admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-18T19:00:37.989828+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-18 19:03:27 +00:00
parent 4e40ed5ed5
commit 3799833dd9
76 changed files with 4420 additions and 190 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
CVE-2023/CVE-2023-385xx/CVE-2023-38509.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-38509",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-07T04:17:20.413",
"lastModified": "2023-11-14T18:44:56.647",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-18T18:15:07.627",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -61,7 +61,7 @@
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
@ -90,6 +90,10 @@
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c",
"source": "security-advisories@github.com",
@ -112,13 +116,6 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "ttps://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0",
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
]
}
]
}

17
CVE-2023/CVE-2023-410xx/CVE-2023-41036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41036",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-11-07T04:20:50.427",
"lastModified": "2023-11-14T18:41:48.080",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-18T18:15:07.780",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -61,7 +61,7 @@
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
@ -96,6 +96,10 @@
"Product"
]
},
{
"url": "https://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/macvim-dev/macvim/commit/399b43e9e1dbf656a1780e87344f4d3c875e4cda",
"source": "security-advisories@github.com",
@ -110,13 +114,6 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "ttps://github.com/macvim-dev/macvim/blob/d9de087dddadbfd82fcb5dc9734380a2f829bd0a/src/MacVim/MMBackend.h",
"source": "security-advisories@github.com",
"tags": [
"Broken Link"
]
}
]
}

134
CVE-2023/CVE-2023-524xx/CVE-2023-52448.json
View File

@ -2,43 +2,157 @@
"id": "CVE-2023-52448",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.630",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:38:36.410",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump\n\nSyzkaller has reported a NULL pointer dereference when accessing\nrgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating\nrgd->rd_gl fails in read_rindex_entry(). Add a NULL pointer check in\ngfs2_rgrp_dump() to prevent that."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: gfs2: Se corrigi\u00f3 la desreferencia del puntero NULL del kernel en gfs2_rgrp_dump Syzkaller ha informado una desreferencia del puntero NULL al acceder a rgd->rd_rgl en gfs2_rgrp_dump(). Esto puede suceder cuando la creaci\u00f3n de rgd->rd_gl falla en read_rindex_entry(). Agregue una verificaci\u00f3n de puntero NULL en gfs2_rgrp_dump() para evitarlo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.268",
"matchCriteriaId": "991BF737-6083-429B-ACD5-FB27D4143E2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.0",
"versionEndExcluding": "5.10.209",
"matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/067a7c48c2c70f05f9460d6f0e8423e234729f05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5c28478af371a1c3fdb570ca67f110e1ae60fc37",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8877243beafa7c6bfc42022cbfdf9e39b25bd4fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c323efd620c741168c8e0cc6fc0be04ab57e331a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d69d7804cf9e2ba171a27e5f98bc266f13d0414a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ee0586d73cbaf0e7058bc640d62a9daf2dfa9178",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/efc8ef87ab9185a23d5676f2f7d986022d91bcde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

146
CVE-2023/CVE-2023-524xx/CVE-2023-52449.json
View File

@ -2,47 +2,171 @@
"id": "CVE-2023-52449",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.677",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:38:16.350",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: Fix gluebi NULL pointer dereference caused by ftl notifier\n\nIf both ftl.ko and gluebi.ko are loaded, the notifier of ftl\ntriggers NULL pointer dereference when trying to access\n\u2018gluebi->desc\u2019 in gluebi_read().\n\nubi_gluebi_init\n ubi_register_volume_notifier\n ubi_enumerate_volumes\n ubi_notify_all\n gluebi_notify nb->notifier_call()\n gluebi_create\n mtd_device_register\n mtd_device_parse_register\n add_mtd_device\n blktrans_notify_add not->add()\n ftl_add_mtd tr->add_mtd()\n scan_header\n mtd_read\n mtd_read_oob\n mtd_read_oob_std\n gluebi_read mtd->read()\n gluebi->desc - NULL\n\nDetailed reproduction information available at the Link [1],\n\nIn the normal case, obtain gluebi->desc in the gluebi_get_device(),\nand access gluebi->desc in the gluebi_read(). However,\ngluebi_get_device() is not executed in advance in the\nftl_add_mtd() process, which leads to NULL pointer dereference.\n\nThe solution for the gluebi module is to run jffs2 on the UBI\nvolume without considering working with ftl or mtdblock [2].\nTherefore, this problem can be avoided by preventing gluebi from\ncreating the mtdblock device after creating mtd partition of the\ntype MTD_UBIVOLUME."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mtd: corrige la desreferencia del puntero NULL de Gluebi causada por el notificador ftl. Si se cargan tanto ftl.ko como pegamentobi.ko, el notificador de ftl activa la desreferencia del puntero NULL al intentar acceder a 'gluebi-. >desc' en pegamentobi_read(). ubi_gluebi_init ubi_register_volume_notifier ubi_enumerate_volumes ubi_notify_all pegamentobi_notify nb->notifier_call() pegamentobi_create mtd_device_register mtd_device_parse_register add_mtd_device blktrans_notify_add not->add() ftl_add_mtd tr->add_mtd() scan_header mtd_read mtd_read_oob mtd_read_oob_std pegamentobi_read mtd->read() pegamentobi->desc - NULL Informaci\u00f3n detallada de reproducci\u00f3n disponible en el enlace [1], en el caso normal, obtenga pegamentobi->desc en pegamentobi_get_device() y acceda a pegamentobi->desc en pegamentobi_read(). Sin embargo, pegamentobi_get_device() no se ejecuta de antemano en el proceso ftl_add_mtd(), lo que conduce a la desreferencia del puntero NULL. La soluci\u00f3n para el m\u00f3dulo pegamentobi es ejecutar jffs2 en el volumen UBI sin considerar trabajar con ftl o mtdblock [2]. Por lo tanto, este problema se puede evitar evitando que pegamentobi cree el dispositivo mtdblock despu\u00e9s de crear la partici\u00f3n mtd del tipo MTD_UBIVOLUME."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.31",
"versionEndExcluding": "4.19.306",
"matchCriteriaId": "96DBDF46-FDFD-43F5-BB27-3C70C7E1DDD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.268",
"matchCriteriaId": "991BF737-6083-429B-ACD5-FB27D4143E2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.0",
"versionEndExcluding": "5.10.209",
"matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/001a3f59d8c914ef8273461d4bf495df384cc5f8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1bf4fe14e97cda621522eb2f28b0a4e87c5b0745",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5389407bba1eab1266c6d83e226fb0840cb98dd5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a43bdc376deab5fff1ceb93dca55bcab8dbdc1d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aeba358bcc8ffddf9b4a9bd0e5ec9eb338d46022",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b36aaa64d58aaa2f2cbc8275e89bae76a2b6c3dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cfd7c9d260dc0a3baaea05a122a19ab91e193c65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d8ac2537763b54d278b80b2b080e1652523c7d4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

86
CVE-2023/CVE-2023-524xx/CVE-2023-52450.json
View File

@ -2,27 +2,101 @@
"id": "CVE-2023-52450",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.733",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:34:16.497",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86/intel/uncore: Fix NULL pointer dereference issue in upi_fill_topology()\n\nGet logical socket id instead of physical id in discover_upi_topology()\nto avoid out-of-bound access on 'upi = &type->topology[nid][idx];' line\nthat leads to NULL pointer dereference in upi_fill_topology()"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: perf/x86/intel/uncore: solucione el problema de desreferencia del puntero NULL en upi_fill_topology(). Obtenga la identificaci\u00f3n del socket l\u00f3gico en lugar de la identificaci\u00f3n f\u00edsica en discover_upi_topology() para evitar el acceso fuera de l\u00edmites en 'upi = &tipo->topolog\u00eda[nid][idx];' l\u00ednea que conduce a la desreferencia del puntero NULL en upi_fill_topology()"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1692cf434ba13ee212495b5af795b6a07e986ce4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3d6f4a78b104c65e4256c3776c9949f49a1b459e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bf1bf09e6b599758851457f3999779622a48d015",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

146
CVE-2023/CVE-2023-524xx/CVE-2023-52451.json
View File

@ -2,47 +2,171 @@
"id": "CVE-2023-52451",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.777",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:33:31.077",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\npowerpc/pseries/memhp: Fix access beyond end of drmem array\n\ndlpar_memory_remove_by_index() may access beyond the bounds of the\ndrmem lmb array when the LMB lookup fails to match an entry with the\ngiven DRC index. When the search fails, the cursor is left pointing to\n&drmem_info->lmbs[drmem_info->n_lmbs], which is one element past the\nlast valid entry in the array. The debug message at the end of the\nfunction then dereferences this pointer:\n\n pr_debug(\"Failed to hot-remove memory at %llx\\n\",\n lmb->base_addr);\n\nThis was found by inspection and confirmed with KASAN:\n\n pseries-hotplug-mem: Attempting to hot-remove LMB, drc index 1234\n ==================================================================\n BUG: KASAN: slab-out-of-bounds in dlpar_memory+0x298/0x1658\n Read of size 8 at addr c000000364e97fd0 by task bash/949\n\n dump_stack_lvl+0xa4/0xfc (unreliable)\n print_report+0x214/0x63c\n kasan_report+0x140/0x2e0\n __asan_load8+0xa8/0xe0\n dlpar_memory+0x298/0x1658\n handle_dlpar_errorlog+0x130/0x1d0\n dlpar_store+0x18c/0x3e0\n kobj_attr_store+0x68/0xa0\n sysfs_kf_write+0xc4/0x110\n kernfs_fop_write_iter+0x26c/0x390\n vfs_write+0x2d4/0x4e0\n ksys_write+0xac/0x1a0\n system_call_exception+0x268/0x530\n system_call_vectored_common+0x15c/0x2ec\n\n Allocated by task 1:\n kasan_save_stack+0x48/0x80\n kasan_set_track+0x34/0x50\n kasan_save_alloc_info+0x34/0x50\n __kasan_kmalloc+0xd0/0x120\n __kmalloc+0x8c/0x320\n kmalloc_array.constprop.0+0x48/0x5c\n drmem_init+0x2a0/0x41c\n do_one_initcall+0xe0/0x5c0\n kernel_init_freeable+0x4ec/0x5a0\n kernel_init+0x30/0x1e0\n ret_from_kernel_user_thread+0x14/0x1c\n\n The buggy address belongs to the object at c000000364e80000\n which belongs to the cache kmalloc-128k of size 131072\n The buggy address is located 0 bytes to the right of\n allocated 98256-byte region [c000000364e80000, c000000364e97fd0)\n\n ==================================================================\n pseries-hotplug-mem: Failed to hot-remove memory at 0\n\nLog failed lookups with a separate message and dereference the\ncursor only when it points to a valid entry."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: powerpc/pseries/memhp: corrige el acceso m\u00e1s all\u00e1 del final de la matriz drmem dlpar_memory_remove_by_index() puede acceder m\u00e1s all\u00e1 de los l\u00edmites de la matriz lmb drmem cuando la b\u00fasqueda de LMB no coincide con una entrada con el valor dado \u00cdndice de la Rep\u00fablica Democr\u00e1tica del Congo. Cuando la b\u00fasqueda falla, el cursor queda apuntando a &drmem_info->lmbs[drmem_info->n_lmbs], que es un elemento despu\u00e9s de la \u00faltima entrada v\u00e1lida en la matriz. El mensaje de depuraci\u00f3n al final de la funci\u00f3n elimina la referencia a este puntero: pr_debug(\"Error al eliminar memoria en caliente en %llx\\n\", lmb->base_addr); Esto se encontr\u00f3 mediante inspecci\u00f3n y se confirm\u00f3 con KASAN: pseries-hotplug-mem: Intentando eliminar LMB en caliente, \u00edndice drc 1234 ========================== ========================================== ERROR: KASAN: losa- fuera de l\u00edmites en dlpar_memory+0x298/0x1658 Lectura de tama\u00f1o 8 en la direcci\u00f3n c000000364e97fd0 por tarea bash/949 dump_stack_lvl+0xa4/0xfc (no confiable) print_report+0x214/0x63c kasan_report+0x140/0x2e0 __asan_load8+0xa8/ 0xe0 dlpar_memory+0x298/0x1658 handle_dlpar_errorlog +0x130/0x1d0 dlpar_store+0x18c/0x3e0 kobj_attr_store+0x68/0xa0 sysfs_kf_write+0xc4/0x110 kernfs_fop_write_iter+0x26c/0x390 vfs_write+0x2d4/0x4e0 ksys_write+0xac/0x1a0 system_call_exception+0x268/0x530 system_call_vectored_common+0x15c/0x2ec Asignado por tarea 1: kasan_save_stack +0x48/0x80 kasan_set_track+0x34/0x50 kasan_save_alloc_info+0x34/0x50 __kasan_kmalloc+0xd0/0x120 __kmalloc+0x8c/0x320 kmalloc_array.constprop.0+0x48/0x5c drmem_init+0x2a0/0x41c do_one _initcall+0xe0/0x5c0 kernel_init_freeable+0x4ec/0x5a0 kernel_init+ 0x30/0x1e0 ret_from_kernel_user_thread+0x14/0x1c La direcci\u00f3n con errores pertenece al objeto en c000000364e80000 que pertenece al cach\u00e9 kmalloc-128k de tama\u00f1o 131072 La direcci\u00f3n con errores se encuentra 0 bytes a la derecha de la regi\u00f3n asignada de 98256 bytes [c000000364e80000, c0 00000364e97fd0) = ==================================================== =============== pseries-hotplug-mem: No se pudo eliminar la memoria en caliente en 0 Registre las b\u00fasquedas fallidas con un mensaje separado y elimine la referencia del cursor solo cuando apunte a una entrada v\u00e1lida."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.1.0",
"versionEndExcluding": "4.19.306",
"matchCriteriaId": "B2135E32-75F4-4FAA-AD3B-034720E6A1CD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.0",
"versionEndExcluding": "5.4.268",
"matchCriteriaId": "35ADF607-EDCA-45AB-8FB6-9F2D40D47C0C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.0",
"versionEndExcluding": "5.10.209",
"matchCriteriaId": "5D2E4F24-2FBB-4434-8598-2B1499E566B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/026fd977dc50ff4a5e09bfb0603557f104d3f3a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/708a4b59baad96c4718dc0bd3a3427d3ab22fedc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/999a27b3ce9a69d54ccd5db000ec3a447bc43e6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b5f03500bc5b083c0df696d7dd169d7ef3dd0c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b582aa1f66411d4adcc1aa55b8c575683fb4687e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bb79613a9a704469ddb8d6c6029d532a5cea384c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bd68ffce69f6cf8ddd3a3c32549d1d2275e49fc5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/df16afba2378d985359812c865a15c05c70a967e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

