admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-12-12T21:00:22.199660+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-12-12 21:03:45 +00:00
parent 9c955366cf
commit 38c19c7bc8
74 changed files with 11291 additions and 409 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CVE-2007/CVE-2007-30xx/CVE-2007-3010.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2007-3010",
"sourceIdentifier": "cve@mitre.org",
"published": "2007-09-18T21:17:00.000",
"lastModified": "2024-11-21T00:32:11.813",
"vulnStatus": "Modified",
"lastModified": "2024-12-12T19:30:39.903",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

58
CVE-2013/CVE-2013-35xx/CVE-2013-3572.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2013-3572",
"sourceIdentifier": "cve@mitre.org",
"published": "2013-12-31T20:55:15.133",
"lastModified": "2024-11-21T01:53:54.520",
"vulnStatus": "Modified",
"lastModified": "2024-12-12T19:05:07.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
@ -63,9 +85,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ui:unifi:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.3.5",
"matchCriteriaId": "A7B7251B-787D-4CE5-9016-0425AF97D109"
"criteria": "cpe:2.3:a:ui:unifi_controller:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.3.6",
"matchCriteriaId": "A9171AEB-6BC3-42C1-803E-42747D649391"
}
]
}
@ -84,16 +106,25 @@
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/",
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"URL Repurposed"
]
},
{
"url": "http://www.securityfocus.com/bid/64601",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "http://dl.ubnt.com/unifi/static/cve-2013-3572.html",
@ -106,16 +137,25 @@
"url": "http://spaceblogs.org/shackspace/2013/10/shackspace-hacker-finds-flaw-in-ubiquiti-networks-unifi-products/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"URL Repurposed"
]
},
{
"url": "http://www.securityfocus.com/bid/64601",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://community.ubnt.com/t5/UniFi/Security-Advisory-CVE-2013-3572/m-p/601047#U601047",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

1964
CVE-2021/CVE-2021-263xx/CVE-2021-26344.json
View File

File diff suppressed because it is too large Load Diff

1229
CVE-2021/CVE-2021-263xx/CVE-2021-26367.json
View File

File diff suppressed because it is too large Load Diff

248
CVE-2023/CVE-2023-205xx/CVE-2023-20510.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-20510",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-08-13T17:15:18.777",
"lastModified": "2024-08-14T02:07:05.410",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T20:28:55.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,13 +36,251 @@
},
"exploitabilityScore": 0.5,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 6.0,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"references": [
"weaknesses": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"source": "psirt@amd.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:adrenalin:*:*:*",
"versionEndExcluding": "23.12.1",
"matchCriteriaId": "F71B3286-B679-4DC0-BDD1-784AC5577094"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6300m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6C66880A-FB33-477D-93FD-C280A4547D66"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2CD3F898-5AB1-4E60-A086-ADCF33820154"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6450m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "863770A0-3A7F-43E3-98E5-77E42827FA6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6500_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC1F7CD2-7D13-48A9-A7CC-3547A1D241DB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6500m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E4FED1D5-F31A-44C9-9101-D70486CC6FC7"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6550m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEB12B48-ABF8-4FFB-BD4E-6413C34D477B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6550s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D1C027-56B1-4EA7-842B-09B300B17808"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4C24DE61-4036-42BF-A08F-67C234706703"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6600_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "03D9040F-1D1D-49E5-A60E-4393F5D76B60"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6600m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A76A792F-7026-4F29-9A00-3A2EAB2DE5FC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6600s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "33DAF63F-C468-438C-97C3-B6CE8BD12858"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6650_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A82D4745-ACAB-4FC2-A63D-3B0FEA208BED"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6650m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD80D674-1DD4-44E0-8C38-8341A7F392B1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6650m_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "10DD7029-9299-4901-A3D1-84D6102471B9"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6700:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7F73C59A-CDE2-4203-921F-1831D4ACFD2A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6700_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C980129B-D717-47F7-A6C1-5EB64FB1BF9A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6700m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B76C585C-FCC8-456D-A63C-7A769AF5EB07"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6700s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0C52E8-26B1-4F77-B9D3-D08BFF72DAFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6750_gre:-:*:*:*:*:*:*:*",
"matchCriteriaId": "49540C5D-CEC7-4BCB-882B-73843CAFD55A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6750_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9466279D-0582-464E-AFCC-20872CC99B56"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "12EF0B24-689D-4BE8-98D5-D88A84D5E473"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6800_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B58299A7-7CA4-4EF8-81DC-9A41AA84FB2A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6800m:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB218988-1483-4D96-9075-F79EDBC79974"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6800s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F14D5A16-F7BE-427A-98AB-2E120DB756DC"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6850m_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "82E128B2-A9B7-4A1C-9ACF-7EB323B72B6F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6900_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BFC4A007-BEFD-4BF0-A176-7ECD6150041C"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_rx_6950_xt:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B658454-C160-4EBA-9F7A-E2B9FDEA8A1E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:amd:radeon_software:*:*:*:*:pro:*:*:*",
"versionEndIncluding": "23.q4",
"matchCriteriaId": "4397FD7C-3357-4F01-98F4-131000D23AA0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6300:-:*:*:*:*:*:*:*",
"matchCriteriaId": "85E68F7E-0A57-498A-9DB9-3D36045D671E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6400:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1DB91262-2EF4-4F0D-8B61-0012BD25E7A8"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6600:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3083C065-5A2C-4B2D-9C1F-5793BA3C0A52"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:amd:radeon_pro_w6800:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7557738A-5D93-4117-8FF2-9A27CD0E6BC5"
}
]
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",
"source": "psirt@amd.com",
"tags": [
"Vendor Advisory"
]
}
]
}

