From 45309ec0c1dc943c3040c446e5e9e088b7399879 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Fri, 29 Nov 2024 21:05:35 +0000 Subject: [PATCH] Auto-Update: 2024-11-29T21:02:22.449173+00:00 --- CVE-2024/CVE-2024-109xx/CVE-2024-10900.json | 69 +++++- CVE-2024/CVE-2024-206xx/CVE-2024-20671.json | 54 ++++- CVE-2024/CVE-2024-213xx/CVE-2024-21334.json | 64 +++++- CVE-2024/CVE-2024-213xx/CVE-2024-21392.json | 102 ++++++++- CVE-2024/CVE-2024-214xx/CVE-2024-21400.json | 54 ++++- CVE-2024/CVE-2024-214xx/CVE-2024-21419.json | 75 ++++++- CVE-2024/CVE-2024-214xx/CVE-2024-21423.json | 54 ++++- CVE-2024/CVE-2024-214xx/CVE-2024-21426.json | 63 +++++- CVE-2024/CVE-2024-214xx/CVE-2024-21427.json | 77 ++++++- CVE-2024/CVE-2024-214xx/CVE-2024-21429.json | 211 +++++++++++++++++- CVE-2024/CVE-2024-214xx/CVE-2024-21430.json | 214 +++++++++++++++++- CVE-2024/CVE-2024-214xx/CVE-2024-21431.json | 152 ++++++++++++- CVE-2024/CVE-2024-214xx/CVE-2024-21432.json | 196 ++++++++++++++++- CVE-2024/CVE-2024-214xx/CVE-2024-21433.json | 196 ++++++++++++++++- CVE-2024/CVE-2024-261xx/CVE-2024-26167.json | 54 ++++- CVE-2024/CVE-2024-261xx/CVE-2024-26188.json | 54 ++++- CVE-2024/CVE-2024-261xx/CVE-2024-26192.json | 54 ++++- CVE-2024/CVE-2024-353xx/CVE-2024-35366.json | 29 +++ CVE-2024/CVE-2024-353xx/CVE-2024-35367.json | 29 +++ CVE-2024/CVE-2024-353xx/CVE-2024-35368.json | 29 +++ CVE-2024/CVE-2024-353xx/CVE-2024-35371.json | 29 +++ CVE-2024/CVE-2024-366xx/CVE-2024-36610.json | 29 +++ CVE-2024/CVE-2024-366xx/CVE-2024-36611.json | 29 +++ CVE-2024/CVE-2024-366xx/CVE-2024-36612.json | 29 +++ CVE-2024/CVE-2024-366xx/CVE-2024-36615.json | 29 +++ CVE-2024/CVE-2024-366xx/CVE-2024-36616.json | 29 +++ CVE-2024/CVE-2024-366xx/CVE-2024-36624.json | 39 +++- CVE-2024/CVE-2024-501xx/CVE-2024-50179.json | 154 +++++++++++-- CVE-2024/CVE-2024-501xx/CVE-2024-50180.json | 141 +++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50181.json | 117 +++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50182.json | 116 +++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50192.json | 133 +++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50193.json | 132 +++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50194.json | 157 +++++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50195.json | 157 +++++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50196.json | 120 ++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50197.json | 85 +++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50198.json | 133 +++++++++++- CVE-2024/CVE-2024-512xx/CVE-2024-51228.json | 45 +++- CVE-2024/CVE-2024-520xx/CVE-2024-52003.json | 90 ++++++++ CVE-2024/CVE-2024-527xx/CVE-2024-52762.json | 67 +++++- CVE-2024/CVE-2024-527xx/CVE-2024-52763.json | 100 ++++++++- CVE-2024/CVE-2024-528xx/CVE-2024-52800.json | 82 +++++++ CVE-2024/CVE-2024-528xx/CVE-2024-52801.json | 86 ++++++++ CVE-2024/CVE-2024-528xx/CVE-2024-52809.json | 86 ++++++++ CVE-2024/CVE-2024-528xx/CVE-2024-52810.json | 82 +++++++ CVE-2024/CVE-2024-535xx/CVE-2024-53504.json | 25 +++ CVE-2024/CVE-2024-535xx/CVE-2024-53505.json | 25 +++ CVE-2024/CVE-2024-535xx/CVE-2024-53506.json | 25 +++ CVE-2024/CVE-2024-535xx/CVE-2024-53507.json | 25 +++ CVE-2024/CVE-2024-538xx/CVE-2024-53848.json | 60 ++++++ CVE-2024/CVE-2024-538xx/CVE-2024-53861.json | 64 ++++++ CVE-2024/CVE-2024-538xx/CVE-2024-53864.json | 90 ++++++++ CVE-2024/CVE-2024-538xx/CVE-2024-53865.json | 60 ++++++ CVE-2024/CVE-2024-539xx/CVE-2024-53909.json | 57 ++++- CVE-2024/CVE-2024-539xx/CVE-2024-53910.json | 57 ++++- CVE-2024/CVE-2024-539xx/CVE-2024-53911.json | 57 ++++- CVE-2024/CVE-2024-539xx/CVE-2024-53912.json | 57 ++++- CVE-2024/CVE-2024-539xx/CVE-2024-53913.json | 57 ++++- CVE-2024/CVE-2024-539xx/CVE-2024-53914.json | 57 ++++- CVE-2024/CVE-2024-539xx/CVE-2024-53915.json | 57 ++++- CVE-2024/CVE-2024-539xx/CVE-2024-53979.json | 60 ++++++ CVE-2024/CVE-2024-539xx/CVE-2024-53980.json | 102 +++++++++ CVE-2024/CVE-2024-539xx/CVE-2024-53983.json | 60 ++++++ CVE-2024/CVE-2024-541xx/CVE-2024-54123.json | 45 +++- CVE-2024/CVE-2024-541xx/CVE-2024-54124.json | 45 +++- CVE-2024/CVE-2024-87xx/CVE-2024-8726.json | 42 +++- CVE-2024/CVE-2024-88xx/CVE-2024-8825.json | 60 +++++- CVE-2024/CVE-2024-88xx/CVE-2024-8826.json | 60 +++++- CVE-2024/CVE-2024-88xx/CVE-2024-8827.json | 60 +++++- CVE-2024/CVE-2024-88xx/CVE-2024-8828.json | 59 ++++- CVE-2024/CVE-2024-88xx/CVE-2024-8829.json | 58 ++++- CVE-2024/CVE-2024-88xx/CVE-2024-8830.json | 61 +++++- CVE-2024/CVE-2024-88xx/CVE-2024-8831.json | 61 +++++- CVE-2024/CVE-2024-88xx/CVE-2024-8832.json | 59 ++++- CVE-2024/CVE-2024-88xx/CVE-2024-8833.json | 61 +++++- CVE-2024/CVE-2024-88xx/CVE-2024-8834.json | 59 ++++- CVE-2024/CVE-2024-88xx/CVE-2024-8835.json | 59 ++++- CVE-2024/CVE-2024-88xx/CVE-2024-8836.json | 59 ++++- CVE-2024/CVE-2024-88xx/CVE-2024-8837.json | 61 +++++- CVE-2024/CVE-2024-97xx/CVE-2024-9777.json | 53 ++++- README.md | 102 +++++---- _state.csv | 227 +++++++++++--------- 83 files changed, 5936 insertions(+), 476 deletions(-) create mode 100644 CVE-2024/CVE-2024-353xx/CVE-2024-35366.json create mode 100644 CVE-2024/CVE-2024-353xx/CVE-2024-35367.json create mode 100644 CVE-2024/CVE-2024-353xx/CVE-2024-35368.json create mode 100644 CVE-2024/CVE-2024-353xx/CVE-2024-35371.json create mode 100644 CVE-2024/CVE-2024-366xx/CVE-2024-36610.json create mode 100644 CVE-2024/CVE-2024-366xx/CVE-2024-36611.json create mode 100644 CVE-2024/CVE-2024-366xx/CVE-2024-36612.json create mode 100644 CVE-2024/CVE-2024-366xx/CVE-2024-36615.json create mode 100644 CVE-2024/CVE-2024-366xx/CVE-2024-36616.json create mode 100644 CVE-2024/CVE-2024-520xx/CVE-2024-52003.json create mode 100644 CVE-2024/CVE-2024-528xx/CVE-2024-52800.json create mode 100644 CVE-2024/CVE-2024-528xx/CVE-2024-52801.json create mode 