admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-08T17:00:26.454342+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-08 17:03:28 +00:00
parent e5c3a12d3a
commit 3e98f265db
222 changed files with 5540 additions and 756 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2020/CVE-2020-80xx/CVE-2020-8007.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2020-8007",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T05:15:05.300",
"lastModified": "2024-11-08T05:15:05.300",
"lastModified": "2024-11-08T16:35:03.883",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n web pwrstudio de EV Charger (en el servidor de Circontrol Raption hasta 5.6.2) es vulnerable a la inyecci\u00f3n de comandos del sistema operativo a trav\u00e9s de tres campos del men\u00fa de configuraci\u00f3n para ntpserver0, ntpserver1 y pingip."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://circontrol.com/intelligent-charging-solutions/dc-chargers-series/raption-150/",

8
CVE-2022/CVE-2022-489xx/CVE-2022-48910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48910",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-22T02:15:05.403",
"lastModified": "2024-09-12T13:31:57.197",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:17.573",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -136,6 +136,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/24888915364cfa410de62d8abb5df95c3b67455d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/72124e65a70b84e6303a5cd21b0ac1f27d7d61a4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2022/CVE-2022-489xx/CVE-2022-48938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-48938",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-22T04:15:17.787",
"lastModified": "2024-08-22T18:49:20.320",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:17.730",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -111,6 +111,14 @@
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9957fbf34f52a4d8945d1bf39aae400ef9a11246",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a612395c7631918e0e10ea48b9ce5ab4340f26a6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

43
CVE-2023/CVE-2023-271xx/CVE-2023-27195.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2023-27195",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T05:15:05.570",
"lastModified": "2024-11-08T05:15:05.570",
"lastModified": "2024-11-08T15:35:00.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Trimble TM4Web 22.2.0 allows unauthenticated attackers to access /inc/tm_ajax.msw?func=UserfromUUID&uuid= to retrieve the last registration access code and use this access code to register a valid account. via a PUT /inc/tm_ajax.msw request. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full privileges."
},
{
"lang": "es",
"value": "Trimble TM4Web 22.2.0 permite a atacantes no autenticados acceder a /inc/tm_ajax.msw?func=UserfromUUID&uuid= para recuperar el \u00faltimo c\u00f3digo de acceso de registro y utilizar este c\u00f3digo de acceso para registrar una cuenta v\u00e1lida mediante una solicitud PUT /inc/tm_ajax.msw. Si el c\u00f3digo de acceso se utiliz\u00f3 para crear una cuenta de administrador, los atacantes tambi\u00e9n pueden registrar nuevas cuentas de administrador con privilegios completos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://seclists.org/fulldisclosure/2024/Apr/16",

73
CVE-2023/CVE-2023-291xx/CVE-2023-29115.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2023-29115",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T15:15:21.667",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:08:01.997",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In certain conditions a request directed to the Waybox Enel X Web management application could cause a denial-of-service (e.g. reboot)."
},
{
"lang": "es",
"value": " En determinadas condiciones, una solicitud dirigida a la aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X podr\u00eda provocar una denegaci\u00f3n de servicio (por ejemplo, reinicio)."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -47,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29116.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29116",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:15.307",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:08:20.573",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29117.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29117",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:15.543",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:08:40.510",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29118.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29118",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:15.760",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:08:50.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29119.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29119",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:15.983",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:09:02.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29120.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29120",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.190",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:09:13.303",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29121",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.377",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:09:28.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29125.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29125",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.770",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:10:43.413",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

69
CVE-2023/CVE-2023-291xx/CVE-2023-29126.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-29126",
"sourceIdentifier": "cve@asrg.io",
"published": "2024-11-05T16:15:16.950",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T16:15:13.827",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "cve@asrg.io",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:enelx:waybox_pro_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.1.0_jb3vu096a",
"matchCriteriaId": "B7B70D3C-2FBD-4BEA-8ADB-0712CBC60CDE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:enelx:waybox_pro:3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B4793B11-455A-4C29-A1EC-22CE8DDFEDCF"
}
]
}
]
}
],
"references": [
{
"url": "https://support-emobility.enelx.com/content/dam/enelxmobility/italia/documenti/manuali-schede-tecniche/Waybox-3-Security-Bulletin-06-2024-V1.pdf",
"source": "cve@asrg.io"
"source": "cve@asrg.io",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-371xx/CVE-2023-37174.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37174",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-11T23:15:09.120",
"lastModified": "2023-07-19T13:19:23.043",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:35:07.660",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-377xx/CVE-2023-37765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37765",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-11T23:15:09.167",
"lastModified": "2023-07-19T13:23:02.507",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T15:35:06.813",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-377xx/CVE-2023-37766.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37766",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-11T23:15:09.210",
"lastModified": "2023-07-19T13:23:09.597",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T15:35:07.720",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-524xx/CVE-2023-52497.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52497",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-01T14:15:53.273",
"lastModified": "2024-11-04T13:16:35.370",
"lastModified": "2024-11-08T16:15:18.503",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -29,6 +29,10 @@
"url": "https://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9ff2d260b25df6fe1341a79113d88fecf6bd553e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2023/CVE-2023-525xx/CVE-2023-52530.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52530",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:48.567",
"lastModified": "2024-10-22T15:15:04.720",
"lastModified": "2024-11-08T16:15:18.690",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,10 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/2408f491ff998d674707725eadc47d8930aced09",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2f4e16e39e4f5e78248dd9e51276a83203950b36",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

8
CVE-2023/CVE-2023-529xx/CVE-2023-52913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52913",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-21T07:15:07.087",
"lastModified": "2024-09-12T14:38:40.430",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:18.787",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -93,6 +93,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/ae278887193110dfeb857ea63e243a3851fbb0bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/afce71ff6daa9c0f852df0727fe32c6fb107f0fa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2023/CVE-2023-529xx/CVE-2023-52917.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52917",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:02.230",
"lastModified": "2024-10-24T14:38:22.610",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:18.907",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -113,6 +113,14 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/20cbc281033ef5324f67f2d54bc539968f937255",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4b2fbba4e44630a59b09d32627b63c4ffdf70f78",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7cbd6d7fb9ba2be03978809c848e2e50eaeead2c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

