admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-06T21:00:21.583587+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-06 21:03:22 +00:00
parent 9dc793f03e
commit 43ca830a78
72 changed files with 2849 additions and 491 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
CVE-2020/CVE-2020-367xx/CVE-2020-36765.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-36765",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:10.497",
"lastModified": "2024-10-19T00:37:23.233",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-06T20:35:02.123",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},

27
CVE-2021/CVE-2021-472xx/CVE-2021-47231.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47231",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:12.477",
"lastModified": "2024-05-21T16:54:26.047",
"lastModified": "2024-11-06T20:35:02.850",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: can: mcba_usb: repara la p\u00e9rdida de memoria en mcba_usb. Syzbot inform\u00f3 una p\u00e9rdida de memoria en el controlador SocketCAN para la herramienta Microchip CAN BUS Analyzer. El problema estaba en usb_coherent no liberado. En mcba_usb_start() se asignan 20 buffers coherentes y no hay nada que los libere: 1) En la funci\u00f3n de devoluci\u00f3n de llamada, la urb se vuelve a enviar y eso es todo 2) En la funci\u00f3n de desconexi\u00f3n, las urbs simplemente se eliminan, pero URB_FREE_BUFFER no est\u00e1 configurado (ver mcba_usb_start) y Esta bandera no se puede utilizar con buffers coherentes. Registro de errores: | [ 1354.053291][ T8413] mcba_usb 1-1:0.0 can0: dispositivo desconectado | [ 1367.059384][ T8420] kmemleak: 20 nuevas p\u00e9rdidas de memoria sospechosas (ver /sys/kernel/debug/kmem) Por lo tanto, todos los buffers asignados deben liberarse con usb_free_coherent() expl\u00edcitamente NOTA: Se utiliza el mismo patr\u00f3n para asignar y liberar buffers coherentes en controladores/net/can/usb/kvaser_usb/kvaser_usb_core.c"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6bd3d80d1f019cefa7011056c54b323f1d8b8e83",

27
CVE-2021/CVE-2021-472xx/CVE-2021-47297.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47297",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:17.553",
"lastModified": "2024-05-21T16:54:26.047",
"lastModified": "2024-11-06T20:35:03.380",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: corrige el valor uninit en caif_seqpkt_sendmsg. Cuando nr_segs es igual a cero en iovec_from_user, el objeto msg->msg_iter.iov es la memoria de pila uninit en caif_seqpkt_sendmsg que est\u00e1 definida en ___sys_sendmsg. Entonces no podemos simplemente juzgar msg->msg_iter.iov->base directamente. Podemos usar nr_segs para juzgar si msg en caif_seqpkt_sendmsg tiene buffers de datos. ==================================================== === BUG: KMSAN: valor uninit en caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:77 [en l\u00ednea] dump_stack+0x1c9/0x220 lib/dump_stack.c: 118 kmsan_report+0xf7/0x1e0 mm/kmsan/kmsan_report.c:118 __msan_warning+0x58/0xa0 mm/kmsan/kmsan_instr.c:215 caif_seqpkt_sendmsg+0x693/0xf60 net/caif/caif_socket.c:542 sock_sendmsg_nosec net/so cket.c: 652 [en l\u00ednea] sock_sendmsg net/socket.c:672 [en l\u00ednea] ____sys_sendmsg+0x12b6/0x1350 net/socket.c:2343 ___sys_sendmsg net/socket.c:2397 [en l\u00ednea] __sys_sendmmsg+0x808/0xc90 80 __compat_sys_sendmmsg net/compat.c:656 [en l\u00ednea]"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1582a02fecffcee306663035a295e28e1c4aaaff",

27
CVE-2021/CVE-2021-473xx/CVE-2021-47384.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47384",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T15:15:23.947",
"lastModified": "2024-05-21T16:54:26.047",
"lastModified": "2024-11-06T19:35:00.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: hwmon: (w83793) Corrija la desreferencia del puntero NULL eliminando el campo de estructura innecesario. Si el controlador lee el valor tmp suficiente para (tmp & 0x08) && (!(tmp & 0x80)) && (( tmp & 0x7) == ((tmp >> 4) & 0x7)) desde el dispositivo, luego se produce la desreferencia del puntero null. (Es posible si tmp = 0b0xyz1xyz, donde los mismos literales significan los mismos n\u00fameros) Adem\u00e1s, lm75[] ya no sirve para nada despu\u00e9s de cambiar a devm_i2c_new_dummy_device() en w83791d_detect_subclients(). El parche corrige la posible desreferencia del puntero NULL eliminando lm75[]. Encontrado por el proyecto de verificaci\u00f3n de controladores de Linux (linuxtesting.org). [groeck: Se eliminaron l\u00edneas de continuaci\u00f3n innecesarias, se corrigieron alineaciones de varias l\u00edneas]"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6cb01fe630eaffc5a2c3f7364436caddba286623",

27
CVE-2021/CVE-2021-474xx/CVE-2021-47477.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47477",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-22T09:15:09.677",
"lastModified": "2024-05-22T12:46:53.887",
"lastModified": "2024-11-06T20:35:03.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: comedi: dt9812: corrige los b\u00faferes DMA en la pila Los b\u00faferes de transferencia USB generalmente est\u00e1n asignados para DMA y no deben asignarse en la pila o las transferencias fallar\u00e1n. Asigne b\u00faferes de transferencia adecuados en los distintos asistentes de comando y devuelva un error en transferencias cortas en lugar de actuar sobre datos de pila aleatorios. Tenga en cuenta que esto tambi\u00e9n soluciona una fuga de informaci\u00f3n de la pila en sistemas donde no se usa DMA, ya que siempre se env\u00edan 32 bytes al dispositivo, independientemente de cu\u00e1n corto sea el comando."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/20cebb8b620dc987e55ddc46801de986e081757e",

27
CVE-2021/CVE-2021-475xx/CVE-2021-47586.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47586",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-19T15:15:53.160",
"lastModified": "2024-07-03T01:38:11.913",
"lastModified": "2024-11-06T20:35:03.827",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN informa una lectura fuera de los l\u00edmites en rk_gmac_setup en la l\u00ednea: while (ops->regs[i]) { Esto sucede en la mayor\u00eda de las plataformas, ya que el miembro de la matriz flexible regs est\u00e1 vac\u00edo, por lo que aqu\u00ed se lee la memoria despu\u00e9s de la estructura de operaciones. Parece que la mayor parte de esto contiene cero de todos modos, as\u00ed que tenemos suerte y todo sigue funcionando. Para evitar agregar datos redundantes a casi todas las estructuras de operaciones, agregue un nuevo indicador para indicar si el campo regs es v\u00e1lido y evite este bucle cuando no lo sea."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",

