + "lastModified": "2024-04-16T23:15:09.047", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in sanluan PublicCMS v.4.0.202302.e allows an attacker to escalate privileges via the change password function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://1drv.ms/v/s%21AmTWEcd1YDpUjgoJ8lkA8pN8zYEJ?e=gIlbGf", + "source": "cve@mitre.org" + }, + { + "url": "https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/menghaining/PoC/blob/main/PublicCMS/publishCMS--PoC.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-317xx/CVE-2024-31760.json b/CVE-2024/CVE-2024-317xx/CVE-2024-31760.json new file mode 100644 index 00000000000..510d6691b6b --- /dev/null +++ b/CVE-2024/CVE-2024-317xx/CVE-2024-31760.json @@ -0,0 +1,28 @@ +{ + "id": "CVE-2024-31760", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-04-16T23:15:09.107", + "lastModified": "2024-04-16T23:15:09.107", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "An issue in sanluan flipped-aurora gin-vue-admin 2.4.x allows an attacker to escalate privileges via the Session Expiration component." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/menghaining/8d424faebfe869c80eadaea12bbdd158", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/flipped-aurora/gin-vue-admin/issues/1324", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/menghaining/PoC/blob/main/gin-vue-admin/gin-vue-admin--PoC.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-318xx/CVE-2024-31887.json b/CVE-2024/CVE-2024-318xx/CVE-2024-31887.json new file mode 100644 index 00000000000..b20efb06077 --- /dev/null +++ b/CVE-2024/CVE-2024-318xx/CVE-2024-31887.json @@ -0,0 +1,59 @@ +{ + "id": "CVE-2024-31887", + "sourceIdentifier": "psirt@us.ibm.com", + "published": "2024-04-16T22:15:35.240", + "lastModified": "2024-04-16T22:15:35.240", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "IBM Security Verify Privilege 11.6.25 could allow an unauthenticated actor to obtain sensitive information from the SOAP API. IBM X-Force ID: 287651." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "psirt@us.ibm.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "psirt@us.ibm.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/287651", + "source": "psirt@us.ibm.com" + }, + { + "url": "https://www.ibm.com/support/pages/node/7148438", + "source": "psirt@us.ibm.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-320xx/CVE-2024-32036.json b/CVE-2024/CVE-2024-320xx/CVE-2024-32036.json index 99765eb3531..49933265b80 100644 --- a/CVE-2024/CVE-2024-320xx/CVE-2024-32036.json +++ b/CVE-2024/CVE-2024-320xx/CVE-2024-32036.json @@ -2,12 +2,12 @@ "id": "CVE-2024-32036", "sourceIdentifier": "security-advisories@github.com", "published": "2024-04-15T20:15:11.543", - "lastModified": "2024-04-16T13:24:07.103", + "lastModified": "2024-04-16T23:15:09.173", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", - "value": "ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to ImageSharp for conversion, potentially leading to information disclosure. The problem has been patched in v3.1.4 and v2.1.8." + "value": "ImageSharp is a 2D graphics API. A data leakage flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to a software using ImageSharp, potentially disclosing sensitive information from other parts of the software in the resulting image buffer. The problem has been patched in v3.1.4 and v2.1.8." }, { "lang": "es", @@ -21,20 +21,20 @@ "type": "Secondary", "cvssData": { "version": "3.1", - "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", - "attackVector": "LOCAL", - "attackComplexity": "LOW", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.1, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" }, - "exploitabilityScore": 1.8, - "impactScore": 5.2 + "exploitabilityScore": 1.6, + "impactScore": 3.6 } ] }, @@ -46,10 +46,6 @@ { "lang": "en", "value": "CWE-226" - }, - { - "lang": "en", - "value": "CWE-416" } ] } diff --git a/README.md b/README.md index 9d5b14319e6..2dba0d90835 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-04-16T22:00:38.643659+00:00 +2024-04-16T23:55:32.287910+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-04-16T21:15:08.603000+00:00 +2024-04-16T23:15:09.173000+00:00 ``` ### Last Data Feed Release @@ -33,32 +33,48 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -245747 +245887 ``` ### CVEs added in the last Commit -Recently added CVEs: `13` +Recently added CVEs: `140` -- [CVE-2022-24805](CVE-2022/CVE-2022-248xx/CVE-2022-24805.json) (`2024-04-16T20:15:07.600`) -- [CVE-2022-24806](CVE-2022/CVE-2022-248xx/CVE-2022-24806.json) (`2024-04-16T20:15:08.413`) -- [CVE-2022-24807](CVE-2022/CVE-2022-248xx/CVE-2022-24807.json) (`2024-04-16T20:15:08.647`) -- [CVE-2022-24808](CVE-2022/CVE-2022-248xx/CVE-2022-24808.json) (`2024-04-16T20:15:08.840`) -- [CVE-2022-24809](CVE-2022/CVE-2022-248xx/CVE-2022-24809.json) (`2024-04-16T20:15:09.033`) -- [CVE-2022-24810](CVE-2022/CVE-2022-248xx/CVE-2022-24810.json) (`2024-04-16T20:15:09.227`) -- [CVE-2023-51391](CVE-2023/CVE-2023-513xx/CVE-2023-51391.json) (`2024-04-16T20:15:09.437`) -- [CVE-2024-30378](CVE-2024/CVE-2024-303xx/CVE-2024-30378.json) (`2024-04-16T20:15:09.680`) -- [CVE-2024-30380](CVE-2024/CVE-2024-303xx/CVE-2024-30380.json) (`2024-04-16T20:15:09.887`) -- [CVE-2024-31446](CVE-2024/CVE-2024-314xx/CVE-2024-31446.json) (`2024-04-16T20:15:10.083`) -- [CVE-2024-3660](CVE-2024/CVE-2024-36xx/CVE-2024-3660.json) (`2024-04-16T21:15:08.603`) -- [CVE-2024-3881](CVE-2024/CVE-2024-38xx/CVE-2024-3881.json) (`2024-04-16T20:15:10.280`) -- [CVE-2024-3882](CVE-2024/CVE-2024-38xx/CVE-2024-3882.json) (`2024-04-16T20:15:10.523`) +- [CVE-2024-21104](CVE-2024/CVE-2024-211xx/CVE-2024-21104.json) (`2024-04-16T22:15:31.600`) +- [CVE-2024-21105](CVE-2024/CVE-2024-211xx/CVE-2024-21105.json) (`2024-04-16T22:15:31.770`) +- [CVE-2024-21106](CVE-2024/CVE-2024-211xx/CVE-2024-21106.json) (`2024-04-16T22:15:31.940`) +- [CVE-2024-21107](CVE-2024/CVE-2024-211xx/CVE-2024-21107.json) (`2024-04-16T22:15:32.110`) +- [CVE-2024-21108](CVE-2024/CVE-2024-211xx/CVE-2024-21108.json) (`2024-04-16T22:15:32.277`) +- [CVE-2024-21109](CVE-2024/CVE-2024-211xx/CVE-2024-21109.json) (`2024-04-16T22:15:32.440`) +- [CVE-2024-21110](CVE-2024/CVE-2024-211xx/CVE-2024-21110.json) (`2024-04-16T22:15:32.617`) +- [CVE-2024-21111](CVE-2024/CVE-2024-211xx/CVE-2024-21111.json) (`2024-04-16T22:15:32.780`) +- [CVE-2024-21112](CVE-2024/CVE-2024-211xx/CVE-2024-21112.json) (`2024-04-16T22:15:32.957`) +- [CVE-2024-21113](CVE-2024/CVE-2024-211xx/CVE-2024-21113.json) (`2024-04-16T22:15:33.127`) +- [CVE-2024-21114](CVE-2024/CVE-2024-211xx/CVE-2024-21114.json) (`2024-04-16T22:15:33.300`) +- [CVE-2024-21115](CVE-2024/CVE-2024-211xx/CVE-2024-21115.json) (`2024-04-16T22:15:33.467`) +- [CVE-2024-21116](CVE-2024/CVE-2024-211xx/CVE-2024-21116.json) (`2024-04-16T22:15:33.653`) +- [CVE-2024-21117](CVE-2024/CVE-2024-211xx/CVE-2024-21117.json) (`2024-04-16T22:15:33.860`) +- [CVE-2024-21118](CVE-2024/CVE-2024-211xx/CVE-2024-21118.json) (`2024-04-16T22:15:34.027`) +- [CVE-2024-21119](CVE-2024/CVE-2024-211xx/CVE-2024-21119.json) (`2024-04-16T22:15:34.197`) +- [CVE-2024-21120](CVE-2024/CVE-2024-211xx/CVE-2024-21120.json) (`2024-04-16T22:15:34.427`) +- [CVE-2024-21121](CVE-2024/CVE-2024-211xx/CVE-2024-21121.json) (`2024-04-16T22:15:34.600`) +- [CVE-2024-27086](CVE-2024/CVE-2024-270xx/CVE-2024-27086.json) (`2024-04-16T22:15:34.783`) +- [CVE-2024-29291](CVE-2024/CVE-2024-292xx/CVE-2024-29291.json) (`2024-04-16T23:15:08.767`) +- [CVE-2024-29402](CVE-2024/CVE-2024-294xx/CVE-2024-29402.json) (`2024-04-16T23:15:08.827`) +- [CVE-2024-31452](CVE-2024/CVE-2024-314xx/CVE-2024-31452.json) (`2024-04-16T22:15:35.003`) +- [CVE-2024-31759](CVE-2024/CVE-2024-317xx/CVE-2024-31759.json) (`2024-04-16T23:15:09.047`) +- [CVE-2024-31760](CVE-2024/CVE-2024-317xx/CVE-2024-31760.json) (`2024-04-16T23:15:09.107`) +- [CVE-2024-31887](CVE-2024/CVE-2024-318xx/CVE-2024-31887.json) (`2024-04-16T22:15:35.240`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `4` +- [CVE-2024-0914](CVE-2024/CVE-2024-09xx/CVE-2024-0914.json) (`2024-04-16T22:15:11.330`) +- [CVE-2024-27592](CVE-2024/CVE-2024-275xx/CVE-2024-27592.json) (`2024-04-16T23:15:08.690`) +- [CVE-2024-31497](CVE-2024/CVE-2024-314xx/CVE-2024-31497.json) (`2024-04-16T23:15:08.903`) +- [CVE-2024-32036](CVE-2024/CVE-2024-320xx/CVE-2024-32036.json) (`2024-04-16T23:15:09.173`) ## Download and Usage diff --git a/_state.csv b/_state.csv index d9ecb5edda2..fbc95dd972a 100644 --- a/_state.csv +++ b/_state.csv @@ -193288,13 +193288,13 @@ CVE-2022-24801,0,0,d1eda5f96b53a68346c98c0a334fd09d53400fc14ce272ea07d03c24d2bce CVE-2022-24802,0,0,7f8f65a402c4d4f58f7b6ee1f4148a40bdb5289eb448dad6237f1438534c0018,2022-04-11T18:38:45.323000 CVE-2022-24803,0,0,d07ca9bc80a2fa79fe798076edfb51852a02922c8ba1c3d35fa6c0bc561de28a,2022-04-11T20:15:58.487000 CVE-2022-24804,0,0,1a06e26ac66e3bb8d9c3fe5e9e5ab5315a3e550401c2c97809d5f9ed13ace9a1,2022-04-18T17:01:16.767000 -CVE-2022-24805,1,1,aec901700406115f041ddef6ec6b81ffe17a4f62e56daf05be2f5ba9e201dc31,2024-04-16T20:15:07.600000 -CVE-2022-24806,1,1,df0ae1ae71dd9d2a14070c84b8770688107ca0c3289236fc2751e69c94fffe72,2024-04-16T20:15:08.413000 -CVE-2022-24807,1,1,f46b1b2944ed75e9db20db2755e06ecfdf720c9a9dac0129c51805cf9c9b57f3,2024-04-16T20:15:08.647000 -CVE-2022-24808,1,1,1c36761c8338297c4c3705c10d7c2dabd15d2b38c3eef5859a7fe789d4897542,2024-04-16T20:15:08.840000 -CVE-2022-24809,1,1,29401ccbdfa2c152276df2fd1bdacd0b5aec2438ab277a8f4d801acf2826e696,2024-04-16T20:15:09.033000 +CVE-2022-24805,0,0,aec901700406115f041ddef6ec6b81ffe17a4f62e56daf05be2f5ba9e201dc31,2024-04-16T20:15:07.600000 +CVE-2022-24806,0,0,df0ae1ae71dd9d2a14070c84b8770688107ca0c3289236fc2751e69c94fffe72,2024-04-16T20:15:08.413000 +CVE-2022-24807,0,0,f46b1b2944ed75e9db20db2755e06ecfdf720c9a9dac0129c51805cf9c9b57f3,2024-04-16T20:15:08.647000 +CVE-2022-24808,0,0,1c36761c8338297c4c3705c10d7c2dabd15d2b38c3eef5859a7fe789d4897542,2024-04-16T20:15:08.840000 +CVE-2022-24809,0,0,29401ccbdfa2c152276df2fd1bdacd0b5aec2438ab277a8f4d801acf2826e696,2024-04-16T20:15:09.033000 CVE-2022-2481,0,0,5bf20cab6a1da71985566d648ea0a0262dcfc0d6302af9a2089ceb3524d0e9de,2023-11-07T03:46:36.830000 -CVE-2022-24810,1,1,c28f516dfad1d20dae633d79ff073ace3700386aff7303d8731ad51214d85912,2024-04-16T20:15:09.227000 +CVE-2022-24810,0,0,c28f516dfad1d20dae633d79ff073ace3700386aff7303d8731ad51214d85912,2024-04-16T20:15:09.227000 CVE-2022-24811,0,0,b29c6815fdcb7719c945862b9595a9493a2e8eb42072aaaa8fe6a63300fa384c,2022-04-19T15:21:45.163000 