100644 CVE-2024/CVE-2024-528xx/CVE-2024-52809.json create mode 100644 CVE-2024/CVE-2024-528xx/CVE-2024-52810.json create mode 100644 CVE-2024/CVE-2024-535xx/CVE-2024-53504.json create mode 100644 CVE-2024/CVE-2024-535xx/CVE-2024-53505.json create mode 100644 CVE-2024/CVE-2024-535xx/CVE-2024-53506.json create mode 100644 CVE-2024/CVE-2024-535xx/CVE-2024-53507.json create mode 100644 CVE-2024/CVE-2024-538xx/CVE-2024-53848.json create mode 100644 CVE-2024/CVE-2024-538xx/CVE-2024-53861.json create mode 100644 CVE-2024/CVE-2024-538xx/CVE-2024-53864.json create mode 100644 CVE-2024/CVE-2024-538xx/CVE-2024-53865.json create mode 100644 CVE-2024/CVE-2024-539xx/CVE-2024-53979.json create mode 100644 CVE-2024/CVE-2024-539xx/CVE-2024-53980.json create mode 100644 CVE-2024/CVE-2024-539xx/CVE-2024-53983.json diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10900.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10900.json index 0cc68cbffa4..2b2a09950ca 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10900.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10900.json @@ -2,23 +2,29 @@ "id": "CVE-2024-10900", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-20T07:15:08.690", - "lastModified": "2024-11-20T07:15:08.690", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:58:31.967", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary user meta which can do things like deny an administrator's access to their site. ." + }, + { + "lang": "es", + "value": "El complemento ProfileGrid \u2013 User Profiles, Groups and Communities para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n pm_remove_file_attachment() en todas las versiones hasta la 5.9.3.6 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen metadatos de usuario arbitrarios que pueden hacer cosas como denegar el acceso de un administrador a su sitio." } ], "metrics": { "cvssMetricV31": [ { "source": "security@wordfence.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "baseScore": 6.5, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -26,12 +32,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 6.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 3.6 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H", + "baseScore": 8.1, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.2 } ] }, @@ -47,18 +71,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.9.3.7", + "matchCriteriaId": "9F35F51D-E309-48A1-9F9D-3D6A0EDDA701" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/admin/class-profile-magic-admin.php#L1902", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3190069%40profilegrid-user-profiles-groups-and-communities&new=3190069%40profilegrid-user-profiles-groups-and-communities&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-206xx/CVE-2024-20671.json b/CVE-2024/CVE-2024-206xx/CVE-2024-20671.json index 2ab37ab23a1..fa842365210 100644 --- a/CVE-2024/CVE-2024-206xx/CVE-2024-20671.json +++ b/CVE-2024/CVE-2024-206xx/CVE-2024-20671.json @@ -2,8 +2,8 @@ "id": "CVE-2024-20671", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:48.963", - "lastModified": "2024-06-11T16:15:17.183", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:40:08.810", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 5.5, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 3.6 @@ -49,12 +49,52 @@ "value": "CWE-276" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:windows_defender_antimalware_platform:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.18.24010.12", + "matchCriteriaId": "6B5409A5-A83D-44E8-9718-29CBB095738D" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20671", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20671", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21334.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21334.json index 81f1559ddbb..328cfb3676b 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21334.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21334.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21334", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:49.310", - "lastModified": "2024-05-29T00:15:20.560", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:52:35.697", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.8, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 5.9 @@ -49,12 +49,62 @@ "value": "CWE-416" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "1.8.1-0", + "matchCriteriaId": "45DDA86F-4F30-4507-8E8B-9974AC049B9D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*", + "matchCriteriaId": "0BFD64D6-E8BB-4606-8D4C-EAE586CAD791" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*", + "matchCriteriaId": "ABD632BE-513E-4581-9C8C-3A13DA1ADF1F" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-213xx/CVE-2024-21392.json b/CVE-2024/CVE-2024-213xx/CVE-2024-21392.json index c8faa1703cd..30a1a7b9dd9 100644 --- a/CVE-2024/CVE-2024-213xx/CVE-2024-21392.json +++ b/CVE-2024/CVE-2024-213xx/CVE-2024-21392.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21392", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:49.637", - "lastModified": "2024-05-29T00:15:32.400", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:52:32.870", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 @@ -49,12 +49,100 @@ "value": "CWE-400" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.17", + "matchCriteriaId": "703B87E9-C6D6-4C68-B8FE-339ECB852751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0.0", + "versionEndExcluding": "8.0.3", + "matchCriteriaId": "6B63FDDA-5C8D-4B45-B92C-6D8A12B40493" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.3", + "versionEndExcluding": "7.3.12", + "matchCriteriaId": "BC909F7F-388D-4407-951A-3D22C6061EBC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*", + "matchCriteriaId": "FFAAFDC7-5AA2-43E6-BE0B-7E0C02FC39C7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.4", + "versionEndExcluding": "17.4.17", + "matchCriteriaId": "C5439C09-DAAE-443D-8789-CFF1D256F043" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.6", + "versionEndExcluding": "17.6.13", + "matchCriteriaId": "773E7E41-31D8-4F6A-AE0B-3B2C217D6A19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.8", + "versionEndExcluding": "17.8.8", + "matchCriteriaId": "44E68F4D-72A4-466D-BF96-CB21C0FC8716" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*", + "versionStartIncluding": "17.9", + "versionEndExcluding": "17.9.3", + "matchCriteriaId": "F44D9E3A-06AA-453D-AB1A-B25BD7591912" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21400.