14
CVE-2023/CVE-2023-225xx/CVE-2023-22593.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22593",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2023-06-27T19:15:09.187",
"lastModified": "2023-07-05T16:28:23.427",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-06T19:35:01.273",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

27
CVE-2023/CVE-2023-303xx/CVE-2023-30310.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30310",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T20:16:20.590",
"lastModified": "2024-05-29T13:02:09.280",
"lastModified": "2024-11-06T20:35:04.160",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un problema descubierto en Comfast Comfast CF-616AC routers permite a los atacantes secuestrar sesiones TCP, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/",

14
CVE-2023/CVE-2023-404xx/CVE-2023-40439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-40439",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:48.920",
"lastModified": "2024-01-17T19:12:37.470",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-06T20:35:05.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

12
CVE-2023/CVE-2023-428xx/CVE-2023-42833.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42833",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-01-10T22:15:50.000",
"lastModified": "2024-02-06T02:15:07.997",
"lastModified": "2024-11-06T20:35:06.280",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-495xx/CVE-2023-49539.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49539",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T22:15:47.540",
"lastModified": "2024-03-01T22:22:25.913",
"lastModified": "2024-11-06T20:35:07.133",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Book Store Management System v1.0 conten\u00eda una vulnerabilidad de Cross-Site Scripting (XSS) en /bsms_ci/index.php/category. Esta vulnerabilidad permite a los atacantes ejecutar scripts web o HTML arbitrarios a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro de categor\u00eda."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/geraldoalcantara/CVE-2023-49539",

39
CVE-2023/CVE-2023-524xx/CVE-2023-52492.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52492",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-11T18:15:16.877",
"lastModified": "2024-11-04T13:16:35.007",
"lastModified": "2024-11-06T19:35:03.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: dmaengine: corrige el puntero NULL en la funci\u00f3n de cancelaci\u00f3n del registro del canal __dma_async_device_channel_register() puede fallar. En caso de falla, chan->local se libera (con free_percpu()) y chan->local se anula. Cuando se llama a dma_async_device_unregister() (debido a una API administrada o intencionalmente por el controlador del controlador DMA), los canales se anulan incondicionalmente, lo que lleva a este puntero NULL: [1.318693] No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 00000000000000d0 [...] [ 1.484499] Seguimiento de llamadas: [ 1.486930] device_del+0x40/0x394 [ 1.490314] device_unregister+0x20/0x7c [ 1.494220] __dma_async_device_channel_unregister+0x68/0xc0 Mire la ruta de error de la funci\u00f3n dma_async_device_register(), cancelaci\u00f3n del registro del dispositivo La raci\u00f3n se realiza s\u00f3lo si chan->local es no nulo. Luego agregue la misma condici\u00f3n al comienzo de la funci\u00f3n __dma_async_device_channel_unregister(), para evitar problemas de puntero NULL cualquiera que sea la API utilizada para alcanzar esta funci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/047fce470412ab64cb7345f9ff5d06919078ad79",

27
CVE-2023/CVE-2023-525xx/CVE-2023-52511.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52511",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:47.640",
"lastModified": "2024-03-04T13:58:23.447",
"lastModified": "2024-11-06T19:35:04.233",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: sun6i: reduce el ancho de transferencia DMA RX a un solo byte. Mediante pruebas emp\u00edricas se ha determinado que a veces las transferencias RX SPI con DMA habilitado devuelven datos corruptos. Esto se debe a la p\u00e9rdida de uno o incluso varios bytes durante la transferencia DMA desde el perif\u00e9rico SPI a la memoria. Parece que el RX FIFO dentro del perif\u00e9rico SPI puede confundirse cuando se realizan accesos de lectura al bus de m\u00e1s de un byte durante una transferencia SPI activa. Este parche reduce el ancho de los accesos de lectura de DMA individuales al RX FIFO a un solo byte para mitigar ese problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/171f8a49f212e87a8b04087568e1b3d132e36a18",

27
CVE-2023/CVE-2023-525xx/CVE-2023-52522.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52522",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:48.170",
"lastModified": "2024-03-04T13:58:23.447",
"lastModified": "2024-11-06T20:35:08.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: soluciona el posible desgarro del almac\u00e9n en neigh_periodic_work() Mientras miraba un informe de syzbot relacionado que involucraba a neigh_periodic_work(), descubr\u00ed que olvid\u00e9 agregar una anotaci\u00f3n al eliminar un elemento protegido por RCU de una lista. Los lectores usan rcu_deference(*np), necesitamos usar rcu_assign_pointer() o WRITE_ONCE() en el lado del escritor para evitar que la tienda se rompa. Utilizo rcu_assign_pointer() para tener soporte lockdep, esta fue la elecci\u00f3n hecha en neigh_flush_dev()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/147d89ee41434b97043c2dcb17a97dc151859baa",

27
CVE-2023/CVE-2023-526xx/CVE-2023-52620.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52620",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-21T11:15:28.230",
"lastModified": "2024-11-04T13:16:41.823",
"lastModified": "2024-11-06T20:35:08.343",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nf_tables: no permite el tiempo de espera para conjuntos an\u00f3nimos Nunca se usa desde el espacio de usuario, no permita estos par\u00e1metros."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/00b19ee0dcc1aef06294471ab489bae26d94524e",

39
CVE-2023/CVE-2023-528xx/CVE-2023-52800.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52800",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:18.523",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-11-06T19:35:04.477",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: wifi: ath11k: corrige el bloqueo de htt pktlog. Los pdevs activos de ath11k est\u00e1n protegidos por RCU, pero el c\u00f3digo de manejo de htt pktlog que llama a ath11k_mac_get_ar_by_pdev_id() no se marc\u00f3 como una secci\u00f3n cr\u00edtica del lado de lectura. Marque el c\u00f3digo en cuesti\u00f3n como una secci\u00f3n cr\u00edtica del lado de lectura de RCU para evitar posibles problemas de use after free. Compilaci\u00f3n probada \u00fanicamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/03ed26935bebf6b6fd8a656490bf3dcc71b72679",

39
CVE-2023/CVE-2023-528xx/CVE-2023-52870.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52870",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:23.833",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-11-06T19:35:05.403",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: mediatek: clk-mt6765: Agregar verificaci\u00f3n para mtk_alloc_clk_data. Agregue la verificaci\u00f3n para el valor de retorno de mtk_alloc_clk_data() para evitar la desreferencia al puntero NULL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/10cc81124407d862f0f747db4baa9c006510b480",

39
CVE-2024/CVE-2024-00xx/CVE-2024-0030.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0030",
"sourceIdentifier": "security@android.com",
"published": "2024-02-16T02:15:50.710",
"lastModified": "2024-02-16T13:37:55.033",
"lastModified": "2024-11-06T19:35:07.573",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En btif_to_bta_response de btif_gatt_util.cc, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d",

