admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-15T17:00:20.137202+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-15 17:03:22 +00:00
parent b32216df61
commit 27d154bb2b
116 changed files with 7794 additions and 560 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
CVE-2022/CVE-2022-206xx/CVE-2022-20626.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20626",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:19.287",
"lastModified": "2024-11-15T16:15:19.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Prime Access Registrar Appliance could allow an authenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface. The attacker would require valid credentials for the device.\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-prime-reg-xss-zLOz8PfB",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2022/CVE-2022-206xx/CVE-2022-20631.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20631",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:19.527",
"lastModified": "2024-11-15T16:15:19.527",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious script code in a chat window. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2022/CVE-2022-206xx/CVE-2022-20634.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20634",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:19.747",
"lastModified": "2024-11-15T16:15:19.747",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco ECE could allow an unauthenticated, remote attacker to redirect a user to an undesired web page.\r\nThis vulnerability is due to improper input validation of the URL parameters in an HTTP request that is sent to an affected system. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to cause the interface to redirect the user to a specific, malicious URL. This type of vulnerability is known as an open redirect and is used in phishing attacks that get users to unknowingly visit malicious sites.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-multivulns-kbK2yVhR",
"source": "ykramarz@cisco.com"
}
]
}

64
CVE-2022/CVE-2022-206xx/CVE-2022-20648.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2022-20648",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:19.983",
"lastModified": "2024-11-15T16:15:19.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a debug function for Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform debug actions that could result in the disclosure of confidential information that should be restricted.\r\nThis vulnerability exists because of a debug service that incorrectly listens to and accepts incoming connections. An attacker could exploit this vulnerability by connecting to the debug port and executing debug commands. A successful exploit could allow the attacker to view sensitive debugging information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe",
"source": "ykramarz@cisco.com"
}
]
}

64
CVE-2022/CVE-2022-206xx/CVE-2022-20649.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2022-20649",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:20.247",
"lastModified": "2024-11-15T16:15:20.247",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco RCM for Cisco StarOS Software could allow an unauthenticated, remote attacker to perform remote code execution on the application with root-level privileges in the context of the configured container.\r\n\r\nThis vulnerability exists because the debug mode is incorrectly enabled for specific services. An attacker could exploit this vulnerability by connecting to the device and navigating to the service with debug mode enabled. A successful exploit could allow the attacker to execute arbitrary commands as the root user.\r\nThe attacker would need to perform detailed reconnaissance to allow for unauthenticated access. The vulnerability can also be exploited by an authenticated attacker.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rcm-vuls-7cS3Nuq",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe",
"source": "ykramarz@cisco.com"
}
]
}

60
CVE-2022/CVE-2022-206xx/CVE-2022-20652.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-20652",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:20.520",
"lastModified": "2024-11-15T16:15:20.520",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface and in the API subsystem of Cisco Tetration could allow an authenticated, remote attacker to inject arbitrary commands to be executed with root-level privileges on the underlying operating system.\r\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by submitting a crafted HTTP message to the affected system. A successful exploit could allow the attacker to execute commands with root-level privileges. To exploit this vulnerability, an attacker would need valid administrator-level credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-tetr-cmd-injc-skrwGO",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2022/CVE-2022-206xx/CVE-2022-20654.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20654",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:20.767",
"lastModified": "2024-11-15T16:15:20.767",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based interface of Cisco Webex Meetings could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface.\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based interface of Cisco Webex Meetings. An attacker could exploit this vulnerability by persuading a user of the interface to click a maliciously crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-xss-FmbPu2pe",
"source": "ykramarz@cisco.com"
}
]
}

60
CVE-2022/CVE-2022-206xx/CVE-2022-20655.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-20655",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:20.987",
"lastModified": "2024-11-15T16:15:20.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack.\r\n The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cli-cmdinj-4MttWZPB",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-confdcli-cmdinj-wybQDSSh",
"source": "ykramarz@cisco.com"
}
]
}

60
CVE-2022/CVE-2022-206xx/CVE-2022-20656.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-20656",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:21.237",
"lastModified": "2024-11-15T16:15:21.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. To exploit this vulnerability, the attacker must have valid credentials on the system.\r\n\r\nThis vulnerability is due to insufficient input validation of the HTTPS URL by the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request that contains directory traversal character sequences to an affected device. A successful exploit could allow the attacker to write arbitrary files to the host system.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-24"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2022/CVE-2022-206xx/CVE-2022-20657.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20657",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:21.473",
"lastModified": "2024-11-15T16:15:21.473",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco PI and Cisco EPNM could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface of an affected device.\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pi-epnm-path-trav-zws324yn",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2022/CVE-2022-206xx/CVE-2022-20663.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20663",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:21.693",
"lastModified": "2024-11-15T16:15:21.693",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Secure Network Analytics, formerly Stealthwatch Enterprise, could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ",
"source": "ykramarz@cisco.com"
}
]
}