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21400.json index 67ae26e2a97..7fe7ca6697f 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21400.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21400.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21400", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:49.797", - "lastModified": "2024-04-11T20:15:29.170", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:52:31.103", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 9.0, + "baseSeverity": "CRITICAL", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 9.0, - "baseSeverity": "CRITICAL" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 2.2, "impactScore": 6.0 @@ -49,12 +49,52 @@ "value": "CWE-22" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:confidental_containers:*:*:*:*:*:azure_cli:*:*", + "versionEndExcluding": "0.3.3", + "matchCriteriaId": "4B81287D-AEDC-40F4-BDFE-3E4A3E76B91E" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21419.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21419.json index b0421e73d45..ce0e0f0aff4 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21419.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21419.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21419", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:50.723", - "lastModified": "2024-04-11T20:15:30.777", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:52:29.267", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N", + "baseScore": 7.6, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,12 +32,30 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 7.6, - "baseSeverity": "HIGH" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 4.7 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, @@ -49,12 +69,53 @@ "value": "CWE-79" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*", + "versionStartIncluding": "9.1", + "versionEndExcluding": "9.1.26", + "matchCriteriaId": "E545F0AD-5FA2-491C-8C8A-22DD1AEA3DBC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21419", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21419", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21423.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21423.json index 08bc4fc2990..a15decbf07b 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21423.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21423.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21423", "sourceIdentifier": "secure@microsoft.com", "published": "2024-02-23T22:15:54.717", - "lastModified": "2024-06-11T15:16:03.297", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:42:08.630", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", + "baseScore": 4.8, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.8, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.2, "impactScore": 2.5 @@ -49,12 +49,52 @@ "value": "CWE-693" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "122.0.2365.52", + "matchCriteriaId": "25ACA043-6B6E-4990-AC4C-A4E58B4A87F3" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21423", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21423", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21426.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21426.json index af9ad186192..06acce9609e 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21426.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21426.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21426", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:51.080", - "lastModified": "2024-05-29T00:15:35.200", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:50:09.910", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 @@ -49,12 +49,61 @@ "value": "CWE-416" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*", + "matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*", + "matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*", + "matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21427.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21427.json index 24aac67b833..b538c64a7f5 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21427.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21427.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21427", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:51.233", - "lastModified": "2024-04-11T20:15:31.130", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:49:42.757", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.5, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.5, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.6, "impactScore": 5.9 @@ -49,12 +49,75 @@ "value": "CWE-287" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6897", + "matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5696", + "matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2402", + "matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.830", + "matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21429.