80
CVE-2024/CVE-2024-100xx/CVE-2024-10097.json
View File

@ -2,19 +2,23 @@
"id": "CVE-2024-10097",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-05T07:15:13.327",
"lastModified": "2024-11-05T16:04:26.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T19:14:22.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication bypass in all versions up to, and including, 1.9.2. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token."
},
{
"lang": "es",
"value": "Los complementos Loginizer Security y Loginizer para WordPress son vulnerables a la omisi\u00f3n de la autenticaci\u00f3n en todas las versiones hasta la 1.9.2 incluida. Esto se debe a que la verificaci\u00f3n del usuario que devuelve el token de inicio de sesi\u00f3n social es insuficiente. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al correo electr\u00f3nico y el usuario no tiene una cuenta ya existente para el servicio que devuelve el token."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -32,13 +36,43 @@
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,22 +81,52 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:loginizer:loginizer:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.9.3",
"matchCriteriaId": "85146512-2678-4E8F-A81A-53FD2F5B7994"
}
]
}
]
}
],
"references": [
{
"url": "https://loginizer.com/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/loginizer/trunk/main/social-login.php?rev=3108779#L127",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3173657/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5db00b22-d766-4fde-86fe-98d90936028c?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-209xx/CVE-2024-20966.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20966",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:50.517",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-11-06T19:35:08.623",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpujan2024.html",

14
CVE-2024/CVE-2024-210xx/CVE-2024-21043.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21043",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:20.943",
"lastModified": "2024-04-17T12:48:31.863",
"lastModified": "2024-11-06T19:35:09.460",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html",

12
CVE-2024/CVE-2024-214xx/CVE-2024-21496.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21496",
"sourceIdentifier": "report@snyk.io",
"published": "2024-02-17T05:15:09.603",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-11-06T19:35:12.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [

14
CVE-2024/CVE-2024-216xx/CVE-2024-21690.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21690",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-08-21T16:15:07.390",
"lastModified": "2024-08-21T17:25:08.560",
"lastModified": "2024-11-06T19:35:13.787",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://confluence.atlassian.com/pages/viewpage.action?pageId=1431535667",

14
CVE-2024/CVE-2024-220xx/CVE-2024-22085.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22085",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-20T05:15:45.890",
"lastModified": "2024-03-20T13:00:16.367",
"lastModified": "2024-11-06T19:35:14.630",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -16,6 +16,18 @@
}
],
"metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.elspec-ltd.com/support/security-advisories/",

27
CVE-2024/CVE-2024-232xx/CVE-2024-23298.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23298",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-15T23:15:07.403",
"lastModified": "2024-03-17T22:38:29.433",
"lastModified": "2024-11-06T19:35:15.443",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se abord\u00f3 una cuesti\u00f3n de l\u00f3gica con una mejor gesti\u00f3n de estado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/HT214092",

27
CVE-2024/CVE-2024-268xx/CVE-2024-26810.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26810",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-05T09:15:09.230",
"lastModified": "2024-11-05T10:15:51.910",
"lastModified": "2024-11-06T20:35:09.833",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vfio/pci: bloquear operaciones de enmascaramiento INTx externas Las operaciones de enmascaramiento a trav\u00e9s de cambios en el espacio de configuraci\u00f3n a DisINTx pueden acelerar los cambios de configuraci\u00f3n de INTx a trav\u00e9s de ioctl. Cree contenedores que agreguen bloqueo para rutas fuera del c\u00f3digo de interrupci\u00f3n central. En particular, irq_type se actualiza manteniendo igate, por lo tanto, probar is_intx() requiere mantener igate. Por ejemplo, borrar DisINTx del espacio de configuraci\u00f3n puede acelerar los cambios en la configuraci\u00f3n de la interrupci\u00f3n. Esto alinea las interfaces que pueden desencadenar el evento INTx en dos campos, un lado serializado por igate y el otro solo habilitado mientras INTx est\u00e1 configurado. Un parche posterior introduce la sincronizaci\u00f3n para estos \u00faltimos flujos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/03505e3344b0576fd619416793a31eae9c5b73bf",

27
CVE-2024/CVE-2024-268xx/CVE-2024-26843.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26843",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T10:15:10.047",
"lastModified": "2024-11-05T10:15:54.257",
"lastModified": "2024-11-06T20:35:10.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: efi: runtime: corrige el posible desbordamiento del tama\u00f1o de la regi\u00f3n reservada por software. md_size se habr\u00e1 reducido si tenemos >= 4 GB de p\u00e1ginas en una regi\u00f3n reservada por software."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/156cb12ffdcf33883304f0db645e1eadae712fe0",

27
CVE-2024/CVE-2024-270xx/CVE-2024-27032.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27032",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:49.230",
"lastModified": "2024-05-01T19:50:25.633",
"lastModified": "2024-11-06T19:35:15.673",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: f2fs: correcci\u00f3n para evitar un posible p\u00e1nico durante la recuperaci\u00f3n. Durante la recuperaci\u00f3n, si FAULT_BLOCK est\u00e1 activado, es posible que f2fs_reserve_new_block() devuelva -ENOSPC durante la recuperaci\u00f3n, lo que puede provocar p\u00e1nico. Adem\u00e1s, si la tasa de inyecci\u00f3n de fallas es 1 y solo el tipo de falla FAULT_BLOCK est\u00e1 activado, es posible que se produzca un bucle muerto en el bucle de reserva de bloque. Cambiemos como se muestra a continuaci\u00f3n para solucionar estos problemas: - elimine bug_on() para evitar el p\u00e1nico. - limitar el n\u00famero de bucles de reserva de bloques para evitar posibles bucles muertos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/21ec68234826b1b54ab980a8df6e33c74cfbee58",

27
CVE-2024/CVE-2024-270xx/CVE-2024-27054.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27054",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:50.270",
"lastModified": "2024-05-01T19:50:25.633",
"lastModified": "2024-11-06T20:35:11.540",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: s390/dasd: corrige la disminuci\u00f3n del doble recuento del m\u00f3dulo Una vez que la disciplina est\u00e1 asociada con el dispositivo, eliminar el dispositivo se encarga de disminuir el recuento del m\u00f3dulo. Hacerlo manualmente en esta ruta de error hace que el recuento disminuya artificialmente en cada error, mientras que deber\u00eda permanecer igual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ad999aa18103fa038787b6a8a55020abcf34df1a",

