admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-27T20:00:17.835238+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-27 20:03:15 +00:00
parent 06d8a1da53
commit 37a7ba5c1a
93 changed files with 4793 additions and 852 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
CVE-2019/CVE-2019-190xx/CVE-2019-19049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-19049",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-11-18T06:15:11.640",
"lastModified": "2024-08-05T02:15:57.810",
"vulnStatus": "Modified",
"lastModified": "2024-08-27T18:44:14.520",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -93,8 +93,52 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.17",
"versionEndExcluding": "4.4.200",
"matchCriteriaId": "6748ABF8-124E-4304-853C-24C0E719A55B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.200",
"matchCriteriaId": "8F820171-74F9-4002-93B0-7569665CFE05"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.153",
"matchCriteriaId": "C55640AE-5371-476C-8C65-148F7E3990C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.83",
"matchCriteriaId": "182277BD-EFC5-494B-888A-F7D12B80E56E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.3.10",
"matchCriteriaId": "F30BED58-4FF3-46D2-A535-AC5A126D67A3"
"matchCriteriaId": "39BAAF54-1709-4F76-BAA4-A2D183722FEA"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493"
}
]
}
@ -104,11 +148,18 @@
"references": [
{
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00029.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157173",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.3.10",

49
CVE-2019/CVE-2019-190xx/CVE-2019-19064.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2019-19064",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-11-18T06:15:12.607",
"lastModified": "2024-08-05T02:15:58.570",
"vulnStatus": "Modified",
"lastModified": "2024-08-27T19:38:19.673",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -93,8 +93,29 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndIncluding": "5.3.11",
"matchCriteriaId": "EB2904AC-AD7A-498D-8619-CBB421E9165D"
"versionStartIncluding": "5.2",
"versionEndExcluding": "5.4.13",
"matchCriteriaId": "0C926075-BF14-456C-96D1-0FFA1A4DD150"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33"
}
]
}
@ -104,7 +125,10 @@
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1157300",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/torvalds/linux/commit/057b8945f78f76d0b04eeb5c27cd9225e5e7ad86",
@ -116,15 +140,24 @@
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O3PSDE6PTOTVBK2YTKB2TFQP2SUBVSNF/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PY7LJMSPAGRIKABJPDKQDTXYW3L5RX2T/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://usn.ubuntu.com/4300-1/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2021/CVE-2021-381xx/CVE-2021-38160.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-38160",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-08-07T04:15:06.967",
"lastModified": "2024-08-04T02:15:30.860",
"vulnStatus": "Modified",
"lastModified": "2024-08-27T19:37:50.600",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "cve@mitre.org",
@ -93,8 +93,58 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.24",
"versionEndExcluding": "4.4.276",
"matchCriteriaId": "1DAFBDE6-EDBA-4AB8-9AF9-6359EB1CE1A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.276",
"matchCriteriaId": "C79FFC06-9530-4CD7-B651-01D786CC925E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.240",
"matchCriteriaId": "FB359B2E-773D-4D52-9915-E07A47ABE72B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.198",
"matchCriteriaId": "B93AEDB9-C52B-4222-8F9A-882DAD9EF5B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.134",
"matchCriteriaId": "508D9771-335F-44A6-9F2F-880DF1267A1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.52",
"matchCriteriaId": "7C1E6FB6-53C8-4DC4-8AE5-93094BA39F62"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.19",
"matchCriteriaId": "34C1A2F4-DD44-4CF1-8FD4-751A0D746A9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13",
"versionEndExcluding": "5.13.4",
"matchCriteriaId": "4C85356F-2C6C-4FB9-B0CA-949711182223"
"matchCriteriaId": "F93FA3CC-0C79-410B-A7D7-245C2AA0723A"
}
]
}

39
CVE-2022/CVE-2022-342xx/CVE-2022-34269.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-34269",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:35:13.213",
"lastModified": "2024-02-29T13:49:47.277",
"lastModified": "2024-08-27T18:35:00.573",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en RWS WorldServer antes de la versi\u00f3n 11.7.3. Un atacante remoto autenticado puede realizar un ataque SSRF ciego ws-legacy/load_dtd?system_id= para implementar c\u00f3digo JSP en el servicio Apache Axis que se ejecuta en la interfaz del host local, lo que lleva a la ejecuci\u00f3n del comando."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://www.rws.com/localization/products/trados-enterprise/worldserver/",

60
CVE-2022/CVE-2022-399xx/CVE-2022-39996.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2022-39996",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T18:15:13.197",
"lastModified": "2024-08-27T19:35:01.613",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Teldats Router RS123, RS123w allows attacker to execute arbitrary code via the cmdcookie parameter to the upgrade/query.php page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat%27s%20Router%20Vulnerability.md",
"source": "cve@mitre.org"
}
]
}

25
CVE-2022/CVE-2022-399xx/CVE-2022-39997.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2022-39997",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T19:15:15.953",
"lastModified": "2024-08-27T19:15:15.953",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A weak password requirement issue was discovered in Teldats Router RS123, RS123w allows a remote attacker to escalate privileges"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/uyhacked/Teldat-s-Router/blob/main/Teldat%27s%20Router%20Vulnerability.md",
"source": "cve@mitre.org"
}
]
}

29
CVE-2022/CVE-2022-486xx/CVE-2022-48626.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48626",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:45.720",
"lastModified": "2024-04-17T19:28:53.540",
"lastModified": "2024-08-27T18:54:45.263",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -61,50 +61,51 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16",
"versionEndExcluding": "4.9.301",
"matchCriteriaId": "C73D1F55-82C4-4327-92BE-06DB2E9EAA3F"
"matchCriteriaId": "28BA9DF8-A480-4B97-A516-9CF06950A44F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10.0",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.266",
"matchCriteriaId": "51CBF15C-E2C2-46D6-8B44-FD1DBC4B90AA"
"matchCriteriaId": "C53477E7-1AB3-4CCB-BA3A-8CA6D288B41B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15.0",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.229",
"matchCriteriaId": "18A62436-9A1F-4D76-8171-673ABD2F8FF0"
"matchCriteriaId": "E67EAACB-63BB-41E7-9FE0-EC45ECD8CFD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20.0",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.179",
"matchCriteriaId": "9D555D9E-77E5-4394-B778-A4120D57AF6D"
"matchCriteriaId": "1380BE1A-D9B3-4CB0-A8B3-E24C7ABD8D74"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5.0",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.100",
"matchCriteriaId": "2087D356-66AA-4AF1-9573-7F9CCDF45E69"
"matchCriteriaId": "FA230C44-7F00-4499-93FC-B023912E2BDC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11.0",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.23",
"matchCriteriaId": "D02A8AAA-DFB4-4A35-BFE6-D37996722B78"
"matchCriteriaId": "C188CF31-9B43-49E9-94C5-FE808500CFC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16.0",
"versionStartIncluding": "5.16",
"versionEndExcluding": "5.16.9",
"matchCriteriaId": "BABAFD2D-69AC-41BE-9833-6304358DA047"
"matchCriteriaId": "9B3CAAA9-722D-4630-BBD7-A16C561ED854"
}
]
}

32
CVE-2023/CVE-2023-240xx/CVE-2023-24050.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24050",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-04T23:15:23.320",
"lastModified": "2024-08-01T13:43:21.560",
"lastModified": "2024-08-27T19:35:03.300",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,26 +36,6 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
@ -69,16 +49,6 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

16
CVE-2023/CVE-2023-262xx/CVE-2023-26266.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26266",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-02-21T04:15:10.693",
"lastModified": "2023-03-02T23:03:39.530",
"lastModified": "2024-08-27T19:40:05.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -18,19 +18,19 @@
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]

39
CVE-2023/CVE-2023-294xx/CVE-2023-29483.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29483",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-11T14:15:12.010",
"lastModified": "2024-06-26T02:15:09.210",
"lastModified": "2024-08-27T19:35:04.147",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "eventlet anterior a 0.35.2, como se usa en dnspython anterior a 2.6.0, permite a atacantes remotos interferir con la resoluci\u00f3n de nombres DNS enviando r\u00e1pidamente un paquete no v\u00e1lido desde la direcci\u00f3n IP y el puerto de origen esperados, tambi\u00e9n conocido como un ataque \"TuDoor\". En otras palabras, dnspython no tiene el comportamiento preferido en el que proceder\u00eda el algoritmo de resoluci\u00f3n de nombres DNS, dentro de la ventana de tiempo completa, para esperar un paquete v\u00e1lido. NOTA: dnspython 2.6.0 no se puede utilizar por un motivo diferente al que se abord\u00f3 en 2.6.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-292"
}
]
}
],
"references": [
{
"url": "https://github.com/eventlet/eventlet/issues/913",

34
CVE-2023/CVE-2023-312xx/CVE-2023-31296.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31296",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-29T04:15:09.053",
"lastModified": "2024-01-04T23:43:22.250",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-27T19:35:05.190",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-1236"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

13
CVE-2023/CVE-2023-322xx/CVE-2023-32247.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32247",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:11.470",
"lastModified": "2023-12-04T14:55:19.007",
"lastModified": "2024-08-27T19:37:30.927",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -92,8 +92,15 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndIncluding": "6.1.29",
"matchCriteriaId": "2B654D6F-58B7-4F0A-AA17-3D2366073718"
"versionEndExcluding": "5.15.145",
"matchCriteriaId": "6943BD04-722B-4B0F-810D-A5086EA877BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.29",
"matchCriteriaId": "D48F00B5-5471-4D1B-BE47-1DAB8122F35A"
},
{
"vulnerable": true,

11
CVE-2023/CVE-2023-322xx/CVE-2023-32252.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32252",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-07-24T16:15:11.610",
"lastModified": "2023-12-04T14:53:38.480",
"lastModified": "2024-08-27T19:36:38.493",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -88,8 +88,15 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.145",
"matchCriteriaId": "6943BD04-722B-4B0F-810D-A5086EA877BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.29",
"matchCriteriaId": "7E233AD0-DABB-4668-93A7-DD0909B16CB9"
"matchCriteriaId": "D48F00B5-5471-4D1B-BE47-1DAB8122F35A"
},
{
"vulnerable": true,