60
CVE-2022/CVE-2022-206xx/CVE-2022-20685.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-20685",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:21.910",
"lastModified": "2024-11-15T16:15:21.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Modbus preprocessor of the Snort detection engine could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\nThis vulnerability is due to an integer overflow while processing Modbus traffic. An attacker could exploit this vulnerability by sending crafted Modbus traffic through an affected device. A successful exploit could allow the attacker to cause the Snort process to hang, causing traffic inspection to stop.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sna-xss-NXOxDhRQ",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-dos-9D3hJLuj",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2022/CVE-2022-207xx/CVE-2022-20766.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20766",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:22.133",
"lastModified": "2024-11-15T16:15:22.133",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Discovery Protocol functionality of Cisco ATA 190 Series Adaptive Telephone Adapter firmware could allow an unauthenticated, remote attacker to cause a DoS condition on an affected device.\r\nThis vulnerability is due to an out-of-bounds read when processing Cisco Discovery Protocol packets. An attacker could exploit this vulnerability by sending crafted Cisco Discovery Protocol packets to an affected device. A successful exploit could allow the attacker to cause a service restart.Cisco has released firmware updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multivuln-GEZYVvs",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2022/CVE-2022-207xx/CVE-2022-20793.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20793",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:22.370",
"lastModified": "2024-11-15T16:15:22.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimate device and pair with an affected device.\r\nThis vulnerability is due to insufficient identity verification. An attacker could exploit this vulnerability by impersonating a legitimate device and responding to the pairing broadcast from an affected device. A successful exploit could allow the attacker to access the affected device while impersonating a legitimate device.There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-325"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-IVV-4A66Dsfj",
"source": "ykramarz@cisco.com"
}
]
}

51
CVE-2022/CVE-2022-208xx/CVE-2022-20814.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2022-20814",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:22.670",
"lastModified": "2024-11-15T16:15:22.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the certificate validation of Cisco Expressway-C and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to gain unauthorized access to sensitive data.  The vulnerability is due to a lack of validation of the SSL server certificate that an affected device receives when it establishes a connection to a Cisco Unified Communications Manager device. An attacker could exploit this vulnerability by using a man-in-the-middle technique to intercept the traffic between the devices, and then using a self-signed certificate to impersonate the endpoint. A successful exploit could allow the attacker to view the intercepted traffic in clear text or alter the contents of the traffic.\r\nNote: Cisco Expressway-E is not affected by this vulnerability.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"references": []
}

51
CVE-2022/CVE-2022-208xx/CVE-2022-20845.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2022-20845",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:22.913",
"lastModified": "2024-11-15T16:15:22.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process.\r\nThis vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful exploit could allow the attacker to cause the TL1 process to consume large amounts of memory. When the memory reaches a threshold, the Resource Monitor (Resmon) process will begin to restart or shutdown the top five consumers of memory, resulting in a denial of service (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-789"
}
]
}
],
"references": []
}

51
CVE-2022/CVE-2022-208xx/CVE-2022-20846.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2022-20846",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:23.120",
"lastModified": "2024-11-15T16:15:23.120",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Cisco Discovery Protocol implementation for Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the Cisco Discovery Protocol process to reload on an affected device.\r\nThis vulnerability is due to a heap buffer overflow in certain Cisco Discovery Protocol messages. An attacker could exploit this vulnerability by sending a malicious Cisco Discovery Protocol packet to an affected device. A successful exploit could allow the attacker to cause a heap overflow, which could cause the Cisco Discovery Protocol process to reload on the device. The bytes that can be written in the buffer overflow are restricted, which limits remote code execution.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit this vulnerability, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).  Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": []
}

56
CVE-2022/CVE-2022-208xx/CVE-2022-20849.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20849",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:23.327",
"lastModified": "2024-11-15T16:15:23.327",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the Broadband Network Gateway PPP over Ethernet (PPPoE) feature of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the PPPoE process to continually crash.\r\nThis vulnerability exists because the PPPoE feature does not properly handle an error condition within a specific crafted packet sequence. An attacker could exploit this vulnerability by sending a sequence of specific PPPoE packets from controlled customer premises equipment (CPE). A successful exploit could allow the attacker to cause the PPPoE process to continually restart, resulting in a denial of service condition (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-391"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-bng-Gmg5Gxt",
"source": "ykramarz@cisco.com"
}
]
}

68
CVE-2022/CVE-2022-208xx/CVE-2022-20853.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2022-20853",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:23.540",
"lastModified": "2024-11-15T16:15:23.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the REST API of Cisco Expressway Series and Cisco TelePresence VCS could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system.\r\n\r\nThis vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-sqpsSfY6",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8",
"source": "ykramarz@cisco.com"
}
]
}

64
CVE-2022/CVE-2022-208xx/CVE-2022-20871.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2022-20871",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:23.757",
"lastModified": "2024-11-15T16:15:23.757",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of Cisco AsyncOS for Cisco Secure Web Appliance, formerly Cisco Web Security Appliance (WSA), could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root.\r\nThis vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by authenticating to the system and sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least read-only credentials.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.Attention: Simplifying the Cisco portfolio includes the renaming of security products under one brand: Cisco Secure. For more information, see ."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wsa-prv-esc-8PdRU8t8",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2022/CVE-2022-209xx/CVE-2022-20931.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2022-20931",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:23.967",
"lastModified": "2024-11-15T16:15:23.967",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the version control of Cisco TelePresence CE Software for Cisco Touch 10 Devices could allow an unauthenticated, adjacent attacker to install an older version of the software on an affected device.\r\nThis vulnerability is due to insufficient version control. An attacker could exploit this vulnerability by installing an older version of Cisco TelePresence CE Software on an affected device. A successful exploit could allow the attacker to take advantage of vulnerabilities in older versions of the software.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-527"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt",
"source": "ykramarz@cisco.com"
}
]
}