27
CVE-2024/CVE-2024-270xx/CVE-2024-27073.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27073",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-01T13:15:51.167",
"lastModified": "2024-11-05T10:16:27.260",
"lastModified": "2024-11-06T19:35:15.903",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: ttpci: corrige dos fugas de mem en Budget_av_attach Cuando fallan saa7146_register_device y saa7146_vv_init, Budget_av_attach deber\u00eda liberar los recursos que asigna, como lo hace el manejo de errores de ttpci_budget_init. Adem\u00e1s, hay dos comentarios fijos que se refieren a dichas desasignaciones."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/1597cd1a88cfcdc4bf8b1b44cd458fed9a5a5d63",

27
CVE-2024/CVE-2024-278xx/CVE-2024-27816.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27816",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-05-14T15:13:04.823",
"lastModified": "2024-06-10T18:15:28.970",
"lastModified": "2024-11-06T19:35:16.133",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 17.5 y iPadOS 17.5, tvOS 17.5, watchOS 10.5, macOS Sonoma 14.5. Un atacante puede acceder a los datos del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/May/10",

39
CVE-2024/CVE-2024-288xx/CVE-2024-28808.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28808",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-30T21:15:03.493",
"lastModified": "2024-10-04T13:51:25.567",
"lastModified": "2024-11-06T20:35:12.717",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Infinera hiT 7300 5.60.50. Una funcionalidad oculta en la interfaz web permite que un atacante remoto autenticado acceda a informaci\u00f3n reservada mediante el acceso a aplicaciones web no documentadas. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://www.cvcn.gov.it/cvcn/cve/CVE-2024-28808",

39
CVE-2024/CVE-2024-297xx/CVE-2024-29742.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29742",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-04-05T20:15:08.107",
"lastModified": "2024-04-08T18:49:25.863",
"lastModified": "2024-11-06T20:35:13.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En apply_minlock_constraint de dvfs.c, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01",

84
CVE-2024/CVE-2024-318xx/CVE-2024-31880.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31880",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-10-23T02:15:07.167",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T20:39:55.200",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -51,10 +71,68 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.0.0",
"versionEndIncluding": "10.5.11",
"matchCriteriaId": "72264C00-9FD5-44EF-AE33-36819E253233"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.4",
"versionEndIncluding": "11.1.4.7",
"matchCriteriaId": "2E7ABF45-1720-49F0-AA78-E4C06815F3C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:db2:*:*:*:*:*:-:*:*",
"versionStartIncluding": "11.5",
"versionEndIncluding": "11.5.9",
"matchCriteriaId": "46EEFD88-1F1D-417F-815A-98A456DE8515"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
"matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:opengroup:unix:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6A90CB3A-9BE7-475C-9E75-6ECAD2106302"
}
]
}
]
}
],
"references": [
{
"url": "https://www.ibm.com/support/pages/node/7156851",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-348xx/CVE-2024-34882.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34882",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:04.683",
"lastModified": "2024-11-05T17:35:13.780",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-06T19:28:48.523",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*",
"matchCriteriaId": "845F02AC-50F7-4C96-88D0-4A4CAE7EC29A"
}
]
}
]
}
],
"references": [
{
"url": "http://bitrix24.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/DrieVlad/BitrixVulns",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-348xx/CVE-2024-34883.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34883",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:04.787",
"lastModified": "2024-11-05T17:35:14.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-06T19:28:34.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*",
"matchCriteriaId": "845F02AC-50F7-4C96-88D0-4A4CAE7EC29A"
}
]
}
]
}
],
"references": [
{
"url": "http://bitrix24.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/DrieVlad/BitrixVulns",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-348xx/CVE-2024-34887.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34887",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:04.867",
"lastModified": "2024-11-05T17:35:16.683",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-06T19:28:15.613",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:bitrix24:bitrix24:23.300.100:*:*:*:*:*:*:*",
"matchCriteriaId": "845F02AC-50F7-4C96-88D0-4A4CAE7EC29A"
}
]
}
]
}
],
"references": [
{
"url": "http://bitrix24.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/DrieVlad/BitrixVulns",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-393xx/CVE-2024-39339.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39339",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-18T20:15:03.197",
"lastModified": "2024-09-20T12:30:17.483",
"lastModified": "2024-11-06T20:35:19.170",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se ha descubierto una vulnerabilidad en todas las versiones de las unidades centrales Smartplay, que se utilizan ampliamente en los autom\u00f3viles Suzuki y Toyota. Esta configuraci\u00f3n incorrecta puede provocar la divulgaci\u00f3n de informaci\u00f3n, filtrando detalles confidenciales como registros de diagn\u00f3stico, registros del sistema, contrase\u00f1as de la unidad central e informaci\u00f3n de identificaci\u00f3n personal (PII). La exposici\u00f3n de dicha informaci\u00f3n puede tener consecuencias graves para la privacidad del usuario y la integridad del sistema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://docs.google.com/document/d/1S-d8zyZreYYGSIr4zGww6F2iBfD63v10Z3YVbGnp2es/edit?usp=sharing",

39
CVE-2024/CVE-2024-420xx/CVE-2024-42018.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42018",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-11T17:15:03.573",
"lastModified": "2024-10-15T12:58:51.050",
"lastModified": "2024-11-06T20:35:23.377",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Atos Eviden SMC xScale antes de la versi\u00f3n 1.6.6. Durante la inicializaci\u00f3n de los nodos, se recuperan algunos par\u00e1metros de configuraci\u00f3n de los nodos de administraci\u00f3n. Estos par\u00e1metros incorporan credenciales cuya integridad y confidencialidad pueden ser importantes para la seguridad de la configuraci\u00f3n de HPC. Debido a que estos par\u00e1metros son necesarios para la inicializaci\u00f3n, no hay ning\u00fan mecanismo disponible para garantizar el control de acceso en el nodo de administraci\u00f3n y normalmente se implementa una medida de mitigaci\u00f3n para evitar el acceso a usuarios sin privilegios. Se descubri\u00f3 que esta medida de mitigaci\u00f3n no sobrevive al reinicio de nodos con disco lleno. (Los nodos sin disco no corren riesgo). El error se encuentra en la configuraci\u00f3n de cloudinit: la configuraci\u00f3n de iptables deber\u00eda haber estado en la secci\u00f3n bootcmd en lugar de la secci\u00f3n runcmd."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://eviden.com",

39
CVE-2024/CVE-2024-451xx/CVE-2024-45185.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-45185",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T20:15:05.257",
"lastModified": "2024-11-05T16:04:26.053",
"lastModified": "2024-11-06T19:35:16.420",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Se descubri\u00f3 un problema en el procesador m\u00f3vil Samsung, el procesador port\u00e1til y el m\u00f3dem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, m\u00f3dem 5123, m\u00f3dem 5300. Hay una escritura fuera de los l\u00edmites debido a un desbordamiento de almacenamiento din\u00e1mico en el protocolo GPRS."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",