14
CVE-2023/CVE-2023-366xx/CVE-2023-36644.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36644",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-04T09:15:07.117",
"lastModified": "2024-04-04T12:48:41.700",
"lastModified": "2024-08-27T18:35:01.707",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/caffeinated-labs/CVE-2023-36644",

11
CVE-2023/CVE-2023-384xx/CVE-2023-38427.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38427",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-18T00:15:09.530",
"lastModified": "2023-11-17T18:55:13.147",
"lastModified": "2024-08-27T18:54:08.123",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -62,8 +62,15 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15",
"versionEndExcluding": "5.15.145",
"matchCriteriaId": "6943BD04-722B-4B0F-810D-A5086EA877BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.34",
"matchCriteriaId": "4F5A5D4B-4F1F-455D-8917-7785595FACF7"
"matchCriteriaId": "827DE634-7B30-489B-8DA2-F753BE881D9B"
},
{
"vulnerable": true,

43
CVE-2023/CVE-2023-391xx/CVE-2023-39197.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39197",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-23T03:15:11.683",
"lastModified": "2024-01-30T02:04:00.813",
"lastModified": "2024-08-27T19:31:28.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -90,8 +90,45 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.26",
"versionEndExcluding": "5.4.251",
"matchCriteriaId": "79658A41-FEEA-42AF-93D9-A85F7CF2123A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.188",
"matchCriteriaId": "43CAE50A-4A6C-488E-813C-F8DB77C13C8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.121",
"matchCriteriaId": "EC77775B-EC31-4966-966C-1286C02B2A85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.39",
"matchCriteriaId": "9BD1D4A1-304D-4187-8178-6D7C0050B1AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.3.13",
"matchCriteriaId": "95CB4836-7F5D-4C20-B025-8E046EC87B78"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "6.4.4",
"matchCriteriaId": "6AB81046-CB69-4115-924C-963B37C41385"
}
]
}

39
CVE-2023/CVE-2023-401xx/CVE-2023-40106.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40106",
"sourceIdentifier": "security@android.com",
"published": "2024-02-15T23:15:08.137",
"lastModified": "2024-02-16T13:37:55.033",
"lastModified": "2024-08-27T19:35:06.100",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En sanitizeSbn de NotificationManagerService.java, existe una forma posible de iniciar una actividad desde segundo plano debido a BAL Bypass. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/442b4390c1f04b0e74ae4a7e349418dad4e7522e",

24
CVE-2023/CVE-2023-429xx/CVE-2023-42936.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42936",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-28T16:15:08.200",
"lastModified": "2024-04-08T22:47:26.453",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-27T19:35:06.893",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

34
CVE-2023/CVE-2023-434xx/CVE-2023-43481.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-43481",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-27T21:15:07.990",
"lastModified": "2024-01-04T16:15:04.757",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-27T19:35:07.137",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

77
CVE-2023/CVE-2023-458xx/CVE-2023-45871.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45871",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-15T01:15:09.027",
"lastModified": "2024-01-11T19:15:11.530",
"vulnStatus": "Modified",
"lastModified": "2024-08-27T19:35:21.703",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,8 +61,73 @@
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.4",
"versionEndExcluding": "4.14.326",
"matchCriteriaId": "8B86C2DA-9296-4581-91E9-2B5E6160BCB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.295",
"matchCriteriaId": "D419C7D6-F33D-4EF8-8950-1CB5DDF6A55D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.257",
"matchCriteriaId": "834BD148-28EC-43A4-A4F5-458124A1E39F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.195",
"matchCriteriaId": "C385B650-53DB-4BFB-83D1-1D8FADF653EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.132",
"matchCriteriaId": "5913891D-409A-4EEC-9231-F2EF5A493BC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.53",
"matchCriteriaId": "B20754AF-3B8C-4574-A70D-EC24933810E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.4.16",
"matchCriteriaId": "C3039EA3-F6CA-43EF-9F17-81A7EC6841EF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5",
"versionEndExcluding": "6.5.3",
"matchCriteriaId": "94CF2054-EF6D-4135-876E-2925F10BCC0F"
"matchCriteriaId": "880C803A-BEAE-4DA0-8A59-AC023F7B4EE3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
@ -87,7 +152,11 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/01/msg00004.html",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0001/",

77
CVE-2023/CVE-2023-468xx/CVE-2023-46838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46838",
"sourceIdentifier": "security@xen.org",
"published": "2024-01-29T11:15:07.933",
"lastModified": "2024-06-27T12:15:13.670",
"vulnStatus": "Modified",
"lastModified": "2024-08-27T19:25:43.650",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -62,8 +62,50 @@
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.14",
"versionEndExcluding": "6.7",
"matchCriteriaId": "CD62E8EA-4051-4EB9-AE74-F2A7B7F8FE13"
"versionEndExcluding": "4.19.306",
"matchCriteriaId": "245BC69A-0457-423B-9265-433DFB832C22"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.268",
"matchCriteriaId": "991BF737-6083-429B-ACD5-FB27D4143E2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.209",
"matchCriteriaId": "74979A03-4B10-4815-AE3E-C8C0D2FDAA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "2ED0CDB9-61B0-408E-B2A8-5199107F7868"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "070D0ED3-90D0-4F95-B1FF-57D7F46F332D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "5C6B50A6-3D8B-4CE2-BDCC-A098609CBA14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "7229C448-E0C9-488B-8939-36BA5254065E"
}
]
}
@ -88,16 +130,39 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html",
"source": "security@xen.org"
"source": "security@xen.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "security@xen.org"
"source": "security@xen.org",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RGEKT4DKSDXDS34EL7M4UVJMMPH7Z3ZZ/",

12
CVE-2023/CVE-2023-476xx/CVE-2023-47678.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-47678",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-15T02:15:06.800",
"lastModified": "2024-08-02T22:15:20.000",
"lastModified": "2024-08-27T19:35:07.937",
"vulnStatus": "Modified",
"cveTags": [
{
@ -56,16 +56,6 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-492xx/CVE-2023-49231.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49231",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T16:15:07.970",
"lastModified": "2024-04-05T17:15:07.567",
"lastModified": "2024-08-27T19:35:08.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se encontr\u00f3 una vulnerabilidad de omisi\u00f3n de autenticaci\u00f3n en Stilog Visual Planning 8. Permite que un atacante no autenticado reciba un token de API administrativo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Apr/1",

34
CVE-2023/CVE-2023-510xx/CVE-2023-51051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-51051",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-21T16:15:11.110",
"lastModified": "2023-12-29T03:47:42.610",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-27T19:35:09.037",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-518xx/CVE-2023-51828.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51828",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T22:15:48.960",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-08-27T19:35:09.897",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /admin/convert/export.class.php en PMB 7.4.7 y versiones anteriores permite a atacantes remotos no autenticados ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro de consulta en la funci\u00f3n get_next_notice."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://nexacybersecurity.blogspot.com/2024/02/journey-finding-vulnerabilities-in-pmb-library-management-system.html",

122
CVE-2023/CVE-2023-63xx/CVE-2023-6356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6356",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-07T21:15:08.317",
"lastModified": "2024-07-08T18:15:04.350",
"vulnStatus": "Modified",
"lastModified": "2024-08-27T19:22:33.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -72,21 +72,6 @@
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
},
{
"nodes": [
{
@ -243,6 +228,73 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.4.268",
"matchCriteriaId": "2A0648D7-DF8C-4127-9C1D-B3E5D492A0A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.209",
"matchCriteriaId": "74979A03-4B10-4815-AE3E-C8C0D2FDAA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "2ED0CDB9-61B0-408E-B2A8-5199107F7868"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "070D0ED3-90D0-4F95-B1FF-57D7F46F332D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "5C6B50A6-3D8B-4CE2-BDCC-A098609CBA14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "7229C448-E0C9-488B-8939-36BA5254065E"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -269,23 +321,38 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0881",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0897",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1248",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2094",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3810",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6356",
@ -303,11 +370,18 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0002/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

96
CVE-2023/CVE-2023-65xx/CVE-2023-6536.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6536",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-07T21:15:08.733",
"lastModified": "2024-07-08T18:15:04.807",
"vulnStatus": "Modified",
"lastModified": "2024-08-27T19:23:14.437",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -80,8 +80,45 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.4.268",
"matchCriteriaId": "2A0648D7-DF8C-4127-9C1D-B3E5D492A0A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.209",
"matchCriteriaId": "74979A03-4B10-4815-AE3E-C8C0D2FDAA39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.148",
"matchCriteriaId": "2ED0CDB9-61B0-408E-B2A8-5199107F7868"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.75",
"matchCriteriaId": "070D0ED3-90D0-4F95-B1FF-57D7F46F332D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.14",
"matchCriteriaId": "5C6B50A6-3D8B-4CE2-BDCC-A098609CBA14"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.2",
"matchCriteriaId": "7229C448-E0C9-488B-8939-36BA5254065E"
}
]
}
@ -243,6 +280,21 @@
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
@ -269,23 +321,38 @@
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0881",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:0897",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:1248",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2094",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:3810",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6536",
@ -303,11 +370,18 @@
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00016.html",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240415-0001/",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

24
CVE-2023/CVE-2023-68xx/CVE-2023-6866.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6866",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-12-19T14:15:07.847",
"lastModified": "2024-02-02T02:35:26.300",
"vulnStatus": "Analyzed",
"lastModified": "2024-08-27T19:35:11.017",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

39
CVE-2024/CVE-2024-00xx/CVE-2024-0045.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0045",
"sourceIdentifier": "security@android.com",
"published": "2024-03-11T17:15:45.507",
"lastModified": "2024-03-12T12:40:13.500",
"lastModified": "2024-08-27T18:35:02.623",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En smp_proc_sec_req de smp_act.cc, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n de informaci\u00f3n remota (pr\u00f3xima/adyacente) sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9",

27
CVE-2024/CVE-2024-02xx/CVE-2024-0258.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0258",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:47.293",
"lastModified": "2024-03-13T22:15:08.970",
"lastModified": "2024-08-27T18:35:03.520",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de la memoria. Este problema se solucion\u00f3 en tvOS 17.4, iOS 17.4 y iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. Es posible que una aplicaci\u00f3n pueda ejecutar c\u00f3digo arbitrario fuera de su zona de pruebas o con ciertos privilegios elevados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/21",