1867
CVE-2023/CVE-2023-205xx/CVE-2023-20584.json
View File

File diff suppressed because it is too large Load Diff

1867
CVE-2023/CVE-2023-205xx/CVE-2023-20591.json
View File

File diff suppressed because it is too large Load Diff

12
CVE-2023/CVE-2023-251xx/CVE-2023-25188.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25188",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T19:15:14.477",
"lastModified": "2024-11-21T07:49:16.863",
"lastModified": "2024-12-12T19:15:07.413",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -65,6 +65,16 @@
"value": "CWE-269"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-253xx/CVE-2023-25366.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25366",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T16:15:09.263",
"lastModified": "2024-11-21T07:49:27.397",
"lastModified": "2024-12-12T19:15:07.573",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-297xx/CVE-2023-29711.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29711",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-22T12:15:11.793",
"lastModified": "2024-11-21T07:57:24.203",
"lastModified": "2024-12-12T19:15:07.757",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-325xx/CVE-2023-32542.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32542",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-19T05:15:09.593",
"lastModified": "2024-11-21T08:03:33.863",
"lastModified": "2024-12-12T19:15:07.933",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-334xx/CVE-2023-33438.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33438",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T21:15:09.247",
"lastModified": "2024-11-21T08:05:34.817",
"lastModified": "2024-12-12T19:15:08.123",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

82
CVE-2023/CVE-2023-34xx/CVE-2023-3441.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-3441",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-10-01T10:15:02.997",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T20:00:32.067",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.3,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
@ -49,24 +69,74 @@
"value": "CWE-213"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "16.4.0",
"matchCriteriaId": "694EEF46-A2C8-4B06-B451-5CC42BF92AE9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "16.4.0",
"matchCriteriaId": "3B030C13-3602-40BD-954E-722280A2F12D"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/416482",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/417284",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://hackerone.com/reports/2033561",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://hackerone.com/reports/2041385",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

9
CVE-2023/CVE-2023-395xx/CVE-2023-39599.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39599",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:39.633",
"lastModified": "2024-11-21T08:15:41.790",
"lastModified": "2024-12-12T20:15:19.907",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -77,13 +77,6 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/desencrypt/CVE/tree/main/CVE-2023-2",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{
"url": "https://github.com/desencrypt/CVE/blob/main/CVE-2023-39599/Readme.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",

118
CVE-2023/CVE-2023-416xx/CVE-2023-41677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41677",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-04-09T15:15:27.400",
"lastModified": "2024-11-21T08:21:28.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:22:04.470",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,14 +71,98 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-493",
"source": "psirt@fortinet.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "7.0.14",
"matchCriteriaId": "A966233A-245A-4256-A142-84FACB98EE4E"
},
{
"url": "https://fortiguard.com/psirt/FG-IR-23-493",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.8",
"matchCriteriaId": "469D97BA-282C-4875-A156-FDA00B5B4093"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.2",
"matchCriteriaId": "B8AA0CE6-3E57-47D9-8318-215F0C4A2031"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "6.2.16",
"matchCriteriaId": "E9BCDC86-176E-401A-B188-F77E22BCFC2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.15",
"matchCriteriaId": "4E29353F-8791-4117-BA7A-E32FAB8348A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.13",
"matchCriteriaId": "D25F9C04-C7FD-4B1F-A194-CA69E5DE903C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.7",
"matchCriteriaId": "553C4BA9-953B-4017-8498-785BDA7A3006"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.2",
"matchCriteriaId": "4316C2EA-3D6E-4A0C-B81D-ADCE040E03E0"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.com/psirt/FG-IR-23-493",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://fortiguard.com/psirt/FG-IR-23-493",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2023/CVE-2023-501xx/CVE-2023-50176.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50176",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:07.360",
"lastModified": "2024-11-13T17:01:16.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:27:35.530",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -51,10 +71,46 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-475",
"source": "psirt@fortinet.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.14",
"matchCriteriaId": "C119229A-3805-47C1-B3F9-AF1A4007A63B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.8",
"matchCriteriaId": "A6D2A14F-3916-45A0-AD4D-27C60E00AEC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.4",
"matchCriteriaId": "1FDDB5F3-D229-4208-9110-8860A03C8B59"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-475",
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

37
CVE-2024/CVE-2024-106xx/CVE-2024-10637.json
View File

@ -2,20 +2,51 @@
"id": "CVE-2024-10637",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-12-12T06:15:20.840",
"lastModified": "2024-12-12T06:15:20.840",
"vulnStatus": "Received",
"lastModified": "2024-12-12T19:15:08.570",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."
},
{
"lang": "es",
"value": " El complemento Gutenberg Blocks with AI de Kadence WP para WordPress anterior a la versi\u00f3n 3.2.54 no valida ni escapa algunas de sus opciones de bloque antes de mostrarlas nuevamente en una p\u00e1gina o publicaci\u00f3n donde el bloque est\u00e1 incrustado, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross-Site Scripting almacenado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/df688dcc-9617-4f58-a310-891bfaea3695/",
"source": "contact@wpscan.com"
},
{
"url": "https://wpscan.com/vulnerability/df688dcc-9617-4f58-a310-891bfaea3695/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