39
CVE-2024/CVE-2024-480xx/CVE-2024-48052.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48052",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T23:15:04.337",
"lastModified": "2024-11-05T16:04:26.053",
"lastModified": "2024-11-06T20:35:29.830",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " En gradio <=4.42.0, la funci\u00f3n gr.DownloadButton tiene una vulnerabilidad oculta de server-side request forgery (SSRF). La raz\u00f3n es que dentro de la funci\u00f3n save_url_to_cache no hay restricciones en la URL, lo que permite el acceso a recursos de destino locales. Esto puede provocar la descarga de recursos locales e informaci\u00f3n confidencial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/AfterSnows/45ffc23797f9127e00755376cc610e12",

39
CVE-2024/CVE-2024-480xx/CVE-2024-48061.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48061",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T23:15:04.560",
"lastModified": "2024-11-05T16:04:26.053",
"lastModified": "2024-11-06T20:35:30.633",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " langflow <=1.0.18 es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo (RCE), ya que cualquier componente proporciona la funcionalidad del c\u00f3digo y los componentes se ejecutan en la m\u00e1quina local en lugar de en un entorno aislado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/AfterSnows/1e58257867002462923fd62dde2b5d61",

39
CVE-2024/CVE-2024-484xx/CVE-2024-48463.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48463",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T21:15:04.707",
"lastModified": "2024-11-05T16:04:26.053",
"lastModified": "2024-11-06T19:35:17.717",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Bruno anterior a 1.29.1 usa Electron shell.openExternal sin validaci\u00f3n (de http o https) para abrir ventanas dentro del visor de documentos Markdown."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/opcod3r/ab69f36d52367df7ffac32a597dff31c",

67
CVE-2024/CVE-2024-488xx/CVE-2024-48809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48809",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T17:15:07.880",
"lastModified": "2024-11-05T22:35:12.643",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-06T19:33:54.977",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,43 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aetherproject:onos-a1t:0.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8194B2E5-8575-4F0C-9350-6FA565F35216"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:aetherproject:sdran-in-a-box:1.4.3:*:*:*:*:*:*:*",
"matchCriteriaId": "181C93F4-1D73-40B6-996F-503CAC735F23"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/bergen876/5a21f78e266c12aa2586beb2178443b0",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/onosproject/sdran-in-a-box/issues/206",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

59
CVE-2024/CVE-2024-492xx/CVE-2024-49217.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49217",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:08.830",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T20:53:26.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:madirisalmanaashish:adding_drop_down_roles_in_registration:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1",
"matchCriteriaId": "1F9A3B74-4A1E-49B7-A7B5-740C7D117B5E"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/user-drop-down-roles-in-registration/wordpress-adding-drop-down-roles-in-registration-plugin-1-1-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-492xx/CVE-2024-49219.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49219",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:09.037",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T20:45:08.233",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themexpo:rs-members:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.3",
"matchCriteriaId": "D0180AC1-AE48-484A-A9A6-13D4CA5BC7B6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/rs-members/wordpress-rs-members-plugin-1-0-3-privilege-escalation-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-492xx/CVE-2024-49220.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49220",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:09.227",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T20:41:13.367",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cookie-scanner:cookie_scanner:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.1",
"matchCriteriaId": "20F1100A-4300-4544-BE95-A9C9EF080229"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cookie-scanner/wordpress-cookie-scanner-plugin-1-1-csrf-to-stored-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-492xx/CVE-2024-49221.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49221",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:09.450",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T20:54:50.527",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:julianweinert:cslider:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.4.2",
"matchCriteriaId": "B449F025-7E55-4085-A87B-DE22D47E9216"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cslider/wordpress-cslider-plugin-2-4-2-csrf-to-stored-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-492xx/CVE-2024-49223.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49223",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:09.673",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T20:55:37.613",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shibulijack:cj_change_howdy:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.3.1",
"matchCriteriaId": "717B4D33-C2B0-4071-989D-161827452D0D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/cj-change-howdy/wordpress-cj-change-howdy-plugin-3-3-1-csrf-to-stored-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-492xx/CVE-2024-49229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49229",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:09.893",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T20:40:30.740",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:arifnezami:better_author_bio:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.7.10.11",
"matchCriteriaId": "4689238E-3953-4D12-9B29-A93129F2C3B5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/better-author-bio/wordpress-better-author-bio-plugin-2-7-10-11-csrf-to-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-492xx/CVE-2024-49237.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49237",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-17T18:15:10.670",
"lastModified": "2024-10-18T12:52:33.507",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T20:33:52.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ahmetimamoglu:ahmeti_wp_timeline:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "5.1",
"matchCriteriaId": "3CE69E19-855B-44D4-917C-22AC0628A364"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/ahmeti-wp-timeline/wordpress-ahmeti-wp-timeline-plugin-5-1-csrf-to-stored-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-506xx/CVE-2024-50637.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-50637",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-06T17:15:20.680",
"lastModified": "2024-11-06T18:17:17.287",
"lastModified": "2024-11-06T20:35:33.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. \u00b6\u00b6 The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/unopim/unopim/issues/41",

74
CVE-2024/CVE-2024-511xx/CVE-2024-51127.json
View File

@ -2,24 +2,88 @@
"id": "CVE-2024-51127",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:05.113",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T19:25:14.607",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the createTempFile method of hornetq v2.4.9 allows attackers to arbitrarily overwrite files or access sensitive information."
},
{
"lang": "es",
"value": " Un problema en el m\u00e9todo createTempFile de hornetq v2.4.9 permite a los atacantes sobrescribir archivos arbitrariamente o acceder a informaci\u00f3n confidencial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:hornetq:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.4.9",
"matchCriteriaId": "5439269D-3160-4A8D-A488-33F5120D0FEC"
}
]
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://hornetq.com",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/JAckLosingHeart/CWE-378/blob/main/CVE-2024-51127.md",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mitigation"
]
}
]
}

39
CVE-2024/CVE-2024-511xx/CVE-2024-51132.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51132",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T17:15:07.310",
"lastModified": "2024-11-06T18:17:17.287",
"lastModified": "2024-11-06T20:35:34.173",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de entidad externa XML (XXE) en HAPI FHIR anterior a v6.4.0 permite a los atacantes acceder a informaci\u00f3n confidencial o ejecutar c\u00f3digo arbitrario mediante el suministro de una solicitud manipulada que contiene entidades XML maliciosas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://github.com/JAckLosingHeart/CVE-2024-51132-POC",