56
CVE-2024/CVE-2024-15xx/CVE-2024-1544.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-1544",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-08-27T19:15:16.547",
"lastModified": "2024-08-27T19:15:16.547",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Generating the ECDSA nonce k samples a random number r and then \ntruncates this randomness with a modular reduction mod n where n is the \norder of the elliptic curve. Meaning k = r mod n. The division used \nduring the reduction estimates a factor q_e by dividing the upper two \ndigits (a digit having e.g. a size of 8 byte) of r by the upper digit of \nn and then decrements q_e in a loop until it has the correct size. \nObserving the number of times q_e is decremented through a control-flow \nrevealing side-channel reveals a bias in the most significant bits of \nk. Depending on the curve this is either a negligible bias or a \nsignificant bias large enough to reconstruct k with lattice reduction \nmethods. For SECP160R1, e.g., we find a bias of 15 bits."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "facts@wolfssl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "facts@wolfssl.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable",
"source": "facts@wolfssl.com"
}
]
}

39
CVE-2024/CVE-2024-229xx/CVE-2024-22939.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22939",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:44:07.697",
"lastModified": "2024-02-29T13:49:29.390",
"lastModified": "2024-08-27T19:35:11.597",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de Cross-Site Request Forgery en FlyCms v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente system/article/category_edit."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/NUDTTAN91/CVE-2024-22939",

43
CVE-2024/CVE-2024-242xx/CVE-2024-24279.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24279",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-08T20:15:08.673",
"lastModified": "2024-04-09T12:48:04.090",
"lastModified": "2024-08-27T18:35:04.047",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,46 @@
"value": "Un problema en secdiskapp 1.5.1 (programa de administraci\u00f3n para NewQ Fingerprint Encryption Super Speed Flash Disk) permite a los atacantes obtener privilegios elevados a trav\u00e9s de las funciones vsVerifyPassword y vsSetFingerPrintPower."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-261"
},
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/BossSecuLab/Vulnerability_Reporting/security/advisories/GHSA-9fj6-vr9p-px49",

39
CVE-2024/CVE-2024-243xx/CVE-2024-24301.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24301",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-14T23:15:08.190",
"lastModified": "2024-02-15T06:23:39.303",
"lastModified": "2024-08-27T19:35:12.480",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de inyecci\u00f3n de comandos descubierta en el dispositivo 4ipnet EAP-767 v3.42.00 dentro de la interfaz web del dispositivo permite a atacantes con credenciales v\u00e1lidas inyectar comandos de shell arbitrarios para que los ejecute el dispositivo con privilegios de root."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/yckuo-sdc/PoC",

39
CVE-2024/CVE-2024-247xx/CVE-2024-24725.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24725",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-23T23:15:07.193",
"lastModified": "2024-03-25T01:51:01.223",
"lastModified": "2024-08-27T18:35:04.830",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Gibbon hasta la versi\u00f3n 26.0.00 permite a usuarios remotos autenticados realizar ataques de deserializaci\u00f3n PHP a trav\u00e9s de columnOrder en una solicitud POST al URI module/System%20Admin/import_run.php&type=externalAssessment&step=4."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://gibbonedu.org/download/",

39
CVE-2024/CVE-2024-250xx/CVE-2024-25081.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25081",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T16:27:58.710",
"lastModified": "2024-05-01T19:15:22.183",
"lastModified": "2024-08-27T19:35:13.260",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Splinefont en FontForge hasta 20230101 permite la inyecci\u00f3n de comandos mediante nombres de archivos manipulados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/08/2",

39
CVE-2024/CVE-2024-254xx/CVE-2024-25469.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25469",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-23T23:15:09.740",
"lastModified": "2024-02-26T13:42:22.567",
"lastModified": "2024-08-27T19:35:14.107",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en CRMEB crmeb_java v.1.3.4 y anteriores permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de los par\u00e1metros de latitud y longitud en el componente api/front/store/list."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/crmeb/crmeb_java/",

39
CVE-2024/CVE-2024-256xx/CVE-2024-25649.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25649",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-14T03:15:08.540",
"lastModified": "2024-03-14T12:52:09.877",
"lastModified": "2024-08-27T19:35:14.950",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En Delinea PAM Secret Server 11.4, es posible que un atacante (con acceso de administrador a la m\u00e1quina del servidor secreto) lea los siguientes datos de un volcado de memoria: la clave maestra descifrada, las credenciales de la base de datos (cuando la autenticaci\u00f3n de SQL Server est\u00e1 habilitada), el clave de cifrado de mensajes de cola de RabbitMQ y cookies de sesi\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-316"
}
]
}
],
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649",

39
CVE-2024/CVE-2024-257xx/CVE-2024-25751.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25751",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T22:15:07.053",
"lastModified": "2024-02-27T14:20:06.637",
"lastModified": "2024-08-27T19:35:15.767",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en Tenda AC9 v.3.0 con versi\u00f3n de firmware v.15.03.06.42_multi permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de la funci\u00f3n fromSetSysTime."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/fromSetSysTime.md",

39
CVE-2024/CVE-2024-258xx/CVE-2024-25854.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25854",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-11T22:15:55.210",
"lastModified": "2024-03-12T12:40:13.500",
"lastModified": "2024-08-27T19:35:16.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de Cross Site Scripting (XSS) en Sourcecodester Insurance Management System 1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de los campos Asunto y Descripci\u00f3n al enviar un ticket de soporte."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/hakkitoklu/hunt/blob/main/Insurance%20Management%20System%20PHP%20and%20MySQL%201.0/xss.md",

39
CVE-2024/CVE-2024-258xx/CVE-2024-25874.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25874",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T14:15:46.947",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-08-27T19:35:17.383",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross site scripting (XSS) en el m\u00f3dulo Nuevo/Editar art\u00edculo de Enhavo CMS v0.13.1 permite a los atacantes ejecutar scrips web o HTML arbitrario a trav\u00e9s de un payload manipulado inyectado en el campo de texto Crear etiqueta."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/dd3x3r/enhavo/blob/main/xss-create-tag-v0.13.1.md",

39
CVE-2024/CVE-2024-265xx/CVE-2024-26540.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26540",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-15T01:15:58.833",
"lastModified": "2024-03-15T12:53:06.423",
"lastModified": "2024-08-27T18:35:05.790",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se puede producir un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en Clmg anterior a 3.3.3 a trav\u00e9s de un archivo manipulado en cimg_library::CImg::_load_analyze."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/GreycLab/CImg/issues/403",

14
CVE-2024/CVE-2024-272xx/CVE-2024-27283.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27283",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T05:15:10.087",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-08-27T19:35:18.260",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/support/en_US/security/VTS23-020",

39
CVE-2024/CVE-2024-277xx/CVE-2024-27703.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27703",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-13T22:15:11.843",
"lastModified": "2024-03-14T12:52:16.723",
"lastModified": "2024-08-27T19:35:18.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Cross Site Scripting en Leantime 3.0.6 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de t\u00edtulo de tareas pendientes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/b-hermes/vulnerability-research/blob/main/CVE-2024-27703/README.md",

39
CVE-2024/CVE-2024-277xx/CVE-2024-27719.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27719",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T19:15:48.570",
"lastModified": "2024-03-28T20:53:20.813",
"lastModified": "2024-08-27T19:35:19.763",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) en rems FAQ Management System v.1.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado en el campo Preguntas frecuentes en la funci\u00f3n Agregar preguntas frecuentes."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.sourcecodester.com/php/17175/faq-management-system-using-php-and-mysql-source-code.html",

39
CVE-2024/CVE-2024-292xx/CVE-2024-29269.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29269",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-10T20:15:07.440",
"lastModified": "2024-04-11T12:47:44.137",
"lastModified": "2024-08-27T18:35:06.583",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema descubierto en Telesquare TLR-2005Ksh 1.0.0 y 1.1.4 permite a los atacantes ejecutar comandos arbitrarios del sistema a trav\u00e9s del par\u00e1metro Cmd."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/wutalent/CVE-2024-29269/blob/main/index.md",

39
CVE-2024/CVE-2024-296xx/CVE-2024-29640.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29640",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T17:15:12.380",
"lastModified": "2024-04-01T01:12:59.077",
"lastModified": "2024-08-27T18:35:07.370",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en aliyundrive-webdav v.2.3.3 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para el par\u00e1metro sid en el componente action_query_qrcode."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "http://aliyundrive-webdav.com",

39
CVE-2024/CVE-2024-296xx/CVE-2024-29666.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29666",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-25T19:15:59.253",
"lastModified": "2024-03-26T12:55:05.010",
"lastModified": "2024-08-27T18:35:08.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de permisos inseguros en el sistema de plataforma de monitoreo de veh\u00edculos CMSV6 v.7.31.0.2 a v.7.32.0.3 permite a un atacante remoto escalar privilegios a trav\u00e9s del componente de contrase\u00f1a predeterminado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1393"
}
]
}
],
"references": [
{
"url": "https://github.com/whgojp/cve-reports/wiki/There-is-a-weak-password-in-the-CMSV6-vehicle-monitoring-platform-system",

27
CVE-2024/CVE-2024-299xx/CVE-2024-29944.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29944",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-03-22T13:15:07.503",
"lastModified": "2024-05-01T18:15:18.987",
"lastModified": "2024-08-27T18:35:09.073",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un atacante pudo inyectar un controlador de eventos en un objeto privilegiado que permitir\u00eda la ejecuci\u00f3n arbitraria de JavaScript en el proceso principal. Nota: Esta vulnerabilidad afecta \u00fanicamente a Firefox de escritorio, no afecta a las versiones m\u00f3viles de Firefox. Esta vulnerabilidad afecta a Firefox < 124.0.1 y Firefox ESR < 115.9.1."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/23/1",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30600.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30600",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T15:15:46.603",
"lastModified": "2024-03-28T16:07:30.893",
"lastModified": "2024-08-27T19:35:20.830",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro schedEndTime de la funci\u00f3n setSchedWifi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/setSchedWifi_end.md",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30606.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30606",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-28T14:15:15.480",
"lastModified": "2024-03-28T16:07:30.893",
"lastModified": "2024-08-27T19:35:21.630",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro de p\u00e1gina de la funci\u00f3n fromDhcpListClient."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1203/fromDhcpListClient_page.md",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30626.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30626",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T13:15:16.090",
"lastModified": "2024-03-29T13:28:22.880",
"lastModified": "2024-08-27T19:35:24.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1205 v2.0.0.7(775) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro schedEndTime de la funci\u00f3n setSchedWifi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/setSchedWifi_end.md",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30630.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30630",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-29T13:15:16.273",
"lastModified": "2024-03-29T13:28:22.880",
"lastModified": "2024-08-27T19:35:25.577",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda FH1205 v2.0.0.7(775) tiene una vulnerabilidad de desbordamiento de la regi\u00f3n stack de la memoria en el par\u00e1metro de tiempo de la funci\u00f3n saveParentControlInfo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/FH/FH1205/saveParentControlInfo_time.md",