86
CVE-2023/CVE-2023-524xx/CVE-2023-52452.json
View File

@ -2,27 +2,101 @@
"id": "CVE-2023-52452",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.830",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:24:33.550",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix accesses to uninit stack slots\n\nPrivileged programs are supposed to be able to read uninitialized stack\nmemory (ever since 6715df8d5) but, before this patch, these accesses\nwere permitted inconsistently. In particular, accesses were permitted\nabove state->allocated_stack, but not below it. In other words, if the\nstack was already \"large enough\", the access was permitted, but\notherwise the access was rejected instead of being allowed to \"grow the\nstack\". This undesired rejection was happening in two places:\n- in check_stack_slot_within_bounds()\n- in check_stack_range_initialized()\nThis patch arranges for these accesses to be permitted. A bunch of tests\nthat were relying on the old rejection had to change; all of them were\nchanged to add also run unprivileged, in which case the old behavior\npersists. One tests couldn't be updated - global_func16 - because it\ncan't run unprivileged for other reasons.\n\nThis patch also fixes the tracking of the stack size for variable-offset\nreads. This second fix is bundled in the same commit as the first one\nbecause they're inter-related. Before this patch, writes to the stack\nusing registers containing a variable offset (as opposed to registers\nwith fixed, known values) were not properly contributing to the\nfunction's needed stack size. As a result, it was possible for a program\nto verify, but then to attempt to read out-of-bounds data at runtime\nbecause a too small stack had been allocated for it.\n\nEach function tracks the size of the stack it needs in\nbpf_subprog_info.stack_depth, which is maintained by\nupdate_stack_depth(). For regular memory accesses, check_mem_access()\nwas calling update_state_depth() but it was passing in only the fixed\npart of the offset register, ignoring the variable offset. This was\nincorrect; the minimum possible value of that register should be used\ninstead.\n\nThis tracking is now fixed by centralizing the tracking of stack size in\ngrow_stack_state(), and by lifting the calls to grow_stack_state() to\ncheck_stack_access_within_bounds() as suggested by Andrii. The code is\nnow simpler and more convincingly tracks the correct maximum stack size.\ncheck_stack_range_initialized() can now rely on enough stack having been\nallocated for the access; this helps with the fix for the first issue.\n\nA few tests were changed to also check the stack depth computation. The\none that fails without this patch is verifier_var_off:stack_write_priv_vs_unpriv."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: corrige los accesos a las ranuras de la pila uninit. Se supone que los programas privilegiados pueden leer la memoria de la pila no inicializada (desde 6715df8d5) pero, antes de este parche, estos accesos se permit\u00edan de forma inconsistente. En particular, se permit\u00edan accesos por encima de state->allocated_stack, pero no por debajo de \u00e9l. En otras palabras, si la pila ya era \"lo suficientemente grande\", se permit\u00eda el acceso, pero en caso contrario se rechazaba el acceso en lugar de permitir \"hacer crecer la pila\". Este rechazo no deseado ocurr\u00eda en dos lugares: - en check_stack_slot_within_bounds() - en check_stack_range_initialized() Este parche dispone que estos accesos sean permitidos. Un mont\u00f3n de pruebas que depend\u00edan del antiguo rechazo tuvieron que cambiar; todos ellos se cambiaron para agregar que tambi\u00e9n se ejecutan sin privilegios, en cuyo caso el comportamiento anterior persiste. Una prueba no se pudo actualizar (global_func16) porque no se puede ejecutar sin privilegios por otros motivos. Este parche tambi\u00e9n corrige el seguimiento del tama\u00f1o de la pila para lecturas con desplazamiento variable. Esta segunda soluci\u00f3n se incluye en la misma confirmaci\u00f3n que la primera porque est\u00e1n interrelacionadas. Antes de este parche, las escrituras en la pila usando registros que conten\u00edan un desplazamiento variable (a diferencia de registros con valores fijos y conocidos) no contribu\u00edan adecuadamente al tama\u00f1o de pila necesario de la funci\u00f3n. Como resultado, era posible que un programa verificara, pero luego intentara leer datos fuera de l\u00edmites en tiempo de ejecuci\u00f3n porque se le hab\u00eda asignado una pila demasiado peque\u00f1a. Cada funci\u00f3n rastrea el tama\u00f1o de la pila que necesita en bpf_subprog_info.stack_ Depth, que es mantenido por update_stack_ Depth(). Para accesos regulares a la memoria, check_mem_access() estaba llamando a update_state_ Depth() pero pasaba solo la parte fija del registro de compensaci\u00f3n, ignorando la variable compensaci\u00f3n. Esto era incorrecto; en su lugar se debe utilizar el valor m\u00ednimo posible de ese registro. Este seguimiento ahora se soluciona centralizando el seguimiento del tama\u00f1o de la pila en grow_stack_state() y elevando las llamadas a grow_stack_state() a check_stack_access_within_bounds() como lo sugiere Andrii. El c\u00f3digo ahora es m\u00e1s simple y rastrea de manera m\u00e1s convincente el tama\u00f1o m\u00e1ximo de pila correcto. check_stack_range_initialized() ahora puede confiar en que se haya asignado suficiente pila para el acceso; esto ayuda con la soluci\u00f3n del primer problema. Se cambiaron algunas pruebas para verificar tambi\u00e9n el c\u00e1lculo de la profundidad de la pila. El que falla sin este parche es verifier_var_off:stack_write_priv_vs_unpriv."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "5506E74E-8B6D-44EB-8689-EA6ED09F7FFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/0954982db8283016bf38e9db2da5adf47a102e19",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6b4a64bafd107e521c01eec3453ce94a3fb38529",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fbcf372c8eda2290470268e0afb5ab5d5f5d5fde",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

29
CVE-2023/CVE-2023-65xx/CVE-2023-6515.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6515",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T10:15:11.047",
"lastModified": "2024-02-29T01:42:39.177",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:45:59.157",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M?A-MED allows Authentication Abuse.This issue affects M?A-MED: before 1.0.7.\n\n"
},
{
"lang": "es",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miateknoloji:mia-med:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7",
"matchCriteriaId": "F3FC33A3-6CBD-4836-8057-0A7017FC4C63"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0087",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

29
CVE-2023/CVE-2023-65xx/CVE-2023-6517.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6517",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T12:15:55.087",
"lastModified": "2024-02-29T01:42:39.260",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:45:42.613",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M\u0130A-MED allows Collect Data as Provided by Users.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
"value": "Exposure of Sensitive Information Due to Incompatible Policies vulnerability in Mia Technology Inc. M?A-MED allows Collect Data as Provided by Users.This issue affects M?A-MED: before 1.0.7.\n\n"
},
{
"lang": "es",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miateknoloji:mia-med:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7",
"matchCriteriaId": "F3FC33A3-6CBD-4836-8057-0A7017FC4C63"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0087",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

29
CVE-2023/CVE-2023-65xx/CVE-2023-6518.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6518",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T12:15:55.350",
"lastModified": "2024-02-29T01:42:39.340",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:43:21.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
"value": "Plaintext Storage of a Password vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.\n\n"
},
{
"lang": "es",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miateknoloji:mia-med:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7",
"matchCriteriaId": "F3FC33A3-6CBD-4836-8057-0A7017FC4C63"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0087",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

29
CVE-2023/CVE-2023-65xx/CVE-2023-6519.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6519",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T12:15:55.563",
"lastModified": "2024-02-29T01:42:39.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:41:25.520",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M\u0130A-MED allows Read Sensitive Strings Within an Executable.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
"value": "Exposure of Data Element to Wrong Session vulnerability in Mia Technology Inc. M?A-MED allows Read Sensitive Strings Within an Executable.This issue affects M?A-MED: before 1.0.7.\n\n"
},
{
"lang": "es",
@ -50,10 +50,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:miateknoloji:mia-med:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.7",
"matchCriteriaId": "F3FC33A3-6CBD-4836-8057-0A7017FC4C63"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0087",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-09xx/CVE-2024-0985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0985",
"sourceIdentifier": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",
"published": "2024-02-08T13:15:08.927",
"lastModified": "2024-02-15T15:23:49.287",
"vulnStatus": "Analyzed",
"lastModified": "2024-03-18T17:15:06.070",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -121,6 +121,10 @@
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html",
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007"
},
{
"url": "https://www.postgresql.org/support/security/CVE-2024-0985/",
"source": "f86ef6dc-4d3a-42ad-8f28-e6d5547a5007",

4
CVE-2024/CVE-2024-17xx/CVE-2024-1753.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2024-1753",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-18T15:15:41.170",
"lastModified": "2024-03-18T16:15:07.283",
"lastModified": "2024-03-18T17:15:06.223",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Buildah (and subsequently Podman Build)which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time."
"value": "A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time."
}
],
"metrics": {

55
CVE-2024/CVE-2024-207xx/CVE-2024-20754.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20754",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:07.897",
"lastModified": "2024-03-18T18:15:07.897",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/lightroom/apsb24-17.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20760.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20760",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:08.197",
"lastModified": "2024-03-18T18:15:08.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20761.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20761",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:08.487",
"lastModified": "2024-03-18T18:15:08.487",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/animate/apsb24-19.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20762.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20762",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:08.777",
"lastModified": "2024-03-18T18:15:08.777",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/animate/apsb24-19.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20763.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20763",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:09.017",
"lastModified": "2024-03-18T18:15:09.017",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/animate/apsb24-19.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20764.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20764",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:09.237",
"lastModified": "2024-03-18T18:15:09.237",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/animate/apsb24-19.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-207xx/CVE-2024-20768.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-20768",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:09.470",
"lastModified": "2024-03-18T18:15:09.470",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-216xx/CVE-2024-21652.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-21652",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-18T18:15:09.697",
"lastModified": "2024-03-18T18:15:09.697",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This is a critical security vulnerability that allows attackers to bypass the brute force login protection mechanism. Not only can they crash the service affecting all users, but they can also make unlimited login attempts, increasing the risk of account compromise. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"references": [
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv",
"source": "security-advisories@github.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26028.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26028",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:09.910",
"lastModified": "2024-03-18T18:15:09.910",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26030.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26030",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:10.130",
"lastModified": "2024-03-18T18:15:10.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26031.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26031",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:10.420",
"lastModified": "2024-03-18T18:15:10.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26032.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26032",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:10.647",
"lastModified": "2024-03-18T18:15:10.647",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26033.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26033",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:10.867",
"lastModified": "2024-03-18T18:15:10.867",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26034.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26034",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:11.100",
"lastModified": "2024-03-18T18:15:11.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26035.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26035",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:11.360",
"lastModified": "2024-03-18T18:15:11.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26038.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26038",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:11.570",
"lastModified": "2024-03-18T18:15:11.570",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26040.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26040",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:11.790",
"lastModified": "2024-03-18T18:15:11.790",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26041.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26041",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:12.023",
"lastModified": "2024-03-18T18:15:12.023",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26042.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26042",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:12.273",
"lastModified": "2024-03-18T18:15:12.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26043.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26043",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:12.510",
"lastModified": "2024-03-18T18:15:12.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26044.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26044",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:12.767",
"lastModified": "2024-03-18T18:15:12.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26045.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26045",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:13.007",
"lastModified": "2024-03-18T18:15:13.007",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26050.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26050",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:13.263",
"lastModified": "2024-03-18T18:15:13.263",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26051.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26051",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:13.547",
"lastModified": "2024-03-18T18:15:13.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26052.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26052",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:13.780",
"lastModified": "2024-03-18T18:15:13.780",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26056.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26056",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:14.097",
"lastModified": "2024-03-18T18:15:14.097",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26059.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26059",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:14.313",
"lastModified": "2024-03-18T18:15:14.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26061.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26061",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:14.533",
"lastModified": "2024-03-18T18:15:14.533",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26062.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26062",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:14.760",
"lastModified": "2024-03-18T18:15:14.760",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26063.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26063",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:14.973",
"lastModified": "2024-03-18T18:15:14.973",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information, potentially bypassing security measures. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26064.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26064",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:15.197",
"lastModified": "2024-03-18T18:15:15.197",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26065.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26065",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:15.440",
"lastModified": "2024-03-18T18:15:15.440",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26067.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26067",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:15.667",
"lastModified": "2024-03-18T18:15:15.667",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26069.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26069",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:15.923",
"lastModified": "2024-03-18T18:15:15.923",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26073.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26073",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:16.177",
"lastModified": "2024-03-18T18:15:16.177",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26080.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26080",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:16.417",
"lastModified": "2024-03-18T18:15:16.417",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable script."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26094.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26094",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:16.690",
"lastModified": "2024-03-18T18:15:16.690",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-260xx/CVE-2024-26096.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26096",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:16.917",
"lastModified": "2024-03-18T18:15:16.917",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26101.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26101",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:17.123",
"lastModified": "2024-03-18T18:15:17.123",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26102.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26102",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:17.370",
"lastModified": "2024-03-18T18:15:17.370",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26103.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26103",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:17.600",
"lastModified": "2024-03-18T18:15:17.600",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26104.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26104",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:17.837",
"lastModified": "2024-03-18T18:15:17.837",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26105.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26105",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:18.100",
"lastModified": "2024-03-18T18:15:18.100",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26106.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26106",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:18.350",
"lastModified": "2024-03-18T18:15:18.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26107.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26107",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:18.547",
"lastModified": "2024-03-18T18:15:18.547",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26118.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26118",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:18.767",
"lastModified": "2024-03-18T18:15:18.767",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26119.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26119",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:19.000",
"lastModified": "2024-03-18T18:15:19.000",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26120.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26120",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:19.290",
"lastModified": "2024-03-18T18:15:19.290",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26124.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26124",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:19.503",
"lastModified": "2024-03-18T18:15:19.503",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

55
CVE-2024/CVE-2024-261xx/CVE-2024-26125.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-26125",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:19.737",
"lastModified": "2024-03-18T18:15:19.737",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html",
"source": "psirt@adobe.com"
}
]
}