60
CVE-2022/CVE-2022-209xx/CVE-2022-20939.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-20939",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:24.200",
"lastModified": "2024-11-15T16:15:24.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Smart Software Manager On-Prem could allow an authenticated, remote attacker to elevate privileges on an affected system.\r\nThis vulnerability is due to inadequate protection of sensitive user information. An attacker could exploit this vulnerability by accessing certain logs on an affected system. A successful exploit could allow the attacker to use the obtained information to elevate privileges to System Admin.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-priv-esc-SEjz69dv",
"source": "ykramarz@cisco.com"
}
]
}

60
CVE-2022/CVE-2022-209xx/CVE-2022-20948.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-20948",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:24.427",
"lastModified": "2024-11-15T16:15:24.427",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThis vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CTT-DAV-HSvEHHEt",
"source": "ykramarz@cisco.com"
},
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-thinrcpt-xss-gSj4CecU",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20004.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20004",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:24.657",
"lastModified": "2024-11-15T16:15:24.657",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20036.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20036",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:24.950",
"lastModified": "2024-11-15T16:15:24.950",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web UI of Cisco IND could allow an authenticated, remote attacker to execute arbitrary commands with administrative privileges on the underlying operating system of an affected device.\r\n\r\nThis vulnerability is due to improper input validation when uploading a Device Pack. An attacker could exploit this vulnerability by altering the request that is sent when uploading a Device Pack. A successful exploit could allow the attacker to execute arbitrary commands as NT AUTHORITY\\SYSTEM on the underlying operating system of an affected device.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20039.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20039",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:25.157",
"lastModified": "2024-11-15T16:15:25.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco IND could allow an authenticated, local attacker to read application data.\r\n\r\nThis vulnerability is due to insufficient default file permissions that are applied to the application data directory. An attacker could exploit this vulnerability by accessing files in the application data directory. A successful exploit could allow the attacker to view sensitive information.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. "
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ind-CAeLFk6V",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20060.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20060",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:25.357",
"lastModified": "2024-11-15T16:15:25.357",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the web-based management interface of Cisco Prime Collaboration Deployment could allow an unauthenticated, remote attacker to conduct a cross-site scripting attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nCisco plans to release software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-pcd-xss-jDXpjm7",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20090.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20090",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:25.560",
"lastModified": "2024-11-15T16:15:25.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to elevate privileges to root on an affected device.\r\n\r\nThis vulnerability is due to improper access control on certain CLI commands. An attacker could exploit this vulnerability by running a series of crafted commands. A successful exploit could allow the attacker to elevate privileges to root.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-27"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20091.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20091",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:25.770",
"lastModified": "2024-11-15T16:15:25.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThis vulnerability is due to improper access controls on files that are on the local file system. An attacker could exploit this vulnerability by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit this vulnerability, an attacker would need to have a remote support user account.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-61"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20092.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20092",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:25.980",
"lastModified": "2024-11-15T16:15:25.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-61"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20093.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20093",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:26.187",
"lastModified": "2024-11-15T16:15:26.187",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Three vulnerabilities in the CLI of Cisco TelePresence CE and RoomOS could allow an authenticated, local attacker to overwrite arbitrary files on the local file system of an affected device.\r\n\r\nThese vulnerabilities are due to improper access controls on files that are on the local file system. An attacker could exploit these vulnerabilities by placing a symbolic link in a specific location on the local file system of an affected device. A successful exploit could allow the attacker to overwrite arbitrary files on the affected device. To exploit these vulnerabilities, an attacker would need to have a remote support user account.\r\nNote: CVE-2023-20092 does not affect Cisco DX70, DX80, TelePresence MX Series, or TelePresence SX Series devices.\r\nCisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-61"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-200xx/CVE-2023-20094.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20094",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T16:15:26.390",
"lastModified": "2024-11-15T16:15:26.390",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in Cisco TelePresence CE and RoomOS could allow an unauthenticated, adjacent attacker to view sensitive information on an affected device.\r\n\r\nThis vulnerability exists because the affected software performs improper bounds checks. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read that discloses sensitive information.\r\nNote: This vulnerability only affects Cisco Webex Desk Hub.\r\nThere are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-roomos-file-write-rHKwegKf",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-201xx/CVE-2023-20125.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20125",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T15:15:05.347",
"lastModified": "2024-11-15T15:15:05.347",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the local interface of Cisco BroadWorks Network Server could allow an unauthenticated, remote attacker to exhaust system resources, causing a denial of service (DoS) condition.\r\n\r\nThis vulnerability exists because rate limiting does not occur for certain incoming TCP connections. An attacker could exploit this vulnerability by sending a high rate of TCP connections to the server. A successful exploit could allow the attacker to cause TCP connection resources to grow rapidly until the Cisco BroadWorks Network Server becomes unusable.\r\nNote: To recover from this vulnerability, either Cisco BroadWorks Network Server software must be restarted or the Cisco BroadWorks Network Server node must be rebooted. For more information, see the section of this advisory.\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bw-tcp-dos-KEdJCxLs",
"source": "ykramarz@cisco.com"
}
]
}