57
CVE-2024/CVE-2024-116xx/CVE-2024-11622.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-11622",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-26T22:15:17.860",
"lastModified": "2024-11-26T22:15:17.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:52:24.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,12 +69,43 @@
"value": "CWE-91"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.0.629",
"matchCriteriaId": "D4E9BD73-DBE0-4625-95B9-AADC28A9BC6D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-217xx/CVE-2024-21763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21763",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-02-14T17:15:11.630",
"lastModified": "2024-11-21T08:54:57.747",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:12:18.580",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,51 @@
"value": "CWE-476"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.1",
"matchCriteriaId": "C21E361F-07B3-469C-AE16-6ABB3BD4AAE6"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000137521",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000137521",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-217xx/CVE-2024-21789.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21789",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-02-14T17:15:12.220",
"lastModified": "2024-11-21T08:55:00.443",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:11:30.663",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,58 @@
"value": "CWE-772"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-772"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.1",
"matchCriteriaId": "F805B12C-7196-44A8-897C-4075D4B9EF5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.1",
"matchCriteriaId": "4453B671-B10F-4B82-A41D-048B12F37EA8"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000137270",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000137270",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-217xx/CVE-2024-21793.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21793",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-05-08T15:15:07.557",
"lastModified": "2024-11-21T08:55:00.857",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:06:50.877",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,16 +69,51 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.1",
"versionEndExcluding": "20.2.0",
"matchCriteriaId": "6374E209-0433-4CFF-A5C7-A9DA884F3E31"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000138732",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000138732",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-218xx/CVE-2024-21849.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21849",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-02-14T17:15:12.417",
"lastModified": "2024-11-21T08:55:07.123",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:10:52.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,58 @@
"value": "CWE-466"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.4",
"matchCriteriaId": "95617B72-E7D8-44D2-AFF2-976595A72AFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndExcluding": "16.1.4",
"matchCriteriaId": "377DE308-CF91-488A-B296-30A3B09451D3"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000135873",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000135873",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

106
CVE-2024/CVE-2024-21xx/CVE-2024-2177.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2177",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-07-09T14:15:03.953",
"lastModified": "2024-11-21T09:09:11.667",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T20:17:46.297",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
@ -49,24 +69,98 @@
"value": "CWE-1021"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.11.5",
"matchCriteriaId": "4EA01EF7-2BA1-4A2B-AF14-313348195FB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.3.0",
"versionEndExcluding": "16.11.5",
"matchCriteriaId": "508D8B27-E31B-47F4-A692-B73E69F199E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.0.0",
"versionEndExcluding": "17.0.3",
"matchCriteriaId": "541958DE-CB05-43D9-921B-4ADD2E436BF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.0.0",
"versionEndExcluding": "17.0.3",
"matchCriteriaId": "C987EC42-A56B-462A-A0CE-7417CC0FD414"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:community:*:*:*",
"matchCriteriaId": "D2461A15-EA5F-43D1-B359-0F24713A713B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:17.1.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "9AA7835D-35E6-44D6-9194-2AC4C38961CE"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/444467",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://hackerone.com/reports/2383443",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/444467",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://hackerone.com/reports/2383443",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
]
}
]
}

70
CVE-2024/CVE-2024-233xx/CVE-2024-23308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23308",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-02-14T17:15:13.200",
"lastModified": "2024-11-21T08:57:28.500",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:10:12.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,58 @@
"value": "CWE-476"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_advanced_web_application_firewall:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.1",
"matchCriteriaId": "F805B12C-7196-44A8-897C-4075D4B9EF5A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndExcluding": "17.1.1",
"matchCriteriaId": "4453B671-B10F-4B82-A41D-048B12F37EA8"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000137416",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000137416",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-239xx/CVE-2024-23982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23982",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-02-14T17:15:14.637",
"lastModified": "2024-11-21T08:58:47.017",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:07:57.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,16 +69,65 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.1.0",
"versionEndIncluding": "15.1.10",
"matchCriteriaId": "FFF5007E-761C-4697-8D34-C064DF0ABE8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "16.1.0",
"versionEndIncluding": "16.1.4",
"matchCriteriaId": "910441D3-90EF-4375-B007-D51120A60AB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.1.0",
"versionEndIncluding": "17.1.1",
"matchCriteriaId": "17523F89-DF78-45B7-AEAB-A4886E99E08B"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000135946",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000135946",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

199
CVE-2024/CVE-2024-260xx/CVE-2024-26011.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26011",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:08.320",
"lastModified": "2024-11-13T17:01:16.850",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:33:58.833",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,12 +69,185 @@
"value": "CWE-306"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.0.0",
"versionEndExcluding": "7.0.15",
"matchCriteriaId": "4A93633F-8865-49D7-A5CE-F7D009DFB901"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.8",
"matchCriteriaId": "A6D2A14F-3916-45A0-AD4D-27C60E00AEC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.4",
"matchCriteriaId": "1FDDB5F3-D229-4208-9110-8860A03C8B59"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:fortinet:fortipam:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "1.3.0",
"matchCriteriaId": "18427F16-7339-4A9E-9FA4-EC7A2D3EE218"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "7.0.17",
"matchCriteriaId": "E7E7DA8E-34CB-4527-A4A0-1EDBFBBDA894"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.10",
"matchCriteriaId": "EDFFA2C3-0A23-4884-B751-785BE598DFF3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiproxy:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.4",
"matchCriteriaId": "3F2C29AD-A11F-4A5F-8BB0-8600D5F77E72"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4.0",
"versionEndExcluding": "6.4.15",
"matchCriteriaId": "D2AD66B0-9C99-4F83-80AA-B54E6354ADFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.12",
"matchCriteriaId": "56DC03E9-D1CF-4273-AF2F-5EB3B8E2D54B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.5",
"matchCriteriaId": "4763E504-6974-42C5-B912-3E62A9CC312A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortimanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.4.0",
"versionEndExcluding": "7.4.3",
"matchCriteriaId": "E4490512-36ED-4212-9D34-D74739A56E84"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.4",
"matchCriteriaId": "7A020C2E-1DDB-4737-92D9-B125FFBE007A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiswitchmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndExcluding": "7.2.4",
"matchCriteriaId": "EB0D2553-E4E6-454A-80F6-9D014A4710D3"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fortinet:fortiportal:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3.0",
"versionEndExcluding": "6.0.15",
"matchCriteriaId": "0123003E-587B-4EC8-83B6-0C5D87A8AC10"
}
]
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-032",
"source": "psirt@fortinet.com"
"source": "psirt@fortinet.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-260xx/CVE-2024-26026.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26026",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-05-08T15:15:08.623",
"lastModified": "2024-11-21T09:01:47.370",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:04:05.373",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,16 +69,51 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.1",
"versionEndExcluding": "20.2.0",
"matchCriteriaId": "6374E209-0433-4CFF-A5C7-A9DA884F3E31"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000138733",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000138733",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