122
CVE-2024/CVE-2024-265xx/CVE-2024-26586.json
View File

@ -2,39 +2,143 @@
"id": "CVE-2024-26586",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.890",
"lastModified": "2024-02-23T09:15:22.820",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:12:44.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_acl_tcam: Fix stack corruption\n\nWhen tc filters are first added to a net device, the corresponding local\nport gets bound to an ACL group in the device. The group contains a list\nof ACLs. In turn, each ACL points to a different TCAM region where the\nfilters are stored. During forwarding, the ACLs are sequentially\nevaluated until a match is found.\n\nOne reason to place filters in different regions is when they are added\nwith decreasing priorities and in an alternating order so that two\nconsecutive filters can never fit in the same region because of their\nkey usage.\n\nIn Spectrum-2 and newer ASICs the firmware started to report that the\nmaximum number of ACLs in a group is more than 16, but the layout of the\nregister that configures ACL groups (PAGT) was not updated to account\nfor that. It is therefore possible to hit stack corruption [1] in the\nrare case where more than 16 ACLs in a group are required.\n\nFix by limiting the maximum ACL group size to the minimum between what\nthe firmware reports and the maximum ACLs that fit in the PAGT register.\n\nAdd a test case to make sure the machine does not crash when this\ncondition is hit.\n\n[1]\nKernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120\n[...]\n dump_stack_lvl+0x36/0x50\n panic+0x305/0x330\n __stack_chk_fail+0x15/0x20\n mlxsw_sp_acl_tcam_group_update+0x116/0x120\n mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110\n mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20\n mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0\n mlxsw_sp_acl_rule_add+0x47/0x240\n mlxsw_sp_flower_replace+0x1a9/0x1d0\n tc_setup_cb_add+0xdc/0x1c0\n fl_hw_replace_filter+0x146/0x1f0\n fl_change+0xc17/0x1360\n tc_new_tfilter+0x472/0xb90\n rtnetlink_rcv_msg+0x313/0x3b0\n netlink_rcv_skb+0x58/0x100\n netlink_unicast+0x244/0x390\n netlink_sendmsg+0x1e4/0x440\n ____sys_sendmsg+0x164/0x260\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xc0\n do_syscall_64+0x40/0xe0\n entry_SYSCALL_64_after_hwframe+0x63/0x6b"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mlxsw: espectro_acl_tcam: corrige la corrupci\u00f3n de la pila Cuando los filtros tc se agregan por primera vez a un dispositivo de red, el puerto local correspondiente se vincula a un grupo ACL en el dispositivo. El grupo contiene una lista de ACL. A su vez, cada ACL apunta a una regi\u00f3n TCAM diferente donde se almacenan los filtros. Durante el reenv\u00edo, las ACL se eval\u00faan secuencialmente hasta que se encuentra una coincidencia. Una raz\u00f3n para colocar filtros en diferentes regiones es cuando se agregan con prioridades decrecientes y en orden alterno, de modo que dos filtros consecutivos nunca puedan caber en la misma regi\u00f3n debido a su uso clave. En Spectrum-2 y ASIC m\u00e1s nuevos, el firmware comenz\u00f3 a informar que la cantidad m\u00e1xima de ACL en un grupo es superior a 16, pero el dise\u00f1o del registro que configura los grupos de ACL (PAGT) no se actualiz\u00f3 para tener en cuenta eso. Por lo tanto, es posible sufrir da\u00f1os en la pila [1] en el raro caso de que se requieran m\u00e1s de 16 ACL en un grupo. Se soluciona limitando el tama\u00f1o m\u00e1ximo del grupo de ACL al m\u00ednimo entre lo que informa el firmware y las ACL m\u00e1ximas que caben en el registro PAGT. Agregue un caso de prueba para asegurarse de que la m\u00e1quina no falle cuando se cumpla esta condici\u00f3n. [1] P\u00e1nico del kernel - no se sincroniza: stack-protector: La pila del kernel est\u00e1 da\u00f1ada en: mlxsw_sp_acl_tcam_group_update+0x116/0x120 [...] dump_stack_lvl+0x36/0x50 p\u00e1nico+0x305/0x330 __stack_chk_fail+0x15/0x20 mlxsw_sp_acl_tcam_group_update+ 0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach +0x69/0x110 mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb _add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb +0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x 40/0xe0 entrada_SYSCALL_64_after_hwframe+0x63/0x6b"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.0",
"versionEndExcluding": "5.10.209",
"matchCriteriaId": "5245A999-9650-493B-AC31-51FA3157651F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "E25E1389-4B0F-407A-9C94-5908FF3EE88B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "6.1.79",
"matchCriteriaId": "3B0A907E-1010-4294-AEFE-0EB5684AF52C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

85
CVE-2024/CVE-2024-265xx/CVE-2024-26587.json
View File

@ -2,27 +2,100 @@
"id": "CVE-2024-26587",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.937",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:09:54.027",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netdevsim: don't try to destroy PHC on VFs\n\nPHC gets initialized in nsim_init_netdevsim(), which\nis only called if (nsim_dev_port_is_pf()).\n\nCreate a counterpart of nsim_init_netdevsim() and\nmove the mock_phc_destroy() there.\n\nThis fixes a crash trying to destroy netdevsim with\nVFs instantiated, as caught by running the devlink.sh test:\n\n BUG: kernel NULL pointer dereference, address: 00000000000000b8\n RIP: 0010:mock_phc_destroy+0xd/0x30\n Call Trace:\n <TASK>\n nsim_destroy+0x4a/0x70 [netdevsim]\n __nsim_dev_port_del+0x47/0x70 [netdevsim]\n nsim_dev_reload_destroy+0x105/0x120 [netdevsim]\n nsim_drv_remove+0x2f/0xb0 [netdevsim]\n device_release_driver_internal+0x1a1/0x210\n bus_remove_device+0xd5/0x120\n device_del+0x159/0x490\n device_unregister+0x12/0x30\n del_device_store+0x11a/0x1a0 [netdevsim]\n kernfs_fop_write_iter+0x130/0x1d0\n vfs_write+0x30b/0x4b0\n ksys_write+0x69/0xf0\n do_syscall_64+0xcc/0x1e0\n entry_SYSCALL_64_after_hwframe+0x6f/0x77"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: netdevsim: no intente destruir PHC en VF PHC se inicializa en nsim_init_netdevsim(), que s\u00f3lo se llama si (nsim_dev_port_is_pf()). Cree una contraparte de nsim_init_netdevsim() y mueva el mock_phc_destroy() all\u00ed. Esto soluciona un fallo al intentar destruir netdevsim con VF instanciados, detectado al ejecutar la prueba devlink.sh: ERROR: desreferencia del puntero NULL del n\u00facleo, direcci\u00f3n: 00000000000000b8 RIP: 0010:mock_phc_destroy+0xd/0x30 Seguimiento de llamadas: nsim_destroy+0x4a /0x70 [netdevsim] __nsim_dev_port_del+0x47/0x70 [netdevsim] nsim_dev_reload_destroy+0x105/0x120 [netdevsim] nsim_drv_remove+0x2f/0xb0 [netdevsim] dispositivo_release_driver_internal+0x1a1/0x210 bus_remove_device+0xd5/0x120 dispositivo_del+0x159/0x490 dispositivo_unregister+0x12/0x30 del_device_store +0x11a/0x1a0 [netdevsim] kernfs_fop_write_iter+0x130/0x1d0 vfs_write+0x30b/0x4b0 ksys_write+0x69/0xf0 do_syscall_64+0xcc/0x1e0 Entry_SYSCALL_64_after_hwframe+0x6f/0x77"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "E897E511-6471-443B-B59F-2A7FC2AE655F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/08aca65997fb6f233066883b1f1e653bcb1f26ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c5068e442eed063d2f1658e6b6d3c1c6fcf1e588",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ea937f77208323d35ffe2f8d8fc81b00118bfcda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

97
CVE-2024/CVE-2024-265xx/CVE-2024-26588.json
View File

@ -2,31 +2,114 @@
"id": "CVE-2024-26588",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:08.980",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T18:02:15.647",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: BPF: Prevent out-of-bounds memory access\n\nThe test_tag test triggers an unhandled page fault:\n\n # ./test_tag\n [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70\n [ 130.640501] Oops[#3]:\n [ 130.640553] CPU: 0 PID: 1326 Comm: test_tag Tainted: G D O 6.7.0-rc4-loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a\n [ 130.640764] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022\n [ 130.640874] pc 9000000003137f7c ra 9000000003139e70 tp 9000000104cb4000 sp 9000000104cb7a40\n [ 130.641001] a0 ffff80001b894000 a1 ffff80001b897ff8 a2 000000006ba210be a3 0000000000000000\n [ 130.641128] a4 000000006ba210be a5 00000000000000f1 a6 00000000000000b3 a7 0000000000000000\n [ 130.641256] t0 0000000000000000 t1 00000000000007f6 t2 0000000000000000 t3 9000000004091b70\n [ 130.641387] t4 000000006ba210be t5 0000000000000004 t6 fffffffffffffff0 t7 90000000040913e0\n [ 130.641512] t8 0000000000000005 u0 0000000000000dc0 s9 0000000000000009 s0 9000000104cb7ae0\n [ 130.641641] s1 00000000000007f6 s2 0000000000000009 s3 0000000000000095 s4 0000000000000000\n [ 130.641771] s5 ffff80001b894000 s6 ffff80001b897fb0 s7 9000000004090c50 s8 0000000000000000\n [ 130.641900] ra: 9000000003139e70 build_body+0x1fcc/0x4988\n [ 130.642007] ERA: 9000000003137f7c build_body+0xd8/0x4988\n [ 130.642112] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE)\n [ 130.642261] PRMD: 00000004 (PPLV0 +PIE -PWE)\n [ 130.642353] EUEN: 00000003 (+FPE +SXE -ASXE -BTE)\n [ 130.642458] ECFG: 00071c1c (LIE=2-4,10-12 VS=7)\n [ 130.642554] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0)\n [ 130.642658] BADV: ffff80001b898004\n [ 130.642719] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000)\n [ 130.642815] Modules linked in: [last unloaded: bpf_testmod(O)]\n [ 130.642924] Process test_tag (pid: 1326, threadinfo=00000000f7f4015f, task=000000006499f9fd)\n [ 130.643062] Stack : 0000000000000000 9000000003380724 0000000000000000 0000000104cb7be8\n [ 130.643213] 0000000000000000 25af8d9b6e600558 9000000106250ea0 9000000104cb7ae0\n [ 130.643378] 0000000000000000 0000000000000000 9000000104cb7be8 90000000049f6000\n [ 130.643538] 0000000000000090 9000000106250ea0 ffff80001b894000 ffff80001b894000\n [ 130.643685] 00007ffffb917790 900000000313ca94 0000000000000000 0000000000000000\n [ 130.643831] ffff80001b894000 0000000000000ff7 0000000000000000 9000000100468000\n [ 130.643983] 0000000000000000 0000000000000000 0000000000000040 25af8d9b6e600558\n [ 130.644131] 0000000000000bb7 ffff80001b894048 0000000000000000 0000000000000000\n [ 130.644276] 9000000104cb7be8 90000000049f6000 0000000000000090 9000000104cb7bdc\n [ 130.644423] ffff80001b894000 0000000000000000 00007ffffb917790 90000000032acfb0\n [ 130.644572] ...\n [ 130.644629] Call Trace:\n [ 130.644641] [<9000000003137f7c>] build_body+0xd8/0x4988\n [ 130.644785] [<900000000313ca94>] bpf_int_jit_compile+0x228/0x4ec\n [ 130.644891] [<90000000032acfb0>] bpf_prog_select_runtime+0x158/0x1b0\n [ 130.645003] [<90000000032b3504>] bpf_prog_load+0x760/0xb44\n [ 130.645089] [<90000000032b6744>] __sys_bpf+0xbb8/0x2588\n [ 130.645175] [<90000000032b8388>] sys_bpf+0x20/0x2c\n [ 130.645259] [<9000000003f6ab38>] do_syscall+0x7c/0x94\n [ 130.645369] [<9000000003121c5c>] handle_syscall+0xbc/0x158\n [ 130.645507]\n [ 130.645539] Code: 380839f6 380831f9 28412bae <24000ca6> 004081ad 0014cb50 004083e8 02bff34c 58008e91\n [ 130.645729]\n [ 130.646418] ---[ end trace 0000000000000000 ]---\n\nOn my machine, which has CONFIG_PAGE_SIZE_16KB=y, the test failed at\nloading a BPF prog with 2039 instructions:\n\n prog = (struct bpf_prog *)ffff80001b894000\n insn = (struct bpf_insn *)(prog->insnsi)fff\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: LoongArch: BPF: evita el acceso a la memoria fuera de los l\u00edmites La prueba test_tag desencadena un error de p\u00e1gina no controlada: # ./test_tag [130.640218] CPU 0 No se puede manejar la solicitud de paginaci\u00f3n del kernel en virtual direcci\u00f3n ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70 [ 130.640501] Ups[#3]: [ 130.640553] CPU: 0 PID: 1326 Comm: test_tag Contaminado: GDO 6.7.0-rc4 -loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a [130.640764] Nombre de hardware: QEMU QEMU M\u00e1quina virtual, BIOS desconocido 2/2/2022 [ 130.640874] pc 9000000003137f7c ra 9000000003139e70 tp 9000000104cb4000 sp 9000000104cb7a40 [ 13 0.641001] a0 ffff80001b894000 a1 ffff80001b897ff8 a2 000000006ba210be a3 0000000000000000 [ 130.641128] a4 000000006ba210be a5 00000000000000 f1 a6 00000000000000b3 a7 0000000000000000 [ 130.641256] t0 00000000000000000 t1 00000000000007f6 t2 00000000000000000 t3 9000000004091b70 [ 130.641387] t4 00 0000006ba210be t5 0000000000000004 t6 ffffffffffffffff0 t7 90000000040913e0 [ 130.641512] t8 00000000000000005 u0 0000000000000dc0 s9 000000000 0000009 s0 9000000104cb7ae0 [ 130.641641] s1 00000000000007f6 s2 0000000000000009 s3 00000000000000095 s4 0000000000000000 [ 130.6 41771] s5 ffff80001b894000 s6 ffff80001b897fb0 s7 9000000004090c50 s8 0000000000000000 [ 130.641900] ra: 9000000003139e70 build_body+0x1fcc/0x4988 [ 130.642007] ERA: 9 000000003137f7c build_body+0xd8/0x4988 [ 130.642112] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE ) [ 130.642261] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 130.642353] EUEN: 00000003 (+FPE +SXE -ASXE -BTE) [ 130.642458] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 130.642554] ESTAT: 00010000 [PIL] (IS= ECode=1 EssubCode=0) [ 130.642658] BADV: ffff80001b898004 [ 130.642719] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 1 30.642815] M\u00f3dulos vinculados en: [\u00faltima descarga : bpf_testmod(O)] [130.642924] Procesar test_tag (pid: 1326, threadinfo=00000000f7f4015f, tarea=000000006499f9fd) [130.643062] Pila: 0000000000000000 900000000338072 4 0000000000000000 0000000104cb7be8 [ 130.643213] 0000000000000000 25af8d9b6e600558 9000000106250ea0 9000000104cb7ae0 [ 130.643378] 0 000000000000000 0000000000000000 9000000104cb7be8 90000000049f6000 [ 130.643538] 0000000000000090 9000000106250ea0 ffff80001b894000 ffff80001b894000 [ 130.643685] 00007ffffb917790 900000000313ca94 00000000000000000 0000000000000000 [ 130.643831] ffff80001b894000 0000000000000ff7 0000000000000000 9000000100468000 [ 130.643983] 00000000000000000 0000000000000000 0000000000000040 25af8d9b6e600558 [ 130.644131] 0000000000000bb7 ffff80001b894048 0000000000000000 00000000000000 000 [ 130.644276] 9000000104cb7be8 90000000049f6000 0000000000000090 9000000104cb7bdc [ 130.644423] ffff80001b894000 0000000000000000 0 00007ffffb917790 90000000032acfb0 [ 130.644572] . .. [ 130.644629] Seguimiento de llamadas: [ 130.644641] [&lt;9000000003137f7c&gt;] build_body+0xd8/0x4988 [ 130.644785] [&lt;900000000313ca94&gt;] bpf_int_jit_compile+0x228/0x4ec [ 1 30.644891] [&lt;90000000032acfb0&gt;] bpf_prog_select_runtime+0x158/0x1b0 [ 130.645003] [&lt;90000000032b3504&gt;] bpf_prog_load+0x760/0xb44 [ 130.645089] [&lt;90000000032b6744&gt;] __sys_bpf+0xbb8/0x2588 [ 130.645175] [&lt;90000000032b838 8&gt;] sys_bpf+0x20/0x2c [ 130.645259] [&lt;9000000003f6ab38&gt;] do_syscall+0x7c/0x94 [ 130.645369] [&lt;9000000003121c5c&gt;] handle_syscall+0xbc/0x158 [ 130.645507] [ 130.645539] C\u00f3digo: 380839f6 380831f9 28412bae &lt;24000ca6&gt; 004081ad 0014 cb50 004083e8 02bff34c 58008e91 [ 130.645729] [ 130.646418] ---[ final de seguimiento 0000000000000000 ]--- En mi m\u00e1quina, que tiene CONFIG_PAGE_SIZE_16KB=y, la prueba fall\u00f3 al cargar un programa BPF con 2039 instrucciones: prog = (struct bpf_prog *)ffff80001b894000 insn = (struct bpf_insn *)(prog-&gt;insnsi)fff ---truncado---"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "629687A6-C726-46A0-ACBC-1FA1053A6DF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/36a87385e31c9343af9a4756598e704741250a67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4631c2dd69d928bca396f9f58baeddf85e14ced5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7924ade13a49c0067da6ea13e398102979c0654a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9aeb09f4d85a87bac46c010d75a2ea299d462f28",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