32
CVE-2024/CVE-2024-30xx/CVE-2024-3088.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3088",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-30T11:15:50.483",
"lastModified": "2024-05-17T02:39:42.873",
"lastModified": "2024-08-27T18:35:09.493",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [

27
CVE-2024/CVE-2024-310xx/CVE-2024-31033.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31033",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-01T02:15:07.850",
"lastModified": "2024-08-02T02:15:31.420",
"lastModified": "2024-08-27T18:35:09.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,30 @@
"value": "JJWT (tambi\u00e9n conocido como Java JWT) hasta 0.12.5 ignora ciertos caracteres y, por lo tanto, un usuario podr\u00eda concluir err\u00f3neamente que tiene una clave segura. El c\u00f3digo afectado es el m\u00e9todo setSigningKey() dentro de la clase DefaultJwtParser y el m\u00e9todo signWith() dentro de la clase DefaultJwtBuilder."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://github.com/2308652512/JJWT_BUG",

39
CVE-2024/CVE-2024-314xx/CVE-2024-31498.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31498",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-04T23:15:16.743",
"lastModified": "2024-04-08T00:15:08.000",
"lastModified": "2024-08-27T19:35:26.363",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "ykman-gui (tambi\u00e9n conocido como GUI de YubiKey Manager) anterior a 1.2.6 en Windows, cuando no se usa Edge, permite la escalada de privilegios porque las ventanas del navegador se pueden abrir como Administrador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://www.yubico.com/support/security-advisories/ysa-2024-01/",

60
CVE-2024/CVE-2024-360xx/CVE-2024-36068.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-36068",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T18:15:14.427",
"lastModified": "2024-08-27T19:35:27.183",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect access control vulnerability in Rubrik CDM versions prior to 9.1.2-p1, 9.0.3-p6 and 8.1.3-p12, allows an attacker with network access to execute arbitrary code."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.rubrik.com/advisories/rbk-20240619-v0044",
"source": "cve@mitre.org"
},
{
"url": "https://www.rubrik.com/products/cloud-data-management",
"source": "cve@mitre.org"
}
]
}

130
CVE-2024/CVE-2024-385xx/CVE-2024-38547.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38547",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:14.973",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T19:56:36.727",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: media: atomisp: ssh_css: corrige una desreferencia de puntero nulo en load_video_binaries La falla de asignaci\u00f3n de mycs->yuv_scaler_binary en load_video_binaries() va seguida de una desreferencia de mycs->yuv_scaler_binary despu\u00e9s de siguiente cadena de llamadas: sh_css_pipe_load_binaries() |-> load_video_binaries(mycs->yuv_scaler_binary == NULL) | |-> sh_css_pipe_unload_binaries() |-> unload_video_binaries() En unload_video_binaries(), llama a ia_css_binary_unload con el argumento &pipe->pipe_settings.video.yuv_scaler_binary[i], que se refiere a la misma ranura de memoria que mycs->yuv_scaler_binary. Por lo tanto, se activa una desreferencia de puntero nulo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.12",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "58594503-2699-4CEB-8D05-6DFB3484E37A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3b621e9e9e148c0928ab109ac3d4b81487469acb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4b68b861b514a5c09220d622ac3784c0ebac6c80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6482c433863b257b0b9b687c28ce80b89d5f89f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/69b27ff82f87379afeaaea4b2f339032fdd8486e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/82c2c85aead3ea3cbceef4be077cf459c5df2272",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a1ab99dcc8604afe7e3bccb01b10da03bdd7ea35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cc20c87b04db86c8e3e810bcdca686b406206069",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

154
CVE-2024/CVE-2024-385xx/CVE-2024-38549.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38549",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:15.163",
"lastModified": "2024-07-15T07:15:08.820",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T19:57:48.560",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,173 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: drm/mediatek: Agregar verificaci\u00f3n de tama\u00f1o 0 a mtk_drm_gem_obj Agregar una verificaci\u00f3n a mtk_drm_gem_init si intentamos asignar un objeto GEM de 0 bytes. Actualmente, no existe tal verificaci\u00f3n y el kernel entrar\u00e1 en p\u00e1nico si una aplicaci\u00f3n de espacio de usuario intenta asignar un b\u00fafer GBM 0x0. Probado intentando asignar un b\u00fafer GBM 0x0 en un MT8188 y verificando que ahora devolvemos EINVAL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "4.19.316",
"matchCriteriaId": "594BEF43-C2C9-4680-A8DA-DAE0487DAEB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.278",
"matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0e3b6f9123726858cac299e1654e3d20424cabe4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/13562c2d48c9ee330de1077d00146742be368f05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1e4350095e8ab2577ee05f8c3b044e661b5af9a0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/79078880795478d551a05acc41f957700030d364",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9489951e3ae505534c4013db4e76b1b5a3151ac7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af26ea99019caee1500bf7e60c861136c0bf8594",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/be34a1b351ea7faeb15dde8c44fe89de3980ae67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d17b75ee9c2e44d3a3682c4ea5ab713ea6073350",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fb4aabdb1b48c25d9e1ee28f89440fd2ce556405",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2024/CVE-2024-385xx/CVE-2024-38551.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38551",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:15.357",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T19:54:39.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: mediatek: Asignar dummy cuando el c\u00f3dec no est\u00e1 especificado para un enlace DAI Los controladores de la tarjeta de sonido MediaTek est\u00e1n comprobando si hay un enlace DAI presente y utilizado en una placa para asignar los par\u00e1metros correctos y esto se realiza comprobando los nombres DAI del c\u00f3dec en el momento de la sonda. Si no hay ning\u00fan c\u00f3dec real, asigne el c\u00f3dec ficticio al enlace DAI para evitar el puntero NULL durante la comparaci\u00f3n de cadenas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.3",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "23CACAE0-7893-46F0-8796-BB256AF77F59"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/0c052b1c11d8119f3048b1f7b3c39a90500cacf9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5f39231888c63f0a7708abc86b51b847476379d8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/87b8dca6e06f9b1681bc52bf7bfa85c663a11158",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cbbcabc7f0979f6542372cf88d7a9da7143a4226",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

154
CVE-2024/CVE-2024-385xx/CVE-2024-38552.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38552",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:15.450",
"lastModified": "2024-07-15T07:15:09.020",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T19:55:05.303",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: corrige un posible \u00edndice fuera de los l\u00edmites en la funci\u00f3n de transformaci\u00f3n de color. Corrige el problema de \u00edndice fuera de los l\u00edmites en la funci\u00f3n de transformaci\u00f3n de color. El problema podr\u00eda ocurrir cuando el \u00edndice 'i' excede la cantidad de puntos de funci\u00f3n de transferencia (TRANSFER_FUNC_POINTS). La soluci\u00f3n agrega una verificaci\u00f3n para garantizar que 'i' est\u00e9 dentro de los l\u00edmites antes de acceder a los puntos de funci\u00f3n de transferencia. Si 'i' est\u00e1 fuera de los l\u00edmites, se registra un mensaje de error y la funci\u00f3n devuelve falso para indicar un error. Reportado por smatch: drivers/gpu/drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:405 cm_helper_translate_curve_to_hw_format() error: desbordamiento del b\u00fafer 'output_tf->tf_pts.red' 1025 <= controladores s32max/gpu /drm/amd/amdgpu/../display/dc/dcn10/dcn10_cm_common.c:406 cm_helper_translate_curve_to_hw_format() error: desbordamiento del b\u00fafer 'output_tf->tf_pts.green' 1025 <= controladores s32max/gpu/drm/amd/amdgpu/ ../display/dc/dcn10/dcn10_cm_common.c:407 error de cm_helper_translate_curve_to_hw_format(): desbordamiento del b\u00fafer 'output_tf->tf_pts.blue' 1025 <= s32max"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.16",
"versionEndExcluding": "4.19.316",
"matchCriteriaId": "ED5E0A5E-EF43-449A-90CC-20F2A9F6DBB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.278",
"matchCriteriaId": "7FDBF235-DA18-49A1-8690-6C7272FD0701"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "E9063AF3-D593-43B7-810D-58B87F82F9F9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/04bc4d1090c343025d69149ca669a27c5b9c34a7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/123edbae64f4d21984359b99c6e79fcde31c6123",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4e8c8b37ee84b3b19c448d2b8e4c916d2f5b9c86",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/604c506ca43fce52bb882cff9c1fdf2ec3b4029c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/63ae548f1054a0b71678d0349c7dc9628ddd42ca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7226ddf3311c5e5a7726ad7d4e7b079bb3cfbb29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/98b8a6bfd30d07a19cfacdf82b50f84bf3360869",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ced9c4e2289a786b8fa684d8893b7045ea53ef7e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e280ab978c81443103d7c61bdd1d8d708cf6ed6d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

94
CVE-2024/CVE-2024-385xx/CVE-2024-38553.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38553",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:15.550",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T19:45:18.157",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,103 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fec: elimine .ndo_poll_controller para evitar interbloqueos. Se encontr\u00f3 un problema de interbloqueo en el controlador sungem; consulte el commit ac0a230f719b (\"eth: sungem: elimine .ndo_poll_controller para evitar interbloqueos \"). La causa principal del problema es que netpoll est\u00e1 en un contexto at\u00f3mico y la interfaz .ndo_poll_controller del controlador sungem llama a enable_irq(); sin embargo, enable_irq() puede estar inactivo. Despu\u00e9s de analizar la implementaci\u00f3n de fec_poll_controller(), el controlador fec deber\u00eda tener el mismo problema. Debido a que el controlador fec utiliza NAPI para las completaciones de TX, no es necesario implementar .ndo_poll_controller en el controlador fec, por lo que fec_poll_controller() se puede eliminar de forma segura."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "76121B3C-353D-4A1E-BC1A-F1E22509281C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/87bcbc9b7e0b43a69d44efa5f32f11e32d08fa6f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/accdd6b912c4219b8e056d1f1ad2e85bc66ee243",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c2e0c58b25a0a0c37ec643255558c5af4450c9f5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d38625f71950e79e254515c5fc585552dad4b33e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