56
CVE-2023/CVE-2023-201xx/CVE-2023-20154.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-20154",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T15:15:05.697",
"lastModified": "2024-11-15T15:15:05.697",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the external authentication mechanism of Cisco Modeling Labs could allow an unauthenticated, remote attacker to access the web interface with administrative privileges.\r\n\r\nThis vulnerability is due to the improper handling of certain messages that are returned by the associated external authentication server. An attacker could exploit this vulnerability by logging in to the web interface of an affected server. Under certain conditions, the authentication mechanism would be bypassed and the attacker would be logged in as an administrator. A successful exploit could allow the attacker to obtain administrative privileges on the web interface of an affected server, including the ability to access and modify every simulation and all user-created data. To exploit this vulnerability, the attacker would need valid user credentials that are stored on the associated external authentication server.\r\nCisco has released software updates that address this vulnerability. There are workarounds that address this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-305"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cml-auth-bypass-4fUCCeG5",
"source": "ykramarz@cisco.com"
}
]
}

16
CVE-2024/CVE-2024-106xx/CVE-2024-10691.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2024-10691",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-15T15:15:05.943",
"lastModified": "2024-11-15T15:15:05.943",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-9530. Reason: This candidate is a reservation duplicate of CVE-2024-9530. Notes: All CVE users should reference CVE-2024-9530 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {},
"references": []
}

145
CVE-2024/CVE-2024-112xx/CVE-2024-11241.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-11241",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T15:15:06.003",
"lastModified": "2024-11-15T15:15:06.003",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file reset.php. The manipulation of the argument e leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Anti-Entropy-Zhurong/cve/blob/main/sql-1.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284677",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284677",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.442036",
"source": "cna@vuldb.com"
}
]
}

141
CVE-2024/CVE-2024-112xx/CVE-2024-11242.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-11242",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T15:15:06.280",
"lastModified": "2024-11-15T15:15:06.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/ad_list.php?action=pass of the component Keyword Filtering. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/En0t5/vul/blob/main/zzcms/zzcms-add_list-sql-inject.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284678",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284678",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.442038",
"source": "cna@vuldb.com"
}
]
}

149
CVE-2024/CVE-2024-112xx/CVE-2024-11243.json Normal file
View File

@ -0,0 +1,149 @@
{
"id": "CVE-2024-11243",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T15:15:06.557",
"lastModified": "2024-11-15T15:15:06.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/sh3rl0ckpggp/0day/blob/main/code-projects_online-shop_CrossSiteScripting.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284679",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284679",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.442075",
"source": "cna@vuldb.com"
},
{
"url": "https://youtu.be/QThAqddl5Dk",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2024/CVE-2024-112xx/CVE-2024-11244.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-11244",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T16:15:32.790",
"lastModified": "2024-11-15T16:15:32.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/zsx020121/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284680",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284680",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.443177",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2024/CVE-2024-112xx/CVE-2024-11245.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-11245",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T16:15:33.153",
"lastModified": "2024-11-15T16:15:33.153",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-74"
},
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/WEFNNTT/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284681",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284681",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.443188",
"source": "cna@vuldb.com"
}
]
}

145
CVE-2024/CVE-2024-112xx/CVE-2024-11246.json Normal file
View File

@ -0,0 +1,145 @@
{
"id": "CVE-2024-11246",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-15T16:15:33.593",
"lastModified": "2024-11-15T16:15:33.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions the parameter \"nome\" to be affected. But further inspection indicates that other parameters might be affected as well."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/curry136/cve/blob/main/xss8.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.284682",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.284682",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.443189",
"source": "cna@vuldb.com"
}
]
}

56
CVE-2024/CVE-2024-203xx/CVE-2024-20373.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-20373",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-11-15T15:15:06.823",
"lastModified": "2024-11-15T15:15:06.823",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the implementation of the Simple Network Management Protocol (SNMP) IPv4 access control list (ACL) feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to perform SNMP polling of an affected device, even if it is configured to deny SNMP traffic.&nbsp;\r\n\r\nThis vulnerability exists because Cisco IOS Software and Cisco IOS XE Software do not support extended IPv4 ACLs for SNMP, but they do allow administrators to configure extended named IPv4 ACLs that are attached to the SNMP server configuration without a warning message. This can result in no ACL being applied to the SNMP listening process. An attacker could exploit this vulnerability by performing SNMP polling of an affected device. A successful exploit could allow the attacker to perform SNMP operations that should be denied. The attacker has no control of the SNMP ACL configuration and would still need a valid SNMP version 2c (SNMPv2c) community string or SNMP version 3 (SNMPv3) user credentials.\r\nSNMP with IPv6 ACL configurations is not affected.\r\nFor more information, see the section of this advisory."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uwBXfqww",
"source": "ykramarz@cisco.com"
}
]
}