110
CVE-2024/CVE-2024-265xx/CVE-2024-26589.json
View File

@ -2,35 +2,129 @@
"id": "CVE-2024-26589",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:09.050",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T17:56:56.953",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Reject variable offset alu on PTR_TO_FLOW_KEYS\n\nFor PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off\nfor validation. However, variable offset ptr alu is not prohibited\nfor this ptr kind. So the variable offset is not checked.\n\nThe following prog is accepted:\n\n func#0 @0\n 0: R1=ctx() R10=fp0\n 0: (bf) r6 = r1 ; R1=ctx() R6_w=ctx()\n 1: (79) r7 = *(u64 *)(r6 +144) ; R6_w=ctx() R7_w=flow_keys()\n 2: (b7) r8 = 1024 ; R8_w=1024\n 3: (37) r8 /= 1 ; R8_w=scalar()\n 4: (57) r8 &= 1024 ; R8_w=scalar(smin=smin32=0,\n smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400))\n 5: (0f) r7 += r8\n mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1\n mark_precise: frame0: regs=r8 stack= before 4: (57) r8 &= 1024\n mark_precise: frame0: regs=r8 stack= before 3: (37) r8 /= 1\n mark_precise: frame0: regs=r8 stack= before 2: (b7) r8 = 1024\n 6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off\n =(0x0; 0x400)) R8_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=1024,\n var_off=(0x0; 0x400))\n 6: (79) r0 = *(u64 *)(r7 +0) ; R0_w=scalar()\n 7: (95) exit\n\nThis prog loads flow_keys to r7, and adds the variable offset r8\nto r7, and finally causes out-of-bounds access:\n\n BUG: unable to handle page fault for address: ffffc90014c80038\n [...]\n Call Trace:\n <TASK>\n bpf_dispatcher_nop_func include/linux/bpf.h:1231 [inline]\n __bpf_prog_run include/linux/filter.h:651 [inline]\n bpf_prog_run include/linux/filter.h:658 [inline]\n bpf_prog_run_pin_on_cpu include/linux/filter.h:675 [inline]\n bpf_flow_dissect+0x15f/0x350 net/core/flow_dissector.c:991\n bpf_prog_test_run_flow_dissector+0x39d/0x620 net/bpf/test_run.c:1359\n bpf_prog_test_run kernel/bpf/syscall.c:4107 [inline]\n __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475\n __do_sys_bpf kernel/bpf/syscall.c:5561 [inline]\n __se_sys_bpf kernel/bpf/syscall.c:5559 [inline]\n __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:5559\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x63/0x6b\n\nFix this by rejecting ptr alu with variable offset on flow_keys.\nApplying the patch rejects the program with \"R7 pointer arithmetic\non flow_keys prohibited\"."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Rechazar variable offset alu en PTR_TO_FLOW_KEYS Para PTR_TO_FLOW_KEYS, check_flow_keys_access() solo usa fijo para la validaci\u00f3n. Sin embargo, el desplazamiento variable ptr alu no est\u00e1 prohibido para este tipo de ptr. Por lo tanto, el desplazamiento variable no se verifica. Se acepta el siguiente programa: func#0 @0 0: R1=ctx() R10=fp0 0: (bf) r6 = r1; R1=ctx() R6_w=ctx() 1: (79) r7 = *(u64 *)(r6 +144) ; R6_w=ctx() R7_w=flujo_keys() 2: (b7) r8 = 1024 ; R8_w=1024 3: (37) r8 /= 1 ; R8_w=escalar() 4: (57) r8 &amp;= 1024 ; R8_w=escalar(smin=smin32=0, smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400)) 5: (0f) r7 += r8 mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1 mark_precise: frame0: regs=r8 pila= antes de 4: (57) r8 &amp;= 1024 mark_precise: frame0: regs=r8 pila= antes de 3: (37) r8 /= 1 mark_precise: frame0: regs=r8 pila= antes de 2: (b7 ) r8 = 1024 6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off =(0x0; 0x400)) R8_w=escalar(smin=smin32=0,smax=umax=smax32= umax32=1024, var_off=(0x0; 0x400)) 6: (79) r0 = *(u64 *)(r7 +0) ; R0_w=scalar() 7: (95) salida Este programa carga flow_keys en r7, agrega la variable offset r8 a r7 y finalmente causa acceso fuera de l\u00edmites: ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: ffffc90014c80038 [. ..] Seguimiento de llamadas: bpf_dispatcher_nop_func include/linux/bpf.h:1231 [en l\u00ednea] __bpf_prog_run include/linux/filter.h:651 [en l\u00ednea] bpf_prog_run include/linux/filter.h:658 [en l\u00ednea] bpf_prog_run_pin_on_cpu include /linux/filter.h:675 [Inline] BPF_FLOW_DISSECT+0x15f/0x350 net/Core/Flow_Dissector.C: 991 BPF_Prog_Test_Run_Flow_Dissector+0x39D/0x620 NET/BPF/Test_Run.C: 1359 BPF_PRF_TISM 4107 [ en l\u00ednea] __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475 __do_sys_bpf kernel/bpf/syscall.c:5561 [en l\u00ednea] __se_sys_bpf kernel/bpf/syscall.c:5559 [en l\u00ednea] __x64_sys_bpf+0x73 /0xb0 kernel/bpf /syscall.c:5559 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63/0x6b Solucionar esto rechazando ptr alu con variable compensaci\u00f3n en flow_keys. La aplicaci\u00f3n del parche rechaza el programa con \"La aritm\u00e9tica de puntero R7 en flow_keys est\u00e1 prohibida\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "AA78B893-1AFA-45A8-B893-D137A10AE798"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/29ffa63f21bcdcef3e36b03cccf9d0cd031f6ab0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4108b86e324da42f7ed425bd71632fd844300dc8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e8d3872b617c21100c5ee4f64e513997a68c2e3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

87
CVE-2024/CVE-2024-265xx/CVE-2024-26590.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26590",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:09.103",
"lastModified": "2024-03-01T14:15:54.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T17:54:20.197",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -14,23 +14,96 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: corrige el formato de compresi\u00f3n por archivo inconsistente EROFS puede seleccionar algoritmos de compresi\u00f3n por archivo, y cada algoritmo de compresi\u00f3n por archivo debe marcarse en el superbloque del disco para la inicializaci\u00f3n. Sin embargo, syzkaller puede generar im\u00e1genes manipuladas inconsistentes que usan un tipo de algoritmo no compatible para inodos espec\u00edficos, por ejemplo, usa el tipo de algoritmo MicroLZMA incluso si no est\u00e1 configurado en `sbi-&gt;available_compr_algs`. Esto puede provocar un \"ERROR: desreferencia del puntero NULL del kernel\" inesperado si el descompresor correspondiente no est\u00e1 integrado. Solucione este problema comprobando con `sbi-&gt;available_compr_algs` para cada solicitud de m_algorithmformat. El mapa de bits preestablecido !erofs_sb_has_compr_cfgs incorrecto ahora se corrige porque antes era inofensivo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "994455F4-AD13-47A7-8A3D-D64154176EFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eed24b816e50c6cd18cbee0ff0d7218c8fced199",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

109
CVE-2024/CVE-2024-265xx/CVE-2024-26591.json
View File

@ -2,35 +2,128 @@
"id": "CVE-2024-26591",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:09.157",
"lastModified": "2024-02-22T19:07:27.197",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-03-18T17:54:44.267",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix re-attachment branch in bpf_tracing_prog_attach\n\nThe following case can cause a crash due to missing attach_btf:\n\n1) load rawtp program\n2) load fentry program with rawtp as target_fd\n3) create tracing link for fentry program with target_fd = 0\n4) repeat 3\n\nIn the end we have:\n\n- prog->aux->dst_trampoline == NULL\n- tgt_prog == NULL (because we did not provide target_fd to link_create)\n- prog->aux->attach_btf == NULL (the program was loaded with attach_prog_fd=X)\n- the program was loaded for tgt_prog but we have no way to find out which one\n\n BUG: kernel NULL pointer dereference, address: 0000000000000058\n Call Trace:\n <TASK>\n ? __die+0x20/0x70\n ? page_fault_oops+0x15b/0x430\n ? fixup_exception+0x22/0x330\n ? exc_page_fault+0x6f/0x170\n ? asm_exc_page_fault+0x22/0x30\n ? bpf_tracing_prog_attach+0x279/0x560\n ? btf_obj_id+0x5/0x10\n bpf_tracing_prog_attach+0x439/0x560\n __sys_bpf+0x1cf4/0x2de0\n __x64_sys_bpf+0x1c/0x30\n do_syscall_64+0x41/0xf0\n entry_SYSCALL_64_after_hwframe+0x6e/0x76\n\nReturn -EINVAL in this situation."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bpf: Se corrigi\u00f3 la rama de re-adjunci\u00f3n en bpf_tracing_prog_attach El siguiente caso puede causar un bloqueo debido a la falta de adjunto_btf: 1) cargar el programa rawtp 2) cargar el programa fentry con rawtp como target_fd 3) crear enlace de seguimiento para el programa fentry con target_fd = 0 4) repetir 3 Al final tenemos: - prog-&gt;aux-&gt;dst_trampoline == NULL - tgt_prog == NULL (porque no proporcionamos target_fd para link_create) - prog-&gt;aux -&gt;attach_btf == NULL (el programa se carg\u00f3 con adjunto_prog_fd=X) - el programa se carg\u00f3 para tgt_prog pero no tenemos forma de averiguar cu\u00e1l ERROR: desreferencia del puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000058 Seguimiento de llamadas: ? __morir+0x20/0x70 ? page_fault_oops+0x15b/0x430? fixup_exception+0x22/0x330? exc_page_fault+0x6f/0x170? asm_exc_page_fault+0x22/0x30? bpf_tracing_prog_attach+0x279/0x560? btf_obj_id+0x5/0x10 bpf_tracing_prog_attach+0x439/0x560 __sys_bpf+0x1cf4/0x2de0 __x64_sys_bpf+0x1c/0x30 do_syscall_64+0x41/0xf0 Entry_SYSCALL_64_after_hwframe+0x6e/ 0x76 Devuelve -EINVAL en esta situaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "E1A09298-F667-42CA-A661-8C8904F88C4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "2C4951FA-80C0-4B4C-9836-6E5035DEB0F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2.0",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "BDBBEB0E-D13A-4567-8984-51C5375350B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.0",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "0EA3778C-730B-464C-8023-18CA6AC0B807"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/50ae82f080cf87e84828f066c31723b781d68f5b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/715d82ba636cb3629a6e18a33bb9dbe53f9936ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8c8bcd45e9b10eef12321f08d2e5be33d615509c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a7b98aa10f895e2569403896f2d19b73b6c95653",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

63
CVE-2024/CVE-2024-270xx/CVE-2024-27096.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-27096",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-18T17:15:06.327",
"lastModified": "2024-03-18T17:15:06.327",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/61a0c2302b4f633f5065358adc36058e1abc37f9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.13",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-2x8m-vrcm-2jqv",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-270xx/CVE-2024-27098.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-27098",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-18T17:15:06.593",
"lastModified": "2024-03-18T17:15:06.593",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.13",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-271xx/CVE-2024-27104.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-27104",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-18T17:15:06.890",
"lastModified": "2024-03-18T17:15:06.890",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/b409ca437864607b03c2014b9e3293b7f141af65",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.13",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj",
"source": "security-advisories@github.com"
}
]
}

63
CVE-2024/CVE-2024-279xx/CVE-2024-27914.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-27914",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-18T17:15:07.130",
"lastModified": "2024-03-18T17:15:07.130",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13.\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/glpi-project/glpi/commit/69e0dee8de0c0df139b42dbfa1a8997888c2af95",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/releases/tag/10.0.13",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r",
"source": "security-advisories@github.com"
}
]
}

36
CVE-2024/CVE-2024-280xx/CVE-2024-28054.json Normal file
View File

@ -0,0 +1,36 @@
{
"id": "CVE-2024-28054",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-18T17:15:07.360",
"lastModified": "2024-03-18T17:15:07.360",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware."
}
],
"metrics": {},
"references": [
{
"url": "https://gitlab.com/amavis/amavis/-/issues/112",
"source": "cve@mitre.org"
},
{
"url": "https://gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054",
"source": "cve@mitre.org"
},
{
"url": "https://lists.amavis.org/pipermail/amavis-users/2024-March/006811.html",
"source": "cve@mitre.org"
},
{
"url": "https://metacpan.org/pod/MIME::Tools",
"source": "cve@mitre.org"
},
{
"url": "https://www.amavis.org/release-notes.txt",
"source": "cve@mitre.org"
}
]
}