79
CVE-2024/CVE-2024-01xx/CVE-2024-0129.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0129",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-10-15T06:15:02.520",
"lastModified": "2024-10-15T12:57:46.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:33:26.137",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -51,10 +81,53 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:nemo:*:*:*:*:*:*:*:*",
"versionEndIncluding": "r2.0.0rc0",
"matchCriteriaId": "03A6D747-9870-4E4F-A536-D441B634AF25"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5580",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-01xx/CVE-2024-0134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0134",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-11-05T19:15:05.203",
"lastModified": "2024-11-06T18:17:17.287",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:53:40.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@nvidia.com",
"type": "Secondary",
@ -51,10 +81,49 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:nvidia_container_toolkit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.17",
"matchCriteriaId": "004681E6-7D96-4A27-A5B1-F9E2D7EB5617"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nvidia:nvidia_gpu_operator:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.9.0",
"matchCriteriaId": "1338BFAB-73D4-4255-A33D-1016965C00F9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
}
]
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5585",
"source": "psirt@nvidia.com"
"source": "psirt@nvidia.com",
"tags": [
"Vendor Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-100xx/CVE-2024-10035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10035",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-11-04T12:16:08.880",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:11:25.837",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "iletisim@usom.gov.tr",
@ -16,6 +16,10 @@
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in BG-TEK Informatics Security Technologies CoslatV3 allows Command Injection.This issue affects CoslatV3: through 3.1069. \n\n\n\nNOTE: The vendor was contacted and it was learned that the product is not supported."
},
{
"lang": "es",
"value": "La vulnerabilidad de control inadecuado de la generaci\u00f3n de c\u00f3digo ('inyecci\u00f3n de c\u00f3digo') en CoslatV3 de BG-TEK Informatics Security Technologies permite la inyecci\u00f3n de comandos. Este problema afecta a CoslatV3: hasta 3.1069. NOTA: Se contact\u00f3 al proveedor y se supo que el producto no cuenta con soporte."
}
],
"metrics": {
@ -62,6 +66,28 @@
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
@ -76,10 +102,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bg-tek:coslat:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0",
"versionEndIncluding": "3.1069",
"matchCriteriaId": "48F69F76-631D-4326-A504-415B7C8B6EC8"
}
]
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1814",
"source": "iletisim@usom.gov.tr"
"source": "iletisim@usom.gov.tr",
"tags": [
"Third Party Advisory"
]
}
]
}

79
CVE-2024/CVE-2024-100xx/CVE-2024-10086.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10086",
"sourceIdentifier": "security@hashicorp.com",
"published": "2024-10-30T22:15:03.283",
"lastModified": "2024-11-01T12:57:03.417",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:49:52.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@hashicorp.com",
"type": "Secondary",
@ -51,10 +81,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.4.1",
"versionEndExcluding": "1.15.15",
"matchCriteriaId": "F9B18D72-3819-4927-AF49-239668B4719D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*",
"versionStartIncluding": "1.4.1",
"versionEndExcluding": "1.20.0",
"matchCriteriaId": "6471636F-7182-4F2D-B80E-25D46AE453F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.18.0",
"versionEndExcluding": "1.18.5",
"matchCriteriaId": "36CDCEB8-8B22-4290-9071-81CE3F0F6B95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.19.0",
"versionEndExcluding": "1.19.3",
"matchCriteriaId": "0AB043DB-FC48-4DE7-80BA-EC410ECD44F2"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-24-consul-vulnerable-to-reflected-xss-on-content-type-error-manipulation",
"source": "security@hashicorp.com"
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
}
]
}

36
CVE-2024/CVE-2024-102xx/CVE-2024-10263.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10263",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T13:15:03.203",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:59:41.633",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Tickera \u2013 WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes."
},
{
"lang": "es",
"value": " El complemento Tickera \u2013 WordPress Event Ticketing para WordPress es vulnerable a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios en todas las versiones hasta la 3.5.4.4 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios."
}
],
"metrics": {
@ -47,14 +51,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:tickera:tickera:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.5.4.6",
"matchCriteriaId": "D6AC1D0A-810B-43F1-9483-3CAD67B3D699"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3179272/tickera-event-ticketing-system",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6e5e9249-9705-4cfa-9c8e-2e002190562b?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-103xx/CVE-2024-10319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10319",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T11:15:03.180",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:25:16.317",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +61,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpxpro:xpro_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.6.1",
"matchCriteriaId": "8DE21C92-8977-4DA0-B89C-5979BDC33AC1"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3179221/xpro-elementor-addons",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/382a46c2-9fec-4642-93b0-c06b9ed1c086?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-103xx/CVE-2024-10329.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10329",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T14:15:13.917",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:59:16.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6 via the 'ube_get_page_templates' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the contents of templates that are private."
},
{
"lang": "es",
"value": "El complemento Ultimate Bootstrap Elements for Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.4.6 incluida a trav\u00e9s de la funci\u00f3n 'ube_get_page_templates'. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales, incluido el contenido de plantillas que son privadas."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,18 +61,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:g5plus:ultimate_bootstrap_elements_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.4.7",
"matchCriteriaId": "8C28D875-26B9-46B9-8AA6-05A057D22BE4"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/ultimate-bootstrap-elements-for-elementor/trunk/inc/functions/core.php#L239",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3176562/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3af83ec2-9ebb-4cca-8523-8fe9b1517825?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-105xx/CVE-2024-10523.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10523",
"sourceIdentifier": "vdisclose@cert-in.org.in",
"published": "2024-11-04T12:16:09.217",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:14:30.070",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "This vulnerability exists in TP-Link IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device."
},
{
"lang": "es",
"value": " Esta vulnerabilidad existe en el TP-Link IoT Smart Hub debido al almacenamiento de credenciales de Wi-Fi en texto plano dentro del firmware del dispositivo. Un atacante con acceso f\u00edsico podr\u00eda aprovechar esto extrayendo el firmware y analizando los datos binarios para obtener las credenciales de Wi-Fi almacenadas en el dispositivo vulnerable."
}
],
"metrics": {
@ -55,6 +59,28 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
@ -69,10 +95,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tp-link:tapo_h100_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.5.22",
"matchCriteriaId": "0A21F141-7C97-4C26-8007-D0C21A867553"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tp-link:tapo_h100:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1061E69F-F772-4E64-88E4-51E61F4A6718"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0331",
"source": "vdisclose@cert-in.org.in"
"source": "vdisclose@cert-in.org.in",
"tags": [
"Third Party Advisory"
]
}
]
}

37
CVE-2024/CVE-2024-106xx/CVE-2024-10687.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10687",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T10:15:24.760",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:26:52.523",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -51,18 +51,45 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contest-gallery:contest_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "24.0.4",
"matchCriteriaId": "E9847C30-2603-453B-88C8-762710809D79"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/contest-gallery/tags/24.0.1/v10/v10-frontend/ecommerce/ecommerce-get-raw-data-from-galleries.php#L61",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3175299%40contest-gallery%2Ftags%2F24.0.3&new=3180268%40contest-gallery%2Ftags%2F24.0.4",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/fd3b4c44-d47a-45de-bcb2-0820e475b331?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