106
CVE-2024/CVE-2024-385xx/CVE-2024-38554.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38554",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:15.627",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T19:55:32.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,117 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ax25: Solucionar el problema de fuga del recuento de referencias de net_device Hay un problema de fuga del recuento de referencias del objeto \"net_device\" en ax25_dev_device_down(). Cuando el dispositivo ax25 se est\u00e1 apagando, ax25_dev_device_down() elimina el recuento de referencia de net_device una o cero veces dependiendo de si vamos a unlock_put o no, lo que provocar\u00e1 una p\u00e9rdida de memoria. Para resolver el problema anterior, reduzca el recuento de referencias de net_device despu\u00e9s de que dev->ax25_ptr se establezca en nulo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.17",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "899D7A4F-A23D-4FA2-84B4-4BAA03F98BBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/36e56b1b002bb26440403053f19f9e1a8bc075b2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3ec437f9bbae68e9b38115c4c91de995f73f6bad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8bad3a20a27be8d935f2aae08d3c6e743754944a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/965d940fb7414b310a22666503d2af69459c981b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eef95df9b752699bddecefa851f64858247246e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

130
CVE-2024/CVE-2024-385xx/CVE-2024-38555.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38555",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:15.720",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T19:54:04.720",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: descartar la finalizaci\u00f3n de comandos en caso de error interno. Se corrige el use-after-free cuando llega la finalizaci\u00f3n del FW mientras el dispositivo est\u00e1 en estado de error interno. Evite llamar al controlador de finalizaci\u00f3n en este caso, ya que el dispositivo limpiar\u00e1 la interfaz de comando y activar\u00e1 todas las finalizaciones manualmente. Registro del kernel: ------------[ cortar aqu\u00ed ]------------ refcount_t: underflow; use-after-free. ... RIP: 0010:refcount_warn_saturate+0xd8/0xe0 ... Seguimiento de llamadas: ? __advertir+0x79/0x120 ? refcount_warn_saturate+0xd8/0xe0? report_bug+0x17c/0x190? handle_bug+0x3c/0x60? exc_invalid_op+0x14/0x70? asm_exc_invalid_op+0x16/0x20? refcount_warn_saturate+0xd8/0xe0 cmd_ent_put+0x13b/0x160 [mlx5_core] mlx5_cmd_comp_handler+0x5f9/0x670 [mlx5_core] cmd_comp_notifier+0x1f/0x30 [mlx5_core] notifier_call_chain+0x35/0xb0 cadena+0x16/0x20 mlx5_eq_async_int+0xf6/0x290 [mlx5_core] notifier_call_chain+0x35 /0xb0 atomic_notifier_call_chain+0x16/0x20 irq_int_handler+0x19/0x30 [mlx5_core] __handle_irq_event_percpu+0x4b/0x160 handle_irq_event+0x2e/0x80 handle_edge_irq+0x98/0x230 __common_interrupt+0x3b/0 xa0 interrupci\u00f3n_com\u00fan+0x7b/0xa0 asm_interrupci\u00f3n_com\u00fan+0x22 /0x40"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.20",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "12848580-6A3F-4069-9B0A-78AAA5E79BE7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "A5A5A54E-7208-43CC-811F-57A4B7A4488D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1337ec94bc5a9eed250e33f5f5c89a28a6bfabdb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1d5dce5e92a70274de67a59e1e674c3267f94cd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3cb92b0ad73d3f1734e812054e698d655e9581b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7ac4c69c34240c6de820492c0a28a0bd1494265a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bf8aaf0ae01c27ae3c06aa8610caf91e50393396",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/db9b31aa9bc56ff0d15b78f7e827d61c4a096e40",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f6fbb8535e990f844371086ab2c1221f71f993d3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

118
CVE-2024/CVE-2024-385xx/CVE-2024-38591.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38591",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:19.207",
"lastModified": "2024-06-20T12:44:01.637",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T18:36:09.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/hns: corrige el punto muerto en eventos as\u00edncronos de SRQ. Es posible que se requiera xa_lock para la tabla SRQ en AEQ. Utilice xa_store_irq()/ xa_erase_irq() para evitar un punto muerto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "B75AC234-BEB3-4166-A71B-A8017869419D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/22c915af31bd84ffaa46145e317f53333f94a868",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4a3be1a0ffe04c085dd7f79be97c91b0c786df3d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/72dc542f0d8977e7d41d610db6bb65c47cad43e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/756ddbe665ea7f9416951bd76731b174d136eea0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b46494b6f9c19f141114a57729e198698f40af37",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d271e66abac5c7eb8de345b9b44d89f777437a4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

130
CVE-2024/CVE-2024-385xx/CVE-2024-38597.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38597",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:19.730",
"lastModified": "2024-06-20T12:43:25.663",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T18:36:47.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: eth: sungem: elimine .ndo_poll_controller para evitar interbloqueos Erhard informa advertencias de netpoll desde sungem: netpoll_send_skb_on_dev(): eth0 habilit\u00f3 interrupciones en la encuesta (gem_start_xmit+0x0/0x398) ADVERTENCIA: CPU: 1 PID: 1 en net/core/netpoll.c:370 netpoll_send_skb+0x1fc/0x20c gem_poll_controller() desactiva las interrupciones, que pueden dormir. No podemos dormir en netpoll, tiene las interrupciones desactivadas por completo. Curiosamente, gem_poll_controller() ni siquiera sondea las finalizaciones y, en cambio, act\u00faa como si se hubiera disparado una interrupci\u00f3n, por lo que simplemente programa NAPI y sale. Nada de esto ha sido necesario durante a\u00f1os, ya que netpoll invoca directamente a NAPI."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.1",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "2A2D510F-E44F-46B1-ADAE-F009C5BA4620"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "31130639-53FE-4726-8986-434EE2528CB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "EEFB78EE-F990-4197-BF1C-156760A55667"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "FCE796DF-3B50-4DC6-BAE5-95271068FC9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/476adb3bbbd7886e8251d3b9ce2d3c3e680f35d6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5de5aeb98f9a000adb0db184e32765e4815d860b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6400d205fbbcbcf9b8510157e1f379c1d7e2e937",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ac0a230f719b02432d8c7eba7615ebd691da86f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e22b23f5888a065d084e87db1eec639c445e677f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/faf94f1eb8a34b2c31b2042051ef36f63420ecce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fbeeb55dbb33d562149c57e794f06b7414e44289",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

154
CVE-2024/CVE-2024-385xx/CVE-2024-38598.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38598",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:19.813",
"lastModified": "2024-07-15T07:15:11.720",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T18:36:57.630",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md: corrige el bloqueo suave de resincronizaci\u00f3n cuando el tama\u00f1o del mapa de bits es menor que el tama\u00f1o de la matriz. Se informa que para dm-raid10, lvextend + lvchange --syncaction activar\u00e1 el siguiente bloqueo suave: kernel:watchdog: ERROR : bloqueo suave - \u00a1CPU n.\u00b0 3 bloqueada durante 26 segundos! [mdX_resync:6976] CPU: 7 PID: 3588 Comm: mdX_resync Kdump: cargado No contaminado 6.9.0-rc4-next-20240419 #1 RIP: 0010:_raw_spin_unlock_irq+0x13/0x30 Seguimiento de llamadas: md_bitmap_start_sync+0x6b/0xf0 raid10_sync_request+0x25c/0x1b40 [raid10] md_do_sync+0x64b/0x1020 md_thread+0xa7/0x170 kthread+0xcf/0x100 ret_from_fork+0x30/0x50 ret_from_fork_asm+0x1a/0x30 Y el proceso detallado es el siguiente: _sync j = mddev->resync_min mientras ( j < max_sectors) sectores = raid10_sync_request(mddev, j, &skipped) if (!md_bitmap_start_sync(..., &sync_blocks)) // md_bitmap_start_sync establece sync_blocks en 0 return sync_blocks + sectores_skippe; // sectores = 0; j += sectores; // j nunca cambia La causa principal es que el commit 301867b1c168 (\"md/raid10: check slab-out-of-bounds in md_bitmap_get_counter\") regresa antes de md_bitmap_get_counter(), sin configurar los bloques devueltos. Solucione este problema estableciendo siempre los bloques devueltos desde md_bitmap_get_counter\"(), como sol\u00eda ser. Tenga en cuenta que este parche solo soluciona el problema de bloqueo suave en el kernel, el caso de que el tama\u00f1o del mapa de bits no coincida con el tama\u00f1o de la matriz a\u00fan debe solucionarse."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.291",
"versionEndExcluding": "4.19.316",
"matchCriteriaId": "D449D4CF-AE68-4FE1-98DD-482B945BAA3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.251",
"versionEndExcluding": "5.4.278",
"matchCriteriaId": "49B564BA-8384-473B-BC05-994F72E04C71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.188",
"versionEndExcluding": "5.10.219",
"matchCriteriaId": "2EFD3D32-B50C-4E8A-9442-0D20D3D943F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.121",
"versionEndExcluding": "5.15.161",
"matchCriteriaId": "45789776-D688-4A53-B8C0-06A0C8BAE3C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.39",
"versionEndExcluding": "6.1.93",
"matchCriteriaId": "AEE63F27-E37D-4277-A5F3-9376E04C3BE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5",
"versionEndExcluding": "6.6.33",
"matchCriteriaId": "3781A223-DB26-4813-92E3-3EF7B545A0E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.8.12",
"matchCriteriaId": "80550309-67AB-4FD1-AC07-3DED5C4F01B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.9.3",
"matchCriteriaId": "E07124C1-19E8-4D21-828D-9932A01D3011"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3f5b73ef8fd6268cbc968b308d8eafe56fda97f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43771597feba89a839c5f893716df88ae5c237ce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5817f43ae1a118855676f57ef7ab50e37eac7482",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/69296914bfd508c85935bf5f711cad9b0fe78492",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/71e8e4f288e74a896b6d9cd194f3bab12bd7a10f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8bbc71315e0ae4bb7e37f8d43b915e1cb01a481b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c9566b812c8f66160466cc1e29df6d3646add0b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d4b9c764d48fa41caa24cfb4275f3aa9fb4bd798",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f0e729af2eb6bee9eb58c4df1087f14ebaefe26b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