73
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-18T17:00:30.097810+00:00
2024-03-18T19:00:37.989828+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-18T16:15:09.830000+00:00
2024-03-18T18:45:59.157000+00:00
```
### Last Data Feed Release
@ -29,38 +29,63 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
241857
241912
```
### CVEs added in the last Commit
Recently added CVEs: `18`
Recently added CVEs: `55`
* [CVE-2024-1331](CVE-2024/CVE-2024-13xx/CVE-2024-1331.json) (`2024-03-18T16:15:07.103`)
* [CVE-2024-1333](CVE-2024/CVE-2024-13xx/CVE-2024-1333.json) (`2024-03-18T16:15:07.170`)
* [CVE-2024-1658](CVE-2024/CVE-2024-16xx/CVE-2024-1658.json) (`2024-03-18T16:15:07.227`)
* [CVE-2024-1753](CVE-2024/CVE-2024-17xx/CVE-2024-1753.json) (`2024-03-18T15:15:41.170`)
* [CVE-2024-2050](CVE-2024/CVE-2024-20xx/CVE-2024-2050.json) (`2024-03-18T16:15:08.903`)
* [CVE-2024-2051](CVE-2024/CVE-2024-20xx/CVE-2024-2051.json) (`2024-03-18T16:15:09.130`)
* [CVE-2024-2052](CVE-2024/CVE-2024-20xx/CVE-2024-2052.json) (`2024-03-18T16:15:09.337`)
* [CVE-2024-20745](CVE-2024/CVE-2024-207xx/CVE-2024-20745.json) (`2024-03-18T15:15:41.380`)
* [CVE-2024-20746](CVE-2024/CVE-2024-207xx/CVE-2024-20746.json) (`2024-03-18T15:15:41.580`)
* [CVE-2024-20752](CVE-2024/CVE-2024-207xx/CVE-2024-20752.json) (`2024-03-18T16:15:07.380`)
* [CVE-2024-20755](CVE-2024/CVE-2024-207xx/CVE-2024-20755.json) (`2024-03-18T16:15:07.640`)
* [CVE-2024-20756](CVE-2024/CVE-2024-207xx/CVE-2024-20756.json) (`2024-03-18T16:15:07.933`)
* [CVE-2024-20757](CVE-2024/CVE-2024-207xx/CVE-2024-20757.json) (`2024-03-18T16:15:08.193`)
* [CVE-2024-22257](CVE-2024/CVE-2024-222xx/CVE-2024-22257.json) (`2024-03-18T15:15:41.790`)
* [CVE-2024-2229](CVE-2024/CVE-2024-22xx/CVE-2024-2229.json) (`2024-03-18T16:15:09.580`)
* [CVE-2024-2390](CVE-2024/CVE-2024-23xx/CVE-2024-2390.json) (`2024-03-18T16:15:09.830`)
* [CVE-2024-27930](CVE-2024/CVE-2024-279xx/CVE-2024-27930.json) (`2024-03-18T16:15:08.453`)
* [CVE-2024-27937](CVE-2024/CVE-2024-279xx/CVE-2024-27937.json) (`2024-03-18T16:15:08.690`)
* [CVE-2024-26064](CVE-2024/CVE-2024-260xx/CVE-2024-26064.json) (`2024-03-18T18:15:15.197`)
* [CVE-2024-26065](CVE-2024/CVE-2024-260xx/CVE-2024-26065.json) (`2024-03-18T18:15:15.440`)
* [CVE-2024-26067](CVE-2024/CVE-2024-260xx/CVE-2024-26067.json) (`2024-03-18T18:15:15.667`)
* [CVE-2024-26069](CVE-2024/CVE-2024-260xx/CVE-2024-26069.json) (`2024-03-18T18:15:15.923`)
* [CVE-2024-26073](CVE-2024/CVE-2024-260xx/CVE-2024-26073.json) (`2024-03-18T18:15:16.177`)
* [CVE-2024-26080](CVE-2024/CVE-2024-260xx/CVE-2024-26080.json) (`2024-03-18T18:15:16.417`)
* [CVE-2024-26094](CVE-2024/CVE-2024-260xx/CVE-2024-26094.json) (`2024-03-18T18:15:16.690`)
* [CVE-2024-26096](CVE-2024/CVE-2024-260xx/CVE-2024-26096.json) (`2024-03-18T18:15:16.917`)
* [CVE-2024-26101](CVE-2024/CVE-2024-261xx/CVE-2024-26101.json) (`2024-03-18T18:15:17.123`)
* [CVE-2024-26102](CVE-2024/CVE-2024-261xx/CVE-2024-26102.json) (`2024-03-18T18:15:17.370`)
* [CVE-2024-26103](CVE-2024/CVE-2024-261xx/CVE-2024-26103.json) (`2024-03-18T18:15:17.600`)
* [CVE-2024-26104](CVE-2024/CVE-2024-261xx/CVE-2024-26104.json) (`2024-03-18T18:15:17.837`)
* [CVE-2024-26105](CVE-2024/CVE-2024-261xx/CVE-2024-26105.json) (`2024-03-18T18:15:18.100`)
* [CVE-2024-26106](CVE-2024/CVE-2024-261xx/CVE-2024-26106.json) (`2024-03-18T18:15:18.350`)
* [CVE-2024-26107](CVE-2024/CVE-2024-261xx/CVE-2024-26107.json) (`2024-03-18T18:15:18.547`)
* [CVE-2024-26118](CVE-2024/CVE-2024-261xx/CVE-2024-26118.json) (`2024-03-18T18:15:18.767`)
* [CVE-2024-26119](CVE-2024/CVE-2024-261xx/CVE-2024-26119.json) (`2024-03-18T18:15:19.000`)
* [CVE-2024-26120](CVE-2024/CVE-2024-261xx/CVE-2024-26120.json) (`2024-03-18T18:15:19.290`)
* [CVE-2024-26124](CVE-2024/CVE-2024-261xx/CVE-2024-26124.json) (`2024-03-18T18:15:19.503`)
* [CVE-2024-26125](CVE-2024/CVE-2024-261xx/CVE-2024-26125.json) (`2024-03-18T18:15:19.737`)
* [CVE-2024-27096](CVE-2024/CVE-2024-270xx/CVE-2024-27096.json) (`2024-03-18T17:15:06.327`)
* [CVE-2024-27098](CVE-2024/CVE-2024-270xx/CVE-2024-27098.json) (`2024-03-18T17:15:06.593`)
* [CVE-2024-27104](CVE-2024/CVE-2024-271xx/CVE-2024-27104.json) (`2024-03-18T17:15:06.890`)
* [CVE-2024-27914](CVE-2024/CVE-2024-279xx/CVE-2024-27914.json) (`2024-03-18T17:15:07.130`)
* [CVE-2024-28054](CVE-2024/CVE-2024-280xx/CVE-2024-28054.json) (`2024-03-18T17:15:07.360`)
### CVEs modified in the last Commit
Recently modified CVEs: `1`
Recently modified CVEs: `19`
* [CVE-2023-52605](CVE-2023/CVE-2023-526xx/CVE-2023-52605.json) (`2024-03-18T15:15:41.097`)
* [CVE-2023-38509](CVE-2023/CVE-2023-385xx/CVE-2023-38509.json) (`2024-03-18T18:15:07.627`)
* [CVE-2023-41036](CVE-2023/CVE-2023-410xx/CVE-2023-41036.json) (`2024-03-18T18:15:07.780`)
* [CVE-2023-52448](CVE-2023/CVE-2023-524xx/CVE-2023-52448.json) (`2024-03-18T18:38:36.410`)
* [CVE-2023-52449](CVE-2023/CVE-2023-524xx/CVE-2023-52449.json) (`2024-03-18T18:38:16.350`)
* [CVE-2023-52450](CVE-2023/CVE-2023-524xx/CVE-2023-52450.json) (`2024-03-18T18:34:16.497`)
* [CVE-2023-52451](CVE-2023/CVE-2023-524xx/CVE-2023-52451.json) (`2024-03-18T18:33:31.077`)
* [CVE-2023-52452](CVE-2023/CVE-2023-524xx/CVE-2023-52452.json) (`2024-03-18T18:24:33.550`)
* [CVE-2023-6515](CVE-2023/CVE-2023-65xx/CVE-2023-6515.json) (`2024-03-18T18:45:59.157`)
* [CVE-2023-6517](CVE-2023/CVE-2023-65xx/CVE-2023-6517.json) (`2024-03-18T18:45:42.613`)
* [CVE-2023-6518](CVE-2023/CVE-2023-65xx/CVE-2023-6518.json) (`2024-03-18T18:43:21.843`)
* [CVE-2023-6519](CVE-2023/CVE-2023-65xx/CVE-2023-6519.json) (`2024-03-18T18:41:25.520`)
* [CVE-2024-0985](CVE-2024/CVE-2024-09xx/CVE-2024-0985.json) (`2024-03-18T17:15:06.070`)
* [CVE-2024-1753](CVE-2024/CVE-2024-17xx/CVE-2024-1753.json) (`2024-03-18T17:15:06.223`)
* [CVE-2024-26586](CVE-2024/CVE-2024-265xx/CVE-2024-26586.json) (`2024-03-18T18:12:44.400`)
* [CVE-2024-26587](CVE-2024/CVE-2024-265xx/CVE-2024-26587.json) (`2024-03-18T18:09:54.027`)
* [CVE-2024-26588](CVE-2024/CVE-2024-265xx/CVE-2024-26588.json) (`2024-03-18T18:02:15.647`)
* [CVE-2024-26589](CVE-2024/CVE-2024-265xx/CVE-2024-26589.json) (`2024-03-18T17:56:56.953`)
* [CVE-2024-26590](CVE-2024/CVE-2024-265xx/CVE-2024-26590.json) (`2024-03-18T17:54:20.197`)
* [CVE-2024-26591](CVE-2024/CVE-2024-265xx/CVE-2024-26591.json) (`2024-03-18T17:54:44.267`)
## Download and Usage