124
CVE-2024/CVE-2024-263xx/CVE-2024-26301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26301",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-02-27T23:15:07.450",
"lastModified": "2024-11-21T09:02:19.590",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T20:12:59.017",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,17 +36,133 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9.0",
"versionEndExcluding": "6.9.13",
"matchCriteriaId": "3FB4B104-2BBB-4F41-8245-97616A66C18B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10.0",
"versionEndExcluding": "6.10.8",
"matchCriteriaId": "84F5E56D-039C-47B0-827A-AFE34887DAD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11.0",
"versionEndIncluding": "6.11.6",
"matchCriteriaId": "9B615E4D-D615-4AA4-B501-E9BA06A1D909"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:-:*:*:*:*:*:*",
"matchCriteriaId": "57C5BF92-A455-44E4-AE20-F9A1D790422D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "7962FD34-6A38-461A-8942-BCA227AF8AF9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_3:*:*:*:*:*:*",
"matchCriteriaId": "435A3CE6-AB76-4F4F-B11F-71E0C7619A9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.9.13:cumulative_hotfix_patch_4:*:*:*:*:*:*",
"matchCriteriaId": "48AF4969-0D31-4109-B925-E22FF9742F00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:-:*:*:*:*:*:*",
"matchCriteriaId": "1DB2448F-D014-4672-90A9-3BCC91096B93"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_2:*:*:*:*:*:*",
"matchCriteriaId": "80F47102-7F9F-449F-91A1-76372AA7F3D4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_5:*:*:*:*:*:*",
"matchCriteriaId": "F85708F3-CA05-472A-9B51-373D1AD14E9C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.10.8:cumulative_hotfix_patch_6:*:*:*:*:*:*",
"matchCriteriaId": "2700588C-FBC3-4A45-A482-1168D965AAA3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arubanetworks:clearpass_policy_manager:6.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DC2CA8-B27E-48A8-BD73-A5CE9A55B6FA"
}
]
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}
]
}

80
CVE-2024/CVE-2024-278xx/CVE-2024-27869.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27869",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.943",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T20:08:50.837",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,50 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "ACD3B3B0-329C-413B-BDF7-6B1C6298846E"
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "2222A2EE-00FA-4019-8779-13B82A4F9DD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "E8017C16-A17E-4AE7-9A0B-1295200A3A45"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-278xx/CVE-2024-27874.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27874",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-09-17T00:15:47.993",
"lastModified": "2024-09-20T12:31:20.110",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T20:04:13.590",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,37 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "ACD3B3B0-329C-413B-BDF7-6B1C6298846E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "2222A2EE-00FA-4019-8779-13B82A4F9DD0"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-320xx/CVE-2024-32049.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32049",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-05-08T15:15:09.987",
"lastModified": "2024-11-21T09:14:23.357",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:01:52.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 5.2
}
]
},
@ -49,16 +69,51 @@
"value": "CWE-300"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.1",
"versionEndExcluding": "20.1.0",
"matchCriteriaId": "543594EF-BC71-47AF-B6CD-BB0A2CDDAD8C"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000138634",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000138634",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

84
CVE-2024/CVE-2024-441xx/CVE-2024-44145.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44145",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:02.820",
"lastModified": "2024-10-29T20:35:26.280",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T19:10:46.387",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,14 +59,62 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "ACD3B3B0-329C-413B-BDF7-6B1C6298846E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "2222A2EE-00FA-4019-8779-13B82A4F9DD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "E8017C16-A17E-4AE7-9A0B-1295200A3A45"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-441xx/CVE-2024-44157.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44157",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-11T18:15:08.030",
"lastModified": "2024-10-27T02:35:03.400",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T19:09:01.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,44 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.apple.com/en-us/121328",
"source": "product-security@apple.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:apple_tv:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "1.5.0.152",
"matchCriteriaId": "DC7E2D9D-943F-44E7-9186-4D2C907782F1"
},
{
"url": "https://support.apple.com/en-us/121441",
"source": "product-security@apple.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*",
"versionEndExcluding": "12.13.3",
"matchCriteriaId": "412B31BD-4C6E-49D3-800B-D1FC41A72E67"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121328",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121441",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-442xx/CVE-2024-44216.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44216",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:02.893",
"lastModified": "2024-10-29T20:35:26.520",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T19:38:27.887",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,46 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-442xx/CVE-2024-44217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44217",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:02.960",
"lastModified": "2024-10-29T20:35:27.313",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T19:55:20.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,10 +59,49 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "ACD3B3B0-329C-413B-BDF7-6B1C6298846E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.0",
"matchCriteriaId": "2222A2EE-00FA-4019-8779-13B82A4F9DD0"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121250",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-442xx/CVE-2024-44237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44237",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.037",
"lastModified": "2024-10-29T21:35:16.563",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T19:46:27.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,46 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-490xx/CVE-2024-49071.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-49071",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-12-12T19:15:09.387",
"lastModified": "2024-12-12T19:15:09.387",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper authorization of an index that contains sensitive information\u00a0from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-612"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49071",
"source": "secure@microsoft.com"
}
]
}