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21429.json index 14da7053f9e..a407e16956e 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21429.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21429.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21429", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:51.400", - "lastModified": "2024-04-11T20:15:31.223", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:43:50.370", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 6.8, - "baseSeverity": "MEDIUM" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 0.9, "impactScore": 5.9 @@ -49,12 +49,209 @@ "value": "CWE-197" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*", + "matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*", + "matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*", + "matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2340", + "matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.763", + "matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21430.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21430.json index 4c65f4dcf3f..4c3afb698c0 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21430.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21430.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21430", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:51.573", - "lastModified": "2024-04-11T20:15:31.333", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:44:32.717", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", + "baseScore": 5.7, + "baseSeverity": "MEDIUM", "attackVector": "PHYSICAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", @@ -30,12 +32,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "NONE", - "baseScore": 5.7, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 0.5, "impactScore": 5.2 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.4, + "baseSeverity": "MEDIUM", + "attackVector": "PHYSICAL", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 } ] }, @@ -49,12 +69,194 @@ "value": "CWE-125" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2340", + "matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.763", + "matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21430", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21430", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21431.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21431.json index 2a84564c5df..fb48ecf7aea 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21431.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21431.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21431", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:51.743", - "lastModified": "2024-06-11T16:15:18.230", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:44:56.373", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,12 +32,30 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.8, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.8, + "impactScore": 5.9 } ] }, @@ -49,12 +69,130 @@ "value": "CWE-732" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2340", + "matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.763", + "matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21431", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21431", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21432.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21432.json index 80c77db1c4e..5d5e1060dd4 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21432.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21432.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21432", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:51.900", - "lastModified": "2024-05-29T00:15:35.527", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:47:25.987", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.0, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.0, "impactScore": 5.9 @@ -49,12 +49,194 @@ "value": "CWE-59" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2340", + "matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.763", + "matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21433.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21433.json index 505c3989287..e624ef2bba4 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21433.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21433.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21433", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-12T17:15:52.063", - "lastModified": "2024-06-11T16:15:18.377", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:47:35.220", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.0, + "baseSeverity": "HIGH", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", - "availabilityImpact": "HIGH", - "baseScore": 7.0, - "baseSeverity": "HIGH" + "availabilityImpact": "HIGH" }, "exploitabilityScore": 1.0, "impactScore": 5.9 @@ -49,12 +49,194 @@ "value": "CWE-367" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.10240.20526", + "matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19044.4170", + "matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*", + "versionEndExcluding": "10.0.19045.4170", + "matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22000.2836", + "matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22621.3296", + "matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*", + "versionEndExcluding": "10.0.22631.3296", + "matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*", + "matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.14393.6796", + "matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.5576", + "matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2340", + "matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.763", + "matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26167.