CVE-2022-24812,0,0,ce008f94aa10997bc97e737f1581229f965621f271cc46721cdafe11260a13fa,2022-09-09T16:42:59.423000 CVE-2022-24813,0,0,21ba8ed56728391b9f4068642fe209902ce9d4668995613066f13664d2737d7c,2023-06-23T19:01:44.610000 @@ -235670,7 +235670,7 @@ CVE-2023-51388,0,0,23d45ab8268f61b603be601097b6403fe4846d03068822a939edea7f32dfb CVE-2023-51389,0,0,1ab7e7a3a71f66a7621faf47f7e371d4af946a67075635b4b3343083855bb6c4,2024-02-22T19:07:27.197000 CVE-2023-5139,0,0,45ab71d0a08a733e36a646ff7244b4f355dd92a60fbfd4d74553b86425e7d813,2024-01-21T01:44:13.437000 CVE-2023-51390,0,0,aec164d1ba230dc6205a9a23a906268daf85aeab87f80c94d3bcd0e722b52384,2024-01-02T16:25:35.387000 -CVE-2023-51391,1,1,7c9b1151b7a2b54a66a978c4556effb333f0223b956d1e47c1f79844725b63d1,2024-04-16T20:15:09.437000 +CVE-2023-51391,0,0,7c9b1151b7a2b54a66a978c4556effb333f0223b956d1e47c1f79844725b63d1,2024-04-16T20:15:09.437000 CVE-2023-51392,0,0,67927e656158c46412ae3bb504118fce54b24cfa01ec58a8655578d96aa8e815,2024-02-23T19:31:25.817000 CVE-2023-51393,0,0,134d5dde596b1c0957ff0f344967668816279a31dc85a1621f6b9d383706e3f6,2024-02-26T13:42:22.567000 CVE-2023-51394,0,0,71b2bd989998d21aa0bbb95271be09edc08ce6d20103c2e6bcee8ea1c20c92b8,2024-02-26T13:42:22.567000 @@ -238939,7 +238939,7 @@ CVE-2024-0907,0,0,736d9a373e93547114922fac343df53c487c280e59648bef9a3cecc6379f90 CVE-2024-0909,0,0,7864e9d833556eb295eb67e87cebb39c8d9b11d41ed1f5327a80b30fe013438c,2024-02-08T20:07:51.410000 CVE-2024-0911,0,0,5f8186e1a077698fb2fa1e99d28cc6e32ac8b7b7afb205a3a02bc10c8ca698f0,2024-02-14T18:15:48.077000 CVE-2024-0913,0,0,cc9dbbd0e1eb40baf69d2dc96719798ae1dcba5ab6fc531754d7fd6a8c7e7f1d,2024-03-29T12:45:02.937000 -CVE-2024-0914,0,0,b9ae24530d030e11835beec7abd395d735c33bc26629dbf8de14e18d8717640a,2024-04-02T19:15:46.680000 +CVE-2024-0914,0,1,0e30b945bb509fa0d2bc0b307e8920a9ca89d326b7b4c1c386bc1b08db5275e0,2024-04-16T22:15:11.330000 CVE-2024-0917,0,0,1096c18fb8e959955c123559a721fd9eb8bfd390fb54eac5e8167e50a31dc158,2024-03-07T15:15:08.257000 CVE-2024-0918,0,0,665fb2ab3d0de8862f8c0f360fe055729484bae6812ecb9bc73647194d5411aa,2024-04-11T01:24:12.193000 CVE-2024-0919,0,0,589179645f375446af0d6856749f5d8581b8fa706e54f9dca7ffc4f53fa26164,2024-04-11T01:24:12.283000 @@ -240193,6 +240193,7 @@ CVE-2024-20950,0,0,32c0f5cb59e7c130a00739028db90d5b34109b274bf0b583559e0ef0dda25 CVE-2024-20951,0,0,b17c14c257c2e51309f12c914a15b8f22d172a66204fd5740f2d7618130689e5,2024-02-20T19:51:05.510000 CVE-2024-20952,0,0,7957ba932035deb7b04bf9fd56a6980467fb3f16d0b62e00bf598071fcd8479f,2024-02-15T03:18:31.140000 CVE-2024-20953,0,0,79439b14c378308eaeb3d77fa260d91a67ac61cdabeddcb908ef73ad775fa897,2024-02-20T19:51:05.510000 +CVE-2024-20954,1,1,1b3cff32868f8ef9fa8cab26659ccded6cdd335671f7807e559eeb06f28b071d,2024-04-16T22:15:11.570000 CVE-2024-20955,0,0,05c43eead42002e8bf1c331a3e1f9e86bd97fbf64642fb46b8c945f04d3570a4,2024-02-09T02:26:25.517000 CVE-2024-20956,0,0,4a89a3bb6eaf3756d6410a6795c8b17d6ca727f95abdba61f342d6ebe0a23c6d,2024-02-20T19:51:05.510000 CVE-2024-20957,0,0,d1288734ff34c61b4455c5d61dc20cc713104f20309fe93a5491a293ace0102b,2024-01-20T18:31:43.287000 @@ -240227,13 +240228,145 @@ CVE-2024-20984,0,0,585d056539d5b2a7ec102aa133531262bc58f31d6c087eb30a1c927656ef9 CVE-2024-20985,0,0,1887d4efcd4074083ed6001311349bddeba13ac350578caa9144fb2633e7d1e2,2024-02-02T17:27:12.127000 CVE-2024-20986,0,0,55fd916bbc66a048aba24029df1cdbff6d17cbdc5963bc85efdc3f349c48d99c,2024-02-20T19:50:53.960000 CVE-2024-20987,0,0,e6a4199f934ca8909c51db00ae903048e2b51791ebdf6565c06b10750c7af3ef,2024-01-20T18:30:16.877000 +CVE-2024-20989,1,1,24bd66160dcd01603ef9a4851c4e5500f60b712eab8cde5d6558188934f30cdc,2024-04-16T22:15:11.777000 +CVE-2024-20990,1,1,1f2b6c78c36b21b35c4cab89a838c9a38f38088c4a36c08aa77f1f65658e2112,2024-04-16T22:15:11.950000 +CVE-2024-20991,1,1,f7941a97e294f105dcd20a6671868dc0049be6e06eb929430f1c839415c2749b,2024-04-16T22:15:12.110000 +CVE-2024-20992,1,1,bb84e3a34b7d7232702fad67c49d8138a12244badca117134b7274064ac77153,2024-04-16T22:15:12.280000 +CVE-2024-20993,1,1,da89184bf9556231d8ffb00987f4a32f464b19ae4e05e44e8feb1fe98c3aebf1,2024-04-16T22:15:12.453000 +CVE-2024-20994,1,1,8bb0c6f9e9c9e2900660c0a56d574e56c5270083be86c93d88330070f8338576,2024-04-16T22:15:12.623000 +CVE-2024-20995,1,1,98b0651bae746f006582628d0a65c2eaaf6ce3de2c23eadbde7e9029acc0a35b,2024-04-16T22:15:12.793000 +CVE-2024-20997,1,1,b01de6bd0f3b1ccd4a1739b4ba353f58264a04c937a098746ad386fd9fd6e030,2024-04-16T22:15:12.970000 +CVE-2024-20998,1,1,dcaaa0d5cec4adbb2b67dee3b42c4cf6aa6c0406d43865be7ef359b1b61fe7fe,2024-04-16T22:15:13.140000 +CVE-2024-20999,1,1,5da01f1cdb292e263ab68d383757ae155303fc6a09aba69275d7eb6bb9513f3a,2024-04-16T22:15:13.350000 +CVE-2024-21000,1,1,b1e376ae55bf616084d4afc76bd91c2aeb3f1a482f42d2aa132d547fda429856,2024-04-16T22:15:13.520000 +CVE-2024-21001,1,1,2b4f89fa6de8475a4000712b6079e0b52b44ea7e7696fe0294ac7344afce2602,2024-04-16T22:15:13.687000 +CVE-2024-21002,1,1,ffbd432b8311304ca8ec20919b7812a33af6c33f7d61c53f1da75adb9e56a247,2024-04-16T22:15:13.870000 +CVE-2024-21003,1,1,00dd51a70fe0612321559d480def2ab7ce04633a9f1842b200ffeae1dba6cc44,2024-04-16T22:15:14.040000 +CVE-2024-21004,1,1,61ad4f441881a3344e339e3a481dd630541c6bcfe7d8765dc285e640d99166d3,2024-04-16T22:15:14.210000 +CVE-2024-21005,1,1,c2f9d72bf49b7451dd0149f8cf3c266ece3db56df05490ab87519b17dbab58eb,2024-04-16T22:15:14.373000 +CVE-2024-21006,1,1,5eec6ec005650cd1dbf142caefdbc17f2bedd7c06d8499db20672b0f536c4631,2024-04-16T22:15:14.580000 +CVE-2024-21007,1,1,2563c4d9da347d2a38b89329ea4e910efcfdb9494ef6408f0cc298fcbe8fd3c3,2024-04-16T22:15:14.750000 +CVE-2024-21008,1,1,e95becd4e783498ca54c433b1842c818ff2f7c3fd6420f710879bf3a514777fb,2024-04-16T22:15:14.920000 +CVE-2024-21009,1,1,9ddc1504b8228a31863180fe7fe1fa2f317c04b18cfdcdfe45e45611d7d9540d,2024-04-16T22:15:15.090000 +CVE-2024-21010,1,1,55c3a7d9f03e27fb74e2bc734e6bb2202aac2b7c31fe23512468ce93a5d8cfcd,2024-04-16T22:15:15.260000 +CVE-2024-21011,1,1,baa595ade65223b04108911c488632f6e636cd204ddbb3de01b96a559e2ec2b7,2024-04-16T22:15:15.437000 +CVE-2024-21012,1,1,1e371a0544b8df7e7282a19c4a4ba29026fb2118b4f7f0e52810b94d3fe65e5e,2024-04-16T22:15:15.617000 +CVE-2024-21013,1,1,e2e97914744a61b187d473751d0bf550616b97331057f1618c93fe66e5658f37,2024-04-16T22:15:15.793000 +CVE-2024-21014,1,1,96e5bc7a4bf50754d27227b9e23d97bae5459af5c4b4da7eebd614eec1522af8,2024-04-16T22:15:15.967000 +CVE-2024-21015,1,1,918463f0f050d0c7192efe1d2e4d2873c8f36172a550d9fd537585c771992484,2024-04-16T22:15:16.140000 +CVE-2024-21016,1,1,8b7bc3eb1bee49cdeabf4139f268ad0a541636915b570c6a67b2f4b706bad608,2024-04-16T22:15:16.310000 +CVE-2024-21017,1,1,5435ef4d7111abb27e9fef847b3abed74d61012b8af907690f7a72cf81d1aee3,2024-04-16T22:15:16.480000 +CVE-2024-21018,1,1,78de31f919dcc65a4219d6547ec52ce01c30507860361f753dea40cfc17b8a0d,2024-04-16T22:15:16.657000 +CVE-2024-21019,1,1,f0715b65c60bf947385aa8d018513125c7b48036a0336443cc8665884c0fec1a,2024-04-16T22:15:16.820000 +CVE-2024-21020,1,1,4aaf81679ff1c2c4fd145b00a9453cb7bab62b5e02f3631293c53cad03e2b962,2024-04-16T22:15:16.990000 +CVE-2024-21021,1,1,6b332607f787e62c7b0abda7b49fbedb9c0789c078796ec62ae6cbbd3dfd5201,2024-04-16T22:15:17.153000 +CVE-2024-21022,1,1,083f86f4f8106af6fa9f026c2d8ac4ecc2a0f155e977c01b8b5f1e99a0b09eaa,2024-04-16T22:15:17.323000 +CVE-2024-21023,1,1,1bf558977a9ac806d1b5707b479369cfec8ec96f8f7d9da8c979f5eebe4cd37a,2024-04-16T22:15:17.490000 +CVE-2024-21024,1,1,f63e04db3cd79d18d5d0ecbe868c78eedd4c4e709c16f6e6ebbf974eed6765e9,2024-04-16T22:15:17.663000 +CVE-2024-21025,1,1,1f485c124b14e70f2369d7154d807b46e0d751540ecffd50879fbb0e0a5833fd,2024-04-16T22:15:17.837000 +CVE-2024-21026,1,1,d4b80277d1390010d34c451606fdffeb4200521fcd228a8babeb84318cd3dead,2024-04-16T22:15:18.020000 +CVE-2024-21027,1,1,22d31dd80df37759e955cfde910e4176d29d728b2f495495cec60a082b2ed598,2024-04-16T22:15:18.183000 +CVE-2024-21028,1,1,301b880241f9e9057e79dc58e33941db3709e174a9b569f580d833c972d9fcbc,2024-04-16T22:15:18.350000 +CVE-2024-21029,1,1,0d090e2bc38ab4004c6c5deb491a06c754995b12bd1e8d5adb04366bb73e2b5f,2024-04-16T22:15:18.527000 CVE-2024-2103,0,0,4357f6f4848f7c5880c727dbfe8b97df3dcf5303e95d5a7ff4fdf7062d775ac8,2024-04-04T16:33:06.610000 +CVE-2024-21030,1,1,8c75cd82a8f7d8f0b15936cf6d46098c24517c837abffed713e5bd945e38d83b,2024-04-16T22:15:18.693000 +CVE-2024-21031,1,1,c3e812d2f8e98cd59e9540c74d0e9cb553f5ece98d75925a1b56d3bbce361cd2,2024-04-16T22:15:18.863000 +CVE-2024-21032,1,1,499cb3f8741ca1f408c1dcd3c8d692ae1425cdc63f5559df15066477b0dc19ba,2024-04-16T22:15:19.037000 +CVE-2024-21033,1,1,36a7a29b617aa82862f772ac68dfac89363af58e6785de33e573f8e9de5a8eef,2024-04-16T22:15:19.210000 +CVE-2024-21034,1,1,96b1b958abb28057efb16bf53f9081378e1a8597a26e68bf2ff74d6e74ffd1d1,2024-04-16T22:15:19.390000 +CVE-2024-21035,1,1,8ac65dec34215388d64935bd78bb407e666777cfaa56822d31f5d358af6e1703,2024-04-16T22:15:19.597000 +CVE-2024-21036,1,1,dfb62af68cf8f5531d93994ea82cf061a87328cfbee66223e1ad40c35760ee84,2024-04-16T22:15:19.760000 +CVE-2024-21037,1,1,afa37d25738d1d39f16f2d11e420320b2c4db922bfbda666d8a23aee4e319893,2024-04-16T22:15:19.927000 +CVE-2024-21038,1,1,dac915e59cabfb89e49d571f6a56814b47a31584a817f2ba1defb6ea2b194cd0,2024-04-16T22:15:20.093000 +CVE-2024-21039,1,1,10c002d202bcb8f75d80fbc44d870be2bd541f746a3e99df7badd5aec0381758,2024-04-16T22:15:20.260000 +CVE-2024-21040,1,1,8015f1922e39d2758e23274ad121b8562da082d2d16784253be3d7334eae36bb,2024-04-16T22:15:20.427000 +CVE-2024-21041,1,1,9873619ff3ccc808457024a3e299af127d4cd31d336f9b4bf19b0afc66c97716,2024-04-16T22:15:20.597000 +CVE-2024-21042,1,1,4fc812d7abc6f1a7d636889bf11cf3936cf019b65645c751c48e7fa624409187,2024-04-16T22:15:20.773000 +CVE-2024-21043,1,1,dcfbc27b4e7222c1224ffa3288921051b06130e94ff55574e264140a91e90396,2024-04-16T22:15:20.943000 +CVE-2024-21044,1,1,790353004fa605e951782be705be4dcba3252301003564ca908360f3680aaf3b,2024-04-16T22:15:21.110000 +CVE-2024-21045,1,1,0970dedfc25c26e9989960e5bf6a924f819d62e089aa4d68300d517eee99c858,2024-04-16T22:15:21.287000 +CVE-2024-21046,1,1,0e9cbe2c07294db14dab6bbcef2dcdb15b4af36a0279e290c37493804747890c,2024-04-16T22:15:21.460000 +CVE-2024-21047,1,1,825793c807831c0337a4fdabe2fc398ca366be96d6b0fcd2e453207aee55e1d4,2024-04-16T22:15:21.643000 +CVE-2024-21048,1,1,6fc80fd63f07c5f81a654ccaf350b061a6d70adad335bd2b377644e3cb63173f,2024-04-16T22:15:21.810000 +CVE-2024-21049,1,1,062a98d80f686aa654f81f8f28b989eacb62bf1b30a7d30cddc300418d7e2855,2024-04-16T22:15:21.990000 +CVE-2024-21050,1,1,c7967f475ab5b694532d707ab2561ebfd794b9cf6a29ab2bcdbce77a989a5b83,2024-04-16T22:15:22.157000 +CVE-2024-21051,1,1,bfcbbd2f3e85d7953d1436f3cf7c2c6f02b0f2977632fca40758580128f7112d,2024-04-16T22:15:22.330000 +CVE-2024-21052,1,1,ae16c308947c086073bb6d5e0f4ac12dd9329b0ca8c55fdb909fdd75ea492e19,2024-04-16T22:15:22.500000 +CVE-2024-21053,1,1,755e699b39ad98f6e83a02ac9f41f5c69bd3030c128249a1025cd68e2dd962dc,2024-04-16T22:15:22.673000 +CVE-2024-21054,1,1,5392b2f1a92dfa22b4167767b909f7c0c1a3e0addbaac0cd74f99df10664013c,2024-04-16T22:15:22.840000 +CVE-2024-21055,1,1,d87b01faf34859398519021f0c35bc98385c0588792b07e6a4dc7f20508bec9a,2024-04-16T22:15:23.010000 +CVE-2024-21056,1,1,a31cbb0adfdf342a78b978d6813898086c6ecd42d5a8cb9c6dd380f29845de8e,2024-04-16T22:15:23.183000 +CVE-2024-21057,1,1,f7d92b4b5c779319636a820a9209f8646e774bf5819a744395f1b5b2ad706229,2024-04-16T22:15:23.350000 +CVE-2024-21058,1,1,5905a9d121afbaf74301e0c7ae0502ddc1e6e69dde9f71547f594e81858a270a,2024-04-16T22:15:23.570000 +CVE-2024-21059,1,1,649b4a7d796567ae5bbc4dd91d5af813f6b4d96443dd524c48e374c518e7f97c,2024-04-16T22:15:23.740000 CVE-2024-2106,0,0,15de6b929ace188c18cf26b3c461a92f15449ebc8c35903dbddfc1b7b27db756,2024-03-13T18:15:58.530000 +CVE-2024-21060,1,1,9df78d1ff9b465d287a4dd45147bcaccecd135238082a5b8af90c54a70f4cf11,2024-04-16T22:15:23.910000 +CVE-2024-21061,1,1,1e0b82d131b021430ce55c8a53a9f066559ac19abb645545241777d555c24bf7,2024-04-16T22:15:24.080000 +CVE-2024-21062,1,1,9790253ba053a45bbf42752fe93f570398dfb5936bd5c386018a7eac7055ce31,2024-04-16T22:15:24.247000 +CVE-2024-21063,1,1,3fc41f5e5c2dafb9b60cdd2e3f7c5d5c79c15ee9c491854dbc50b0a819c01b2d,2024-04-16T22:15:24.417000 +CVE-2024-21064,1,1,a7cdbf2d59c586eea5f775e8c2b39cd9f279eebbf0087251f078c5d617b4281e,2024-04-16T22:15:24.607000 +CVE-2024-21065,1,1,66abc7dfaa92be88296241fef613906ee3919bbf7d1def9a1cb3fec2d7653199,2024-04-16T22:15:24.780000 +CVE-2024-21066,1,1,142a6c2265900556cceab9d34617e3718b7776013c65658bcfb46ccbfb3459e4,2024-04-16T22:15:24.957000 +CVE-2024-21067,1,1,5cc627357fc8705043284fe3ac0733a2da14d61428d3e0f80bd2f6b5eb1f63c6,2024-04-16T22:15:25.123000 +CVE-2024-21068,1,1,4a7ac2cd2111973cd960c934dfef9cae24d6fd76bd51bc6550d90c4eb95bf2da,2024-04-16T22:15:25.307000 +CVE-2024-21069,1,1,0f3be47ebd42a12c253d947c093ea23553811150722322db34df1f26b0ec38e9,2024-04-16T22:15:25.473000 CVE-2024-2107,0,0,b116f601239eee1477d732dcdf4bd402d2ca5c711c20a89df0a8e9dd54cd4cd1,2024-03-13T12:33:51.697000 +CVE-2024-21070,1,1,efd8cac87e4b6da969debbe0a140a4b8cf90336f73c54d3bfbed050f9e18fbcd,2024-04-16T22:15:25.650000 +CVE-2024-21071,1,1,46ceee7198115f41553c9a4513d77ca9512e88fadb7ce8a9bb7560ea54d257e2,2024-04-16T22:15:25.837000 +CVE-2024-21072,1,1,a5a23651b65a242cbdbea488e766975d61a50d5b8428cb49079af082fa564b85,2024-04-16T22:15:26.020000 +CVE-2024-21073,1,1,a33d6d3f5ed3702aac4f54ec2fbb4350eca86125bc5e729be5e7fd2c02049648,2024-04-16T22:15:26.190000 +CVE-2024-21074,1,1,33402acef89bc334aaa9262a840014354db29f887e67f0a4b3df7d08c1c8904d,2024-04-16T22:15:26.370000 +CVE-2024-21075,1,1,0154f56151613c02ebab5ba51ece2900aa4b64e839725850bf78d1e03a203244,2024-04-16T22:15:26.543000 +CVE-2024-21076,1,1,8178fc4edd062f46988f1f4a8fc5aa3a3dcd627f8acccbcaaf2995f47a7427be,2024-04-16T22:15:26.720000 +CVE-2024-21077,1,1,9f8288887c7e0f6f240f2c7e84265acd75eb9222bd2398ddc131e30468a18b00,2024-04-16T22:15:26.887000 +CVE-2024-21078,1,1,3c7874e58f4fadbde5ecadf75319f5edf7b070595241da7671d167425b08e65d,2024-04-16T22:15:27.060000 +CVE-2024-21079,1,1,bcaa3d01504f3aed2cbc5f2ca4da14aef825373b3a007dd2cc7b568241cb8430,2024-04-16T22:15:27.240000 CVE-2024-2108,0,0,c2fa70d90e7c92604d37599b63a68c51b88c7a208a94e63da1f79da8e05cb6df,2024-03-29T12:45:02.937000 +CVE-2024-21080,1,1,506419e11331ff72984bd09d104ddfe8685395520d5ac80e14ff8ac5c84f146a,2024-04-16T22:15:27.423000 +CVE-2024-21081,1,1,c78792c3f39afcafd60c219866fcb36a956c9832eb232c1c9572078f4a08591f,2024-04-16T22:15:27.603000 +CVE-2024-21082,1,1,f77a83ec86ff9b5f2d6e391b9cb694374233861e4c5c3fa975801495ab6d0945,2024-04-16T22:15:27.780000 +CVE-2024-21083,1,1,d6b534689283c95fe2b039fcd8320a8b62a66467491e84d71e1a15629f01ad6e,2024-04-16T22:15:27.953000 +CVE-2024-21084,1,1,ee870ceef89faae38b5dbb3a6fa9b59b95fe76200d0900e5677448159984ef74,2024-04-16T22:15:28.120000 +CVE-2024-21085,1,1,9d0b2d426030a9f3752e6427374ef5c9f91de6303cceae89f8ac1d22cf81328b,2024-04-16T22:15:28.293000 +CVE-2024-21086,1,1,6853eabdf6278c42c8c09baa0d58fb8d7f1fdc7db51716ad01dd11f4af81b5b8,2024-04-16T22:15:28.463000 +CVE-2024-21087,1,1,d57791a54bf642931823a35d535e7d3861ad9e5954f4c08104a213f7d0727123,2024-04-16T22:15:28.640000 +CVE-2024-21088,1,1,a17f0514cf39facf253ab84a17038520bcda32765ac857f2e9ca82a2d3747707,2024-04-16T22:15:28.810000 +CVE-2024-21089,1,1,11b7c05221b35bd34f660a7b0e940ed9dc2f1b267cbaa4da4c10375f3092eeb3,2024-04-16T22:15:28.987000 +CVE-2024-21090,1,1,17abdd47766ba0094990fee4939ca5978b7b4533e55387f5f4311b4ab060b463,2024-04-16T22:15:29.153000 +CVE-2024-21091,1,1,d6dbb8737d85b2225cd3f1b3f4c9826ce57f22a6b3a1e3b614145c320433aeaa,2024-04-16T22:15:29.330000 +CVE-2024-21092,1,1,13085862dff2d0d70db5aa721df742e4e34ce1681e25ec40439b4c18d8d3bcaa,2024-04-16T22:15:29.493000 +CVE-2024-21093,1,1,83caaf46648b865a9b93f059bba012ab6371fb67867e0257bd7db50f6b1ecb45,2024-04-16T22:15:29.680000 +CVE-2024-21094,1,1,d45c5c7fdff8ceb77f69fed7be619e733c1f374b12a101801bcb3d8a0fa5a058,2024-04-16T22:15:29.857000 +CVE-2024-21095,1,1,4a1307ede28bcbfae60740f652030296311b8a6695d957880f6afbd5763e3484,2024-04-16T22:15:30.040000 +CVE-2024-21096,1,1,b459d73844b617138fd2760b366425e31127d445372fe6288f31c0f80920c608,2024-04-16T22:15:30.207000 +CVE-2024-21097,1,1,72f738b57505568a478ea2c60de7646fb54315315e48f1ba93269cb0c7504343,2024-04-16T22:15:30.380000 +CVE-2024-21098,1,1,df96563fb2f29cc30f31fc03506f044869b8557678039a960dc67e5c8597b05b,2024-04-16T22:15:30.550000 +CVE-2024-21099,1,1,015efa8e047defa6fcb6c22808377bb6c664ae72f397170368741fec56beaab9,2024-04-16T22:15:30.723000 CVE-2024-2110,0,0,1d85de629a97570a97242f5d089550bba2e60a5923838c39c1151e294a5fdcf3,2024-03-28T12:42:56.150000 +CVE-2024-21100,1,1,65f4b990e5c1177693d8150b3620f028429badd2cbf28cb68593cd12826b98c8,2024-04-16T22:15:30.903000 +CVE-2024-21101,1,1,205a96dc7470fb351180145d3cdce7c7c9eb3c6592002c301b60500c4d3862a4,2024-04-16T22:15:31.087000 +CVE-2024-21102,1,1,fd6ecddf13e9f1b717eb08fc04a6df95beee401cfbf15a3bb4c954281f0def93,2024-04-16T22:15:31.270000 +CVE-2024-21103,1,1,7fe0cd3d775f2d4929321cd1e91952fb9e796e3cca582eab936d6b1a6bc8789f,2024-04-16T22:15:31.437000 +CVE-2024-21104,1,1,7d3bbe7d5e67d3f3081b177bd6ce24fab8642fcd0e18503217960854db600f14,2024-04-16T22:15:31.600000 +CVE-2024-21105,1,1,c6c82ed533391705d921d7d663fca26f8cb5fbba647f7940984870fc92462394,2024-04-16T22:15:31.770000 +CVE-2024-21106,1,1,a440deb88e8e20db2e6987326709f7d80f875be1c5f69a5e384aafd6b3bd9b01,2024-04-16T22:15:31.940000 +CVE-2024-21107,1,1,5029111cee5505494873cf54cd9e5b9798870fea04c2fff6706de938aa0f7517,2024-04-16T22:15:32.110000 +CVE-2024-21108,1,1,8d7be3c709eccfbe101ee5cef1d3ec2931ee83675df371b94534759b34b70231,2024-04-16T22:15:32.277000 +CVE-2024-21109,1,1,d12751e34dcd097928859e398465186aa36e619a9859e286514cf6db13790c6e,2024-04-16T22:15:32.440000 CVE-2024-2111,0,0,bb223011165a425455ec8ad438d31acdc69716e592665db5e015c6e3c7a0ad9a,2024-03-28T12:42:56.150000 +CVE-2024-21110,1,1,26761757b8923b87fdad8881bb30129155b2254e03fc28e73cda4bfba8255bac,2024-04-16T22:15:32.617000 +CVE-2024-21111,1,1,df095bee2d0d9df82bab22d20b026708706025acd52e98e513beac77f52827f5,2024-04-16T22:15:32.780000 +CVE-2024-21112,1,1,069d3a8123248348b644bad2d78930a8c9ea5c4bb845cf44eeacd7c641d788b1,2024-04-16T22:15:32.957000 +CVE-2024-21113,1,1,76803a64f611335a6e0551a6c82d1a2639a5818f9f3522b5884b99b79d32c2d2,2024-04-16T22:15:33.127000 +CVE-2024-21114,1,1,d2792a216e32ffefda5d2f48c39458ebe07af8dcda2f07132c2a52a241cb73f5,2024-04-16T22:15:33.300000 +CVE-2024-21115,1,1,6a46662c9b5efc5c1f2e808f40b64677e03aedeb61719d31d7b0c5007c622ec3,2024-04-16T22:15:33.467000 +CVE-2024-21116,1,1,14834822ae39f45be6e1818d460aca7d476d347ecd1b3cab8fc89440f6cdc08a,2024-04-16T22:15:33.653000 +CVE-2024-21117,1,1,8eed13b90291acecf3dc23f5b6f163cc82d0767ebaa6728f52bcaba32e3d4862,2024-04-16T22:15:33.860000 +CVE-2024-21118,1,1,e2d82afcceb4e6a924cca4e7dbbaa7758c4966011a84f5c5e7db46c9739a7c5f,2024-04-16T22:15:34.027000 +CVE-2024-21119,1,1,96739194ecaf0753cb19bd4344c025f8b10ba9249c560f1afb8436afb10772be,2024-04-16T22:15:34.197000 CVE-2024-2112,0,0,a1cb4c4251bcffa2c05884275a870a25f5932616e05316e143e17d4e95c29cc7,2024-04-10T13:23:38.787000 +CVE-2024-21120,1,1,2c10a4c4f0bf27a5cf89a1e352cf2cfb7d106ca8d02a564280e581432c5d7b2e,2024-04-16T22:15:34.427000 +CVE-2024-21121,1,1,7695af2159b0e1e40ba9ab362dfc500e7e8a5d7d0bee2db18be3f405cff4b285,2024-04-16T22:15:34.600000 CVE-2024-2113,0,0,1af2e189d0f766a4a77361c625e87ddcd239476cacd0eaf00d619a2d2d68e8de,2024-03-29T12:45:02.937000 CVE-2024-2115,0,0,d143f7e37acad4fe03aa4c56d721ecbb114e211aea88a809faac9f70095e9492,2024-04-05T12:40:52.763000 CVE-2024-2116,0,0,0a8927d2c3af56415377e26a49eef636f1c80d9f9b3374c561d3bce1d3a48066,2024-03-29T12:45:02.937000 @@ -243285,6 +243418,7 @@ CVE-2024-27081,0,0,6ed48c106db6d65065e952974db0889dd604820642a515b665b4199918a2e CVE-2024-27083,0,0,439f4c8be88c938a8485e647a1e9fd875d817bf6451ed77ccc44b8a92bcaf08b,2024-02-29T13:49:29.390000 CVE-2024-27084,0,0,9d9dc56eb44342ebdf65f8df5857c4a42b535ee96f2998cb21e8400366ec79c8,2024-02-26T18:15:07.920000 CVE-2024-27085,0,0,a2ba4a60d7fbf0824177f894b599cd2c1a40310aac61dbfaf7a03654f9a829eb,2024-03-17T22:38:29.433000 +CVE-2024-27086,1,1,1d67aa5e8147b2b6d83154a177e9b24bdd25f87a85155a3f615e098de40e80cf,2024-04-16T22:15:34.783000 CVE-2024-27087,0,0,5b9b7040107e78bc917a74369bf7f558be05fd7da0faff9d2dcfc4d25d50686f,2024-02-26T22:10:40.463000 CVE-2024-27088,0,0,3fb76382074583fb576fbdf0cb4fa8d92b0b1baa24e2319c4835f05f8f5cd3a0,2024-02-26T22:10:40.463000 CVE-2024-27089,0,0,80888df8a8beb579eb58ecd8e5017bb9d7c0dad21161e687af8e50a608c5d017,2024-02-26T20:19:06.073000 @@ -243500,7 +243634,7 @@ CVE-2024-27572,0,0,6169a6a6221da5c6dbb1556f7b45e6b45c4deebae5e21607b1e3cfa478f1f CVE-2024-27575,0,0,fe78cdbfc48ba2557faf61957a122c11738e27bfad3d91860b0cc50d57150a36,2024-04-07T04:15:07.723000 CVE-2024-2758,0,0,a3cb437eedb439caebfac4666310f05bccf69de779d818f9f315740c92bee7d8,2024-04-04T12:48:41.700000 CVE-2024-2759,0,0,cb410b99122b16bbafd55e196fc83701c95bae09fba9353767401f5fe587c56c,2024-04-04T16:33:06.610000 -CVE-2024-27592,0,0,c33fb41d3173d134f00e3eb2c13c40274005a4f2527fc832efff4a98c228d108,2024-04-12T12:43:57.400000 +CVE-2024-27592,0,1,1ee880de3a9d61f4b25b2b3ac56dc03f1e8964452682bc0959dc8a13f2b2c67c,2024-04-16T23:15:08.690000 