104
CVE-2024/CVE-2024-255xx/CVE-2024-25566.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25566",
"sourceIdentifier": "responsible-disclosure@pingidentity.com",
"published": "2024-10-29T16:15:04.947",
"lastModified": "2024-11-01T12:57:35.843",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:38:56.150",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,9 +59,41 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
},
{
"source": "responsible-disclosure@pingidentity.com",
"type": "Secondary",
@ -73,14 +105,78 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*",
"versionEndIncluding": "7.0.2",
"matchCriteriaId": "9FFF5D8C-AF14-4120-BD21-E90C168FDE83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.1.0",
"versionEndIncluding": "7.1.4",
"matchCriteriaId": "4DC330E6-C70E-4035-A894-CE9F6BC4E30A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forgerock:access_management:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.2.0",
"versionEndIncluding": "7.2.2",
"matchCriteriaId": "1D9F54DE-CA12-455F-98E3-B0AEC64DF3A3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forgerock:access_management:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C2B38BE7-6A73-400C-B6CC-FED6C0FE7612"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forgerock:access_management:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9A79687F-7972-4032-8694-A4567531292F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forgerock:access_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1CC06681-7D1B-4F04-80BD-AE5BC3E283BA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forgerock:access_management:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C94CD667-557E-476A-8950-2123793CFE4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:forgerock:access_management:7.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C15731F3-5D9E-49B2-85AE-3F220D672031"
}
]
}
]
}
],
"references": [
{
"url": "https://backstage.forgerock.com/downloads/browse/am/featured",
"source": "responsible-disclosure@pingidentity.com"
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Product"
]
},
{
"url": "https://backstage.forgerock.com/knowledge/advisories/article/a63463303",
"source": "responsible-disclosure@pingidentity.com"
"source": "responsible-disclosure@pingidentity.com",
"tags": [
"Mitigation",
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-268xx/CVE-2024-26885.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26885",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T11:15:10.210",
"lastModified": "2024-10-17T14:15:05.360",
"lastModified": "2024-11-08T16:15:19.893",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -106,6 +106,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1f5e352b9088211fa5eb4e1639cd365f4f7d2f65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/22079b3a423382335f47d9ed32114e6c9fe88d7c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

6
CVE-2024/CVE-2024-269xx/CVE-2024-26921.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26921",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-18T10:15:07.740",
"lastModified": "2024-10-17T14:15:05.643",
"lastModified": "2024-11-08T16:15:20.590",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -21,6 +21,10 @@
"url": "https://git.kernel.org/stable/c/18685451fc4e546fc0e718580d32df3c0e5c8272",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1b6de5e6575b56502665c65cf93b0ae6aa0f51ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4318608dc28ef184158b4045896740716bea23f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

61
CVE-2024/CVE-2024-301xx/CVE-2024-30106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30106",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-10-28T22:15:02.583",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:43:44.423",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
@ -51,10 +81,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FD4BF4C3-3D45-41A8-886F-521E095CBBF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hcltech:connections:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D55E0F2F-7C8D-4334-8B8D-CCF88431F6DF"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0116967",
"source": "psirt@hcl.com"
"source": "psirt@hcl.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-350xx/CVE-2024-35082.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35082",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-23T17:15:30.547",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-11-08T16:35:10.897",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que J2EEFAST v2.7.0 contiene una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s de la funci\u00f3n findPage en SysOperLogMapper.xml."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/35082.txt",

6
CVE-2024/CVE-2024-369xx/CVE-2024-36914.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36914",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-30T16:15:14.790",
"lastModified": "2024-05-30T18:18:58.870",
"lastModified": "2024-11-08T16:15:21.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,6 +17,10 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/87de0a741ef6d93fcb99983138a0d89a546a043c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/951a498fa993c5501994ec2df97c9297b02488c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

39
CVE-2024/CVE-2024-378xx/CVE-2024-37825.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37825",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-24T14:15:12.430",
"lastModified": "2024-06-24T19:26:47.037",
"lastModified": "2024-11-08T16:35:12.137",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en EnvisionWare Computer Access & Reservation Control SelfCheck v1.0 (solucionado en OneStop 3.2.0.27184 Hotfix de mayo de 2024) permite a atacantes no autenticados en la misma red realizar un directory traversal."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/J0rdanis99/74ae1ee2f9777cdd1c9756f958064d7c",

61
CVE-2024/CVE-2024-381xx/CVE-2024-38139.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38139",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-15T23:15:15.287",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:14:29.730",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
@ -25,8 +25,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N",
@ -48,8 +68,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -58,10 +88,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dataverse:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55709E21-D006-4F43-A6ED-B11AF1EA83BC"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38139",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-381xx/CVE-2024-38190.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38190",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-15T23:15:15.647",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:34:50.167",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
@ -58,10 +58,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:power_platform:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DAFE085E-8D29-4B6C-883E-92DC71109AA9"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38190",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-382xx/CVE-2024-38204.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38204",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-10-15T23:15:15.860",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:34:14.467",
"vulnStatus": "Analyzed",
"cveTags": [
{
"sourceIdentifier": "secure@microsoft.com",
@ -25,8 +25,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
@ -48,8 +68,18 @@
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -58,10 +88,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:azure_functions:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55C8D12F-35AE-4DEF-B47C-D686B0F11B0B"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38204",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-384xx/CVE-2024-38408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38408",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-04T10:15:07.460",
"lastModified": "2024-11-08T14:56:07.117",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-08T15:07:00.903",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{

6
CVE-2024/CVE-2024-385xx/CVE-2024-38544.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38544",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T14:15:14.687",
"lastModified": "2024-11-06T17:35:32.340",
"lastModified": "2024-11-08T16:15:21.593",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -56,6 +56,10 @@
"url": "https://git.kernel.org/stable/c/bbad88f111a1829f366c189aa48e7e58e57553fc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c91fb72a2ca6480d8d77262eef52dc5b178463a3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de5a059e36657442b5637cc16df5163e435b9cb4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

6
CVE-2024/CVE-2024-394xx/CVE-2024-39497.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39497",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-12T13:15:12.320",
"lastModified": "2024-10-22T15:15:06.630",
"lastModified": "2024-11-08T16:15:21.723",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -36,6 +36,10 @@
{
"url": "https://git.kernel.org/stable/c/3ae63a8c1685e16958560ec08d30defdc5b9cca0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a508a102edf8735adc9bb73d37dd13c38d1a1b10",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

10
CVE-2024/CVE-2024-409xx/CVE-2024-40953.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-40953",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-12T13:15:17.560",
"lastModified": "2024-10-22T15:15:06.720",
"lastModified": "2024-11-08T16:15:21.847",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -17,10 +17,18 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/11a772d5376aa6d3e2e69b5b5c585f79b60c0e17",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/49f683b41f28918df3e51ddc0d928cb2e934ccdb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4c141136a28421b78f34969b25a4fa32e06e2180",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/71fbc3af3dacb26c3aa2f30bb3ab05c44d082c84",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

10
CVE-2024/CVE-2024-410xx/CVE-2024-41016.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41016",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-29T07:15:06.293",
"lastModified": "2024-10-17T14:15:07.010",
"lastModified": "2024-11-08T16:15:21.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -37,9 +37,17 @@
"url": "https://git.kernel.org/stable/c/cfb926051fab19b10d1e65976211f364aa820180",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2b3d7a9d019d4d1a0da6c3ea64a1ff79c99c090",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e4ffea01adf3323c821b6f37e9577d2d400adbaa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e8f9c4af7af7e9e4cd09c0251c7936593147419f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