488
CVE-2024/CVE-2024-346xx/CVE-2024-34662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34662",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-10-08T07:15:03.037",
"lastModified": "2024-10-10T12:57:21.987",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:34:28.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,10 +59,472 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "F1525232-54F0-467F-9575-2445F73F43B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "18940389-1FBD-48B2-BCF0-1D709C2C3045"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "B3556856-6F56-465C-8254-BB3CD8252FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "2DB353A1-BE96-4FB5-9F4D-0119DC51F24E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "06092D16-EBD5-489C-81D2-F6E0F922AE7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E070DA79-8F09-4877-BFBA-3F23564DD8C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D80C2C7A-6F48-48B8-ACAD-720FC797F836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "EE03013A-AAB3-4426-BB22-E1487D3B3F6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D5EF09DB-023A-40CB-9C94-020172383EEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5C5B44E9-BA5B-4CFB-8452-B52B6CC833F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E1553CEA-FCF4-4A9C-85FE-F7DB7A500443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A5E68B7B-BA08-4E8C-B60A-B3836C6986BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0AF1EDA0-2712-4C3C-8D8A-89E154BB63DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "CD382E2D-0B51-4908-989A-88E083FC85BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "61D507C0-086B-4139-A560-126964DFA579"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "952CA843-7CF0-4424-BDA4-3F2A93E077B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "57B125ED-D939-4CBC-9E96-BBCF02402A69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "07AC19C6-D245-4C3A-90CC-A931A901EA0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "DF85AA7B-E1C7-4946-92B4-E4D545CAACDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "B6871BC1-19F4-4F0C-88D8-4000590D8D5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9FA72654-2389-4709-BC70-59EC4349A826"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E346DCBD-7DEB-464F-B917-8624BE87D646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "79C89A24-B07F-43D2-AE83-8F4F03D6C114"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "5697984D-08BA-412F-9BDF-26B658B0ADBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "E4187BA1-226E-4976-A642-2F6DAE85538E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "73F22C26-52FC-42A7-B263-0CC7770A8C6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "BFB2B338-5E04-4136-939F-749A3B163656"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3D30C02C-91FB-4D29-AF49-7903158E8FEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B6D9064-844B-4D3F-AAE4-D170DF45EF8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CBFF102-91A9-4BCC-BB43-912896BFCCEA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DAB2A0D7-8F4F-4128-AE09-D2658D793BF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6A89AE5B-4D1A-4ADA-B572-38B1FC4ED54C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "401980A7-E64A-4773-83EB-C93B50AE0F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC6E2FC7-2BAF-4C7B-9E0F-D9F844041A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "30F706F3-34F6-4D43-AE5E-C202C700A333"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FD8B9CD3-063E-481E-BE7C-1628ADA71849"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "12C17130-A0C0-49E1-8525-9D65F0275270"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "4FAA7790-A323-4ECA-834E-F19E59C571F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CE09EF7-B024-4D79-9400-C8223CDFBB86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "C339A665-413D-443F-AD04-F71C161235D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "213AC4D5-3B95-4120-B72D-A9327BADE2BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3DD61EDA-98ED-4309-B54F-0CF8B7D07DC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "F7DCB465-A0F7-496E-BE45-0B5FA1508D93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6D65C03E-7BC3-491A-8621-A8C93FBA0A69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4ECB0B7A-590C-460C-878B-9A78CB37D259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D66CF415-6C4A-4AF3-B660-B2E9CF484B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "31B5B670-ACDE-4A64-97C5-358D79C65080"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EAFE015F-8130-4F10-A553-420F0BB2A132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "141E541B-8FA5-4829-A413-4F1DC19E9AE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "77CE3494-F7C0-497B-8491-107D31C9A91F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "ACEA385E-3931-4438-A2A9-0357651F9B48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A57CB118-46CC-4CE8-ACC3-A806CD2C25A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "852A1BEC-438F-4D1E-B361-87BD57D50157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "84ED2366-D4BA-4094-94AC-AD6E7AEBB6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=10",
"source": "mobile.security@samsung.com"
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-417xx/CVE-2024-41784.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41784",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-11-15T16:15:34.240",
"lastModified": "2024-11-15T16:15:34.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, and 6.1.0.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot dot\" sequences (/.../) to view arbitrary files on the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-32"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173631",
"source": "psirt@us.ibm.com"
}
]
}

56
CVE-2024/CVE-2024-417xx/CVE-2024-41785.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-41785",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-11-15T15:15:07.047",
"lastModified": "2024-11-15T15:15:07.047",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Concert Software 1.0.0 through 1.0.1 is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173596",
"source": "psirt@us.ibm.com"
}
]
}

56
CVE-2024/CVE-2024-431xx/CVE-2024-43189.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43189",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-11-15T15:15:07.307",
"lastModified": "2024-11-15T15:15:07.307",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Concert Software 1.0.0 through 1.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173596",
"source": "psirt@us.ibm.com"
}
]
}