129
_state.csv
View File

@ -227268,7 +227268,7 @@ CVE-2023-38504,0,0,010bf69aae5659eee63c94c006066569935ea1b14ffd2ea77e84d47d9e1bc
CVE-2023-38505,0,0,b0e4a9fa5f054e49b0ce4f0736498a347dd78e339437c52c30c1050187152a5a,2023-08-03T13:40:43.150000
CVE-2023-38507,0,0,5426b3165e7bcfd976cf2ecb06425e14dec20450ae76c5f7cda8287528b6ed23,2023-09-21T14:09:16.523000
CVE-2023-38508,0,0,f1125d8fc92aeea60580be087aecbfa9f6ec32c3ec4276f93811b99b53f900a5,2023-08-30T18:23:27.400000
CVE-2023-38509,0,0,7a2fc5530306f7c8cb4af043f123ec9cbf46956823ab95f3ffa50c5d1c5e72bd,2023-11-14T18:44:56.647000
CVE-2023-38509,0,1,ad4c82e395d5ca4d14371219a4320da10ad4178c3fd494c53f7996576892237c,2024-03-18T18:15:07.627000
CVE-2023-38510,0,0,cc9f6e5d6fe137855e6061ed3734a4d02b8fd6d4b2c877142bc8032731935641,2023-08-03T13:41:26.167000
CVE-2023-38512,0,0,48ea375ec2be21050759ca7afafe62bf729107adfa4abbdd50e0ef00cc173a36,2023-08-02T21:58:20.263000
CVE-2023-38513,0,0,3f0edfeb0eed5c416920dfeed76e48387672763ef86c1bc7bcc32cb3e76faafd,2023-12-28T20:01:33.403000
@ -229035,7 +229035,7 @@ CVE-2023-41031,0,0,fa06dc6e282969e858e8c5dc155ab5f245538f8019ba16b005f61744d2d88
CVE-2023-41032,0,0,f410dfd85768ddf5a2ea6645a1092a13702a5a32ca1aa4ba60be03642587eb92,2024-02-16T14:25:44.303000
CVE-2023-41033,0,0,432c2e478241045d06c6dc9e8de2a2293de2fb46608088d1fe589122f7bd7135,2024-02-16T14:21:36.573000
CVE-2023-41034,0,0,df3c8214ec838b2f7e0428bdf58fe42c67225d8afd0d610f3c55f6af59d479ec,2023-09-06T19:02:03.790000
CVE-2023-41036,0,0,774e5a607e797246092cd0af3127c9e5e10e3c2caafa9c8c5da53e393557140e,2023-11-14T18:41:48.080000
CVE-2023-41036,0,1,dc9cc3d05cd42811db669b3c8a71f2f2b19a98de6a5efa4bb40960e8e957938f,2024-03-18T18:15:07.780000
CVE-2023-41037,0,0,4ee85b11c6d7699c072401f739fe178dffb6c67b823433c5f33e59628ca9356b,2023-09-08T14:01:40.800000
CVE-2023-41039,0,0,6491382e857e965ef52c50a2e765bfab5a340680777a750c85254c602b98c4fc,2023-09-05T15:06:09.130000
CVE-2023-4104,0,0,eb289d10cd1bc312d5924b8f5710f2e693b9431772b774df9cb71375e3d5f146,2023-09-13T16:34:57.820000
@ -235901,12 +235901,12 @@ CVE-2023-52444,0,0,e4e74b636a9119fb1430d59aa25d18b36c2089ded63e3a22c77190c88140f
CVE-2023-52445,0,0,935e18f4f35f2d58044edd90dd7b35f47e4402522601caceac7b2bae2ab24ab7,2024-03-14T20:13:50.727000
CVE-2023-52446,0,0,14bc79a6a49f12d7cdafb16072e7c790691dec958b76a4059d44e85538fb1528,2024-03-14T19:47:14.733000
CVE-2023-52447,0,0,2b483c12b6cae05ce719aef7a32c19c00143135e9924dab08c849516f96b86ad,2024-03-14T19:46:43.030000
CVE-2023-52448,0,0,45ca63d1d83bb662bb921c12f4cb5398e2d83d6740cccaace641a08f5d1cc271,2024-02-22T19:07:27.197000
CVE-2023-52449,0,0,74efd9336ae00efc2cdb415adabbc06030b4dc03749ec08f043888d1bbbd2ce7,2024-02-22T19:07:27.197000
CVE-2023-52448,0,1,e9ff9b8d841afff7b641dcc5939378295a18b0e5bc6bd33958550414bff682d6,2024-03-18T18:38:36.410000
CVE-2023-52449,0,1,9411282470272d0158afd6197f207e5792b0c088396b3d0b632e2388564a0e66,2024-03-18T18:38:16.350000
CVE-2023-5245,0,0,7b2229d28f421b6ec6b3502eca0d9057fdb533e58501732c83cf6b2fe100d70b,2023-11-22T22:39:07.763000
CVE-2023-52450,0,0,62ba4b532928d45130b755992983dd916c2931163a3faf5c13c8a4bfc6530981,2024-02-22T19:07:27.197000
CVE-2023-52451,0,0,dd5357243310621daf03d3391e71f6e9797187e8dfbaeef82871de6467be9d8b,2024-02-22T19:07:27.197000
CVE-2023-52452,0,0,424e10012ecef470dff5a82b04b0b92b870207704774b0db54219eb6d943a1a0,2024-02-22T19:07:27.197000
CVE-2023-52450,0,1,2bab0519c8c73ad4475ba6c1040107cc3bb5f758499ce6a9019d700dd0c9b8a4,2024-03-18T18:34:16.497000
CVE-2023-52451,0,1,65a739f6d581805ce2cf2b36d79848a56d63f5f7e896bfc143f00d66a3183e39,2024-03-18T18:33:31.077000
CVE-2023-52452,0,1,7baace8ccf50e6e949146023fb757b323cf12c7750b0fc5df8cd239e671f9bac,2024-03-18T18:24:33.550000
CVE-2023-52453,0,0,b843d51593935c6a74120952555120a9bd29a94bce0fad066225b55dc8c9641b,2024-02-23T16:14:43.447000
CVE-2023-52454,0,0,908f6be823e467554ce50e64c61444add21be3278e02dca7c781d52f32ff1759,2024-02-23T16:14:43.447000
CVE-2023-52455,0,0,690ab57a6d056603ec26f549d7c260855122975e5e7016f9f021189c3e75a76d,2024-02-23T16:14:43.447000
@ -236051,7 +236051,7 @@ CVE-2023-52601,0,0,aedaca1a5f2ac5a70620075f5e64cc11991b1a4cb475b87557b4dc9fc6b5f
CVE-2023-52602,0,0,9df2c713c2ee91821d3acf59eff078cb9ffe6c7192927e561b9015fbd6e4f1eb,2024-03-06T15:18:08.093000
CVE-2023-52603,0,0,95334cacfd19b4c87be08facc5dd5b0b88d14d2700cd8b7327de1675b8c44cf6,2024-03-06T15:18:08.093000
CVE-2023-52604,0,0,30f1c16cb3a0cb2fe47a6d739ea3857d9514f4a42f5108accddc2ff67ca64a3a,2024-03-06T15:18:08.093000
CVE-2023-52605,0,1,1b37f3d575cc6fccdf3f2b9baf5dd90683d0ab63d10c2f813ddefc64e14a5b63,2024-03-18T15:15:41.097000
CVE-2023-52605,0,0,1b37f3d575cc6fccdf3f2b9baf5dd90683d0ab63d10c2f813ddefc64e14a5b63,2024-03-18T15:15:41.097000
CVE-2023-52606,0,0,af178db0080c3115d91a437ab5b42adac2141a98dadd572d3736b5223567f757,2024-03-06T15:18:08.093000
CVE-2023-52607,0,0,cd279ac76807826cb38ca9326be0382c8b742bd78a6b07422163f9ab0e29e5d3,2024-03-06T15:18:08.093000
CVE-2023-52608,0,0,cf7b7e55e8f4282fe3aa5b5ec270126b4956cd8a6e010ac62f6f0d8d8eda977e,2024-03-13T14:28:45.217000
@ -237130,11 +237130,11 @@ CVE-2023-6510,0,0,dec908b93e84a7355607a5390d6dfd4522eb01197e394ec1d59b15f822e76e
CVE-2023-6511,0,0,6e9c9df66d5d6dc8e4f56e8e2fdba7ec529133e95fcd90f501e771942ada7146,2024-02-15T20:51:23.697000
CVE-2023-6512,0,0,64d380cef3fda827fb5c24f06d407e7bbe2ae11eddc20026be124aa98b7d5aa7,2024-02-15T20:51:30.973000
CVE-2023-6514,0,0,462d0381adee46f7d1bc8e9e06cc0477813ef83f17d6573090aec4daf5e3641f,2023-12-12T21:20:07.693000
CVE-2023-6515,0,0,b102beac22b429f292ea2035d5f673ef53d565457039900c4209314346dbb845,2024-02-29T01:42:39.177000
CVE-2023-6515,0,1,665e7660817a44a89dc02291972848a80eb6914cb87c75effcf479498a4e37d4,2024-03-18T18:45:59.157000
CVE-2023-6516,0,0,8d8e278edf63387832244e67b195f96c49a53d2672af7853fcd21f91a2ceee97,2024-03-04T03:15:06.827000
CVE-2023-6517,0,0,e5e81823565f5158b4ccf014f733baa9554dfcfc31e80d41dc72481afd469ee7,2024-02-29T01:42:39.260000
CVE-2023-6518,0,0,e3d062576b7097050141de4dd903a0d072519b92dde797e49d0310588295634b,2024-02-29T01:42:39.340000
CVE-2023-6519,0,0,58d4decb20675df4ec8b8844629c6a54629d6a3216de4ac6f7439a94036c3424,2024-02-29T01:42:39.437000
CVE-2023-6517,0,1,22006785d8e480a7a01b2f55b5c0a472607e1a855bbba4095a6033199ad25d7e,2024-03-18T18:45:42.613000
CVE-2023-6518,0,1,9d5bb02edd07c3bd54825f38de72e39ce5320fdc5e3b40310c67a3f1002c3fa6,2024-03-18T18:43:21.843000
CVE-2023-6519,0,1,938bff0cdbcc4f9b09897f4da84c0f6295dd25d14d871fb68a1bc66a22b98822,2024-03-18T18:41:25.520000
CVE-2023-6520,0,0,51cb07e213c2b58051c216c89b744fc7c414cbeef02be0ba128dd84d6c032cdf,2024-01-17T20:43:01.987000
CVE-2023-6524,0,0,c1e8fe40a4048e04c188cd09d174accb2325b4f144f04207980ba18caef1e277,2024-02-02T16:33:29.477000
CVE-2023-6525,0,0,8cb26ebf4a5417a29f3232a50ef34cad6b406a6f9482d2c650edb1c6f244d11e,2024-03-17T22:38:29.433000
@ -238392,7 +238392,7 @@ CVE-2024-0977,0,0,265a9a088dbf9179612f3eba4d6866f7160bf19014cca832dc6a54c521c233
CVE-2024-0978,0,0,bd9486fab4a038f4e847f9788adcccd45ac34e1994eb8b3f3f5dba77cc4513b0,2024-02-29T13:49:29.390000
CVE-2024-0983,0,0,bb1cce9780d9afeb412811ada7cb9acefd8863ec35c930bdc009e174d02d368f,2024-02-29T13:49:29.390000
CVE-2024-0984,0,0,6080915a3c285e627ed886246e31c6de8d5b3ffea571b8480ecb0516c7add805,2024-02-29T13:49:29.390000
CVE-2024-0985,0,0,f6981db683f24b82466e62922b7e40b53cadfe4098ab5850a23ab4f0b081697f,2024-02-15T15:23:49.287000
CVE-2024-0985,0,1,7f62d4f229f42e211d79e54ca95fbe4e7e170d1291d382df953b17f7c27d2355,2024-03-18T17:15:06.070000
CVE-2024-0986,0,0,dacf263e9724d2fbb48d319293bc697aba81239a6cb835c77831ed9110e313e2,2024-02-29T01:43:34.393000
CVE-2024-0987,0,0,60af7a053a1e269f0c04ec68aef89837f7f8488655ca88b23d56c018dfdf6282,2024-02-29T01:43:34.470000
CVE-2024-0988,0,0,288a10b1ed04cc13ffd0b274c6948fb27bdc8fc16e85c95c7a5dbf18bd139483,2024-02-29T01:43:34.563000
@ -238644,8 +238644,8 @@ CVE-2024-1322,0,0,55eb557d746bd5b316565e48cf52968ab1ba8b0aa245d5ad47a485b7878e67
CVE-2024-1323,0,0,f857e29b0540aed96943a25b1179a5166e6aff501672f2c505f52ee84f4e77cb,2024-02-27T14:20:06.637000
CVE-2024-1328,0,0,170c1f134b7c1cc323cdf2a8e98021369f31203dcfb3a0aeb70d869d5dfa5df5,2024-03-12T12:40:13.500000
CVE-2024-1329,0,0,c251ab89131ed5db620ce7b9371daf5508a26377e3f0f0d0996003e3074e8cd1,2024-02-15T18:27:28.837000
CVE-2024-1331,1,1,41839bfe94732befa26cb434ad26b949f191cf8cb288da0fa24d5b507343503e,2024-03-18T16:15:07.103000
CVE-2024-1333,1,1,363ae5a19eb46f9c36e395a7798157c089fbb992cbd65f6117f2473306e371e3,2024-03-18T16:15:07.170000
CVE-2024-1331,0,0,41839bfe94732befa26cb434ad26b949f191cf8cb288da0fa24d5b507343503e,2024-03-18T16:15:07.103000
CVE-2024-1333,0,0,363ae5a19eb46f9c36e395a7798157c089fbb992cbd65f6117f2473306e371e3,2024-03-18T16:15:07.170000
CVE-2024-1334,0,0,516b6a37d8b8fb8f4b837a47c9cc08a680d9b92a54dc10e528435ed6da8b7e27,2024-02-29T13:49:29.390000
CVE-2024-1335,0,0,941b72cae9b146a09d00dcb213f784638d4976b781f5c45ac94e2dc5c09eaae4,2024-02-29T13:49:29.390000
CVE-2024-1336,0,0,f036131783350ce9371f8aaed5a5d9608aa662933f5bef4fa2512d13129eb494,2024-02-29T13:49:29.390000
@ -238832,7 +238832,7 @@ CVE-2024-1651,0,0,b5a1bc561b4d7ae4d1ca2ccf7f79068fb2afa7b09c9ad49805a75edae57e04
CVE-2024-1652,0,0,713b08425ff0d91e3a1f6c5fcc742628e562c3c90970b08c1ec718d504f2db3c,2024-02-27T14:19:41.650000
CVE-2024-1653,0,0,875a0ad46333e774de4f895ea6a9ead74cdbdb6ae6c4ddb02a960bfb85513ae4,2024-02-27T14:19:41.650000
CVE-2024-1654,0,0,eb9626fce310149d4ccf57ea81b4c034dcaf62686ee2c7ca822dc0fc8ca870d9,2024-03-14T12:52:09.877000
CVE-2024-1658,1,1,c9d5e9536cb986ebe7898d05c21bc8f531d6937ae8147ed2968b8c6db8de6a8e,2024-03-18T16:15:07.227000
CVE-2024-1658,0,0,c9d5e9536cb986ebe7898d05c21bc8f531d6937ae8147ed2968b8c6db8de6a8e,2024-03-18T16:15:07.227000
CVE-2024-1661,0,0,24db83c92b829dc6c3c4aa1496bd15ce44d311aaea85d91d099cbad064ada2b4,2024-02-29T01:43:53.173000
CVE-2024-1668,0,0,9fe479fb08a9c3e6acaa42b32d642c1a77a4b3afa3c06ca8b35741f02d9dd1bf,2024-03-13T18:15:58.530000
CVE-2024-1669,0,0,3362eeabf5b6399fda046d3f728ab967509d79cc74a91c5ce260a94031135ec7,2024-02-26T16:27:52.577000
@ -238878,7 +238878,7 @@ CVE-2024-1748,0,0,21505baeaebcf9908a04bf82d4cb4713c61c4f34121be4218d6bba17104cf0
CVE-2024-1749,0,0,f5dc36f2b3c5b49630d54ea9d7d110611078de7ac69bcb5b1effa0637f5c756a,2024-02-29T01:43:54.267000
CVE-2024-1750,0,0,c5946c153e9b3863c3ae1f56422e923359d491538b9997bed7c797eaf3e5cae9,2024-02-29T01:43:54.333000
CVE-2024-1751,0,0,073725f5797dd1a08c13cb9b8b608bec978f19a1ac37e258dfebc8036af5d5ee,2024-03-13T18:15:58.530000
CVE-2024-1753,1,1,c43ba050a20ab0eccfbf2bd3daf59196052eb9c54fa3014e31f636890b313416,2024-03-18T16:15:07.283000
CVE-2024-1753,0,1,6500f8906fba0244daca0652a8626d51ed91ec413c2cf94c3fdb17727f9d19f5,2024-03-18T17:15:06.223000
CVE-2024-1758,0,0,6de6dd43b2bb9af7fe1358bc4934bd64904e9488104279e3470618b288cbdab8,2024-02-26T16:32:25.577000