71
CVE-2024/CVE-2024-392xx/CVE-2024-39248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39248",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-03T17:15:04.303",
"lastModified": "2024-07-05T12:55:51.367",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T18:32:45.907",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,76 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) en SimpCMS v0.1 permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado en el campo T\u00edtulo en /admin.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fikeulous:simpcms:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ED754D76-46F5-461B-BB33-670360924708"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jasonthename/CVE-2024-39248",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://packetstormsecurity.com/files/179219",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

394
CVE-2024/CVE-2024-394xx/CVE-2024-39427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39427",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-07-01T09:15:06.493",
"lastModified": "2024-08-27T17:33:15.990",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-08-27T18:32:28.710",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -81,332 +81,18 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:sc7731e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "52A02668-6A09-4D48-B224-4700F3BC7538"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:sc9832e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10E2ED6-0B1A-41AF-BE6B-E32BF5DF529B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:sc9863a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6110F3F3-713E-4DC2-A70A-E13C5C315685"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t310_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB62FC4-66EB-4E4C-AD88-4E9205411D38"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t606_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F005C8C-3515-48F6-AD73-8CD5DFC351FB"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t612_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF7DAD66-AFC2-434E-B7E8-2C92E3F8564F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t616_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1C094C1-8EEB-4777-95B8-2FB802A2D74E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t610_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387350DE-965C-4FA7-9DC5-ABEEE94C39A0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t618_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F184416-73D8-4790-8D15-11C5D3D440DE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t760_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "280225F7-554C-43BA-8D7F-9C250CEEAEBE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t770_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8550BDEB-442B-4D22-8BCE-53CE81F85ABF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:t820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "695395BB-E6BC-4B2D-9CE4-015CCF5E81CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:unisoc:s8000_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B28EDE1D-4737-4703-9896-1B6AC6D3BA2A"
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
},
@ -418,6 +104,66 @@
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:s8000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FDE05D06-C798-4217-8858-8C5DC2C94751"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc7731e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AC867249-B767-4802-868D-6D0E356C8294"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9832e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "25BBD3C5-E87C-4730-970C-19DF855AC3A2"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:sc9863a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE00DFDE-97DD-4D33-B580-73FEF677C71B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t310:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F20E00D8-2F00-4FA3-9455-37DC89908D96"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t606:-:*:*:*:*:*:*:*",
"matchCriteriaId": "905E39DD-7948-40A4-B042-EBB9A9591347"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t610:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC980D6-B797-4AE1-B553-35395AE80D07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t612:-:*:*:*:*:*:*:*",
"matchCriteriaId": "98408A48-561A-49D1-967F-834311742B7F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "756E5850-CDC7-46C2-BAFC-1E2A359A2709"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t618:-:*:*:*:*:*:*:*",
"matchCriteriaId": "39002ECE-636A-4FEB-9A0B-8127E8AAC844"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t760:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3D965CCA-C963-49E4-ACF0-2A9F458AF470"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t770:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FFEF06A-E3E0-486F-89CC-D52FF3F26F0B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:unisoc:t820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49601008-D3FF-47CC-B961-6FDDFC7A0596"
}
]
}

4
CVE-2024/CVE-2024-403xx/CVE-2024-40395.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40395",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T16:15:07.583",
"lastModified": "2024-08-27T16:15:07.583",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

41
CVE-2024/CVE-2024-416xx/CVE-2024-41622.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41622",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T16:15:07.673",
"lastModified": "2024-08-27T16:15:07.673",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:35:10.613",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in /HNAP1/ interface."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W",

56
CVE-2024/CVE-2024-428xx/CVE-2024-42851.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-42851",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T18:15:14.993",
"lastModified": "2024-08-27T19:35:28.000",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer Overflow vulnerability in open source exiftags v.1.01 allows a local attacker to execute arbitrary code via the paresetag function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://github.com/T1anyang/fuzzing/blob/main/exiftags/crash.md",
"source": "cve@mitre.org"
}
]
}

64
CVE-2024/CVE-2024-434xx/CVE-2024-43414.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-43414",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-27T18:15:15.083",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Each team can own their slice of the graph independently, empowering them to deliver autonomously and incrementally. Instances of @apollo/query-planner >=2.0.0 and <2.8.5 are impacted by a denial-of-service vulnerability. @apollo/gateway versions >=2.0.0 and < 2.8.5 and Apollo Router <1.52.1 are also impacted through their use of @apollo/query-panner. If @apollo/query-planner is asked to plan a sufficiently complex query, it may loop infinitely and never complete. This results in unbounded memory consumption and either a crash or out-of-memory (OOM) termination. This issue can be triggered if you have at least one non-@key field that can be resolved by multiple subgraphs. To identify these shared fields, the schema for each subgraph must be reviewed. The mechanism to identify shared fields varies based on the version of Federation your subgraphs are using. You can check if your subgraphs are using Federation 1 or Federation 2 by reviewing their schemas. Federation 2 subgraph schemas will contain a @link directive referencing the version of Federation being used while Federation 1 subgraphs will not. For example, in a Federation 2 subgraph, you will find a line like @link(url: \"https://specs.apollo.dev/federation/v2.0\"). If a similar @link directive is not present in your subgraph schema, it is using Federation 1. Note that a supergraph can contain a mix of Federation 1 and Federation 2 subgraphs. This issue results from the Apollo query planner attempting to use a Number exceeding Javascript\u2019s Number.MAX_VALUE in some cases. In Javascript, Number.MAX_VALUE is (2^1024 - 2^971). When the query planner receives an inbound graphql request, it breaks the query into pieces and for each piece, generates a list of potential execution steps to solve the piece. These candidates represent the steps that the query planner will take to satisfy the pieces of the larger query. As part of normal operations, the query planner requires and calculates the number of possible query plans for the total query. That is, it needs the product of the number of query plan candidates for each piece of the query. Under normal circumstances, after generating all query plan candidates and calculating the number of all permutations, the query planner moves on to stack rank candidates and prune less-than-optimal options. In particularly complex queries, especially those where fields can be solved through multiple subgraphs, this can cause the number of all query plan permutations to balloon. In worst-case scenarios, this can end up being a number larger than Number.MAX_VALUE. In Javascript, if Number.MAX_VALUE is exceeded, Javascript represents the value as \u201cinfinity\u201d. If the count of candidates is evaluated as infinity, the component of the query planner responsible for pruning less-than-optimal query plans does not actually prune candidates, causing the query planner to evaluate many orders of magnitude more query plan candidates than necessary. This issue has been addressed in @apollo/query-planner v2.8.5, @apollo/gateway v2.8.5, and Apollo Router v1.52.1. Users are advised to upgrade. This issue can be avoided by ensuring there are no fields resolvable from multiple subgraphs. If all subgraphs are using Federation 2, you can confirm that you are not impacted by ensuring that none of your subgraph schemas use the @shareable directive. If you are using Federation 1 subgraphs, you will need to validate that there are no fields resolvable by multiple subgraphs."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-674"
}
]
}
],
"references": [
{
"url": "https://github.com/apollographql/federation/security/advisories/GHSA-fmj9-77q8-g6c4",
"source": "security-advisories@github.com"
},
{
"url": "https://www.apollographql.com/docs/federation/query-plans",
"source": "security-advisories@github.com"
},
{
"url": "https://www.apollographql.com/docs/router/configuration/persisted-queries",
"source": "security-advisories@github.com"
}
]
}

76
CVE-2024/CVE-2024-437xx/CVE-2024-43783.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-43783",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-27T18:15:15.403",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Apollo Router Core is a configurable, high-performance graph router written in Rust to run a federated supergraph that uses Apollo Federation 2. Instances of the Apollo Router running versions >=1.21.0 and < 1.52.1 are impacted by a denial of service vulnerability if _all_ of the following are true: 1. The Apollo Router has been configured to support [External Coprocessing](https://www.apollographql.com/docs/router/customizations/coprocessor). 2. The Apollo Router has been configured to send request bodies to coprocessors. This is a non-default configuration and must be configured intentionally by administrators. Instances of the Apollo Router running versions >=1.7.0 and <1.52.1 are impacted by a denial-of-service vulnerability if all of the following are true: 1. Router has been configured to use a custom-developed Native Rust Plugin. 2. The plugin accesses Request.router_request in the RouterService layer. 3. You are accumulating the body from Request.router_request into memory. If using an impacted configuration, the Router will load entire HTTP request bodies into memory without respect to other HTTP request size-limiting configurations like limits.http_max_request_bytes. This can cause the Router to be out-of-memory (OOM) terminated if a sufficiently large request is sent to the Router. By default, the Router sets limits.http_max_request_bytes to 2 MB. If you have an impacted configuration as defined above, please upgrade to at least Apollo Router 1.52.1. If you cannot upgrade, you can mitigate the denial-of-service opportunity impacting External Coprocessors by setting the coprocessor.router.request.body configuration option to false. Please note that changing this configuration option will change the information sent to any coprocessors you have configured and may impact functionality implemented by those coprocessors. If you have developed a Native Rust Plugin and cannot upgrade, you can update your plugin to either not accumulate the request body or enforce a maximum body size limit. You can also mitigate this issue by limiting HTTP body payload sizes prior to the Router (e.g., in a proxy or web application firewall appliance)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/apollographql/router/commit/7a9c020608a62dcaa306b72ed0f6980f15923b14",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/apollographql/router/releases/tag/v1.52.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/apollographql/router/security/advisories/GHSA-x6xq-whh3-gg32",
"source": "security-advisories@github.com"
},
{
"url": "https://www.apollographql.com/docs/router/configuration/overview/#request-limits",
"source": "security-advisories@github.com"
},
{
"url": "https://www.apollographql.com/docs/router/customizations/coprocessor",
"source": "security-advisories@github.com"
},
{
"url": "https://www.apollographql.com/docs/router/customizations/native",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2024/CVE-2024-437xx/CVE-2024-43788.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43788",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-27T17:15:07.967",
"lastModified": "2024-08-27T17:15:07.967",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