12
CVE-2024/CVE-2024-422xx/CVE-2024-42229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42229",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:08.070",
"lastModified": "2024-07-30T19:46:56.943",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:22.253",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -119,6 +119,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/89b9b6fa4463daf820e6a5ef65c3b0c2db239513",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9db8c299a521813630fcb4154298cb60c37f3133",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -133,6 +137,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b716e9c3603ee95ed45e938fe47227d22cf3ec35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f58679996a831754a356974376f248aa0af2eb8e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-439xx/CVE-2024-43904.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43904",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:04.847",
"lastModified": "2024-08-27T13:40:50.577",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:22.367",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -70,6 +70,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/10c20d79d59cadfe572480d98cec271a89ffb024",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/15c2990e0f0108b9c3752d7072a97d45d4283aea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -83,6 +87,10 @@
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5e84eda48ffb2363437db44bbd0235594f8a58f9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

12
CVE-2024/CVE-2024-439xx/CVE-2024-43911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43911",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.227",
"lastModified": "2024-08-27T16:08:52.493",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:22.483",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -77,6 +77,14 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/0acaf4a5025d6dafb7da787d2d4c47ed95e46ed6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a53c2d847627b790fb3bd8b00e02c247941b17e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a5594c1e03b0df3908b1e1202a1ba34422eed0f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

51
CVE-2024/CVE-2024-439xx/CVE-2024-43937.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-43937",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:49.720",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:57:27.967",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.10."
},
{
"lang": "es",
"value": " La vulnerabilidad de autorizaci\u00f3n faltante en Themeum WP Crowdfunding permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a WP Crowdfunding: desde n/a hasta 2.1.10."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themeum:wp_crowdfunding:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.11",
"matchCriteriaId": "AE6C93B6-0EC1-40BF-A403-CCB141C20B92"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-crowdfunding/wordpress-wp-crowdfunding-plugin-2-1-10-settings-change-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

10
CVE-2024/CVE-2024-449xx/CVE-2024-44931.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44931",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-08-26T11:15:05.447",
"lastModified": "2024-10-17T14:15:07.390",
"lastModified": "2024-11-08T16:15:22.593",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -77,6 +77,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/18504710442671b02d00e6db9804a0ad26c5a479",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1b955f786a4bcde8c0ccb2b7d519def2acb6f3cc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -88,6 +92,10 @@
"url": "https://git.kernel.org/stable/c/672c19165fc96dfad531a5458e0b3cdab414aae4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9ae2d8e75b741dbcb0da374753f972410e83b5f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d682e89c44bd5819b01f3fbb45a8e3681a4b6d0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

32
CVE-2024/CVE-2024-449xx/CVE-2024-44952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44952",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-04T19:15:30.213",
"lastModified": "2024-09-06T16:37:38.370",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:22.720",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -130,6 +130,14 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1cfc329304617838dc06f021bbbde3bc79cd655e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4749d336170dbb629e515a857e58a82e61c37a9c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/49ea4e0d862632d51667da5e7a9c88a560e9c5a1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -151,6 +159,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/92d847a35e1e41bceba13b8ac1f0e1b9dbe30d25",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c23fc327d6ec67629b4ad323bd64d3834c0417d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -165,6 +177,14 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cfc72b86fa20cbf44d2b6cc27b35eb15080232ab",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d4dba9a076838f3d0333a6a66efec2cdda90b2ee",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dd98c9630b7ee273da87e9a244f94ddf947161e2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -178,6 +198,14 @@
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fd28d9589460945985ef5333e9b942c4261f0826",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fe10c8367687c27172a10ba5cc849bd82077bd7d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2024/CVE-2024-449xx/CVE-2024-44988.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44988",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-04T20:15:07.960",
"lastModified": "2024-10-10T16:44:14.767",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:22.920",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -154,6 +154,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4a88fca95c8df3746b71e31f44a02d35f06f9864",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/528876d867a23b5198022baf2e388052ca67c952",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

50
CVE-2024/CVE-2024-450xx/CVE-2024-45085.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45085",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-10-15T22:15:03.773",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:13:11.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
@ -51,10 +71,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:websphere_application_server:*:*:*:*:traditional:*:*:*",
"versionStartIncluding": "8.5.0.0",
"versionEndExcluding": "8.5.5.27",
"matchCriteriaId": "1EF360D5-36CB-4297-B072-5C34AC3B8484"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7173128",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-454xx/CVE-2024-45477.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45477",
"sourceIdentifier": "security@apache.org",
"published": "2024-10-29T09:15:07.053",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:03:57.873",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -51,10 +71,48 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.0",
"versionEndIncluding": "1.27.0",
"matchCriteriaId": "FF44039C-8F48-403B-86F1-7EEDC61B05A0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "D147AF4C-74C3-41AE-B5A5-24051AC1458B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "200043CB-5676-4005-97B8-C95BCFF3EE0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "1DE8050C-59BA-4789-B211-7AC0D0E696BE"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/shdv0tw9hggj7tx9pl7g93mgok2lwbj9",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-457xx/CVE-2024-45764.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45764",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-11-08T16:15:23.070",
"lastModified": "2024-11-08T16:15:23.070",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) a Missing Critical Step in Authentication vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-304"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

56
CVE-2024/CVE-2024-457xx/CVE-2024-45765.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45765",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-11-08T16:15:23.350",
"lastModified": "2024-11-08T16:15:23.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability as it allows high privilege OS commands to be executed with a less privileged role; so Dell recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

6
CVE-2024/CVE-2024-468xx/CVE-2024-46849.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46849",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-27T13:15:16.723",
"lastModified": "2024-10-17T14:15:07.750",
"lastModified": "2024-11-08T16:15:23.603",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -138,6 +138,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a33145f494e6cb82f3e018662cc7c4febf271f22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e1a199ec31617242e1a0ea8f312341e682d0c037",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

6
CVE-2024/CVE-2024-468xx/CVE-2024-46853.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46853",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-27T13:15:16.997",
"lastModified": "2024-10-17T14:15:07.993",
"lastModified": "2024-11-08T16:15:23.727",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -142,6 +142,10 @@
"url": "https://git.kernel.org/stable/c/609260542cf86b459c57618b8cdec8020394b7ad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/aa05db44db5f409f6d91c27b5737efb49fb45d9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af9ca9ca3e44f48b2a191e100d452fbf850c3d87",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

10
CVE-2024/CVE-2024-468xx/CVE-2024-46854.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46854",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-09-27T13:15:17.063",
"lastModified": "2024-10-17T14:15:08.107",
"lastModified": "2024-11-08T16:15:23.857",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -142,6 +142,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cd5b9d657ecd44ad5f254c3fea3a6ab1cf0e2ef7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ce8eabc912fe9b9a62be1a5c6af5ad2196e90fc2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -149,6 +153,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dc43a096cfe65b5c32168313846c5cd135d08f1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f43190e33224c49e1c7ebbc25923ff400d87ec00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

72
CVE-2024/CVE-2024-468xx/CVE-2024-46872.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46872",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-10-29T09:15:07.350",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:00:42.473",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
@ -51,10 +81,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.5.0",
"versionEndIncluding": "9.5.9",
"matchCriteriaId": "B60FBA3A-FBFF-4632-AAE0-63E3385D2C6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.10.0",
"versionEndIncluding": "9.10.2",
"matchCriteriaId": "DB77A85B-6574-43F2-B910-EF9418677AB7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.11.0",
"versionEndIncluding": "9.11.1",
"matchCriteriaId": "A06E25CB-F05E-40DD-99AF-647EEA7B9DF2"
}
]
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
"source": "responsibledisclosure@mattermost.com",
"tags": [
"Vendor Advisory"
]
}
]
}