CVE-2024-1760,0,0,0a20f47041faa81845898be9ba0faa3a27a19a140e382ff1058d2f999acd0fd1,2024-03-06T15:18:08.093000
CVE-2024-1761,0,0,9e36bbb76f5c2b7f4a9f5c6274a1f378aa86f86f618e6f962a515dfe593dc5f7,2024-03-07T13:52:27.110000
@ -239099,9 +239099,9 @@ CVE-2024-2044,0,0,08291c9824effdfdf86a7dd7b03c783266a9429001a47ee567eca1c773b9a4
CVE-2024-2045,0,0,72838b74e2668b744754639ee1018477ba3696de5929605fbc709ccd12df2c15,2024-03-01T14:04:26.010000
CVE-2024-2048,0,0,b1d90a03303b3129ccd01b2fc2b67961e7b3ad9cf6b45fd30e9c61356487e3a3,2024-03-05T13:41:01.900000
CVE-2024-2049,0,0,58bf7dd981ad241a63625476de471475168cb2dbbf14e23f948c579239e38831,2024-03-12T16:02:33.900000
CVE-2024-2050,1,1,1a519355503a2055e91674b49d475765e55ab5c8221b4956c97018a624f4cd4c,2024-03-18T16:15:08.903000
CVE-2024-2051,1,1,d379bd896b26ef553e395542093da255be4698f364dff80d506aa067246890a7,2024-03-18T16:15:09.130000
CVE-2024-2052,1,1,0a58c6793556f1bea8ef265ad1e3c188fe07f7fecff05c73424be2f979473c29,2024-03-18T16:15:09.337000
CVE-2024-2050,0,0,1a519355503a2055e91674b49d475765e55ab5c8221b4956c97018a624f4cd4c,2024-03-18T16:15:08.903000
CVE-2024-2051,0,0,d379bd896b26ef553e395542093da255be4698f364dff80d506aa067246890a7,2024-03-18T16:15:09.130000
CVE-2024-2052,0,0,0a58c6793556f1bea8ef265ad1e3c188fe07f7fecff05c73424be2f979473c29,2024-03-18T16:15:09.337000
CVE-2024-2055,0,0,5f882a5989f6397f7e904e96da4e1c976169f82ca0f1c27b5426821f0151d07f,2024-03-06T15:18:08.093000
CVE-2024-2056,0,0,c4f48e587d270913ffe9771a526c024cadd4512922dc15fd4c6520c0e60e3767,2024-03-06T15:18:08.093000
CVE-2024-2057,0,0,8149d74fde3a21dd846be13ac332b6688d989c87e6493784a0c9078e718a82ae,2024-03-13T16:15:31.580000
@ -239195,20 +239195,27 @@ CVE-2024-20741,0,0,7894859d22a14380119fe6807e6b8e1fb723b24b42b1fdbd6b6b45c0869ef
CVE-2024-20742,0,0,5b0d9e53eed471c8b5b3ebf9829e6dcbd60898cbaeeef696136a7708ae4637ba,2024-02-16T20:07:52
CVE-2024-20743,0,0,2ddc60d32b1ae3a2181ff987af28d3afd02c22f84ac58a6e8ba44cffc7aae56c,2024-02-16T20:06:10.620000
CVE-2024-20744,0,0,85b18453865962a9ec00619f7caf9f497f650115c7924867939fd2b605e61983,2024-02-16T19:51:12.413000
CVE-2024-20745,1,1,b800f8f0ddd8de138c8c6f00065ccf8e8d3870355eb0863fa6a621bbe595c66b,2024-03-18T15:15:41.380000
CVE-2024-20746,1,1,1e26a8e3fe9f88a3c8a00edda0c7a51a5586d6d57dd34b37760cb30dd51ecd53,2024-03-18T15:15:41.580000
CVE-2024-20745,0,0,b800f8f0ddd8de138c8c6f00065ccf8e8d3870355eb0863fa6a621bbe595c66b,2024-03-18T15:15:41.380000
CVE-2024-20746,0,0,1e26a8e3fe9f88a3c8a00edda0c7a51a5586d6d57dd34b37760cb30dd51ecd53,2024-03-18T15:15:41.580000
CVE-2024-20747,0,0,e89f2472188a024c3462c9fca814ebbe7dac182aed6e8363ec06bdd71ef470f1,2024-03-05T22:17:24.763000
CVE-2024-20748,0,0,1a6f520d47ec1eb0fdceeaac6b46ad44820a5d61ea0753cba171051efbeedcac,2024-03-05T22:17:26.913000
CVE-2024-20749,0,0,1c6c15ad74c79cafbee02506ba2970a72c2b9d04e5d996c0bbf0bff86aecadeb,2024-03-05T22:17:17.527000
CVE-2024-2075,0,0,2beaacabda2667a69b2e9a569fffed920e74cee8944931393d2178dcce42061a,2024-03-01T22:22:25.913000
CVE-2024-20750,0,0,5cddf8a3a2bd619a95576bd7ac518a9a2bd0be1c8d28ed40e8010a951f4b5862,2024-02-15T14:28:20.067000
CVE-2024-20752,1,1,f5424dfe7e542f68fff671cb09aa0c9787a13411172c106732792c58a8545095,2024-03-18T16:15:07.380000
CVE-2024-20755,1,1,3072c55a5df32f7153e15f7b111c3d4110935567b1cb8174a1288b768a1bb44f,2024-03-18T16:15:07.640000
CVE-2024-20756,1,1,e296dc2b9925a3c5847c702063f18cf0bf8837d0f3d694aa560c9ae256d21327,2024-03-18T16:15:07.933000
CVE-2024-20757,1,1,b94b9627d640691ad1f097d7f1999e1cd429c6a4d4145ab4bd5cf23bf21f593c,2024-03-18T16:15:08.193000
CVE-2024-20752,0,0,f5424dfe7e542f68fff671cb09aa0c9787a13411172c106732792c58a8545095,2024-03-18T16:15:07.380000
CVE-2024-20754,1,1,faedbeb4ef41fdd3ec19f8f3e2a9cb44164995e14e8eea1878a8e29885595e13,2024-03-18T18:15:07.897000
CVE-2024-20755,0,0,3072c55a5df32f7153e15f7b111c3d4110935567b1cb8174a1288b768a1bb44f,2024-03-18T16:15:07.640000
CVE-2024-20756,0,0,e296dc2b9925a3c5847c702063f18cf0bf8837d0f3d694aa560c9ae256d21327,2024-03-18T16:15:07.933000
CVE-2024-20757,0,0,b94b9627d640691ad1f097d7f1999e1cd429c6a4d4145ab4bd5cf23bf21f593c,2024-03-18T16:15:08.193000
CVE-2024-2076,0,0,e7f4f1eb9d4801b159e19e6958b03336e4a3f4c5f2daffd2429350dcc008cebc,2024-03-01T22:22:25.913000
CVE-2024-20760,1,1,4672f9e502ee3d21544c67cff562f3f8c49ce90ae851e4c375b3bb687fe80c83,2024-03-18T18:15:08.197000
CVE-2024-20761,1,1,c23df54b96bf1dab81e0df3dc2110734108bddf838e9e49ad7389367d9d3c43b,2024-03-18T18:15:08.487000
CVE-2024-20762,1,1,12e2f74e42604cb81467b8ce97fe002fe0856e8039b62353b0ec68787e4f24ff,2024-03-18T18:15:08.777000
CVE-2024-20763,1,1,7c3e8062285822d7812f5985a3bbf41c4fc5097cd87bfc87f8385e8a6a1e921a,2024-03-18T18:15:09.017000
CVE-2024-20764,1,1,62ab453f11462401933b57b4dc47d8183901eafbb382a4c8685d6b352ab744ee,2024-03-18T18:15:09.237000
CVE-2024-20765,0,0,0bc0d6bebc7d0e3e5238fdf4ab0750cdcca06992066d14fdc4f2a56816d15cff,2024-02-29T18:06:42.010000
CVE-2024-20767,0,0,2f9f61b60fd0f122ed1c1348df04236455af6358ddef21fe50e4123b4febd83c,2024-03-18T12:38:25.490000
CVE-2024-20768,1,1,ec10fdecb87bf254b98260d1d722f8fc123332f7356b9a609e285f8542ab0c6f,2024-03-18T18:15:09.470000
CVE-2024-2077,0,0,9a4b96c976de73d6d8f579a225f4ba6e55c8a8791cc5d9d9f141b958b0074a4a,2024-03-01T22:22:25.913000
CVE-2024-2078,0,0,c5cf1f8224dc1437cc5c72b4c20f193ca60f923ea1195c1e3b8d6f13446a32c9,2024-03-01T14:04:04.827000
CVE-2024-2079,0,0,d19df912ca8f24c4783570207f7ead00a2f333eee11795e142007ff6a5180cfc,2024-03-14T12:52:16.723000
@ -239554,6 +239561,7 @@ CVE-2024-21648,0,0,1469dabfec52b708d9f85c7ecd5d9ba5aceebc24818ce2b1def8a07877642
CVE-2024-21649,0,0,7c6601ab19fae69b0394619b81ee444fda4d153a80a3cfe11d1aec4c20580d67,2024-02-08T16:43:53.780000
CVE-2024-21650,0,0,3a0b953c563f222640e14d0396aea7c6a144484adb27cd9e00ee3594cd5dd9b3,2024-01-11T18:46:08.260000
CVE-2024-21651,0,0,136261d793a44a9ef45740acc5477522b935825eb24ca39b41770ad8b0563bb1,2024-01-12T17:15:18.467000
CVE-2024-21652,1,1,c9895efb33ded83c03f591ec1eef3967cdb7d6d04ae94113d03f512ef0b2e3d4,2024-03-18T18:15:09.697000
CVE-2024-21653,0,0,885752e9dc4a9457887aa24dbfafbdd9e7b180359937724df461320bb423efc2,2024-02-08T17:33:27.273000
CVE-2024-21654,0,0,8ff1b4dbaef9aba7936ce11f11649d7575b0a7d900c0d949567deb7e7a4dc43b,2024-01-22T19:45:11.213000
CVE-2024-21655,0,0,4294891ecb580e16459fcbc25bef20c668b98cc1013a1972160db6d54bdb6d99,2024-01-25T15:36:21.337000
@ -239803,7 +239811,7 @@ CVE-2024-22253,0,0,869a690eac81b8d366a7dcd03c915afe771001839314866b2e3833a0cd443
CVE-2024-22254,0,0,9459758feef8c3482a3dd931fe9afae6322b6e4fd3a58270d8e8b4bdfbbbb85a,2024-03-05T18:50:18.333000
CVE-2024-22255,0,0,745f4cbb4a69bb6c39368bc0a0102e1bbca6746f7bd70b66d5b81a5c3e0b1eea,2024-03-05T18:50:18.333000
CVE-2024-22256,0,0,7ccfa1d456f911dd1ae59428e390bb74a9bd8e0f03e6ec12672c279cdd5bf898,2024-03-12T15:01:32.347000
CVE-2024-22257,1,1,215d458093311ee8a9b3de377756cb77167f1be4eeea675378686ec6a5b4eaaf,2024-03-18T15:15:41.790000
CVE-2024-22257,0,0,215d458093311ee8a9b3de377756cb77167f1be4eeea675378686ec6a5b4eaaf,2024-03-18T15:15:41.790000
CVE-2024-22259,0,0,ec8de6495a91d5b1464de53566787e4629f0eb6394a50a8b81cbeb5396d883a1,2024-03-17T22:38:29.433000
CVE-2024-22282,0,0,53d62e993d25bddde67f64a9b7b05dfd45a21e7eb7c9bf0be8fb90ec2911d888,2024-02-06T16:55:19.983000
CVE-2024-22283,0,0,f9f0bb31955cdc5efe0fe68bd93a1968461b937d4826bd6ada9de29ff0f15691,2024-02-01T04:13:41.033000
@ -239812,7 +239820,7 @@ CVE-2024-22285,0,0,d83553698dde53f7db1ed77900398085668ab39cd18713da980682ba03026
CVE-2024-22286,0,0,82c36f3e950fb6487da5e34e2a74ac4e34c04a30cc54b184352f8852ec25bda9,2024-02-06T15:08:36.300000
CVE-2024-22287,0,0,9688e4b2f355a6f341af8d9f093d2662719ffb38811809f7483a97bd83c48642,2024-02-29T01:44:06.090000
CVE-2024-22289,0,0,6fea499141ae17f7c355da4e36d7874e9bbf7da4f26ebfc2105fb8b31e73e9b1,2024-02-06T15:15:04.717000
CVE-2024-2229,1,1,fbcbbf14874a9478c89dc8f245aa814121d1d63378f808045e6d4c3eb5783858,2024-03-18T16:15:09.580000
CVE-2024-2229,0,0,fbcbbf14874a9478c89dc8f245aa814121d1d63378f808045e6d4c3eb5783858,2024-03-18T16:15:09.580000
CVE-2024-22290,0,0,ac36a6f65512e1d45333cdbe87ebe3b09537865956645a352e9c5e6e5aad3d30,2024-02-13T00:57:51.120000
CVE-2024-22291,0,0,b55362876c7de5ebfe9f4ed2db4762cbce290c8f4f106ffd027933f4b6f381c0,2024-02-03T00:22:08.697000
CVE-2024-22292,0,0,0dcb649675eee45183d7a3a52a52d50012978e3ffd9ed19e44e63a0c90ba5174,2024-02-06T15:23:23.247000
@ -240498,7 +240506,7 @@ CVE-2024-23896,0,0,05098f39a53ae86a6319e8b4133c1254bf82ffe2a6f0f1c3c0bb46552d5cc
CVE-2024-23897,0,0,52e5d4a522b850a631c21f9f4455068e9ae869bfa4d176c7f6db84f611c56ead,2024-03-07T17:47:35.020000
CVE-2024-23898,0,0,27c5368dff9cda77d4579c68aa3c6e2c647b0b454e5e30199a0592eead600202,2024-02-29T11:15:08.843000
CVE-2024-23899,0,0,7221f9efcd89ca48f9c6571bde7a7f417c82020935a02dda82803137a099714c,2024-01-31T18:43:39.183000
CVE-2024-2390,1,1,1765325dedf200039a0d3d93c41fed89c18d1dc6219b336becaba2e7ae6a87dc,2024-03-18T16:15:09.830000
CVE-2024-2390,0,0,1765325dedf200039a0d3d93c41fed89c18d1dc6219b336becaba2e7ae6a87dc,2024-03-18T16:15:09.830000
CVE-2024-23900,0,0,ffcf73f765e34eaa4d21dbbb66f11c097bdbe82c6c23f515de989ab74fdb5e2d,2024-01-31T17:20:14.777000
CVE-2024-23901,0,0,8946482c46b79ba61b06099351f3120c0dc94ea35a3596d180fd2c6c82708797,2024-01-31T17:21:55.750000
CVE-2024-23902,0,0,80116c10b4dcb9deee098a8540c88900f817311ddbd1ee2f2ac63018b6f6f58a,2024-01-31T18:37:37.253000
@ -241326,6 +241334,48 @@ CVE-2024-26003,0,0,fa8874de1288018456c2c5e60f788d74da5e6a9794ed476433e2f3d611980
CVE-2024-26004,0,0,246387e032da3fec432fd431d962194949239cd6f63c6608ded252f81c7603e5,2024-03-12T12:40:13.500000
CVE-2024-26005,0,0,5612768f564be605b53cca364087e5ce4582a430bf26d99195869094006f4e9a,2024-03-12T12:40:13.500000
CVE-2024-26016,0,0,225df2de732dbe1aa65450d758c74d9fd62d1571f14eb88fac267d40c0b495b0,2024-02-28T15:15:09.320000
CVE-2024-26028,1,1,797d58c95c8a55d211b1958e06fe4e45ef52cde184fd244c959bbed323cb986b,2024-03-18T18:15:09.910000
CVE-2024-26030,1,1,09ccb911194f3d8fe88e35b0d8bac241a5e4828b0d6621f77730047fa21681d3,2024-03-18T18:15:10.130000
CVE-2024-26031,1,1,56770f690491c3f2eff8722c2c8c96e232a0fb338ab7632a5734a7a746b1dc4e,2024-03-18T18:15:10.420000
CVE-2024-26032,1,1,1b64d00e8b97b14839b0fbd1eb6efb9806124615e59bcb7a23d55020c1240a03,2024-03-18T18:15:10.647000
CVE-2024-26033,1,1,4afd05ef5500178e63d7b1bc1fa6d891febffc46e161a321c82fe76c95bec232,2024-03-18T18:15:10.867000
CVE-2024-26034,1,1,6fcd567839cf42c2f1d1f63063af94eaa4040ad956767ff1b6708e892eddcaa4,2024-03-18T18:15:11.100000
CVE-2024-26035,1,1,bf363e3467b5beca0fa5a66238c002216c46c5c37ec12fce063f1d652162d621,2024-03-18T18:15:11.360000
CVE-2024-26038,1,1,43b8e7d845a7a826335aa4e5dfe50f599c9fdeaf3ef338a6d64e26f781f9ec67,2024-03-18T18:15:11.570000
CVE-2024-26040,1,1,5eb877bfe73a36eff15588c78196d80c6dce5d595eb3ea3cf459091c76137836,2024-03-18T18:15:11.790000