63
CVE-2024/CVE-2024-491xx/CVE-2024-49147.json Normal file
View File

@ -0,0 +1,63 @@
{
"id": "CVE-2024-49147",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-12-12T19:15:13.057",
"lastModified": "2024-12-12T19:15:13.057",
"vulnStatus": "Received",
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
"tags": [
"exclusively-hosted-service"
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website\u2019s webserver."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49147",
"source": "secure@microsoft.com"
}
]
}

99
CVE-2024/CVE-2024-50xx/CVE-2024-5005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-5005",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-10-11T13:15:16.317",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:55:10.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,16 +69,87 @@
"value": "CWE-684"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "11.4.0",
"versionEndExcluding": "17.2.9",
"matchCriteriaId": "11077447-D01B-410A-9B49-C712B2B4A57B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "11.4.0",
"versionEndExcluding": "17.2.9",
"matchCriteriaId": "57B101F2-4669-4EC7-BE80-2F1515B188DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.5",
"matchCriteriaId": "EE7140D0-5D8A-4EDA-91AF-5F14BC4F6307"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.3.0",
"versionEndExcluding": "17.3.5",
"matchCriteriaId": "9A005AE5-1C1A-4515-9695-A502092BB75A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.4.0",
"versionEndExcluding": "17.4.2",
"matchCriteriaId": "7132410B-A160-4C18-8BB6-E53C6A0F35D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.4.0",
"versionEndExcluding": "17.4.2",
"matchCriteriaId": "08991976-707A-4A7B-863D-766928E74FF7"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/462108",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://hackerone.com/reports/2501461",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

57
CVE-2024/CVE-2024-536xx/CVE-2024-53673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53673",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-26T22:15:18.547",
"lastModified": "2024-11-27T16:15:14.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:50:22.903",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,12 +69,43 @@
"value": "CWE-502"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.0.629",
"matchCriteriaId": "D4E9BD73-DBE0-4625-95B9-AADC28A9BC6D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-536xx/CVE-2024-53674.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53674",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-26T22:15:18.713",
"lastModified": "2024-11-26T22:15:18.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:49:49.800",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,12 +69,43 @@
"value": "CWE-91"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.0.629",
"matchCriteriaId": "D4E9BD73-DBE0-4625-95B9-AADC28A9BC6D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-536xx/CVE-2024-53675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53675",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-11-26T22:15:18.990",
"lastModified": "2024-11-26T22:15:18.990",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T19:48:48.443",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,12 +69,43 @@
"value": "CWE-91"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hpe:insight_remote_support:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.14.0.629",
"matchCriteriaId": "D4E9BD73-DBE0-4625-95B9-AADC28A9BC6D"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04731en_us",
"source": "security-alert@hpe.com"
"source": "security-alert@hpe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54103.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54103",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:24.123",
"lastModified": "2024-12-12T12:15:24.123",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:15:40.217",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54104.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54104",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:24.550",
"lastModified": "2024-12-12T12:15:24.550",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:16:31.800",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-264"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54105.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54105",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:24.983",
"lastModified": "2024-12-12T12:15:24.983",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:17:02.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-120"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54106",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:25.237",
"lastModified": "2024-12-12T12:15:25.237",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:17:50.480",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-248"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54107",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:25.653",
"lastModified": "2024-12-12T12:15:25.653",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:18:05.877",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54108",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:26.023",
"lastModified": "2024-12-12T12:15:26.023",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:18:20.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54109.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54109",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:26.270",
"lastModified": "2024-12-12T12:15:26.270",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:18:35.990",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-20"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54110.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54110",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:26.453",
"lastModified": "2024-12-12T12:15:26.453",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:19:15.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-269"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54111",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:26.647",
"lastModified": "2024-12-12T12:15:26.647",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:19:58.150",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-345"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54112.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54112",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:26.823",
"lastModified": "2024-12-12T12:15:26.823",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:20:27.263",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-264"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54113.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54113",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:27.003",
"lastModified": "2024-12-12T12:15:27.003",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:21:04.590",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-701"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54114",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:27.187",
"lastModified": "2024-12-12T12:15:27.187",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:22:11.563",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-754"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54115",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:27.363",
"lastModified": "2024-12-12T12:15:27.363",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:22:39.443",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-754"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54116",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:27.570",
"lastModified": "2024-12-12T12:15:27.570",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:22:56.123",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-754"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-541xx/CVE-2024-54117.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54117",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-12-12T12:15:27.747",
"lastModified": "2024-12-12T12:15:27.747",
"vulnStatus": "Received",
"lastModified": "2024-12-12T20:23:13.297",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,12 +65,42 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:huawei:harmonyos:5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "964ED670-F38F-4CFA-B689-4A712ECDAAB6"
}
]
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/12/",
"source": "psirt@huawei.com"
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-545xx/CVE-2024-54505.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54505",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-12-12T02:15:31.227",
"lastModified": "2024-12-12T02:15:31.227",
"vulnStatus": "Received",
"lastModified": "2024-12-12T19:15:13.203",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption."
},
{
"lang": "es",
"value": " Se solucion\u00f3 un problema de confusi\u00f3n de tipos mejorando el manejo de la memoria. Este problema se solucion\u00f3 en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 y iPadOS 18.2. El procesamiento de contenido web manipulado con fines malintencionados puede provocar da\u00f1os en la memoria."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121837",

45
CVE-2024/CVE-2024-545xx/CVE-2024-54513.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54513",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-12-12T02:15:31.557",
"lastModified": "2024-12-12T02:15:31.557",
"vulnStatus": "Received",
"lastModified": "2024-12-12T19:15:13.397",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data."
},
{
"lang": "es",
"value": " Se solucion\u00f3 un problema de permisos con restricciones adicionales. Este problema se solucion\u00f3 en watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121837",