21
CVE-2024/CVE-2024-469xx/CVE-2024-46947.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-46947",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T16:15:23.957",
"lastModified": "2024-11-08T16:15:23.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF."
}
],
"metrics": {},
"references": [
{
"url": "https://mender.io/blog/cve-2024-46947-cve-2024-47190-ssrf-issues-in-mender-enterprise-server",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-469xx/CVE-2024-46948.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-46948",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T16:15:24.050",
"lastModified": "2024-11-08T16:15:24.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Northern.tech Mender before 3.6.5 and 3.7.x before 3.7.5 has Incorrect Access Control."
}
],
"metrics": {},
"references": [
{
"url": "https://mender.io/blog/cve-2024-46948",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-471xx/CVE-2024-47190.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-47190",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T16:15:24.163",
"lastModified": "2024-11-08T16:15:24.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Northern.tech Hosted Mender before 2024.07.11 allows SSRF."
}
],
"metrics": {},
"references": [
{
"url": "https://mender.io/blog/cve-2024-46947-cve-2024-47190-ssrf-issues-in-mender-enterprise-server",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-476xx/CVE-2024-47663.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47663",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-09T15:15:15.150",
"lastModified": "2024-10-23T16:50:53.183",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:24.277",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -157,6 +157,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5edc3a45ef428501000a7b23d0e1777a548907f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8961b245e8f92bccbaacfbbdf69eba60e3e7c227",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-476xx/CVE-2024-47670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47670",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-09T15:15:15.673",
"lastModified": "2024-10-23T19:16:56.403",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:24.397",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -105,6 +105,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/60c0d36189bad58b1a8e69af8781d90009559ea1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8e7bef408261746c160853fc27df3139659f5f77",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -125,6 +129,10 @@
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b49a786beb11ff740cb9e0c20b999c2a0e1729c2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2024/CVE-2024-476xx/CVE-2024-47671.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47671",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-09T15:15:15.753",
"lastModified": "2024-10-23T19:36:08.090",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:24.503",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -178,6 +178,10 @@
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fa652318887da530f2f9dbd9b0ea4a087d05ee12",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

12
CVE-2024/CVE-2024-476xx/CVE-2024-47672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47672",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-09T15:15:15.827",
"lastModified": "2024-10-23T19:44:08.623",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:24.613",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -110,6 +110,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/16c1e5d5228f26f120e12e6ca55c59c3a5e6dece",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1afed66cb271b3e65fe9df1c9fba2bf4b1f55669",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -145,6 +149,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad2fcc2daa203a6ad491f00e9ae3b7867e8fe0f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de46b1d24f5f752b3bd8b46673c2ea4239661244",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

6
CVE-2024/CVE-2024-476xx/CVE-2024-47674.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47674",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-15T11:15:13.073",
"lastModified": "2024-10-21T18:15:05.993",
"lastModified": "2024-11-08T16:15:24.737",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -126,6 +126,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/35770ca6180caa24a2b258c99a87bd437a1ee10f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5b2c8b34f6d76bfbd1dd4936eb8a0fbfb9af3959",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-476xx/CVE-2024-47679.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47679",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:04.920",
"lastModified": "2024-10-23T14:49:48.763",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:24.843",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -134,6 +134,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/489faddb1ae75b0e1a741fe5ca2542a2b5e794a5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/540fb13120c9eab3ef203f90c00c8e69f37449d1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -148,6 +152,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6cc13a80a26e6b48f78c725c01b91987d61563ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88b1afbf0f6b221f6c5bb66cc80cd3b38d696687",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