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26167.json index 3b134677779..063c455c873 100644 --- a/CVE-2024/CVE-2024-261xx/CVE-2024-26167.json +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26167.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26167", "sourceIdentifier": "secure@microsoft.com", "published": "2024-03-07T21:15:08.273", - "lastModified": "2024-06-11T16:15:19.920", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:40:52.990", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 @@ -49,12 +49,52 @@ "value": "CWE-1021" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*", + "versionEndExcluding": "122.0.2365.92", + "matchCriteriaId": "CDD87F1B-24A2-478F-9E37-150909201FB5" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26167", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26167", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26188.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26188.json index 871cb0970d1..c5384bf32da 100644 --- a/CVE-2024/CVE-2024-261xx/CVE-2024-26188.json +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26188.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26188", "sourceIdentifier": "secure@microsoft.com", "published": "2024-02-23T23:15:09.790", - "lastModified": "2024-06-11T15:16:04.713", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:41:53.547", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "baseScore": 4.3, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 4.3, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 1.4 @@ -49,12 +49,52 @@ "value": "CWE-357" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*", + "versionEndExcluding": "122.0.2365.52", + "matchCriteriaId": "B38B8A44-8708-4D07-AA6D-8ABAC75E15D3" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26188", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26188", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-261xx/CVE-2024-26192.json b/CVE-2024/CVE-2024-261xx/CVE-2024-26192.json index c7c9d18d303..293df4e7536 100644 --- a/CVE-2024/CVE-2024-261xx/CVE-2024-26192.json +++ b/CVE-2024/CVE-2024-261xx/CVE-2024-26192.json @@ -2,8 +2,8 @@ "id": "CVE-2024-26192", "sourceIdentifier": "secure@microsoft.com", "published": "2024-02-23T23:15:09.960", - "lastModified": "2024-06-11T15:16:04.830", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:41:36.453", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -19,10 +19,12 @@ "cvssMetricV31": [ { "source": "secure@microsoft.com", - "type": "Primary", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L", + "baseScore": 8.2, + "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", - "availabilityImpact": "LOW", - "baseScore": 8.2, - "baseSeverity": "HIGH" + "availabilityImpact": "LOW" }, "exploitabilityScore": 2.8, "impactScore": 4.7 @@ -49,12 +49,52 @@ "value": "CWE-359" } ] + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*", + "versionEndExcluding": "122.0.2365.52", + "matchCriteriaId": "25ACA043-6B6E-4990-AC4C-A4E58B4A87F3" + } + ] + } + ] } ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] + }, + { + "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192", + "source": "af854a3a-2127-422b-91ae-364da2661108", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35366.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35366.json new file mode 100644 index 00000000000..a8746b2608d --- /dev/null +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35366.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-35366", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:19.863", + "lastModified": "2024-11-29T20:15:19.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35367.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35367.json new file mode 100644 index 00000000000..d15b991e025 --- /dev/null +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35367.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-35367", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:19.957", + "lastModified": "2024-11-29T20:15:19.957", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35368.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35368.json new file mode 100644 index 00000000000..236c0a318d3 --- /dev/null +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35368.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-35368", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:20.050", + "lastModified": "2024-11-29T20:15:20.050", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/7e6e47220ae2b2d2fb4611f0d8a31ec5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/rkmppdec.c#L466", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-353xx/CVE-2024-35371.json b/CVE-2024/CVE-2024-353xx/CVE-2024-35371.json new file mode 100644 index 00000000000..e76299337a8 --- /dev/null +++ b/CVE-2024/CVE-2024-353xx/CVE-2024-35371.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-35371", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:20.143", + "lastModified": "2024-11-29T20:15:20.143", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/4eb17867f2e375f4824274c5e7b4d384", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ant-media/Ant-Media-Server/blob/ams-v2.8.2/src/main/java/io/antmedia/rest/RestServiceBase.java#L356", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36610.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36610.json new file mode 100644 index 00000000000..9392fb88eba --- /dev/null +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36610.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-36610", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:20.237", + "lastModified": "2024-11-29T20:15:20.