65
CVE-2024/CVE-2024-470xx/CVE-2024-47067.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47067",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-30T16:15:09.267",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:28:48.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -73,14 +105,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:alist_project:alist:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.29.0",
"matchCriteriaId": "0C182720-1235-4A80-8CE6-300CDF962788"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/alist-org/alist/commit/6100647310594868e931f3de1188ddd8bde93b78",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://securitylab.github.com/advisories/GHSL-2023-220_Alist/",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-478xx/CVE-2024-47867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47867",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-10T23:15:02.640",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:44:54.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,12 +59,44 @@
"baseSeverity": "LOW"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -73,10 +105,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gradio_project:gradio:*:*:*:*:*:python:*:*",
"versionEndExcluding": "5.0.0",
"matchCriteriaId": "32D191C7-095C-427B-832D-C63FE4D4A037"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-8c87-gvhj-xm8m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

25
CVE-2024/CVE-2024-480xx/CVE-2024-48068.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-48068",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T15:15:07.607",
"lastModified": "2024-11-15T15:15:07.607",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Shenzhen Landray Software Co.,LTD Landray EKP v16 and earlier allows attackers to execute arbitrary web scripts or HTML via a crafted payload."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/CoinIsMoney/3448ba7c3e0cf01c3cbc6e2ab280d3c3",
"source": "cve@mitre.org"
},
{
"url": "https://www.landray.com.cn/",
"source": "cve@mitre.org"
}
]
}

76
CVE-2024/CVE-2024-489xx/CVE-2024-48994.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48994",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:36.117",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:40:38.250",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-489xx/CVE-2024-48995.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48995",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:36.360",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:41:26.280",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-489xx/CVE-2024-48996.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48996",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:36.637",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:45:46.920",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-489xx/CVE-2024-48997.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48997",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:36.870",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:46:44.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-489xx/CVE-2024-48998.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48998",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:37.110",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:51:24.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-489xx/CVE-2024-48999.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48999",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:37.340",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:51:44.517",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49000.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49000",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:37.577",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:52:08.557",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49001.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49001",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:37.807",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:58:36.290",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49002.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49002",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.040",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:58:14.693",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49003.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49003",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.257",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:57:52.277",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49004.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49004",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.500",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:56:55.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49005",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.740",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:56:23.680",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49006",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.963",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:03:33.790",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49007.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49007",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:39.203",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:03:17.297",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49008.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49008",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:39.423",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:02:22.743",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49008",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49009.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49009",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:39.650",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:02:11.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49009",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49010.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49010",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:39.870",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:59:36.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49010",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49011",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:40.087",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:16:21.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49011",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49012.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49012",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:40.307",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:16:05.507",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49012",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49013.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49013",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:40.530",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:14:55.170",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49013",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-490xx/CVE-2024-49014.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49014",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:40.737",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T15:55:46.947",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -40,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49014",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49015.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49015",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:40.953",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:07:40.680",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49015",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49016",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:41.177",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:07:22.397",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49016",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49017.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49017",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:41.407",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:07:03.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49017",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-490xx/CVE-2024-49018.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49018",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:41.637",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:06:29.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,68 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49018",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

90
CVE-2024/CVE-2024-490xx/CVE-2024-49021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49021",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:42.100",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:04:55.487",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "16.0.1000.6",
"versionEndExcluding": "16.0.1135.2",
"matchCriteriaId": "09CBD25F-B912-4F23-825B-AE53A7BDD608"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "16.0.4003.1",
"versionEndExcluding": "16.0.4155.4",
"matchCriteriaId": "099F41FA-ED7C-4D2E-9300-AF4365B95EAA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49021",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