16
CVE-2024/CVE-2024-476xx/CVE-2024-47684.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47684",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:05.290",
"lastModified": "2024-10-22T14:59:31.340",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:24.967",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntcp: check skb is non-NULL in tcp_rto_delta_us()\n\nWe have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic\nkernel that are running ceph and recently hit a null ptr dereference in\ntcp_rearm_rto(). Initially hitting it from the TLP path, but then later we also\nsaw it getting hit from the RACK case as well. Here are examples of the oops\nmessages we saw in each of those cases:\n\nJul 26 15:05:02 rx [11061395.780353] BUG: kernel NULL pointer dereference, address: 0000000000000020\nJul 26 15:05:02 rx [11061395.787572] #PF: supervisor read access in kernel mode\nJul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - not-present page\nJul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0\nJul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI\nJul 26 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Tainted: G W 5.4.0-174-generic #193-Ubuntu\nJul 26 15:05:02 rx [11061395.814996] Hardware name: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 05/09/2023\nJul 26 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.830656] Code: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 <48> 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3\nJul 26 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246\nJul 26 15:05:02 rx [11061395.855149] RAX: 0000000000000000 RBX: 20c49ba5e353f7cf RCX: 0000000000000000\nJul 26 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60\nJul 26 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8\nJul 26 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900\nJul 26 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30\nJul 26 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000\nJul 26 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nJul 26 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0\nJul 26 15:05:02 rx [11061395.913822] PKRU: 55555554\nJul 26 15:05:02 rx [11061395.916786] Call Trace:\nJul 26 15:05:02 rx [11061395.919488]\nJul 26 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f\nJul 26 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9\nJul 26 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380\nJul 26 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0\nJul 26 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50\nJul 26 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0\nJul 26 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20\nJul 26 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450\nJul 26 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140\nJul 26 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90\nJul 26 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0\nJul 26 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40\nJul 26 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160\nJul 26 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220\nJul 26 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240\nJul 26 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0\nJul 26 15:05:02 rx [11061395.994814] ? tcp_write_timer_handler+0x240/0x240\nJul 26 15:05:02 rx [11061395.999866] call_timer_fn+0x32/0x130\nJul 26 15:05:02 rx [11061396.003782] __run_timers.part.0+0x180/0x280\nJul 26 15:05:02 rx [11061396.008309] ? recalibrate_cpu_khz+0x10/0x10\nJul 26 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30\nJul 26 15:05:02 rx [11061396.017718] ? lapic_next_even\n---truncated---"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: check skb is non-NULL in tcp_rto_delta_us() Tenemos algunas m\u00e1quinas que ejecutan Ubuntu 20.04.6 de f\u00e1brica, que es su kernel 5.4.0-174-generic, que ejecutan ceph y recientemente encontraron una desreferencia ptr nula en tcp_rearm_rto(). Inicialmente, lo encontramos desde la ruta TLP, pero luego tambi\u00e9n lo encontramos desde el caso RACK. Estos son ejemplos de los mensajes de error que vimos en cada uno de esos casos: Jul 26 15:05:02 rx [11061395.780353] ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000020 Jul 26 15:05:02 rx [11061395.787572] #PF: acceso de lectura de supervisor en modo kernel Jul 26 15:05:02 rx [11061395.792971] #PF: error_code(0x0000) - p\u00e1gina no presente Jul 26 15:05:02 rx [11061395.798362] PGD 0 P4D 0 Jul 26 15:05:02 rx [11061395.801164] Oops: 0000 [#1] SMP NOPTI 26 de julio 15:05:02 rx [11061395.805091] CPU: 0 PID: 9180 Comm: msgr-worker-1 Contaminado: GW 5.4.0-174-generic #193-Ubuntu 26 de julio 15:05:02 rx [11061395.814996] Nombre del hardware: Supermicro SMC 2x26 os-gen8 64C NVME-Y 256G/H12SSW-NTR, BIOS 2.5.V1.2U.NVMe.UEFI 09/05/2023 26 de julio 15:05:02 rx [11061395.825952] RIP: 0010:tcp_rearm_rto+0xe4/0x160 26 de julio 15:05:02 rx [11061395.830656] C\u00f3digo: 87 ca 04 00 00 00 5b 41 5c 41 5d 5d c3 c3 49 8b bc 24 40 06 00 00 eb 8d 48 bb cf f7 53 e3 a5 9b c4 20 4c 89 ef e8 0c fe 0e 00 &lt;48&gt; 8b 78 20 48 c1 ef 03 48 89 f8 41 8b bc 24 80 04 00 00 48 f7 e3 26 jul 15:05:02 rx [11061395.849665] RSP: 0018:ffffb75d40003e08 EFLAGS: 00010246 26 jul 15:05:02 rx [11061395.855149] RAX: 000000000000000 RBX: 20c49ba5e353f7cf RCX: 000000000000000 26 jul 15:05:02 rx [11061395.862542] RDX: 0000000062177c30 RSI: 000000000000231c RDI: ffff9874ad283a60 26 de julio 15:05:02 rx [11061395.869933] RBP: ffffb75d40003e20 R08: 0000000000000000 R09: ffff987605e20aa8 26 de julio 15:05:02 rx [11061395.877318] R10: ffffb75d40003f00 R11: ffffb75d4460f740 R12: ffff9874ad283900 26 de julio 15:05:02 rx [11061395.884710] R13: ffff9874ad283a60 R14: ffff9874ad283980 R15: ffff9874ad283d30 26 de julio 15:05:02 rx [11061395.892095] FS: 00007f1ef4a2e700(0000) GS:ffff987605e00000(0000) knlGS:0000000000000000 26 de julio 15:05:02 rx [11061395.900438] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 26 de julio 15:05:02 rx [11061395.906435] CR2: 0000000000000020 CR3: 0000003e450ba003 CR4: 0000000000760ef0 26 de julio 15:05:02 rx [11061395.913822] PKRU: 55555554 26 de julio 15:05:02 rx [11061395.916786] Rastreo de llamadas: 26 de julio 15:05:02 rx [11061395.919488] 26 de julio 15:05:02 rx [11061395.921765] ? show_regs.cold+0x1a/0x1f 26 de julio 15:05:02 rx [11061395.925859] ? __die+0x90/0xd9 26 de julio 15:05:02 rx [11061395.929169] ? no_context+0x196/0x380 26 de julio 15:05:02 rx [11061395.933088] ? ip6_protocol_deliver_rcu+0x4e0/0x4e0 26 de julio 15:05:02 rx [11061395.938216] ? ip6_sublist_rcv_finish+0x3d/0x50 26 de julio 15:05:02 rx [11061395.943000] ? __bad_area_nosemaphore+0x50/0x1a0 26 de julio 15:05:02 rx [11061395.947873] ? bad_area_nosemaphore+0x16/0x20 26 de julio 15:05:02 rx [11061395.952486] ? do_user_addr_fault+0x267/0x450 26 de julio 15:05:02 rx [11061395.957104] ? ipv6_list_rcv+0x112/0x140 26 de julio 15:05:02 rx [11061395.961279] ? __do_page_fault+0x58/0x90 26 de julio 15:05:02 rx [11061395.965458] ? do_page_fault+0x2c/0xe0 26 de julio 15:05:02 rx [11061395.969465] ? page_fault+0x34/0x40 26 de julio 15:05:02 rx [11061395.973217] ? tcp_rearm_rto+0xe4/0x160 26 de julio 15:05:02 rx [11061395.977313] ? tcp_rearm_rto+0xe4/0x160 26 de julio 15:05:02 rx [11061395.981408] tcp_send_loss_probe+0x10b/0x220 26 de julio 15:05:02 rx [11061395.985937] tcp_write_timer_handler+0x1b4/0x240 26 de julio 15:05:02 rx [11061395.990809] tcp_write_timer+0x9e/0xe0 26 de julio 15:05:02 rx [11061395.994814] ? recalibrate_cpu_khz+0x10/0x10 26 de julio 15:05:02 rx [11061396.012841] ? native_x2apic_icr_write+0x30/0x30 26 de julio 15:05:02 rx [11061396.017718] ? lapic_next_even ---truncado---"
}
],
"metrics": {
@ -114,6 +118,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/16e0387d87fc858e34449fdf2b14ed5837f761db",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/570f7d8c9bf14f041152ba8353d4330ef7575915",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -142,6 +150,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad4f0a14d6856e68f023fc4e5017cfd881a3dfbc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8770db2d54437a5f49417ae7b46f7de23d14db6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-476xx/CVE-2024-47685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47685",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:05.397",
"lastModified": "2024-10-23T15:19:05.983",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:25.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -120,6 +120,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7bcbc4cda777d26c88500d973fad0d497fc8a82e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7ea2bcfd9bf4c3dbbf22546162226fd1c14d8ad2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -127,6 +131,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/872eca64c3267dbc5836b715716fc6c03a18eda7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9c778fe48d20ef362047e3376dee56d77f8500d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

8
CVE-2024/CVE-2024-476xx/CVE-2024-47692.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47692",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:05.953",
"lastModified": "2024-10-23T21:19:07.493",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:25.200",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -134,6 +134,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6d07040ae5c2214e39c7444d898039c9e655a79a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/766d5fbd78f7a52b3888449a0358760477b74602",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-476xx/CVE-2024-47696.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47696",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.257",
"lastModified": "2024-10-23T21:30:34.897",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:25.313",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -120,6 +120,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/29b3bbd912b8db86df7a3c180b910ccb621f5635",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2efe8da2ddbf873385b4bc55366d09350b408df6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -168,6 +172,10 @@
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/da2708a19f45b4a7278adf523837c8db21d1e2b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