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/24e93f2905850235e42ad7db6e878bd5", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/symfony/symfony/blob/v7.0.3/src/Symfony/Component/VarDumper/Cloner/Stub.php#L53", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/symfony/symfony/commit/3ffd495bb3cc4d2e24e35b2d83c5b909cab7e259", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36611.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36611.json new file mode 100644 index 00000000000..e825def9395 --- /dev/null +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36611.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-36611", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T19:15:06.780", + "lastModified": "2024-11-29T19:15:06.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36612.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36612.json new file mode 100644 index 00000000000..0386998a49a --- /dev/null +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36612.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-36612", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:20.340", + "lastModified": "2024-11-29T20:15:20.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/f7ff51d24ebbb29e21dfb70a0c97302b", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/zulip/zulip/blob/8.3/web/src/click_handlers.js", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/zulip/zulip/commit/0a90a13becbf0338a8fc1ad37946e51c2c25b0a5", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36615.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36615.json new file mode 100644 index 00000000000..daeffb2c81f --- /dev/null +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36615.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-36615", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T19:15:07.703", + "lastModified": "2024-11-29T19:15:07.703", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36616.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36616.json new file mode 100644 index 00000000000..9e34ebd5406 --- /dev/null +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36616.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-36616", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T19:15:07.817", + "lastModified": "2024-11-29T19:15:07.817", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-366xx/CVE-2024-36624.json b/CVE-2024/CVE-2024-366xx/CVE-2024-36624.json index ae2c7967ca0..1c87b076148 100644 --- a/CVE-2024/CVE-2024-366xx/CVE-2024-36624.json +++ b/CVE-2024/CVE-2024-366xx/CVE-2024-36624.json @@ -2,7 +2,7 @@ "id": "CVE-2024-36624", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-29T18:15:08.440", - "lastModified": "2024-11-29T18:15:08.440", + "lastModified": "2024-11-29T19:15:07.923", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/1047524396/64720d2aa5afd943eb7e5a1ed4808ad6", diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50179.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50179.json index 3a35ac059a6..22cb4ae3ee6 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50179.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50179.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50179", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.250", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:34:14.350", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,43 +15,173 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ceph: eliminar la comprobaci\u00f3n de referencia de Fw incorrecta al ensuciar p\u00e1ginas. Al realizar lecturas de E/S directas, tambi\u00e9n intentar\u00e1 marcar las p\u00e1ginas como sucias, pero para la ruta de lectura no mantendr\u00e1 las capacidades de Fw y en ning\u00fan caso obtendr\u00e1 la referencia de Fw." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2", + "versionEndExcluding": "4.19.323", + "matchCriteriaId": "677C8F99-30A1-4F6B-BD3E-FE1550E8BA0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.227", + "matchCriteriaId": "795A3EE6-0CAB-4409-A903-151C94ACECC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.55", + "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.14", + "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.3", + "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/11ab19d48ab877430eed0c7d83810970bbcbc4f6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/126b567a2ef65fc38a71d832bf1216c56816f231", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/74b302ebad5b43ac17460fa58092d892a3cba6eb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9d4f619153bab7fa59736462967821d6521a38cb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c08dfb1b49492c09cf13838c71897493ea3b424e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c26c5ec832dd9e9dcd0a0a892a485c99889b68f0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ea98284fc4fb05f276737d2043b02b62be5a8dfb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f55e003d261baa7c57d51ae5c8ec1f5c26a35c89", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f863bfd0a2c6c99011c62ea71ac04f8e78707da9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50180.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50180.json index f07d5e7fafb..204b5e61e4c 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50180.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50180.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50180", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.313", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:35:40.690", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,158 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: sisfb: Fix strbuf array overflow Los valores de las variables xres e yres se colocan en strbuf. Estas variables se obtienen de strbuf1. La matriz strbuf1 contiene caracteres num\u00e9ricos y un espacio si la matriz contiene caracteres que no son d\u00edgitos. Luego, al ejecutar sprintf(strbuf, \"%ux%ux8\", xres, yres); se escribir\u00e1n m\u00e1s de 16 bytes en strbuf. Se sugiere aumentar el tama\u00f1o de la matriz strbuf a 24. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.19.323", + "matchCriteriaId": "3BC77309-A76B-49EF-A846-844D824E3586" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.227", + "matchCriteriaId": "795A3EE6-0CAB-4409-A903-151C94ACECC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.57", + "matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.4", + "matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/57c4f4db0a194416da237fd09dad9527e00cb587", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527b5e19c3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50181.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50181.json index 12cf016e74f..af94b205c4b 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50181.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50181.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50181", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.390", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:36:52.667", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: imx: eliminar CLK_SET_PARENT_GATE para mux DRAM para i.MX7D Para el reloj mux relacionado con DRAM i.MX7D, el cambio de fuente de reloj S\u00d3LO debe realizarse en c\u00f3digo asm de bajo nivel sin acceder a DRAM, y luego llamar a la API clk para sincronizar el estado del reloj de HW con el \u00e1rbol clk, nunca debe tocar el cambio de fuente de reloj real a trav\u00e9s de la API clk, por lo que el indicador CLK_SET_PARENT_GATE NO debe agregarse, de lo contrario, el reloj padre de DRAM se deshabilitar\u00e1 cuando DRAM est\u00e9 activo y el sistema se colgar\u00e1." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.227", + "matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.57", + "matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.4", + "matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/11ceb17e6f07cc30410f3a6276cddda248a9b863", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/339273a9ddfe7632b717c2e13e81cbd5d383e1ff", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/94f6cdc837e38371324cee97dfd2ef1a99a82c98", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a54c441b46a0745683c2eef5a359d22856d27323", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b677b94a9193ec7b6607bd1255172ae59174a382", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d18dc8e14b9c794f58dae1577ccb2ab84a4a1b11", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50182.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50182.json index 26036cdcc74..a81d63fa477 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50182.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50182.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50182", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:15.450", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:38:47.760", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,127 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: secretmem: deshabilitar memfd_secret() si arch no puede establecer el mapa directo Devolver -ENOSYS de la llamada al sistema memfd_secret() si !can_set_direct_map(). Este es el caso, por ejemplo, de algunas configuraciones arm64, donde marcar 4k PTE en el mapa directo como no presentes solo se puede hacer si el mapa directo se configura con una granularidad de 4k en primer lugar (ya que la sem\u00e1ntica break-before-make de ARM no permite dividir f\u00e1cilmente p\u00e1ginas grandes/gigantescas). M\u00e1s precisamente, en sistemas arm64 con !can_set_direct_map(), set_direct_map_invalid_noflush() es una operaci\u00f3n sin efecto, sin embargo, devuelve \u00e9xito (0) en lugar de un error. Esto significa que memfd_secret aparentemente \"funcionar\u00e1\" (por ejemplo, la llamada al sistema tiene \u00e9xito, puede mmap el fd y el error en las p\u00e1ginas), pero en realidad no logra su objetivo de eliminar su memoria del mapa directo. Tenga en cuenta que con este parche, memfd_secret() comenzar\u00e1 a generar errores en sistemas donde can_set_direct_map() devuelve falso (arm64 con CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n y CONFIG_KFENCE=n), pero eso parece mejor que el error silencioso actual. Dado que CONFIG_RODATA_FULL_DEFAULT_ENABLED tiene como valor predeterminado 'y', la mayor\u00eda de los sistemas arm64 tienen en realidad un memfd_secret() en funcionamiento y no se ven afectados. Al revisar las iteraciones de la serie de parches memfd_secret originales, parece que deshabilitar la llamada al sistema en estos escenarios era el comportamiento previsto [1] (preferible a que set_direct_map_invalid_noflush devuelva un error ya que eso generar\u00eda SIGBUS en el momento de la falla de la p\u00e1gina); sin embargo, la verificaci\u00f3n se abandon\u00f3 entre v16 [2] y v17 [3], cuando secretmem se alej\u00f3 de las asignaciones de CMA. [1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/ [2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t [3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.14", + "versionEndExcluding": "5.15.169", + "matchCriteriaId": "ADC31A5D-676C-45DC-AA72-F69DA6922679" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.57", + "matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.4", + "matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/532b53cebe58f34ce1c0f34d866f5c0e335c53c6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5ea0b7af38754d2b45ead9257bca47e84662e926", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/757786abe4547eb3d9d0e8350a63bdb0f9824af2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7caf966390e6e4ebf42775df54e7ee1f280ce677", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d0ae6ffa1aeb297aef89f49cfb894a83c329ebad", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50192.