90
CVE-2024/CVE-2024-490xx/CVE-2024-49043.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49043",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:44.637",
"lastModified": "2024-11-13T17:01:58.603",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:05:30.773",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +61,82 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.6300.2",
"versionEndExcluding": "13.0.6455.2",
"matchCriteriaId": "94F7D410-C105-4D0E-91BC-57A36A7C30C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2016:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "13.0.7000.253",
"versionEndExcluding": "13.0.7050.2",
"matchCriteriaId": "DBBCB15E-0D31-44C4-AB3F-6CF06A654A02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.1000.169",
"versionEndExcluding": "14.0.2070.1",
"matchCriteriaId": "9BF43A68-2ADF-49E5-BD43-F5286AB3B93D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2017:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "14.0.3006.16",
"versionEndExcluding": "14.0.3485.1",
"matchCriteriaId": "1C6809A5-466A-41B0-9AF2-B23B1A424CA0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.2000.5",
"versionEndExcluding": "15.0.2130.3",
"matchCriteriaId": "E8E62074-2024-4A7D-B8DE-B93D5B4594E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2019:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "15.0.4003.23",
"versionEndExcluding": "15.0.4410.1",
"matchCriteriaId": "6837EEFD-F447-4679-A001-C7BA0D11C5BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "16.0.1000.6",
"versionEndExcluding": "16.0.1135.2",
"matchCriteriaId": "09CBD25F-B912-4F23-825B-AE53A7BDD608"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sql_server_2022:*:*:*:*:*:*:x64:*",
"versionStartIncluding": "16.0.4003.1",
"versionEndExcluding": "16.0.4155.4",
"matchCriteriaId": "099F41FA-ED7C-4D2E-9300-AF4365B95EAA"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49043",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-497xx/CVE-2024-49754.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-49754",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:34.510",
"lastModified": "2024-11-15T16:15:34.510",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the API-Access page allows authenticated users to inject arbitrary JavaScript through the \"token\" parameter when creating a new API token. This vulnerability can result in the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/25988a937cbaebd2ba4c0517510206c404dfb359",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-gfwr-xqmj-j27v",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-497xx/CVE-2024-49758.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-49758",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:34.880",
"lastModified": "2024-11-15T16:15:34.880",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can add Notes to a device, the application did not properly sanitize the user input, when the ExamplePlugin enable, if java script code is inside the device's Notes, its will be trigger. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/24b142d753898e273ec20b542a27dd6eb530c7d8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-c86q-rj37-8f85",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-497xx/CVE-2024-49759.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-49759",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:35.100",
"lastModified": "2024-11-15T16:15:35.100",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Manage User Access\" page allows authenticated users to inject arbitrary JavaScript through the \"bill_name\" parameter when creating a new bill. This vulnerability can lead to the execution of malicious code when visiting the \"Bill Access\" dropdown in the user's \"Manage Access\" page, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/237f4d2e818170171dfad6efad36a275cd2ba8d0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-888j-pjqh-fx58",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-497xx/CVE-2024-49764.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-49764",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:35.323",
"lastModified": "2024-11-15T16:15:35.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Capture Debug Information\" page allows authenticated users to inject arbitrary JavaScript through the \"hostname\" parameter when creating a new device. This vulnerability results in the execution of malicious code when the \"Capture Debug Information\" page is visited, redirecting the user and sending non-httponly cookies to an attacker-controlled domain. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/af15eabbb1752985d36f337cecf137a947e170f6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-rmr4-x6c9-jc68",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-503xx/CVE-2024-50350.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-50350",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:35.537",
"lastModified": "2024-11-15T16:15:35.537",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Port Settings\" page allows authenticated users to inject arbitrary JavaScript through the \"name\" parameter when creating a new Port Group. This vulnerability results in the execution of malicious code when the \"Port Settings\" page is visited after the affected Port Group is added to a device, potentially compromising user sessions and allowing unauthorized actions. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-xh4g-c9p6-5jxg",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-503xx/CVE-2024-50351.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-50351",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:35.750",
"lastModified": "2024-11-15T16:15:35.750",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the \"section\" parameter of the \"logs\" tab of a device allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious \"section\" parameter, potentially compromising their session and enabling unauthorized actions. The issue arises from a lack of sanitization in the \"report_this()\" function. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/6a14a9bd767c6e452e4df77a24126c3eeb93dcbf",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-v7w9-63xh-6r3w",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-503xx/CVE-2024-50352.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-50352",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:35.960",
"lastModified": "2024-11-15T16:15:35.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Services\" section of the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \"name\" parameter when adding a service to a device. This vulnerability could result in the execution of malicious code in the context of other users' sessions, potentially compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/b4af778ca42c5839801f16ece53505bb7fa1e7bc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-qr8f-5qqg-j3wg",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-503xx/CVE-2024-50355.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-50355",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:36.160",
"lastModified": "2024-11-15T16:15:36.160",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. User with Admin role can edit the Display Name of a device, the application did not properly sanitize the user input in the device Display Name, if java script code is inside the name of the device Display Name, its can be trigger from different sources. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/bb4731419b592867bf974dde525e536606a52976",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-4m5r-w2rq-q54q",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2024/CVE-2024-506xx/CVE-2024-50623.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-50623",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-28T00:15:03.657",
"lastModified": "2024-10-30T21:35:11.373",
"lastModified": "2024-11-15T16:15:36.367",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Cleo Harmony before 5.8.0.20, VLTrader before 5.8.0.20, and LexiCom before 5.8.0.20, there is a JavaScript Injection vulnerability: unrestricted file upload and download could lead to remote code execution."
"value": "In Cleo Harmony before 5.8.0.21, VLTrader before 5.8.0.21, and LexiCom before 5.8.0.21, there is an unrestricted file upload and download that could lead to remote code execution."
},
{
"lang": "es",