21
CVE-2024/CVE-2024-548xx/CVE-2024-54811.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-54811",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-12T19:15:13.580",
"lastModified": "2024-12-12T19:15:13.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the \"login\" parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Park%20ticket/report%20sql.pdf",
"source": "cve@mitre.org"
}
]
}

45
CVE-2024/CVE-2024-555xx/CVE-2024-55565.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55565",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T02:15:19.607",
"lastModified": "2024-12-09T02:15:19.607",
"vulnStatus": "Received",
"lastModified": "2024-12-12T19:15:13.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version."
},
{
"lang": "es",
"value": "nanoid (tambi\u00e9n conocido como Nano ID) anterior a la versi\u00f3n 5.0.9 maneja incorrectamente valores no enteros. La versi\u00f3n 3.3.8 tambi\u00e9n es una versi\u00f3n corregida."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ai/nanoid/compare/3.3.7...3.3.8",

86
CVE-2024/CVE-2024-556xx/CVE-2024-55663.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-55663",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T19:15:13.827",
"lastModified": "2024-12-12T19:15:13.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 11.10.6 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This has been patched in 13.10.5 and 14.3-rc-1. There is no known workaround, other than upgrading XWiki."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/673076e2e8b88a36cdeaf7007843aa9ca1a068a0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-17568",
"source": "security-advisories@github.com"
}
]
}

72
CVE-2024/CVE-2024-558xx/CVE-2024-55875.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-55875",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T19:15:13.983",
"lastModified": "2024-12-12T19:15:13.983",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. Version 5.41.0.0 contains a patch for the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
},
{
"lang": "en",
"value": "CWE-611"
},
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/http4k/http4k/blob/25696dff2d90206cc1da42f42a1a8dbcdbcdf18c/core/format/xml/src/main/kotlin/org/http4k/format/Xml.kt#L42-L46",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/http4k/http4k/commit/35297adc6d6aca4951d50d8cdf17ff87a8b19fbc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/http4k/http4k/security/advisories/GHSA-7mj5-hjjj-8rgw",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-558xx/CVE-2024-55876.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-55876",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T19:15:14.140",
"lastModified": "2024-12-12T19:15:14.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cwq6-mjmx-47p6",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21663",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-558xx/CVE-2024-55877.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-55877",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T20:15:21.350",
"lastModified": "2024-12-12T20:15:21.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-96"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/40e1afe001d61eafdf13f3621b4b597a0e58a3e3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2r87-74cx-2p7c",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-22030",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-558xx/CVE-2024-55878.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-55878",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T20:15:21.493",
"lastModified": "2024-12-12T20:15:21.493",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct publication via toHTMLEx."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/shuchkin/simplexlsx/commit/cb4e716259e83d18e89292a4f1b721f4d34e28c2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/shuchkin/simplexlsx/security/advisories/GHSA-x6mh-rjwm-8ph7",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-558xx/CVE-2024-55879.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-55879",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T20:15:21.623",
"lastModified": "2024-12-12T20:15:21.623",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/8493435ff9606905a2d913607d6c79862d0c168d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r279-47wg-chpr",
"source": "security-advisories@github.com"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21207",
"source": "security-advisories@github.com"
}
]
}

86
CVE-2024/CVE-2024-558xx/CVE-2024-55885.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-55885",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T20:15:21.760",
"lastModified": "2024-12-12T20:15:21.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
},
{
"lang": "en",
"value": "CWE-328"
}
]
}
],
"references": [
{
"url": "https://github.com/beego/beego/commit/e7fa4835f71f47ab1d13afd638cebf661800d5a4",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/beego/beego/security/advisories/GHSA-9j3m-fr7q-jxfw",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-558xx/CVE-2024-55886.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-55886",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T20:15:21.890",
"lastModified": "2024-12-12T20:15:21.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication plugins will not perform authentication. This allows unauthorized users to ingest OpenTelemetry Logs data under certain conditions. This vulnerability does not affect the built-in `http_basic` authentication provider in Data Prepper. Pipelines which use the `http_basic` authentication provider continue to require authentication. The vulnerability exists only for custom implementations of Data Prepper\u2019s `GrpcAuthenticationProvider` authentication plugin which implement the `getHttpAuthenticationService()` method instead of `getAuthenticationInterceptor()`. Data Prepper 2.10.2 contains a fix for this issue. For those unable to upgrade, one may use the built-in `http_basic` authentication provider in Data Prepper and/or add an authentication proxy in front of one's Data Prepper instances running the OpenTelemetry Logs source."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:H",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://github.com/opensearch-project/data-prepper/security/advisories/GHSA-725p-63vv-v948",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-558xx/CVE-2024-55888.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-55888",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T20:15:22.017",
"lastModified": "2024-12-12T20:15:22.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"references": [
{
"url": "https://github.com/scidsg/hushline/security/advisories/GHSA-m592-g8qv-hrqx",
"source": "security-advisories@github.com"
}
]
}

96
CVE-2024/CVE-2024-81xx/CVE-2024-8114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-8114",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-11-26T19:15:31.660",
"lastModified": "2024-11-26T19:15:31.660",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T20:54:48.113",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,29 +36,115 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.8
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "cve@gitlab.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "8.12.0",
"versionEndExcluding": "17.4.5",
"matchCriteriaId": "D229997A-33B2-44AC-A257-61E00353019C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "8.12.0",
"versionEndExcluding": "17.4.5",
"matchCriteriaId": "8AA194ED-6663-4D99-90C7-4CDBCAF0AE12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "17.5.0",
"versionEndExcluding": "17.5.3",
"matchCriteriaId": "5C1F85A0-709A-4C88-9C40-93D3C47AFD54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "17.5.0",
"versionEndExcluding": "17.5.3",
"matchCriteriaId": "305F5CB5-5B11-4AA7-ABAE-D4B9A05F6B4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:community:*:*:*",
"matchCriteriaId": "3A39B04B-D109-467A-82E1-3FE6CBA48FEE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:17.6.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "1212AE23-98AB-4E7A-AAB5-0AD266DFC7D4"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/480494",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2649822",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
}
]
}