66
CVE-2024/CVE-2024-511xx/CVE-2024-51136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51136",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T17:15:08.050",
"lastModified": "2024-11-05T21:35:12.783",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-06T19:31:15.230",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,18 +81,44 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openimaj:openimaj:1.3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AAF734DE-88E3-455D-A60A-FD00CC6CA12B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/openimaj/openimaj",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/openimaj/openimaj/issues/382",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://mvnrepository.com/artifact/org.openimaj.tools/WebTools",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
}
]
}

39
CVE-2024/CVE-2024-512xx/CVE-2024-51240.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51240",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T19:15:07.283",
"lastModified": "2024-11-06T18:17:17.287",
"lastModified": "2024-11-06T20:35:34.963",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en el paquete luci-mod-rpc en OpenWRT Luci LTS permite la escalada de privilegios desde una cuenta de administrador a root a trav\u00e9s de JSON-RPC-API, que est\u00e1 expuesta por el paquete luci-mod-rpc"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://github.com/VitoCrl/vulnerability_research/tree/main/CVE-2024-51240",

61
CVE-2024/CVE-2024-513xx/CVE-2024-51329.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51329",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T18:15:05.480",
"lastModified": "2024-11-05T21:35:13.890",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-06T19:19:24.793",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,37 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:idrsdev:agile-board:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B515146A-859E-48FF-AD91-592E038ADEAC"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/idrsdev/agile-board/tree/main",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51329%20-%20Host%20Header%20Injection",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
}
]
}

39
CVE-2024/CVE-2024-513xx/CVE-2024-51362.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51362",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T17:15:07.383",
"lastModified": "2024-11-06T18:17:17.287",
"lastModified": "2024-11-06T20:35:35.750",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "LSC Smart Connect Indoor IP Camera V7.6.32 es vulnerable a un problema de divulgaci\u00f3n de informaci\u00f3n que permite acceder a las im\u00e1genes en vivo de la c\u00e1mara a trav\u00e9s del protocolo RTSP en el puerto 8554 sin necesidad de autenticaci\u00f3n. Esto permite que usuarios no autorizados con acceso a la red vean la se\u00f1al de la c\u00e1mara, lo que podr\u00eda comprometer la privacidad y la seguridad del usuario. No se requieren credenciales ni permisos especiales, y se puede acceder de forma remota a trav\u00e9s de la red."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://shinxyy.github.io/blogs/CVE_2024_51362.html",

51
CVE-2024/CVE-2024-516xx/CVE-2024-51685.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-51685",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-04T15:15:24.230",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T19:34:31.590",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael Gangolf Accordion title for Elementor allows Stored XSS.This issue affects Accordion title for Elementor: from n/a through 1.2.1."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en el t\u00edtulo de Michael Gangolf Accordion para Elementor permite XSS almacenado. Este problema afecta a Accordion title para Elementor: desde n/a hasta 1.2.1."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -47,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:migaweb:accordion_title_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.2.2",
"matchCriteriaId": "942C592B-5B23-4EAE-B486-97CBBBF9C6C5"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/accordion-title-for-elementor/wordpress-accordion-title-for-elementor-plugin-1-2-1-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-517xx/CVE-2024-51751.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51751",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-06T20:15:05.557",
"lastModified": "2024-11-06T20:15:05.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gradio is an open-source Python package designed to enable quick builds of a demo or web application. If File or UploadButton components are used as a part of Gradio application to preview file content, an attacker with access to the application might abuse these components to read arbitrary files from the application server. This issue has been addressed in release version 5.5.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/gradio-app/gradio/security/advisories/GHSA-rhm9-gp5p-5248",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-517xx/CVE-2024-51754.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51754",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-06T20:15:05.817",
"lastModified": "2024-11-06T20:15:05.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Twig is a template language for PHP. In a sandbox, an attacker can call `__toString()` on an object even if the `__toString()` method is not allowed by the security policy when the object is part of an array or an argument list (arguments to a function or a filter for instance). This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"references": [
{
"url": "https://github.com/twigphp/Twig/commit/2bb8c2460a2c519c498df9b643d5277117155a73",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/twigphp/Twig/security/advisories/GHSA-6377-hfv9-hqf6",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-517xx/CVE-2024-51755.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51755",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-06T20:15:06.077",
"lastModified": "2024-11-06T20:15:06.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Twig is a template language for PHP. In a sandbox, and attacker can access attributes of Array-like objects as they were not checked by the security policy. They are now checked via the property policy and the `__isset()` method is now called after the security check. This is a BC break. This issue has been patched in versions 3.11.2 and 3.14.1. All users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.2,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.7,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-668"
}
]
}
],
"references": [
{
"url": "https://github.com/twigphp/Twig/commit/831c148e786178e5f2fde9db67266be3bf241c21",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/twigphp/Twig/security/advisories/GHSA-jjxq-ff2g-95vh",
"source": "security-advisories@github.com"
}
]
}

94
CVE-2024/CVE-2024-517xx/CVE-2024-51757.json Normal file
View File

@ -0,0 +1,94 @@
{
"id": "CVE-2024-51757",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-06T20:15:06.337",
"lastModified": "2024-11-06T20:15:06.337",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "happy-dom is a JavaScript implementation of a web browser without its graphical user interface. Versions of happy-dom prior to 15.10.2 may execute code on the host via a script tag. This would execute code in the user context of happy-dom. Users are advised to upgrade to version 15.10.2. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/capricorn86/happy-dom/commit/5ee0b1676d4ce20cc2a70d1c9c8d6f1e3f57efac",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/capricorn86/happy-dom/issues/1585",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/capricorn86/happy-dom/pull/1586",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/capricorn86/happy-dom/security/advisories/GHSA-96g7-g7g9-jxw8",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-519xx/CVE-2024-51988.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-51988",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-06T20:15:06.513",
"lastModified": "2024-11-06T20:15:06.513",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RabbitMQ is a feature rich, multi-protocol messaging and streaming broker. In affected versions queue deletion via the HTTP API was not verifying the `configure` permission of the user. Users who had all of the following: 1. Valid credentials, 2. Some permissions for the target virtual host & 3. HTTP API access. could delete queues it had no (deletion) permissions for. This issue has been addressed in version 3.12.11 of the open source rabbitMQ release and in versions 1.5.2, 3.13.0, and 4.0.0 of the tanzu release. Users are advised to upgrade. Users unable to upgrade may disable management plugin and use, for example, Prometheus and Grafana for monitoring."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/rabbitmq/rabbitmq-server/security/advisories/GHSA-pj33-75x5-32j4",
"source": "security-advisories@github.com"
},
{
"url": "https://www.rabbitmq.com/docs/prometheus",
"source": "security-advisories@github.com"
}
]
}