CVE-2024-26041,1,1,12ea228f3fa2d163a585dc014ba33ef881812d17afefdc10da737017543fb82d,2024-03-18T18:15:12.023000
CVE-2024-26042,1,1,c3647bc012663d00f57c47fce0d834c2d3d36761e0c6cb890eb400b80a43e70b,2024-03-18T18:15:12.273000
CVE-2024-26043,1,1,4efe0437ca9e4ef23ecb8e7cc656e1d5982f7e1e9f02fac568d0962a1c09d5a2,2024-03-18T18:15:12.510000
CVE-2024-26044,1,1,c7aed913d566885482254f41a387f3e8d38f7a202820d9507488038fad0210a1,2024-03-18T18:15:12.767000
CVE-2024-26045,1,1,c9116786514197af40e686b113196a1789db8c493acc59a16875c1f2506c450e,2024-03-18T18:15:13.007000
CVE-2024-26050,1,1,04b9c4dcedd71e4e573cf7c5bafa695c75e4f78dc673f2cdf19ec328de152ce4,2024-03-18T18:15:13.263000
CVE-2024-26051,1,1,386634e0a9c6cb2f65cf5a88fc9d5110fda5e310cd6703a59e8c11da812a05ed,2024-03-18T18:15:13.547000
CVE-2024-26052,1,1,60fa9cc3f997b25b8c6a52ac2518cf333d73cffc510669f749ca3f61615f58b9,2024-03-18T18:15:13.780000
CVE-2024-26056,1,1,fe79b34a6de1cf2b6948582a30a35e1d6a168f665684a5c33f7227a5428033c4,2024-03-18T18:15:14.097000
CVE-2024-26059,1,1,7f1ead9df9e9ea4d9d99fa82d22e66ab70272c2e75bf89a0655530b131751305,2024-03-18T18:15:14.313000
CVE-2024-26061,1,1,4c08005d93425af1502349e3501dca62539fc57dc4b8c979b7ebceaecc70332e,2024-03-18T18:15:14.533000
CVE-2024-26062,1,1,2900f26cea06ba5b3e24400c295714147730ce5018617c96d5c126ef03eda925,2024-03-18T18:15:14.760000
CVE-2024-26063,1,1,9faf03d776226f858e4b4b2cf8bbdbf893b20a3fa5bf2b2a0a0e6ff183dd919f,2024-03-18T18:15:14.973000
CVE-2024-26064,1,1,22f57755d113d9ddca96df187f618d1ab9afbd063db509639234c9b2d6efdb64,2024-03-18T18:15:15.197000
CVE-2024-26065,1,1,3ab00581023a8a9000bb6d479fc8ae128cf5f0cb6b69ebc3607e22ba7259e9c5,2024-03-18T18:15:15.440000
CVE-2024-26067,1,1,1025c195cfd9cee0e52488930c8e16e73cccf6f0600e6203350bb6093f71d91b,2024-03-18T18:15:15.667000
CVE-2024-26069,1,1,a0eef78c0a4fcb4956660d713dbec05a5929e9c2cc8c0a199466db78b8082720,2024-03-18T18:15:15.923000
CVE-2024-26073,1,1,016e1aefa8bedbb4ba1ce444991ad61bfe74cc7b23a389a3e6f3bb2218ca0f07,2024-03-18T18:15:16.177000
CVE-2024-26080,1,1,776a8b6473e0854b9d735200dfe54d5c90094dea3f8bb7a106b29f958126c66c,2024-03-18T18:15:16.417000
CVE-2024-26094,1,1,f6e42037e2b000bfe33f692e823681c12f93918f44221fff30d181cac6825816,2024-03-18T18:15:16.690000
CVE-2024-26096,1,1,3c58a49247a12b1d3b64dd6de7da990a0ed0f12db30887768ce127ab04b97c7c,2024-03-18T18:15:16.917000
CVE-2024-26101,1,1,3ba301d938b4aaf95308e3203b3cd5984e702521c1e251b148c51ab0661de60c,2024-03-18T18:15:17.123000
CVE-2024-26102,1,1,4b777b0c235d4a7e29bb0ca37cbcd6f5c76759eb13f59ee156ac4a25a76c90d2,2024-03-18T18:15:17.370000
CVE-2024-26103,1,1,8b3869dca0028ab4759782f3d599925f4ed50a09bc7a523f78a72f6970da1986,2024-03-18T18:15:17.600000
CVE-2024-26104,1,1,9de3d21a05d3014220bd4753f4b3556669e41e5fcc9965bdd705882716fbdda2,2024-03-18T18:15:17.837000
CVE-2024-26105,1,1,bb55a6387ce43cbb14304a4c24e04c542d62c91e58f04a66730a873d6c12e9e3,2024-03-18T18:15:18.100000
CVE-2024-26106,1,1,b654204387f86fd23f87e8d07fce67260aafffb1b19efc43231f28f2226761a4,2024-03-18T18:15:18.350000
CVE-2024-26107,1,1,06e1a33f2d17ad6bc326a9d273c9b776d4b096fa29855113fb60d6d6bc2b5283,2024-03-18T18:15:18.547000
CVE-2024-26118,1,1,8b1aa556f0af4183eba6bf33939eb919e8406ca8663039228690b7b5b6dab19a,2024-03-18T18:15:18.767000
CVE-2024-26119,1,1,800f8862f210e805b43c688f4b3179194f8815825f1bac8eb615ff653e64363e,2024-03-18T18:15:19
CVE-2024-26120,1,1,8a6b106b7aa32585db0d00d548c42d513e9daef6a4fdcce55f0409598c14b947,2024-03-18T18:15:19.290000
CVE-2024-26124,1,1,0d4527c656e1d3caa8967a911f6fe5babcb35eebc8d33ca774900be3b1c67985,2024-03-18T18:15:19.503000
CVE-2024-26125,1,1,dff6cb4e55105b1ed81423ce8b18db0417ccbc6a45054d37ee4cca5c47afc6aa,2024-03-18T18:15:19.737000
CVE-2024-26128,0,0,487fd4a47ca7d01d688a4160da954eb7676a1080733cdfedc265ac6cf53a8666,2024-02-23T02:42:54.547000
CVE-2024-26129,0,0,968e60f64e57be6f8f2df784210f5788e81353ced4a4f4353953a10484d71d0a,2024-02-20T19:50:53.960000
CVE-2024-26130,0,0,a100f31d14662694d3f6ac3371aa0aa02486ee73cfbe5beddc735c4f540ce1d4,2024-02-22T19:07:27.197000
@ -241465,12 +241515,12 @@ CVE-2024-26582,0,0,3ff5c496d753899c1fc1e8062e53c8f61453498de38167daf1346ce24125b
CVE-2024-26583,0,0,469df0658e18197ed0356dd7a5240250603137d767287de06ec0167d1ae18c2a,2024-03-15T13:05:03.220000
CVE-2024-26584,0,0,628c83749212390e734524e43d20fa678834b7ea9755141f8a3b9cd3762087b8,2024-03-11T18:15:18.503000
CVE-2024-26585,0,0,ab0df1121b4a44ad09abca0cf48007274128e339349339533a7e7946a2e72b52,2024-03-14T20:18:37.957000
CVE-2024-26586,0,0,6adf6fee4513357dce3d48353704f433902e35e2bc7d0ba0f94b639c08b43cd1,2024-02-23T09:15:22.820000
CVE-2024-26587,0,0,0efd83186b44039bd1d35d69a1b607d8dbb0ddf97a28b08dcc63546dbb9a7ecb,2024-02-22T19:07:27.197000
CVE-2024-26588,0,0,e28b875fe4ce5483682023926fd2826eb3774745f3f93324b0685c84e6aab78b,2024-02-22T19:07:27.197000
CVE-2024-26589,0,0,42e136f93acd10e22f7c3d67af2cfcd20d4ebf71d94eb7cc40de5fe92a9349b0,2024-02-22T19:07:27.197000
CVE-2024-26590,0,0,9ff04c19e794835aab57db3e10b9174cbd6bbe9812e82c1acaeca22167d4035b,2024-03-01T14:15:54.007000
CVE-2024-26591,0,0,7ccf9d5618db71e68002f32674d2b39b8435f1f951bb3df30f75265e867763c7,2024-02-22T19:07:27.197000
CVE-2024-26586,0,1,85e4fb034cd8f802fb7949a6edeb44e49e071e6e365162d8c01bd895923b7bfd,2024-03-18T18:12:44.400000
CVE-2024-26587,0,1,9404613a5d22d59f7b9830950f6da0789d954efb37d6d668289d4948436f8def,2024-03-18T18:09:54.027000
CVE-2024-26588,0,1,a12e329faae009d801e11973c8a72020a4a4a89d8da3b097e68d3f4be6ee8827,2024-03-18T18:02:15.647000
CVE-2024-26589,0,1,528da0ad6ce01bf77db8eec7de0776ce7a2f821b4949af8b66c0af55f0b7555f,2024-03-18T17:56:56.953000
CVE-2024-26590,0,1,abd86201bd23efc7d86afd5c0d7b0d654a2577ad84615d2348f851e6a7a9eae0,2024-03-18T17:54:20.197000
CVE-2024-26591,0,1,5929783d5428bb2c14c53508060d365bc2cc03643c73a5c691e380ff07f76710,2024-03-18T17:54:44.267000
CVE-2024-26592,0,0,556177ef9bce57733c98f0cedf03d66e717ab99ebdf503a3e045e5e8a919cba1,2024-02-23T09:15:22.877000
CVE-2024-26593,0,0,cd2e95ac01546387c9c0e4472acf1544d866afb8a59c1a7d17619ef886560aab,2024-03-11T18:15:18.673000
CVE-2024-26594,0,0,cacb0aacad0dc9173a9c73dcd1b17719173fea736c335f4c98e01736e2cbd170,2024-02-23T16:14:43.447000
@ -241530,12 +241580,15 @@ CVE-2024-27088,0,0,51e0e40780267d1754ef6fc0476358b31f9f3458dd54a6b66fef5c03c4a96
CVE-2024-27089,0,0,80888df8a8beb579eb58ecd8e5017bb9d7c0dad21161e687af8e50a608c5d017,2024-02-26T20:19:06.073000
CVE-2024-27092,0,0,46c8a65175e30ca99bc1ca448e9739f5a9fd09a26b86761b076001350720e53c,2024-02-29T13:49:29.390000
CVE-2024-27093,0,0,2adc536c19af535e2a03a5b98ba4818457cc5a617ec41b1d012943c718349d43,2024-02-27T14:20:06.637000
CVE-2024-27096,1,1,2b9b831796890e2dca4ecd3387e5290ec472077221c3f4e314e9b3d9f3910558,2024-03-18T17:15:06.327000
CVE-2024-27097,0,0,119cd9ece0e90261671b57d6900026bac78dfbf4d2981ae69a65322120d02a50,2024-03-14T12:52:16.723000
CVE-2024-27098,1,1,c0cec8c7ac891056154b85d2c9cef06098c1faeff5077dcb13ec1c9170d4b004,2024-03-18T17:15:06.593000
CVE-2024-27099,0,0,175d10b027dcaefa30f4f3d08f108961158696c2e68858dfb01ba6e05070217d,2024-02-28T14:06:45.783000
CVE-2024-27100,0,0,55ef4fa80f4e4ec607956e13eb12f1b089d898f4dc4692ed15eeaa7d4784e3b5,2024-03-17T22:38:29.433000
CVE-2024-27101,0,0,5e1cdb7fd021f767632e89261ae8cd71ddf2db43a5c2430745ab100b28a7d944,2024-03-01T22:22:25.913000
CVE-2024-27102,0,0,efafee84c11a7d42b73e32ffc69d4688f19605eb4ecc6d6cf419aaba4f0fed2f,2024-03-14T12:52:16.723000
CVE-2024-27103,0,0,ba41469ea697f39b66b49d222d300153b0a74c2fb1fbae161829f573b3ab98cc,2024-02-29T13:49:47.277000
CVE-2024-27104,1,1,544664b1b883d0fa4990a49afe9b71eab55d155d7481f8671c3e46c8379b6af6,2024-03-18T17:15:06.890000
CVE-2024-27121,0,0,9ff77f57a33b5e7894f52bbf3c39c57fbfb06ac4fc9de183cada29d2e4e25cb4,2024-03-12T12:40:13.500000
CVE-2024-27132,0,0,3211e33e39363e184b8550fc16d833a0f590c8e4cd3ef270e1d091501b93f80e,2024-02-26T13:42:22.567000
CVE-2024-27133,0,0,1abfe171f722b9df6ead5b24935068c395a52a06c146ec300701d2b7e86523ce,2024-02-26T13:42:22.567000
@ -241691,13 +241744,14 @@ CVE-2024-27905,0,0,c7138ee734428b73e57ef70bc0c3a87d66350c09e2b81d6d3c89882bb51a7
CVE-2024-27906,0,0,ae9bda7656d6e7e0689cf95cd57f8618d70aeb9672c7e9157dbd08c58d363490,2024-02-29T13:49:29.390000
CVE-2024-27907,0,0,2cf144af50787dc82429a23d2a0b2229478c7da13f6dc58aa9ace99a59b03722,2024-03-12T12:40:13.500000
CVE-2024-27913,0,0,4ab4f3916b8428dbf6a53f81f4240223329f17f5e9f63a6de1fd6dc690b5ff6a,2024-02-28T14:06:45.783000
CVE-2024-27914,1,1,536afa5d56ae6b8eae2f41983a0383a826df4c32388239fd20969ce60ff1f854,2024-03-18T17:15:07.130000
CVE-2024-27915,0,0,e3ea2d621ba17649c82b1ac50772a17f6f4bcbc919f498c03dc3f90c544f5ce4,2024-03-06T21:42:48.053000
CVE-2024-27917,0,0,af242c2d21e7486c1314f58994d4b13c43efcfe28649da8aeb5e5a5a818348df,2024-03-06T21:42:48.053000
CVE-2024-27920,0,0,f0490af99419d039a483091f0cc2cfbd25508df9b9a1d7fb05a10eecef5acab6,2024-03-17T22:38:29.433000
CVE-2024-27929,0,0,39502b4a24aeb4ce49408f96b15d6d1bf553bf86f106f7b47d0609503cbda65d,2024-03-06T22:15:57.473000
CVE-2024-27930,1,1,f866299462bf274923220419fe4d45663b80b3726bded53a3d1e796e11c117d6,2024-03-18T16:15:08.453000
CVE-2024-27930,0,0,f866299462bf274923220419fe4d45663b80b3726bded53a3d1e796e11c117d6,2024-03-18T16:15:08.453000
CVE-2024-27931,0,0,edca36e5744b6d31feb40b55ed56762c342a513bdb2558b00d26097669ed2360,2024-03-05T18:50:18.333000
CVE-2024-27937,1,1,a85c8829b14ba7f24d466111cd5de7b9ffe956b4deeb4127e5f76639c65caae4,2024-03-18T16:15:08.690000
CVE-2024-27937,0,0,a85c8829b14ba7f24d466111cd5de7b9ffe956b4deeb4127e5f76639c65caae4,2024-03-18T16:15:08.690000
CVE-2024-27938,0,0,992243c7c9e4bac66f51bd7113f98af62b9886d66d4d9e32776474fa2dcd307d,2024-03-12T12:40:13.500000
CVE-2024-27948,0,0,67e156b37ac5c6da6ca4063513792c829bdbe8e804f7b01b28e54c9fc1c182b2,2024-02-29T13:49:47.277000
CVE-2024-27949,0,0,12ee9b935394b527d1677a59b517c94d0df067a0b32bfff31d7cb2be5b4b5d00,2024-03-01T14:04:26.010000
@ -241714,6 +241768,7 @@ CVE-2024-27986,0,0,221ac31a72264e8303bc0dc716d0bcad27f92aa2e3b64824247f9d0260198
CVE-2024-27987,0,0,ce6fd0b1730cd837f285c0aaaa1258cf6aa8505469e7f313401adb363ee7f395,2024-03-15T12:53:06.423000
CVE-2024-28039,0,0,9ef35c96ff38e007b2fd4f37c3f1f5b6d35461c4eaa69f2b36faccd438b26411,2024-03-18T12:38:25.490000
CVE-2024-28053,0,0,e281ed045d826247c32c0ccef204d2c431b80f755e75c928bfd444d7e8497772,2024-03-15T12:53:06.423000
CVE-2024-28054,1,1,63fc0019331fe03d22e0cf75a85af1d631563e2c048556ed066029f54f538b46,2024-03-18T17:15:07.360000
CVE-2024-28069,0,0,bc55065fc354d40d7b16dc028d30e9ac9c120daebe64d1e74cc55e5aec96ab01,2024-03-17T22:38:29.433000
CVE-2024-28070,0,0,d9b3309fdc4db05937449ae85d6df93a299898f40c2c79f5bb7988f4ebb25838,2024-03-17T22:38:29.433000
CVE-2024-28084,0,0,82d4f9747e3f13eb0c41724a23d451f171722689bff23fc05fa8397eb3709338,2024-03-16T02:15:09.157000

Can't render this file because it is too large.