10
CVE-2024/CVE-2024-86xx/CVE-2024-8698.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8698",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-09-19T16:15:06.177",
"lastModified": "2024-11-05T04:15:03.183",
"lastModified": "2024-12-12T20:15:22.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:L",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "secalert@redhat.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -107,10 +107,6 @@
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2311641",
"source": "secalert@redhat.com"
},
{
"url": "https://github.com/keycloak/keycloak/blob/main/saml-core/src/main/java/org/keycloak/saml/processing/core/util/XMLSignatureUtil.java#L415",
"source": "secalert@redhat.com"
}
]
}

76
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-12-12T19:00:27.565152+00:00
2024-12-12T21:00:22.199660+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-12-12T18:59:00.883000+00:00
2024-12-12T20:54:48.113000+00:00
```
### Last Data Feed Release
@ -33,48 +33,56 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
273518
273530
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `12`
- [CVE-2024-31670](CVE-2024/CVE-2024-316xx/CVE-2024-31670.json) (`2024-12-12T18:15:23.977`)
- [CVE-2024-47238](CVE-2024/CVE-2024-472xx/CVE-2024-47238.json) (`2024-12-12T18:15:25.250`)
- [CVE-2024-54810](CVE-2024/CVE-2024-548xx/CVE-2024-54810.json) (`2024-12-12T18:15:25.423`)
- [CVE-2024-55662](CVE-2024/CVE-2024-556xx/CVE-2024-55662.json) (`2024-12-12T18:15:27.860`)
- [CVE-2024-49071](CVE-2024/CVE-2024-490xx/CVE-2024-49071.json) (`2024-12-12T19:15:09.387`)
- [CVE-2024-49147](CVE-2024/CVE-2024-491xx/CVE-2024-49147.json) (`2024-12-12T19:15:13.057`)
- [CVE-2024-54811](CVE-2024/CVE-2024-548xx/CVE-2024-54811.json) (`2024-12-12T19:15:13.580`)
- [CVE-2024-55663](CVE-2024/CVE-2024-556xx/CVE-2024-55663.json) (`2024-12-12T19:15:13.827`)
- [CVE-2024-55875](CVE-2024/CVE-2024-558xx/CVE-2024-55875.json) (`2024-12-12T19:15:13.983`)
- [CVE-2024-55876](CVE-2024/CVE-2024-558xx/CVE-2024-55876.json) (`2024-12-12T19:15:14.140`)
- [CVE-2024-55877](CVE-2024/CVE-2024-558xx/CVE-2024-55877.json) (`2024-12-12T20:15:21.350`)
- [CVE-2024-55878](CVE-2024/CVE-2024-558xx/CVE-2024-55878.json) (`2024-12-12T20:15:21.493`)
- [CVE-2024-55879](CVE-2024/CVE-2024-558xx/CVE-2024-55879.json) (`2024-12-12T20:15:21.623`)
- [CVE-2024-55885](CVE-2024/CVE-2024-558xx/CVE-2024-55885.json) (`2024-12-12T20:15:21.760`)
- [CVE-2024-55886](CVE-2024/CVE-2024-558xx/CVE-2024-55886.json) (`2024-12-12T20:15:21.890`)
- [CVE-2024-55888](CVE-2024/CVE-2024-558xx/CVE-2024-55888.json) (`2024-12-12T20:15:22.017`)
### CVEs modified in the last Commit
Recently modified CVEs: `102`
Recently modified CVEs: `60`
- [CVE-2024-53000](CVE-2024/CVE-2024-530xx/CVE-2024-53000.json) (`2024-12-12T18:49:40.543`)
- [CVE-2024-53001](CVE-2024/CVE-2024-530xx/CVE-2024-53001.json) (`2024-12-12T18:35:34.220`)
- [CVE-2024-53002](CVE-2024/CVE-2024-530xx/CVE-2024-53002.json) (`2024-12-12T18:34:42.387`)
- [CVE-2024-53003](CVE-2024/CVE-2024-530xx/CVE-2024-53003.json) (`2024-12-12T18:33:19.607`)
- [CVE-2024-53004](CVE-2024/CVE-2024-530xx/CVE-2024-53004.json) (`2024-12-12T18:30:46.870`)
- [CVE-2024-53005](CVE-2024/CVE-2024-530xx/CVE-2024-53005.json) (`2024-12-12T18:25:58.717`)
- [CVE-2024-54501](CVE-2024/CVE-2024-545xx/CVE-2024-54501.json) (`2024-12-12T17:15:10.837`)
- [CVE-2024-54524](CVE-2024/CVE-2024-545xx/CVE-2024-54524.json) (`2024-12-12T17:15:11.020`)
- [CVE-2024-54842](CVE-2024/CVE-2024-548xx/CVE-2024-54842.json) (`2024-12-12T18:15:25.580`)
- [CVE-2024-54918](CVE-2024/CVE-2024-549xx/CVE-2024-54918.json) (`2024-12-12T18:15:25.790`)
- [CVE-2024-54922](CVE-2024/CVE-2024-549xx/CVE-2024-54922.json) (`2024-12-12T18:15:26.013`)