CVE-2024-27602,0,0,641d004f193cbc187bf560868353a5607871444565457a2a1f222c57bafe0082,2024-04-03T12:38:04.840000 CVE-2024-27604,0,0,5dd90a20288c95f7805059ddcbf501c6de9e3b933a16f752b43bf101ed5f2058,2024-04-03T12:38:04.840000 CVE-2024-27605,0,0,4f744199930e3e7e9b7f220c4e73a81bb4fe207bf4ecc2f618ea8f6d8437d165,2024-04-03T12:38:04.840000 @@ -244279,6 +244413,7 @@ CVE-2024-29275,0,0,402f5150501d1ad43199a2c93810407cb4bc9ca968149bb7f55410637d084 CVE-2024-29276,0,0,aca23a437429c144243dafb6e7ab7580683c55fe67f055697aafa1a11e9b270d,2024-04-02T12:50:42.233000 CVE-2024-29278,0,0,68d9b61e6ce874f8948705ce3cdb92754b448114cb863479c2e17e0909039bb0,2024-04-01T01:12:59.077000 CVE-2024-2929,0,0,259a475f54199dd846f57ff088582fd42af9991bb7e5a0933d4c675cb91ec78a,2024-03-26T17:09:53.043000 +CVE-2024-29291,1,1,6a2d8654eba16cf8f9274638a5d2740bfaacd712a6909c05fea6da7b75867ef5,2024-04-16T23:15:08.767000 CVE-2024-29296,0,0,9df6519fa8f3cc846555f57a851c9ca9c85b64bc0579ecca8b9610940400afaa,2024-04-10T19:49:51.183000 CVE-2024-2930,0,0,337492b179fbec8f39a448e0d835a264515add1a9cb1abd7b1714333878c14e4,2024-04-11T01:25:41.570000 CVE-2024-29301,0,0,154c6ea8f36ae553114269a1e880d159b7e9b09b869cc177af921f11e043c79a,2024-03-26T12:55:05.010000 @@ -244303,6 +244438,7 @@ CVE-2024-29399,0,0,1f0a560642c5bcb6053c3eb35cf9c158aa499897c937eeb4d73efac983ff0 CVE-2024-2940,0,0,dc7b546b238f5f17f29f90e2f8349ff92580baece4e80a8faa65880503340f4e,2024-04-11T01:25:42.140000 CVE-2024-29400,0,0,7c7ba10951f85314b8517e4af19bc97a8e02a4fb9c2ebd30adadcdfaed825d5b,2024-04-12T12:43:46.210000 CVE-2024-29401,0,0,679ee7eb07f94632974ee3a3d5e9f1f36658f780199e198816f5b2401b4eaa19,2024-03-26T17:09:53.043000 +CVE-2024-29402,1,1,341d0062e1e3703ec61d2d15457610f3a27ce85eb3ec1e564e0cae4943f7f4ff,2024-04-16T23:15:08.827000 CVE-2024-2941,0,0,74f5dafb13773046a00a2499c333058547dc5cb76d6e56fb667d3547eaae40b7,2024-04-11T01:25:42.230000 CVE-2024-29413,0,0,a58c13bdf67afd8b98d238166eefb90262a9870531d3d5f182e9810c30b452cd,2024-04-04T12:48:41.700000 CVE-2024-29419,0,0,2f1c2a30167616ce2f7264d13a2e39c4e307caf2a0fab8a1d39f77c0f2b7d31b,2024-03-20T17:18:21.343000 @@ -244730,8 +244866,8 @@ CVE-2024-30366,0,0,20837e89d03fae3723d55fae431100502ce2f90ed93f7c89739d7faef9644 CVE-2024-30367,0,0,a902af43f2971ddd47d7eebd60d52a9673dc37a2dcdcf1f5ecafc349085ea3e6,2024-04-03T12:38:04.840000 CVE-2024-30370,0,0,0b843daff5c28582cf7b13f2850b1d8c607c4ae5b045b88facad224f99e19e5b,2024-04-03T12:38:04.840000 CVE-2024-30371,0,0,b1d655f20dce1a124d87b962baf334d2a249a3ceff7f094651f12c5849e1f6ee,2024-04-03T12:38:04.840000 -CVE-2024-30378,1,1,3524e222518250e2428d4a601616c1a2478a9f50b285f388143e41f1e94fcad7,2024-04-16T20:15:09.680000 -CVE-2024-30380,1,1,d22ce8e47f38676cbef0815fbbbfe0517e9ee2ed1b8ecf04e6cae00a7093fbc6,2024-04-16T20:15:09.887000 +CVE-2024-30378,0,0,3524e222518250e2428d4a601616c1a2478a9f50b285f388143e41f1e94fcad7,2024-04-16T20:15:09.680000 +CVE-2024-30380,0,0,d22ce8e47f38676cbef0815fbbbfe0517e9ee2ed1b8ecf04e6cae00a7093fbc6,2024-04-16T20:15:09.887000 CVE-2024-30381,0,0,d399a050c85328dc8f474cdf37295241252c38141e69670711e7b5cf47e09e2b,2024-04-15T13:15:51.577000 CVE-2024-30382,0,0,fb7e02a893b9131a8de22f030f44d4a5d589909635089d66bd7baedd2093a3ee,2024-04-15T13:15:51.577000 CVE-2024-30384,0,0,952b4115c6e20730244951f3b96aa60ae433c8d08b67714eb6934e6bf4e2552f,2024-04-15T13:15:51.577000 @@ -245258,10 +245394,11 @@ CVE-2024-31433,0,0,86aab503a2e2db574c389b20f71a0148690ff832973b07c2dccd2632bb765 CVE-2024-31434,0,0,14c74969478ba99d5c0b8c391c656499cd1e539c2ab2bf65f71934bc9488b3e2,2024-04-15T13:15:31.997000 CVE-2024-3144,0,0,7dc72f8f095a7cf1cb25c6f0b93af3672d10959c4dac8ef3a8b7a5ba03525aea,2024-04-11T01:25:55.020000 CVE-2024-31442,0,0,bd0c0777ffd79341352bfaf4bac13513052ca764dc9351410c56fde55ac0fa91,2024-04-08T18:48:40.217000 -CVE-2024-31446,1,1,401b62f3afdfc4cc781dfe99d4a5c6abfe1f46e7322870afe10073c6356a7a65,2024-04-16T20:15:10.083000 +CVE-2024-31446,0,0,401b62f3afdfc4cc781dfe99d4a5c6abfe1f46e7322870afe10073c6356a7a65,2024-04-16T20:15:10.083000 CVE-2024-31447,0,0,1686ea065902cff688a9e0e72258f816c60304799af9644c7db6f9ae37572786,2024-04-08T18:48:40.217000 CVE-2024-3145,0,0,30d7039ca4630abed1ac79b5e5068d170488eb4a6c9740ed0209e585b5eb2f84,2024-04-11T01:25:55.100000 CVE-2024-31451,0,0,10ad8ce607c3f80bebbdd47fed59e0fb48d83a52aa634e8a43b74ccc86bdeada,2024-04-16T15:15:36.687000 +CVE-2024-31452,1,1,0fefc3d1c5fa4caec6925c6b39b8cf95a91d230c6284b73215cdfa93397d3361,2024-04-16T22:15:35.003000 CVE-2024-31453,0,0,1b1ead27c6870d2affe09236bc3123473d08b6ddf2bca0a49b08400d4b48a120,2024-04-10T13:24:00.070000 CVE-2024-31454,0,0,facd63c9b966def9fa208ea7acce2b97e831e91313ffa612db120032d2a37c2c,2024-04-10T13:24:00.070000 CVE-2024-31455,0,0,58d58168822fd35b9c530d967e86c80a8aef11f5f1477a56943eec05e6715b25,2024-04-10T13:24:00.070000 @@ -245275,7 +245412,7 @@ CVE-2024-3147,0,0,f05061e9d718b866336ceef3f83885c168403f8d387cf11dbe00ac736df358 CVE-2024-3148,0,0,12b6e15e00d964ce79c059c99a6c4df70691a740ad2056657f2d4843c78fc654,2024-04-11T01:25:55.337000 CVE-2024-31487,0,0,ffef7fcdc05bb476a1f2c02c71de4a76075ea7f0301d6a8889db629ce9b194c6,2024-04-10T13:24:22.187000 CVE-2024-31492,0,0,a251126d380ad734bdcae40155276c0c8cd0f78c057d6c232814179759c90bf9,2024-04-10T19:49:51.183000 -CVE-2024-31497,0,0,f723a65d60b18cb9a8bfa9f8082ceebf517f5e4f5e59609b10007c1cf2e480eb,2024-04-16T13:24:07.103000 +CVE-2024-31497,0,1,92d3946f715279db269d1f9ac34c9dfc89e5dc1e10b2248a9304d809932b0d4b,2024-04-16T23:15:08.903000 CVE-2024-31498,0,0,db3c4e2337e3fccc66e084ef6016d8532925f451bef4124b0c2782f0c54d90b6,2024-04-08T00:15:08 CVE-2024-31506,0,0,8be7ef5b3e9d65e4bba9dd63e2b7475f0658a4b183369094a98038d4eee40099,2024-04-10T13:24:00.070000 CVE-2024-31507,0,0,8a4d05957463fb55563022c4622a2463374ff774a0631f4c63214875a7c78bee,2024-04-10T13:24:00.070000 @@ -245298,6 +245435,8 @@ CVE-2024-31651,0,0,449580f383ba06b10b890173ddf2d62af7a188eb69db82466ee9152e4b087 CVE-2024-31652,0,0,208b4f263a9a44614b423f2ea1b775ae64777df67f6e60b98c2159dddb5c4a0b,2024-04-16T13:24:07.103000 CVE-2024-3167,0,0,f4a160a1382e038713f603968880deb87a3b362a15bab9fc55aa42721dc9dd6e,2024-04-10T13:23:38.787000 CVE-2024-31678,0,0,6d17d4ce9eaa15ebb6367a838566d027b53ddba56e09f333fd8cadacfd1d2447,2024-04-12T12:44:04.930000 +CVE-2024-31759,1,1,c6aaf263d8cac477abe21ca43dad0802ddd036edc2b440e2698a5e9834c14b52,2024-04-16T23:15:09.047000 +CVE-2024-31760,1,1,83c2ca70e34af03377fc0a0219cb672ad960b263ff17cdbd5820fe03fc170075,2024-04-16T23:15:09.107000 CVE-2024-3178,0,0,e1b2edc538f836ffb506a17d476e0f961db2588242ddd1b2358ad3487cd818bf,2024-04-04T12:48:41.700000 CVE-2024-31783,0,0,a7054e74fa1a557567cd0f4452494e62f528f37b2972c2343d20292f99336f13,2024-04-16T13:24:07.103000 CVE-2024-31784,0,0,0055eda0e2e2e3cebbac3d895c086f3674073feab99e847bee4ca99f9495a801,2024-04-16T13:24:07.103000 @@ -245337,6 +245476,7 @@ CVE-2024-31871,0,0,2e9cb20a8839296f42d6bc6aa4eee6ec286fed065eef42e4971f116c0f81a CVE-2024-31872,0,0,7d09da772d85c1598253bebf81c543077ef995af0f84d1cf088132605a2400f9,2024-04-10T19:49:51.183000 CVE-2024-31873,0,0,30397559953deb34a9ae192149473632dc6b2334245e920787a4c5e14fc76375,2024-04-10T19:49:51.183000 CVE-2024-31874,0,0,1770e58d0ae5591eb931a8cdfdb054fb4d854f81849d14af250c71db6caf553c,2024-04-10T19:49:51.183000 +CVE-2024-31887,1,1,fc8d9e19ae4d266bf0e07275be6dc695fb1e244ff60ad6d3372609e811f9591d,2024-04-16T22:15:35.240000 CVE-2024-31920,0,0,1a6309492e6d112b6d5c74c55b809c13a9ffaf43e5c668b35b54f9c1433bee12,2024-04-15T13:15:31.997000 CVE-2024-31921,0,0,4b6ce9a933b430a9597eec1c95a19c016c2c3b069930a8064c6136dce4df86da,2024-04-15T13:15:31.997000 CVE-2024-31922,0,0,ddc17d5b651ce3b8e89be96b4d055079549d44bfd30b2393d2326cd870478923,2024-04-15T13:15:31.997000 @@ -245395,7 +245535,7 @@ CVE-2024-32027,0,0,5d8710672ae4a50766a192faeab61c22e45c9ea1fe8601d8fa6309c61ece5 CVE-2024-32028,0,0,a16d36bcfaa5cccbb6282aecd03e18b80c66f8151e3c2f08a8edd43b521f9227,2024-04-15T13:15:31.997000 CVE-2024-3203,0,0,d460cfbc8661b4424cc0984f526a676bb0961256fc9d04a7d500e89187029830,2024-04-11T01:25:55.810000 CVE-2024-32035,0,0,9f9419e7b7ca688ca6c807b99c4196d3fdd26d305c290e1d723cf412a79167b9,2024-04-16T13:24:07.103000 -CVE-2024-32036,0,0,4a28eed34131a66065884f39d47aa96bc9541fc1a77da7e49e948a27d72c97a5,2024-04-16T13:24:07.103000 +CVE-2024-32036,0,1,4358f457ff05e2fb3005eccdac6fca8cb869be3ffa209c190e441f2c4aed7dbe,2024-04-16T23:15:09.173000 CVE-2024-3204,0,0,2a2a133d829052d72380a6f7a45e32f6ecd96ec6da65fdbadcbe92a1f79d774f,2024-04-11T01:25:55.933000 CVE-2024-3205,0,0,befb48df2bb5e20af3b4383c1ef82865b9f9fb3145e096ffb7e0098ff096b4f8,2024-04-11T01:25:56.010000 CVE-2024-3207,0,0,a57734da301192d6a9381ac71eef9bc84e6acf70886d5628a9c0939255320fc2,2024-04-11T01:25:56.090000 @@ -245663,7 +245803,7 @@ CVE-2024-3619,0,0,e46a3b263395cb61cb97e22d10d38e54d57de91c1d7f1832b85e56c338bf09 CVE-2024-3620,0,0,a7eeb1bc049879e174341aab349252fb94be8452f8b1f4ee171cd19f6ef0b10d,2024-04-11T12:47:44.137000 CVE-2024-3621,0,0,84afe5bfc8ac11b311e81571bedd8fcb4ae60929cf687215eae135d692582687,2024-04-11T12:47:44.137000 CVE-2024-3652,0,0,a467de8b64f8147acdef48edc35752a89afb7d5856e17302ea9c57335ed0f61c,2024-04-11T12:47:44.137000 -CVE-2024-3660,1,1,b5230d9746395c61395ca8f71f02bc6e1e472baecf724e500b941a8e8d7aa854,2024-04-16T21:15:08.603000 +CVE-2024-3660,0,0,b5230d9746395c61395ca8f71f02bc6e1e472baecf724e500b941a8e8d7aa854,2024-04-16T21:15:08.603000 CVE-2024-3662,0,0,aac492e0cb08799a7f888c46af5bedb595fa2e9ad6dc15c21be50e9dae70066e,2024-04-15T13:15:31.997000 CVE-2024-3672,0,0,fc59637194f03e01166014d3ffdbdd60026f81fcc60e1be7e1a44771d8c5fa2c,2024-04-16T13:24:07.103000 CVE-2024-3685,0,0,2d04d41485feb8a52bd1142022b18bc3f24805efb219d419e0508c4773991260,2024-04-15T13:15:51.577000 @@ -245744,5 +245884,5 @@ CVE-2024-3877,0,0,0ec4828f3bcee138aa57dfe6930de16d44acd8b51570995be560e0c92197b4 CVE-2024-3878,0,0,c0feda0a9e6b7cfd28066ca3c4cf4edbf43f789103afe6c7f587a912949e766b,2024-04-16T19:15:07.920000 CVE-2024-3879,0,0,833347e5903011c019d09ee7e95131ee5a00cd17fddad3d8aa11035655b7e6cd,2024-04-16T19:15:08.133000 CVE-2024-3880,0,0,5a7a6f4db00dff5c3cf944034037ee4055705722295b1f2eab6f80c0af610ff6,2024-04-16T19:15:08.357000 -CVE-2024-3881,1,1,4ddc4e3ea561031c6715205c61273ffc8581bbc9232da123e00f9a75f47bd9c7,2024-04-16T20:15:10.280000 -CVE-2024-3882,1,1,5f3efd11563ebcf449f90a820706547ed73895ce6fb3de1d770a154ecf391ff5,2024-04-16T20:15:10.523000 +CVE-2024-3881,0,0,4ddc4e3ea561031c6715205c61273ffc8581bbc9232da123e00f9a75f47bd9c7,2024-04-16T20:15:10.280000 +CVE-2024-3882,0,0,5f3efd11563ebcf449f90a820706547ed73895ce6fb3de1d770a154ecf391ff5,2024-04-16T20:15:10.523000