6
CVE-2024/CVE-2024-87xx/CVE-2024-8775.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-8775",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-09-14T03:15:08.987",
"lastModified": "2024-09-14T11:47:14.677",
"lastModified": "2024-11-06T20:15:06.763",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -52,6 +52,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:8969",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-8775",
"source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-93xx/CVE-2024-9341.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-9341",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-01T19:15:09.500",
"lastModified": "2024-11-05T08:15:04.223",
"lastModified": "2024-11-06T20:15:06.917",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -76,6 +76,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:8428",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8690",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8846",
"source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-96xx/CVE-2024-9675.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-9675",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-09T15:15:17.837",
"lastModified": "2024-11-06T10:15:05.010",
"lastModified": "2024-11-06T20:15:07.083",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -68,6 +68,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:8686",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8690",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8703",
"source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-96xx/CVE-2024-9676.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-9676",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-10-15T16:15:06.933",
"lastModified": "2024-11-06T10:15:05.683",
"lastModified": "2024-11-06T20:15:07.410",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -68,6 +68,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:8686",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:8690",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-9676",
"source": "secalert@redhat.com"

63
CVE-2024/CVE-2024-96xx/CVE-2024-9689.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-9689",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-05T06:15:06.360",
"lastModified": "2024-11-05T16:36:00.010",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-06T19:14:53.737",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack"
},
{
"lang": "es",
"value": " El complemento Post From Frontend WordPress hasta la versi\u00f3n 1.0.0 no tiene verificaci\u00f3n CSRF al eliminar publicaciones, lo que podr\u00eda permitir a los atacantes hacer que el administrador que haya iniciado sesi\u00f3n realice dicha acci\u00f3n a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -35,10 +59,43 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:shaon:post_from_frontend:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.0.0",
"matchCriteriaId": "61FE8E42-75CA-489A-BCDC-9AC05F3CC3A5"
}
]
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/ea501d37-1ec2-43ec-873a-ec204e965f60/",
"source": "contact@wpscan.com"
"source": "contact@wpscan.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-99xx/CVE-2024-9902.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-9902",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-11-06T10:15:06.200",
"lastModified": "2024-11-06T18:17:17.287",
"lastModified": "2024-11-06T20:15:07.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -48,6 +48,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:8969",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-9902",
"source": "secalert@redhat.com"