41
CVE-2024/CVE-2024-443xx/CVE-2024-44340.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44340",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T16:15:07.760",
"lastModified": "2024-08-27T16:15:07.760",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:35:11.777",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via keys smartqos_express_devices and smartqos_normal_devices in SetSmartQoSSettings."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W",

41
CVE-2024/CVE-2024-443xx/CVE-2024-44341.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44341",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T16:15:07.860",
"lastModified": "2024-08-27T16:15:07.860",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:35:12.540",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the lan(0)_dhcps_staticlist parameter. This vulnerability is exploited via a crafted POST request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W",

41
CVE-2024/CVE-2024-443xx/CVE-2024-44342.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44342",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T16:15:07.993",
"lastModified": "2024-08-27T16:15:07.993",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:35:13.327",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the wl(0).(0)_ssid parameter. This vulnerability is exploited via a crafted POST request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "http://www.dlink.com.cn/techsupport/ProductInfo.aspx?m=DIR-846W",

68
CVE-2024/CVE-2024-450xx/CVE-2024-45037.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-45037",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-27T19:15:17.583",
"lastModified": "2024-08-27T19:15:17.583",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it to create their own applications which are converted to AWS CloudFormation templates during deployment to a customer\u2019s AWS account. CDK contains pre-built components called \"constructs\" that are higher-level abstractions providing defaults and best practices. This approach enables developers to use familiar programming languages to define complex cloud infrastructure more efficiently than writing raw CloudFormation templates. We identified an issue in AWS Cloud Development Kit (CDK) which, under certain conditions, can result in granting authenticated Amazon Cognito users broader than intended access. Specifically, if a CDK application uses the \"RestApi\" construct with \"CognitoUserPoolAuthorizer\" as the authorizer and uses authorization scopes to limit access. This issue does not affect the availability of the specific API resources. Authenticated Cognito users may gain unintended access to protected API resources or methods, leading to potential data disclosure, and modification issues. Impacted versions: >=2.142.0;<=2.148.0. A patch is included in CDK versions >=2.148.1. Users are advised to upgrade their AWS CDK version to 2.148.1 or newer and re-deploy their application(s) to address this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://docs.aws.amazon.com/cdk/v2/guide/home.html",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aws/aws-cdk/commit/4bee768f07e73ab5fe466f9ad3d1845456a0513b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aws/aws-cdk/releases/tag/v2.148.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/aws/aws-cdk/security/advisories/GHSA-qj85-69xf-2vxq",
"source": "security-advisories@github.com"
}
]
}

4
CVE-2024/CVE-2024-452xx/CVE-2024-45264.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45264",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-27T16:15:08.070",
"lastModified": "2024-08-27T17:35:08.307",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

56
CVE-2024/CVE-2024-52xx/CVE-2024-5288.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-5288",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-08-27T19:15:17.797",
"lastModified": "2024-08-27T19:15:17.797",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in wolfSSL before 5.7.0. A safe-error attack via Rowhammer, namely FAULT+PROBE, leads to ECDSA key disclosure. When WOLFSSL_CHECK_SIG_FAULTS is used in signing operations with private ECC keys,\n\nsuch as in server-side TLS connections, the connection is halted if any fault occurs.\u00a0The success rate in a certain amount of connection requests can be processed via an advanced technique for ECDSA key recovery."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "facts@wolfssl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "facts@wolfssl.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://github.com/wolfSSL/wolfssl/releases/tag/v5.7.2-stable",
"source": "facts@wolfssl.com"
}
]
}

66
CVE-2024/CVE-2024-58xx/CVE-2024-5814.json Normal file
View File

@ -0,0 +1,66 @@
{
"id": "CVE-2024-5814",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-08-27T19:15:17.980",
"lastModified": "2024-08-27T19:15:17.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A malicious TLS1.2 server can force a TLS1.3 client with downgrade capability to use a ciphersuite that it did not agree to and achieve a successful connection. This is because, aside from the extensions, the client was skipping fully parsing the server hello. https://doi.org/10.46586/tches.v2024.i1.457-500"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "facts@wolfssl.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:D/RE:M/U:Green",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "DIFFUSE",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "GREEN",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
]
},
"references": [
{
"url": "https://github.com/wolfSSL/wolfssl/blob/master/ChangeLog.md#add_later",
"source": "facts@wolfssl.com"
}
]
}

78
CVE-2024/CVE-2024-59xx/CVE-2024-5991.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-5991",
"sourceIdentifier": "facts@wolfssl.com",
"published": "2024-08-27T19:15:18.080",
"lastModified": "2024-08-27T19:15:18.080",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In function MatchDomainName(), input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509_check_host() takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do a name check on a non-NULL terminated buffer, the code would read beyond the bounds of the input array until it found a NULL terminator.This issue affects wolfSSL: through 5.7.0."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "facts@wolfssl.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "HIGH",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
}
}
]
},
"weaknesses": [
{
"source": "facts@wolfssl.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://https://github.com/wolfSSL/wolfssl/pull/7604",
"source": "facts@wolfssl.com"
}
]
}

21
CVE-2024/CVE-2024-77xx/CVE-2024-7720.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-7720",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-08-27T18:15:15.840",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HP Security Manager is potentially vulnerable to Remote Code Execution as a result of code vulnerability within the product's solution open-source libraries."
}
],
"metrics": {},
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_11074404-11074432-16/",
"source": "hp-security-alert@hp.com"
}
]
}

12
CVE-2024/CVE-2024-80xx/CVE-2024-8033.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8033",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-08-21T21:15:09.897",
"lastModified": "2024-08-22T17:36:07.673",
"lastModified": "2024-08-27T19:39:04.953",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -57,7 +57,15 @@
"nodes": [
{
"operator": "OR",
"negate": false
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
"versionEndExcluding": "128.0.6613.84",
"matchCriteriaId": "DAE0C7AB-1D61-4449-BC82-915B019F311F"
}
]
},
{
"operator": "OR",

4
CVE-2024/CVE-2024-81xx/CVE-2024-8199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8199",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-27T16:15:08.173",
"lastModified": "2024-08-27T16:15:08.173",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-82xx/CVE-2024-8200.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8200",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-08-27T16:15:08.383",
"lastModified": "2024-08-27T16:15:08.383",
"vulnStatus": "Received",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

133
CVE-2024/CVE-2024-82xx/CVE-2024-8208.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-8208",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T18:15:15.950",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editClient.php. The manipulation of the argument AGENT ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.275917",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275917",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.393511",
"source": "cna@vuldb.com"
}
]
}

133
CVE-2024/CVE-2024-82xx/CVE-2024-8209.json Normal file
View File

@ -0,0 +1,133 @@
{
"id": "CVE-2024-8209",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T18:15:16.617",
"lastModified": "2024-08-27T18:33:14.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. The manipulation of the argument CLIENT ID leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.1,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://vuldb.com/?ctiid.275918",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275918",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.393512",
"source": "cna@vuldb.com"
}
]
}

152
CVE-2024/CVE-2024-82xx/CVE-2024-8210.json Normal file
View File

@ -0,0 +1,152 @@
{
"id": "CVE-2024-8210",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T19:15:18.250",
"lastModified": "2024-08-27T19:15:18.250",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been classified as critical. This affects the function sprintf of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_mount leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_R12R5_3rd_DiskMGR.md",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275919",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275919",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.397274",
"source": "cna@vuldb.com"
},
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
}
]
}

152
CVE-2024/CVE-2024-82xx/CVE-2024-8211.json Normal file
View File

@ -0,0 +1,152 @@
{
"id": "CVE-2024-8211",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-08-27T19:15:18.553",
"lastModified": "2024-08-27T19:15:18.553",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "cna@vuldb.com",
"tags": [
"unsupported-when-assigned"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to 20240814. It has been declared as critical. This vulnerability affects the function cgi_FMT_Std2R1_DiskMGR of the file /cgi-bin/hd_config.cgi. The manipulation of the argument f_newly_dev leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://github.com/BuaaIOTTeam/Iot_Dlink_NAS/blob/main/DNS_cgi_FMT_Std2R1_DiskMGR.md",
"source": "cna@vuldb.com"
},
{
"url": "https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.275920",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.275920",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.397275",
"source": "cna@vuldb.com"
},
{
"url": "https://www.dlink.com/",
"source": "cna@vuldb.com"
}
]
}