12
CVE-2024/CVE-2024-476xx/CVE-2024-47697.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47697",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.343",
"lastModified": "2024-10-23T20:51:37.527",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:25.433",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -148,6 +148,14 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/883f794c6e498ae24680aead55c16f66b06cfc30",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ffbe7d07b8e76193b151107878ddc1ccc94deb5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/badbd736e6649c4e6d7b4ff7e2b9857acfa9ea94",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-476xx/CVE-2024-47698.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47698",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.423",
"lastModified": "2024-10-23T20:52:11.123",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:25.543",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -113,6 +113,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/49b33c38d202d3327dcfd058e27f541dcc308b92",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/527ab3eb3b0b4a6ee00e183c1de6a730239e2835",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -134,6 +138,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7065c05c6d58b9b9a98127aa14e9a5ec68173918",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8ae06f360cfaca2b88b98ca89144548b3186aab1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-476xx/CVE-2024-47699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47699",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.503",
"lastModified": "2024-10-23T20:52:39.363",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:25.643",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -106,6 +106,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1d94dbdfbb64cc48d10dec65cc3c4fbf2497b343",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/21839b6fbc3c41b3e374ecbdb0cabbbb2c53cf34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -120,6 +124,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2b78e9df10fb7f4e9d3d7a18417dd72fbbc1dfd0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3644554d308ddf2669e459a1551a7edf60b2d62b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-477xx/CVE-2024-47701.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47701",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:06.663",
"lastModified": "2024-10-23T20:53:13.877",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:25.740",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -120,6 +120,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5b076d37e8d99918e9294bd6b35a8bbb436819b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7fc22c3b3ffc0e952f5e0062dd11aa6ae76affba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -127,6 +131,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8adf0eb4e361a9e060d54f4bd0ac9c5d85277d20",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/be2e9b111e2790962cc66a177869b4e9717b4e29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

10
CVE-2024/CVE-2024-477xx/CVE-2024-47706.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47706",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:07.120",
"lastModified": "2024-11-05T10:20:16.157",
"lastModified": "2024-11-08T16:15:25.847",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -141,6 +141,14 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a9bdd5b36887d2bacb8bc777fd18317c99fc2587",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc2140534b2aae752e4f7cb4489642dbb5ec4777",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ddbdaad123254fb53e32480cb74a486a6868b1e0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-477xx/CVE-2024-47709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47709",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:07.397",
"lastModified": "2024-10-24T13:51:56.023",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:25.963",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -149,6 +149,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a833da8eec20b51af39643faa7067b25c8b20f3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b02ed2f01240b226570b4a19b5041d61f5125784",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -162,6 +166,10 @@
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f5059fae5ed518fc56494ce5bdd4f5360de4b3bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2024/CVE-2024-477xx/CVE-2024-47710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47710",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:07.483",
"lastModified": "2024-10-24T13:57:58.060",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:26.080",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -162,6 +162,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bc05f6855642cff3c0eeb63060b35d8c4f8a851d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cd10abf41bae55c9d2b93f34a516dbf52626bcb7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

8
CVE-2024/CVE-2024-477xx/CVE-2024-47712.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47712",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:07.640",
"lastModified": "2024-10-24T14:17:11.550",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:26.243",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -141,6 +141,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a24cedc243ace5ed7c1016f52a7bfc8f5b07815",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6d7c6ae1efb1ff68bc01d79d94fdf0388f86cdd8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-477xx/CVE-2024-47713.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47713",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T12:15:07.717",
"lastModified": "2024-10-24T14:19:15.500",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:26.370",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -106,6 +106,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/04f75f5bae33349283d6886901d9acd2f110c024",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/058c9026ad79dc98572442fd4c7e9a36aba6f596",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -113,6 +117,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/07eb0bd7b0a8abed9d45e0f567c9af1dc83e5268",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9d301de12da6e1bb069a9835c38359b8e8135121",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-477xx/CVE-2024-47723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47723",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:02.503",
"lastModified": "2024-10-24T16:17:24.003",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:26.743",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -120,6 +120,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5ad6284c8d433f8a213111c5c44ead4d9705b622",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6ce8b6ab44a8b5918c0ee373d4ad19d19017931b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -141,6 +145,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d1017d2a0f3f16dc1db5120e7ddbe7c6680425b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e63866a475562810500ea7f784099bfe341e761a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-477xx/CVE-2024-47737.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47737",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:03.833",
"lastModified": "2024-10-23T17:00:01.357",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:27.153",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -106,6 +106,10 @@
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3e8081ebff12bec1347deaceb6bce0765cce54df",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/81821617312988096f5deccf0f7da6f888e98056",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -141,6 +145,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c6b16e700cf4d959af524bd9d3978407ff7ce462",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d078cbf5c38de83bc31f83c47dcd2184c04a50c7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

14
CVE-2024/CVE-2024-477xx/CVE-2024-47740.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47740",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:04.103",
"lastModified": "2024-10-21T17:09:45.417",
"lastModified": "2024-11-08T16:15:27.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nf2fs: Require FMODE_WRITE for atomic write ioctls\n\nThe F2FS ioctls for starting and committing atomic writes check for\ninode_owner_or_capable(), but this does not give LSMs like SELinux or\nLandlock an opportunity to deny the write access - if the caller's FSUID\nmatches the inode's UID, inode_owner_or_capable() immediately returns true.\n\nThere are scenarios where LSMs want to deny a process the ability to write\nparticular files, even files that the FSUID of the process owns; but this\ncan currently partially be bypassed using atomic write ioctls in two ways:\n\n - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE can\n truncate an inode to size 0\n - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE can revert\n changes another process concurrently made to a file\n\nFix it by requiring FMODE_WRITE for these operations, just like for\nF2FS_IOC_MOVE_RANGE. Since any legitimate caller should only be using these\nioctls when intending to write into the file, that seems unlikely to break\nanything."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: f2fs: Requerir FMODE_WRITE para ioctls de escritura at\u00f3mica Los ioctls de F2FS para iniciar y confirmar escrituras at\u00f3micas comprueban inode_owner_or_capable(), pero esto no da a los LSM como SELinux o Landlock la oportunidad de denegar el acceso de escritura: si el FSUID del llamador coincide con el UID del inodo, inode_owner_or_capable() devuelve verdadero inmediatamente. Hay escenarios en los que los LSM quieren denegar a un proceso la capacidad de escribir archivos particulares, incluso archivos que el FSUID del proceso posee; pero esto actualmente se puede omitir parcialmente usando ioctls de escritura at\u00f3mica de dos maneras: - F2FS_IOC_START_ATOMIC_REPLACE + F2FS_IOC_COMMIT_ATOMIC_WRITE puede truncar un inodo a tama\u00f1o 0 - F2FS_IOC_START_ATOMIC_WRITE + F2FS_IOC_ABORT_ATOMIC_WRITE puede revertir los cambios que otro proceso realiz\u00f3 simult\u00e1neamente en un archivo Arr\u00e9glelo requiriendo FMODE_WRITE para estas operaciones, al igual que para F2FS_IOC_MOVE_RANGE. Dado que cualquier llamador leg\u00edtimo solo debe usar estos ioctls cuando tenga la intenci\u00f3n de escribir en el archivo, parece poco probable que eso rompa algo."
}
],
"metrics": {},
@ -25,6 +29,10 @@
"url": "https://git.kernel.org/stable/c/4583290898c13c2c2e5eb8773886d153c2c5121d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ce87674c3a6b4d3b3d45f85b584ab8618a3cece",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4f5a100f87f32cb65d4bb1ad282a08c92f6f591e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
@ -33,6 +41,10 @@
"url": "https://git.kernel.org/stable/c/5e0de753bfe87768ebe6744d869caa92f35e5731",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/700f3a7c7fa5764c9f24bbf7c78e0b6e479fa653",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/88ff021e1fea2d9b40b2d5efd9013c89f7be04ac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