90
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-06T19:00:21.748867+00:00
2024-11-06T21:00:21.583587+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-06T18:35:06.780000+00:00
2024-11-06T20:55:37.613000+00:00
```
### Last Data Feed Release
@ -33,69 +33,49 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
268475
268480
```
### CVEs added in the last Commit
Recently added CVEs: `30`
Recently added CVEs: `5`
- [CVE-2024-20445](CVE-2024/CVE-2024-204xx/CVE-2024-20445.json) (`2024-11-06T17:15:14.830`)
- [CVE-2024-20457](CVE-2024/CVE-2024-204xx/CVE-2024-20457.json) (`2024-11-06T17:15:15.107`)
- [CVE-2024-20476](CVE-2024/CVE-2024-204xx/CVE-2024-20476.json) (`2024-11-06T17:15:15.337`)
- [CVE-2024-20484](CVE-2024/CVE-2024-204xx/CVE-2024-20484.json) (`2024-11-06T17:15:15.580`)
- [CVE-2024-20487](CVE-2024/CVE-2024-204xx/CVE-2024-20487.json) (`2024-11-06T17:15:15.833`)
- [CVE-2024-20504](CVE-2024/CVE-2024-205xx/CVE-2024-20504.json) (`2024-11-06T17:15:16.053`)
- [CVE-2024-20507](CVE-2024/CVE-2024-205xx/CVE-2024-20507.json) (`2024-11-06T17:15:16.257`)
- [CVE-2024-20511](CVE-2024/CVE-2024-205xx/CVE-2024-20511.json) (`2024-11-06T17:15:16.467`)
- [CVE-2024-20514](CVE-2024/CVE-2024-205xx/CVE-2024-20514.json) (`2024-11-06T17:15:16.687`)
- [CVE-2024-20525](CVE-2024/CVE-2024-205xx/CVE-2024-20525.json) (`2024-11-06T17:15:16.927`)
- [CVE-2024-20527](CVE-2024/CVE-2024-205xx/CVE-2024-20527.json) (`2024-11-06T17:15:17.147`)
- [CVE-2024-20528](CVE-2024/CVE-2024-205xx/CVE-2024-20528.json) (`2024-11-06T17:15:17.373`)
- [CVE-2024-20529](CVE-2024/CVE-2024-205xx/CVE-2024-20529.json) (`2024-11-06T17:15:17.593`)
- [CVE-2024-20530](CVE-2024/CVE-2024-205xx/CVE-2024-20530.json) (`2024-11-06T17:15:17.793`)
- [CVE-2024-20531](CVE-2024/CVE-2024-205xx/CVE-2024-20531.json) (`2024-11-06T17:15:18.043`)
- [CVE-2024-20532](CVE-2024/CVE-2024-205xx/CVE-2024-20532.json) (`2024-11-06T17:15:18.270`)
- [CVE-2024-20533](CVE-2024/CVE-2024-205xx/CVE-2024-20533.json) (`2024-11-06T17:15:18.700`)
- [CVE-2024-20534](CVE-2024/CVE-2024-205xx/CVE-2024-20534.json) (`2024-11-06T17:15:18.927`)
- [CVE-2024-20536](CVE-2024/CVE-2024-205xx/CVE-2024-20536.json) (`2024-11-06T17:15:19.140`)
- [CVE-2024-20537](CVE-2024/CVE-2024-205xx/CVE-2024-20537.json) (`2024-11-06T17:15:19.350`)
- [CVE-2024-20538](CVE-2024/CVE-2024-205xx/CVE-2024-20538.json) (`2024-11-06T17:15:19.563`)
- [CVE-2024-20539](CVE-2024/CVE-2024-205xx/CVE-2024-20539.json) (`2024-11-06T17:15:19.767`)
- [CVE-2024-20540](CVE-2024/CVE-2024-205xx/CVE-2024-20540.json) (`2024-11-06T17:15:19.977`)
- [CVE-2024-50315](CVE-2024/CVE-2024-503xx/CVE-2024-50315.json) (`2024-11-06T18:15:06.173`)
- [CVE-2024-50637](CVE-2024/CVE-2024-506xx/CVE-2024-50637.json) (`2024-11-06T17:15:20.680`)
- [CVE-2024-51751](CVE-2024/CVE-2024-517xx/CVE-2024-51751.json) (`2024-11-06T20:15:05.557`)
- [CVE-2024-51754](CVE-2024/CVE-2024-517xx/CVE-2024-51754.json) (`2024-11-06T20:15:05.817`)
- [CVE-2024-51755](CVE-2024/CVE-2024-517xx/CVE-2024-51755.json) (`2024-11-06T20:15:06.077`)
- [CVE-2024-51757](CVE-2024/CVE-2024-517xx/CVE-2024-51757.json) (`2024-11-06T20:15:06.337`)
- [CVE-2024-51988](CVE-2024/CVE-2024-519xx/CVE-2024-51988.json) (`2024-11-06T20:15:06.513`)
### CVEs modified in the last Commit
Recently modified CVEs: `193`
Recently modified CVEs: `65`
- [CVE-2024-51739](CVE-2024/CVE-2024-517xx/CVE-2024-51739.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-51740](CVE-2024/CVE-2024-517xx/CVE-2024-51740.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-51745](CVE-2024/CVE-2024-517xx/CVE-2024-51745.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-51746](CVE-2024/CVE-2024-517xx/CVE-2024-51746.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-51752](CVE-2024/CVE-2024-517xx/CVE-2024-51752.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-51753](CVE-2024/CVE-2024-517xx/CVE-2024-51753.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-51756](CVE-2024/CVE-2024-517xx/CVE-2024-51756.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-51774](CVE-2024/CVE-2024-517xx/CVE-2024-51774.json) (`2024-11-06T17:35:41.767`)
- [CVE-2024-52043](CVE-2024/CVE-2024-520xx/CVE-2024-52043.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-6626](CVE-2024/CVE-2024-66xx/CVE-2024-6626.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-6861](CVE-2024/CVE-2024-68xx/CVE-2024-6861.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-7879](CVE-2024/CVE-2024-78xx/CVE-2024-7879.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-7995](CVE-2024/CVE-2024-79xx/CVE-2024-7995.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-8323](CVE-2024/CVE-2024-83xx/CVE-2024-8323.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-8614](CVE-2024/CVE-2024-86xx/CVE-2024-8614.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-8615](CVE-2024/CVE-2024-86xx/CVE-2024-8615.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-9109](CVE-2024/CVE-2024-91xx/CVE-2024-9109.json) (`2024-11-06T17:18:48.363`)
- [CVE-2024-9307](CVE-2024/CVE-2024-93xx/CVE-2024-9307.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-9579](CVE-2024/CVE-2024-95xx/CVE-2024-9579.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-9681](CVE-2024/CVE-2024-96xx/CVE-2024-9681.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-9883](CVE-2024/CVE-2024-98xx/CVE-2024-9883.json) (`2024-11-06T17:32:17.477`)
- [CVE-2024-9902](CVE-2024/CVE-2024-99xx/CVE-2024-9902.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-9934](CVE-2024/CVE-2024-99xx/CVE-2024-9934.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-9936](CVE-2024/CVE-2024-99xx/CVE-2024-9936.json) (`2024-11-06T17:35:42.870`)
- [CVE-2024-9946](CVE-2024/CVE-2024-99xx/CVE-2024-9946.json) (`2024-11-06T18:17:17.287`)
- [CVE-2024-48052](CVE-2024/CVE-2024-480xx/CVE-2024-48052.json) (`2024-11-06T20:35:29.830`)
- [CVE-2024-48061](CVE-2024/CVE-2024-480xx/CVE-2024-48061.json) (`2024-11-06T20:35:30.633`)
- [CVE-2024-48463](CVE-2024/CVE-2024-484xx/CVE-2024-48463.json) (`2024-11-06T19:35:17.717`)
- [CVE-2024-48809](CVE-2024/CVE-2024-488xx/CVE-2024-48809.json) (`2024-11-06T19:33:54.977`)
- [CVE-2024-49217](CVE-2024/CVE-2024-492xx/CVE-2024-49217.json) (`2024-11-06T20:53:26.900`)
- [CVE-2024-49219](CVE-2024/CVE-2024-492xx/CVE-2024-49219.json) (`2024-11-06T20:45:08.233`)
- [CVE-2024-49220](CVE-2024/CVE-2024-492xx/CVE-2024-49220.json) (`2024-11-06T20:41:13.367`)
- [CVE-2024-49221](CVE-2024/CVE-2024-492xx/CVE-2024-49221.json) (`2024-11-06T20:54:50.527`)
- [CVE-2024-49223](CVE-2024/CVE-2024-492xx/CVE-2024-49223.json) (`2024-11-06T20:55:37.613`)
- [CVE-2024-49229](CVE-2024/CVE-2024-492xx/CVE-2024-49229.json) (`2024-11-06T20:40:30.740`)
- [CVE-2024-49237](CVE-2024/CVE-2024-492xx/CVE-2024-49237.json) (`2024-11-06T20:33:52.403`)
- [CVE-2024-50637](CVE-2024/CVE-2024-506xx/CVE-2024-50637.json) (`2024-11-06T20:35:33.010`)
- [CVE-2024-51127](CVE-2024/CVE-2024-511xx/CVE-2024-51127.json) (`2024-11-06T19:25:14.607`)
- [CVE-2024-51132](CVE-2024/CVE-2024-511xx/CVE-2024-51132.json) (`2024-11-06T20:35:34.173`)
- [CVE-2024-51136](CVE-2024/CVE-2024-511xx/CVE-2024-51136.json) (`2024-11-06T19:31:15.230`)
- [CVE-2024-51240](CVE-2024/CVE-2024-512xx/CVE-2024-51240.json) (`2024-11-06T20:35:34.963`)
- [CVE-2024-51329](CVE-2024/CVE-2024-513xx/CVE-2024-51329.json) (`2024-11-06T19:19:24.793`)
- [CVE-2024-51362](CVE-2024/CVE-2024-513xx/CVE-2024-51362.json) (`2024-11-06T20:35:35.750`)
- [CVE-2024-51685](CVE-2024/CVE-2024-516xx/CVE-2024-51685.json) (`2024-11-06T19:34:31.590`)
- [CVE-2024-8775](CVE-2024/CVE-2024-87xx/CVE-2024-8775.json) (`2024-11-06T20:15:06.763`)
- [CVE-2024-9341](CVE-2024/CVE-2024-93xx/CVE-2024-9341.json) (`2024-11-06T20:15:06.917`)
- [CVE-2024-9675](CVE-2024/CVE-2024-96xx/CVE-2024-9675.json) (`2024-11-06T20:15:07.083`)
- [CVE-2024-9676](CVE-2024/CVE-2024-96xx/CVE-2024-9676.json) (`2024-11-06T20:15:07.410`)
- [CVE-2024-9689](CVE-2024/CVE-2024-96xx/CVE-2024-9689.json) (`2024-11-06T19:14:53.737`)
- [CVE-2024-9902](CVE-2024/CVE-2024-99xx/CVE-2024-9902.json) (`2024-11-06T20:15:07.820`)
## Download and Usage

571
_state.csv
View File

File diff suppressed because it is too large Load Diff