85
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-08-27T18:00:17.823769+00:00
2024-08-27T20:00:17.835238+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-08-27T17:56:02.507000+00:00
2024-08-27T19:57:48.560000+00:00
```
### Last Data Feed Release
@ -33,53 +33,60 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
261303
261319
```
### CVEs added in the last Commit
Recently added CVEs: `9`
Recently added CVEs: `16`
- [CVE-2024-40395](CVE-2024/CVE-2024-403xx/CVE-2024-40395.json) (`2024-08-27T16:15:07.583`)
- [CVE-2024-41622](CVE-2024/CVE-2024-416xx/CVE-2024-41622.json) (`2024-08-27T16:15:07.673`)
- [CVE-2024-43788](CVE-2024/CVE-2024-437xx/CVE-2024-43788.json) (`2024-08-27T17:15:07.967`)
- [CVE-2024-44340](CVE-2024/CVE-2024-443xx/CVE-2024-44340.json) (`2024-08-27T16:15:07.760`)
- [CVE-2024-44341](CVE-2024/CVE-2024-443xx/CVE-2024-44341.json) (`2024-08-27T16:15:07.860`)
- [CVE-2024-44342](CVE-2024/CVE-2024-443xx/CVE-2024-44342.json) (`2024-08-27T16:15:07.993`)
- [CVE-2024-45264](CVE-2024/CVE-2024-452xx/CVE-2024-45264.json) (`2024-08-27T16:15:08.070`)
- [CVE-2024-8199](CVE-2024/CVE-2024-81xx/CVE-2024-8199.json) (`2024-08-27T16:15:08.173`)
- [CVE-2024-8200](CVE-2024/CVE-2024-82xx/CVE-2024-8200.json) (`2024-08-27T16:15:08.383`)
- [CVE-2022-39996](CVE-2022/CVE-2022-399xx/CVE-2022-39996.json) (`2024-08-27T18:15:13.197`)
- [CVE-2022-39997](CVE-2022/CVE-2022-399xx/CVE-2022-39997.json) (`2024-08-27T19:15:15.953`)
- [CVE-2024-1544](CVE-2024/CVE-2024-15xx/CVE-2024-1544.json) (`2024-08-27T19:15:16.547`)
- [CVE-2024-36068](CVE-2024/CVE-2024-360xx/CVE-2024-36068.json) (`2024-08-27T18:15:14.427`)
- [CVE-2024-42851](CVE-2024/CVE-2024-428xx/CVE-2024-42851.json) (`2024-08-27T18:15:14.993`)
- [CVE-2024-43414](CVE-2024/CVE-2024-434xx/CVE-2024-43414.json) (`2024-08-27T18:15:15.083`)
- [CVE-2024-43783](CVE-2024/CVE-2024-437xx/CVE-2024-43783.json) (`2024-08-27T18:15:15.403`)
- [CVE-2024-45037](CVE-2024/CVE-2024-450xx/CVE-2024-45037.json) (`2024-08-27T19:15:17.583`)
- [CVE-2024-5288](CVE-2024/CVE-2024-52xx/CVE-2024-5288.json) (`2024-08-27T19:15:17.797`)
- [CVE-2024-5814](CVE-2024/CVE-2024-58xx/CVE-2024-5814.json) (`2024-08-27T19:15:17.980`)
- [CVE-2024-5991](CVE-2024/CVE-2024-59xx/CVE-2024-5991.json) (`2024-08-27T19:15:18.080`)
- [CVE-2024-7720](CVE-2024/CVE-2024-77xx/CVE-2024-7720.json) (`2024-08-27T18:15:15.840`)
- [CVE-2024-8208](CVE-2024/CVE-2024-82xx/CVE-2024-8208.json) (`2024-08-27T18:15:15.950`)
- [CVE-2024-8209](CVE-2024/CVE-2024-82xx/CVE-2024-8209.json) (`2024-08-27T18:15:16.617`)
- [CVE-2024-8210](CVE-2024/CVE-2024-82xx/CVE-2024-8210.json) (`2024-08-27T19:15:18.250`)
- [CVE-2024-8211](CVE-2024/CVE-2024-82xx/CVE-2024-8211.json) (`2024-08-27T19:15:18.553`)
### CVEs modified in the last Commit
Recently modified CVEs: `81`
Recently modified CVEs: `75`
- [CVE-2024-38602](CVE-2024/CVE-2024-386xx/CVE-2024-38602.json) (`2024-08-27T16:01:39.983`)
- [CVE-2024-39097](CVE-2024/CVE-2024-390xx/CVE-2024-39097.json) (`2024-08-27T16:35:13.930`)
- [CVE-2024-39427](CVE-2024/CVE-2024-394xx/CVE-2024-39427.json) (`2024-08-27T17:33:15.990`)
- [CVE-2024-39428](CVE-2024/CVE-2024-394xx/CVE-2024-39428.json) (`2024-08-27T17:39:29.090`)
- [CVE-2024-39429](CVE-2024/CVE-2024-394xx/CVE-2024-39429.json) (`2024-08-27T17:44:02.903`)
- [CVE-2024-39430](CVE-2024/CVE-2024-394xx/CVE-2024-39430.json) (`2024-08-27T17:44:25.593`)
- [CVE-2024-39717](CVE-2024/CVE-2024-397xx/CVE-2024-39717.json) (`2024-08-27T16:15:07.400`)
- [CVE-2024-41285](CVE-2024/CVE-2024-412xx/CVE-2024-41285.json) (`2024-08-27T16:03:16.043`)
- [CVE-2024-43336](CVE-2024/CVE-2024-433xx/CVE-2024-43336.json) (`2024-08-27T16:00:25.177`)
- [CVE-2024-43911](CVE-2024/CVE-2024-439xx/CVE-2024-43911.json) (`2024-08-27T16:08:52.493`)
- [CVE-2024-44932](CVE-2024/CVE-2024-449xx/CVE-2024-44932.json) (`2024-08-27T16:08:45.020`)
- [CVE-2024-44933](CVE-2024/CVE-2024-449xx/CVE-2024-44933.json) (`2024-08-27T16:08:38.973`)
- [CVE-2024-44934](CVE-2024/CVE-2024-449xx/CVE-2024-44934.json) (`2024-08-27T16:07:58.727`)
- [CVE-2024-44935](CVE-2024/CVE-2024-449xx/CVE-2024-44935.json) (`2024-08-27T16:09:01.633`)
- [CVE-2024-44937](CVE-2024/CVE-2024-449xx/CVE-2024-44937.json) (`2024-08-27T16:10:11.423`)
- [CVE-2024-44942](CVE-2024/CVE-2024-449xx/CVE-2024-44942.json) (`2024-08-27T16:09:10.010`)
- [CVE-2024-5182](CVE-2024/CVE-2024-51xx/CVE-2024-5182.json) (`2024-08-27T17:30:21.127`)
- [CVE-2024-6052](CVE-2024/CVE-2024-60xx/CVE-2024-6052.json) (`2024-08-27T17:56:02.507`)
- [CVE-2024-6978](CVE-2024/CVE-2024-69xx/CVE-2024-6978.json) (`2024-08-27T16:17:54.077`)
- [CVE-2024-8081](CVE-2024/CVE-2024-80xx/CVE-2024-8081.json) (`2024-08-27T16:12:33.580`)
- [CVE-2024-8083](CVE-2024/CVE-2024-80xx/CVE-2024-8083.json) (`2024-08-27T16:11:35.730`)
- [CVE-2024-8084](CVE-2024/CVE-2024-80xx/CVE-2024-8084.json) (`2024-08-27T16:11:11.460`)
- [CVE-2024-8170](CVE-2024/CVE-2024-81xx/CVE-2024-8170.json) (`2024-08-27T16:02:50.577`)
- [CVE-2024-8171](CVE-2024/CVE-2024-81xx/CVE-2024-8171.json) (`2024-08-27T16:02:19.150`)
- [CVE-2024-8172](CVE-2024/CVE-2024-81xx/CVE-2024-8172.json) (`2024-08-27T16:01:35.047`)
- [CVE-2024-3088](CVE-2024/CVE-2024-30xx/CVE-2024-3088.json) (`2024-08-27T18:35:09.493`)
- [CVE-2024-31033](CVE-2024/CVE-2024-310xx/CVE-2024-31033.json) (`2024-08-27T18:35:09.280`)
- [CVE-2024-31498](CVE-2024/CVE-2024-314xx/CVE-2024-31498.json) (`2024-08-27T19:35:26.363`)
- [CVE-2024-38547](CVE-2024/CVE-2024-385xx/CVE-2024-38547.json) (`2024-08-27T19:56:36.727`)
- [CVE-2024-38549](CVE-2024/CVE-2024-385xx/CVE-2024-38549.json) (`2024-08-27T19:57:48.560`)
- [CVE-2024-38551](CVE-2024/CVE-2024-385xx/CVE-2024-38551.json) (`2024-08-27T19:54:39.717`)
- [CVE-2024-38552](CVE-2024/CVE-2024-385xx/CVE-2024-38552.json) (`2024-08-27T19:55:05.303`)
- [CVE-2024-38553](CVE-2024/CVE-2024-385xx/CVE-2024-38553.json) (`2024-08-27T19:45:18.157`)
- [CVE-2024-38554](CVE-2024/CVE-2024-385xx/CVE-2024-38554.json) (`2024-08-27T19:55:32.897`)
- [CVE-2024-38555](CVE-2024/CVE-2024-385xx/CVE-2024-38555.json) (`2024-08-27T19:54:04.720`)
- [CVE-2024-38591](CVE-2024/CVE-2024-385xx/CVE-2024-38591.json) (`2024-08-27T18:36:09.777`)
- [CVE-2024-38597](CVE-2024/CVE-2024-385xx/CVE-2024-38597.json) (`2024-08-27T18:36:47.313`)
- [CVE-2024-38598](CVE-2024/CVE-2024-385xx/CVE-2024-38598.json) (`2024-08-27T18:36:57.630`)
- [CVE-2024-39248](CVE-2024/CVE-2024-392xx/CVE-2024-39248.json) (`2024-08-27T18:32:45.907`)
- [CVE-2024-39427](CVE-2024/CVE-2024-394xx/CVE-2024-39427.json) (`2024-08-27T18:32:28.710`)
- [CVE-2024-40395](CVE-2024/CVE-2024-403xx/CVE-2024-40395.json) (`2024-08-27T18:33:14.247`)
- [CVE-2024-41622](CVE-2024/CVE-2024-416xx/CVE-2024-41622.json) (`2024-08-27T18:35:10.613`)
- [CVE-2024-43788](CVE-2024/CVE-2024-437xx/CVE-2024-43788.json) (`2024-08-27T18:33:14.247`)
- [CVE-2024-44340](CVE-2024/CVE-2024-443xx/CVE-2024-44340.json) (`2024-08-27T18:35:11.777`)
- [CVE-2024-44341](CVE-2024/CVE-2024-443xx/CVE-2024-44341.json) (`2024-08-27T18:35:12.540`)
- [CVE-2024-44342](CVE-2024/CVE-2024-443xx/CVE-2024-44342.json) (`2024-08-27T18:35:13.327`)
- [CVE-2024-45264](CVE-2024/CVE-2024-452xx/CVE-2024-45264.json) (`2024-08-27T18:33:14.247`)
- [CVE-2024-8033](CVE-2024/CVE-2024-80xx/CVE-2024-8033.json) (`2024-08-27T19:39:04.953`)
- [CVE-2024-8199](CVE-2024/CVE-2024-81xx/CVE-2024-8199.json) (`2024-08-27T18:33:14.247`)
- [CVE-2024-8200](CVE-2024/CVE-2024-82xx/CVE-2024-8200.json) (`2024-08-27T18:33:14.247`)
## Download and Usage

326
_state.csv
View File

File diff suppressed because it is too large Load Diff