12
CVE-2024/CVE-2024-477xx/CVE-2024-47742.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47742",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:04.297",
"lastModified": "2024-10-23T21:02:28.867",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:27.613",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -134,6 +134,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b1ca33ebd05b3acef5b976c04e5e791af93ce1b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a77fc4acfd49fc6076e565445b2bc5fdc3244da4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -148,6 +152,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d1768e5535d3ded59f888637016e6f821f4e069f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0e5311aa8022107d63c54e2f03684ec097d1394",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-477xx/CVE-2024-47747.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47747",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:04.753",
"lastModified": "2024-10-22T16:11:40.627",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:27.837",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -113,6 +113,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/25d559ed2beec9b34045886100dac46d1ad92eba",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/338a0582b28e69460df03af50e938b86b4206353",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -148,6 +152,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b5a84b6c772564c8359a9a0fbaeb2a2944aa1ee9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d2abc379071881798d20e2ac1d332ad855ae22f3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-477xx/CVE-2024-47749.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47749",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:04.950",
"lastModified": "2024-10-22T16:08:31.637",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:28.003",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -120,6 +120,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4e1fe68d695af367506ea3c794c5969630f21697",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/54aaa3ed40972511e423b604324b881425b9ff1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -134,6 +138,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b12e25d91c7f97958341538c7dc63ee49d01548f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b9c94c8ba5a713817cffd74c4bacc05187469624",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

8
CVE-2024/CVE-2024-477xx/CVE-2024-47756.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47756",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:05.550",
"lastModified": "2024-10-22T16:09:56.570",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:28.193",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -137,6 +137,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9c9afc3e75069fcfb067727973242cfbf00dd7eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c289903b7a216df5ea6e1850ddf1b958eea9921d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-477xx/CVE-2024-47757.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47757",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:05.640",
"lastModified": "2024-10-22T15:54:48.830",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:28.343",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -148,6 +148,14 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ed76d381dae125b81d09934e365391a656249da8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f3a9859767c7aea758976f5523903d247e585129",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f9c96351aa6718b42a9f42eaf7adce0356bdb5e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

52
CVE-2024/CVE-2024-478xx/CVE-2024-47826.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47826",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-14T18:15:04.800",
"lastModified": "2024-10-15T12:57:46.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:41:00.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -55,14 +75,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:elabftw:elabftw:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.1.5",
"matchCriteriaId": "5C19FA15-93F0-483F-8E5F-842A0499B178"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/elabftw/elabftw/security/advisories/GHSA-cjww-pr9f-4c4w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.acunetix.com/vulnerabilities/web/html-injection",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Technical Description"
]
}
]
}

53
CVE-2024/CVE-2024-478xx/CVE-2024-47831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47831",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-14T18:15:05.013",
"lastModified": "2024-10-15T12:57:46.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:39:21.823",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +71,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:vercel:next.js:*:*:*:*:*:node.js:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "14.2.7",
"matchCriteriaId": "30CFD4DC-B71A-4524-A97C-C10AE01FC687"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/vercel/next.js/commit/d11cbc9ff0b1aaefabcba9afe1e562e0b1fde65a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/vercel/next.js/security/advisories/GHSA-g77x-44xx-532m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-487xx/CVE-2024-48783.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48783",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-15T21:15:11.510",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:19:21.263",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,78 @@
"value": "Un problema en Ruijie NBR3000D-E Gateway permite que un atacante remoto obtenga informaci\u00f3n confidencial a trav\u00e9s del componente /tool/shell/postgresql.conf."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:ruijie:nbr3000d-e_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2BB0700C-FE75-4A4D-97FB-F1CE498C4D74"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:ruijie:nbr3000d-e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3B7511B1-0486-4AE6-953E-349D0A3C2859"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/zty-1995/8495b81e8d257e8f6df102a32ec3c583",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

48
CVE-2024/CVE-2024-493xx/CVE-2024-49340.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49340",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-10-16T00:15:03.100",
"lastModified": "2024-10-16T16:38:14.557",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:06:21.730",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
@ -51,10 +71,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:watson_studio_local:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D98948B8-796A-4650-B28C-13919A8EF3EF"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/1144438",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-496xx/CVE-2024-49672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49672",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-29T11:15:04.223",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:16:00.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:google_docs_rsvp_project:google_docs_rsvp:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.0.1",
"matchCriteriaId": "E98DC42A-2BE2-4029-A27A-1ECE5C82A1E3"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/google-docs-rsvp-guestlist/wordpress-google-docs-rsvp-plugin-2-0-1-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-496xx/CVE-2024-49693.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49693",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-24T13:15:12.090",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:19:50.400",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kraftplugins:mega_elements:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.7",
"matchCriteriaId": "03F9796C-363A-4EE2-B610-3BDAACE80A02"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/mega-elements-addons-for-elementor/wordpress-mega-elements-addons-for-elementor-plugin-1-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-496xx/CVE-2024-49695.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49695",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-24T13:15:12.320",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:20:33.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:spiffyplugins:wp_flow_plus:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.2.4",
"matchCriteriaId": "EB688784-1AAE-4507-A53C-479ACC7C16A9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-imageflow2/wordpress-wp-flow-plus-plugin-5-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-496xx/CVE-2024-49696.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49696",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-24T13:15:12.537",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-08T15:21:12.533",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:robosoft:robo_gallery:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.22",
"matchCriteriaId": "43FD59BA-9D8A-4DC6-9F8D-DA91C952B93C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/robo-gallery/wordpress-photo-gallery-images-slider-in-rbs-image-gallery-plugin-3-2-21-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-498xx/CVE-2024-49851.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49851",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:05.883",
"lastModified": "2024-10-23T16:00:52.597",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:28.700",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -127,6 +127,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/87e8134c18977b566f4ec248c8a147244da69402",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/adf4ce162561222338cf2c9a2caa294527f7f721",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-498xx/CVE-2024-49860.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49860",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T13:15:06.723",
"lastModified": "2024-10-23T16:44:58.473",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:28.907",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -113,6 +113,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2364b6af90c6b6d8a4783e0d3481ca80af699554",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4b081991c4363e072e1748efed0bbec8a77daba5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -134,6 +138,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/92fd5209fc014405f63a7db79802ca4b01dc0c05",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f0921ecd4ddc14646bb5511f49db4d7d3b0829f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

12
CVE-2024/CVE-2024-498xx/CVE-2024-49867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49867",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-21T18:15:06.403",
"lastModified": "2024-10-25T12:54:27.637",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-08T16:15:29.037",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -140,6 +140,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a71349b692ab34ea197949e13e3cc42570fe73d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bf0de0f9a0544c11f96f93206da04ab87dcea1f4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
@ -147,6 +151,10 @@
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cd686dfff63f27d712877aef5b962fbf6b8bc264",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ed87190e9d9c80aad220fb6b0b03a84d22e2c95b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",

Some files were not shown because too many files have changed in this diff Show More