25
CVE-2024/CVE-2024-506xx/CVE-2024-50647.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50647",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T16:15:36.467",
"lastModified": "2024-11-15T16:15:36.467",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The python_food ordering system V1.0 has an unauthorized vulnerability that leads to the leakage of sensitive user information. Attackers can access it through https://ip:port/api/myapp/index/user/info?id=1 And modify the ID value to obtain sensitive user information beyond authorization."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/python_food_Information_Disclosure.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50647",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-506xx/CVE-2024-50648.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50648",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T16:15:36.547",
"lastModified": "2024-11-15T16:15:36.547",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "yshopmall V1.0 has an arbitrary file upload vulnerability, which can enable RCE or even take over the server when improperly configured to parse JSP files."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/yshop_fileu_pload.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50648",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-506xx/CVE-2024-50649.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50649",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T16:15:36.637",
"lastModified": "2024-11-15T16:15:36.637",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The user avatar upload function in python_book V1.0 has an arbitrary file upload vulnerability."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/python_book/FileUpload.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50649",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-506xx/CVE-2024-50650.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50650",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T16:15:36.710",
"lastModified": "2024-11-15T16:15:36.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "python_book V1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/python_book/BrokenAccessControl.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50650",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-506xx/CVE-2024-50651.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50651",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T16:15:36.783",
"lastModified": "2024-11-15T16:15:36.783",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "java_shop 1.0 is vulnerable to Incorrect Access Control, which allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/java_shop/BrokenAccessControl.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50651",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-506xx/CVE-2024-50652.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50652",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T16:15:36.863",
"lastModified": "2024-11-15T16:15:36.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A file upload vulnerability in java_shop 1.0 allows attackers to upload arbitrary files by modifying the avatar function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Yllxx03/CVE/blob/main/java_shop/FileUpload.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50652",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-507xx/CVE-2024-50724.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-50724",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T16:15:36.943",
"lastModified": "2024-11-15T16:15:36.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "KASO v9.0 was discovered to contain a SQL injection vulnerability via the person_id parameter at /cardcase/editcard.jsp."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/youyuzhongli/KASO-SQL/blob/main/README.md",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-509xx/CVE-2024-50986.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-50986",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T15:15:07.773",
"lastModified": "2024-11-15T15:15:07.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in Clementine v.1.3.1 allows a local attacker to execute arbitrary code via a crafted DLL file."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/clementine-player/Clementine",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/riftsandroses/CVE-2024-50986/",
"source": "cve@mitre.org"
},
{
"url": "https://www.clementine-player.org/",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-511xx/CVE-2024-51164.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-51164",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-15T16:15:37.057",
"lastModified": "2024-11-15T16:15:37.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple parameters have SQL injection vulnerability in JEPaaS 7.2.8 via /je/login/btnLog/insertBtnLog, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB."
}
],
"metrics": {},
"references": [
{
"url": "https://gitee.com/ketr/jepaas-release",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/abcc111/vulns/blob/main/JEPaaS/Multiple%20parameters%20have%20SQL%20injection%20issues%20in%20JEPAAS.md",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-514xx/CVE-2024-51494.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51494",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:37.140",
"lastModified": "2024-11-15T16:15:37.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Port Settings\" page allows authenticated users to inject arbitrary JavaScript through the \"descr\" parameter when editing a device's port settings. This vulnerability can lead to the execution of malicious code when the \"Port Settings\" page is visited, potentially compromising the user's session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/82a744bfe29017b8b58b5752ab9e1b335bedf0a0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-7663-37rg-c377",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-514xx/CVE-2024-51495.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51495",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:37.343",
"lastModified": "2024-11-15T16:15:37.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the Device Overview page allows authenticated users to inject arbitrary JavaScript through the \"overwrite_ip\" parameter when editing a device. This vulnerability results in the execution of malicious code when the device overview page is visited, potentially compromising the accounts of other users. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/4568188ce9097a2e3a3b563311077f2bb82455c0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-p66q-ppwr-q5j8",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-514xx/CVE-2024-51496.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51496",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:37.553",
"lastModified": "2024-11-15T16:15:37.553",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Reflected Cross-Site Scripting (XSS) vulnerability in the \"metric\" parameter of the \"/wireless\" and \"/health\" endpoints allows attackers to inject arbitrary JavaScript. This vulnerability results in the execution of malicious code when a user accesses the page with a malicious \"metric\" parameter, potentially compromising their session and allowing unauthorized actions. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/aef739a438ffb507e927a4ec87b359164a7a053a",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-28p7-f6h6-3jh3",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-514xx/CVE-2024-51497.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51497",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T16:15:37.770",
"lastModified": "2024-11-15T16:15:37.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. A Stored Cross-Site Scripting (XSS) vulnerability in the \"Custom OID\" tab of a device allows authenticated users to inject arbitrary JavaScript through the \"unit\" parameter when creating a new OID. This vulnerability can lead to the execution of malicious code in the context of other users' sessions, compromising their accounts and enabling unauthorized actions. This vulnerability is fixed in 24.10.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/42b156e42a3811c23758772ce8c63d4d3eaba59b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-gv4m-f6fx-859x",
"source": "security-advisories@github.com"
}
]
}

57
CVE-2024/CVE-2024-515xx/CVE-2024-51599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51599",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-09T15:15:07.490",
"lastModified": "2024-11-12T13:56:24.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:55:34.480",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:russellalbin:simple_business_manager:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.6.7.4",
"matchCriteriaId": "8446ADEC-09B0-4B86-98E1-A31D6457F89B"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/simple-business-manager/wordpress-simple-business-manager-plugin-4-6-7-4-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-516xx/CVE-2024-51603.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51603",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-09T15:15:07.710",
"lastModified": "2024-11-12T13:56:24.513",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-15T16:24:18.843",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mirceatm:nmr_strava_activities:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.6",
"matchCriteriaId": "56E572F9-07C9-43DA-92E5-F1E6FB8BA217"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/nmr-strava-activities/wordpress-nmr-strava-activities-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More