- [CVE-2024-54925](CVE-2024/CVE-2024-549xx/CVE-2024-54925.json) (`2024-12-12T18:15:26.240`)
- [CVE-2024-54930](CVE-2024/CVE-2024-549xx/CVE-2024-54930.json) (`2024-12-12T18:15:26.440`)
- [CVE-2024-54932](CVE-2024/CVE-2024-549xx/CVE-2024-54932.json) (`2024-12-12T18:15:26.673`)
- [CVE-2024-54933](CVE-2024/CVE-2024-549xx/CVE-2024-54933.json) (`2024-12-12T18:15:26.893`)
- [CVE-2024-54934](CVE-2024/CVE-2024-549xx/CVE-2024-54934.json) (`2024-12-12T18:15:27.153`)
- [CVE-2024-55099](CVE-2024/CVE-2024-550xx/CVE-2024-55099.json) (`2024-12-12T18:15:27.340`)
- [CVE-2024-55578](CVE-2024/CVE-2024-555xx/CVE-2024-55578.json) (`2024-12-12T18:15:27.533`)
- [CVE-2024-55587](CVE-2024/CVE-2024-555xx/CVE-2024-55587.json) (`2024-12-12T17:15:11.197`)
- [CVE-2024-55633](CVE-2024/CVE-2024-556xx/CVE-2024-55633.json) (`2024-12-12T18:15:27.733`)
- [CVE-2024-55652](CVE-2024/CVE-2024-556xx/CVE-2024-55652.json) (`2024-12-12T17:15:11.360`)
- [CVE-2024-55884](CVE-2024/CVE-2024-558xx/CVE-2024-55884.json) (`2024-12-12T17:15:11.710`)
- [CVE-2024-9428](CVE-2024/CVE-2024-94xx/CVE-2024-9428.json) (`2024-12-12T18:15:28.120`)
- [CVE-2024-9641](CVE-2024/CVE-2024-96xx/CVE-2024-9641.json) (`2024-12-12T18:15:28.297`)
- [CVE-2024-9881](CVE-2024/CVE-2024-98xx/CVE-2024-9881.json) (`2024-12-12T18:15:28.457`)
- [CVE-2024-44237](CVE-2024/CVE-2024-442xx/CVE-2024-44237.json) (`2024-12-12T19:46:27.167`)
- [CVE-2024-5005](CVE-2024/CVE-2024-50xx/CVE-2024-5005.json) (`2024-12-12T19:55:10.777`)
- [CVE-2024-53673](CVE-2024/CVE-2024-536xx/CVE-2024-53673.json) (`2024-12-12T19:50:22.903`)
- [CVE-2024-53674](CVE-2024/CVE-2024-536xx/CVE-2024-53674.json) (`2024-12-12T19:49:49.800`)
- [CVE-2024-53675](CVE-2024/CVE-2024-536xx/CVE-2024-53675.json) (`2024-12-12T19:48:48.443`)
- [CVE-2024-54103](CVE-2024/CVE-2024-541xx/CVE-2024-54103.json) (`2024-12-12T20:15:40.217`)
- [CVE-2024-54104](CVE-2024/CVE-2024-541xx/CVE-2024-54104.json) (`2024-12-12T20:16:31.800`)
- [CVE-2024-54105](CVE-2024/CVE-2024-541xx/CVE-2024-54105.json) (`2024-12-12T20:17:02.203`)
- [CVE-2024-54106](CVE-2024/CVE-2024-541xx/CVE-2024-54106.json) (`2024-12-12T20:17:50.480`)
- [CVE-2024-54107](CVE-2024/CVE-2024-541xx/CVE-2024-54107.json) (`2024-12-12T20:18:05.877`)
- [CVE-2024-54108](CVE-2024/CVE-2024-541xx/CVE-2024-54108.json) (`2024-12-12T20:18:20.313`)
- [CVE-2024-54109](CVE-2024/CVE-2024-541xx/CVE-2024-54109.json) (`2024-12-12T20:18:35.990`)
- [CVE-2024-54110](CVE-2024/CVE-2024-541xx/CVE-2024-54110.json) (`2024-12-12T20:19:15.430`)
- [CVE-2024-54111](CVE-2024/CVE-2024-541xx/CVE-2024-54111.json) (`2024-12-12T20:19:58.150`)
- [CVE-2024-54112](CVE-2024/CVE-2024-541xx/CVE-2024-54112.json) (`2024-12-12T20:20:27.263`)
- [CVE-2024-54113](CVE-2024/CVE-2024-541xx/CVE-2024-54113.json) (`2024-12-12T20:21:04.590`)
- [CVE-2024-54114](CVE-2024/CVE-2024-541xx/CVE-2024-54114.json) (`2024-12-12T20:22:11.563`)
- [CVE-2024-54115](CVE-2024/CVE-2024-541xx/CVE-2024-54115.json) (`2024-12-12T20:22:39.443`)
- [CVE-2024-54116](CVE-2024/CVE-2024-541xx/CVE-2024-54116.json) (`2024-12-12T20:22:56.123`)
- [CVE-2024-54117](CVE-2024/CVE-2024-541xx/CVE-2024-54117.json) (`2024-12-12T20:23:13.297`)
- [CVE-2024-54505](CVE-2024/CVE-2024-545xx/CVE-2024-54505.json) (`2024-12-12T19:15:13.203`)
- [CVE-2024-54513](CVE-2024/CVE-2024-545xx/CVE-2024-54513.json) (`2024-12-12T19:15:13.397`)
- [CVE-2024-55565](CVE-2024/CVE-2024-555xx/CVE-2024-55565.json) (`2024-12-12T19:15:13.670`)
- [CVE-2024-8114](CVE-2024/CVE-2024-81xx/CVE-2024-8114.json) (`2024-12-12T20:54:48.113`)
- [CVE-2024-8698](CVE-2024/CVE-2024-86xx/CVE-2024-8698.json) (`2024-12-12T20:15:22.150`)
## Download and Usage

344
_state.csv
View File

File diff suppressed because it is too large Load Diff