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50192.json index 78dcac13ce5..e049268821d 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50192.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50192.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50192", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.100", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T19:00:45.733", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,146 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/gic-v4: No permitir un VMOVP en un VPE moribundo Kunkun Jiang inform\u00f3 que hay una peque\u00f1a ventana de oportunidad para que el espacio de usuario fuerce un cambio de afinidad para un VPE mientras el VPE ya ha sido desasignado, pero la interrupci\u00f3n del timbre correspondiente a\u00fan es visible en /proc/irq/. Conecte la ejecuci\u00f3n verificando el valor de vmapp_count, que rastrea si el VPE est\u00e1 asignado o no, y devuelve un error en este caso. Esto implica hacer que vmapp_count sea com\u00fan tanto para GICv4.1 como para su antecesor v4.0." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 4.7, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.6", + "versionEndExcluding": "5.10.228", + "matchCriteriaId": "23D95807-ADA5-452C-BBD3-C14EA7B6CC6D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.169", + "matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.114", + "matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.58", + "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/01282ab5182f85e42234df2ff42f0ce790f465ff", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1442ee0011983f0c5c4b92380e6853afb513841a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/64b12b061c5488e2d69e67c4eaae5da64fd30bfe", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/755b9532c885b8761fb135fedcd705e21e61cccb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b7d7b7fc876f836f40bf48a87e07ea18756ba196", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d960505a869e66184fff97fb334980a5b797c7c6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50193.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50193.json index aba2af62386..0d998fdf346 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50193.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50193.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50193", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.153", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T19:29:23.710", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,145 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/entry_32: Borrar los b\u00faferes de la CPU despu\u00e9s de restaurar el registro en el retorno NMI Los b\u00faferes de la CPU se borran actualmente despu\u00e9s de la llamada a exc_nmi, pero antes de que se restaure el estado del registro. Esto puede ser adecuado para la mitigaci\u00f3n de MDS, pero no para RDFS. Porque la mitigaci\u00f3n de RDFS requiere que se borren los b\u00faferes de la CPU cuando los registros no tienen datos confidenciales. Mueva CLEAR_CPU_BUFFERS despu\u00e9s de RESTORE_ALL_NMI." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.228", + "matchCriteriaId": "00E49974-BB63-44B8-8A3C-048EBB86B743" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.169", + "matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.114", + "matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.58", + "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "DEA3578E-BB87-4486-90C9-D07BD36965C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/227358e89703c344008119be7e8ffa3fdb5b92de", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/43778de19d2ef129636815274644b9c16e78c66b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/48a2440d0f20c826b884e04377ccc1e4696c84e9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/64adf22c4bc73ede920baca5defefb70f190cdbc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6f44a5fc15b5cece0785bc07453db77d99b0a6de", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b6400eb0b347821efc57760221f8fb6d63b9548a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50194.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50194.json index 33c62e8f7d1..c5b9099f069 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50194.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50194.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50194", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.217", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T19:33:26.060", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,174 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: sondas: corrige uprobes para kernels big-endian El c\u00f3digo de uprobes de arm64 est\u00e1 roto para kernels big-endian ya que no convierte la codificaci\u00f3n de instrucciones en memoria (que siempre es little-endian) al endianness nativo del kernel antes de analizar y simular instrucciones. Esto puede resultar en algunos problemas distintos: * El kernel puede rechazar err\u00f3neamente el sondeo de una instrucci\u00f3n que puede sondearse de forma segura. * El kernel puede permitir err\u00f3neamente el paso de una instrucci\u00f3n fuera de l\u00ednea cuando esa instrucci\u00f3n no puede ser pasada fuera de l\u00ednea de forma segura. * El kernel puede simular err\u00f3neamente la instrucci\u00f3n incorrectamente durante la interpretaci\u00f3n de la codificaci\u00f3n de bytes intercambiados. El desajuste de endianness no es detectado por el compilador o sparse porque: * Los campos arch_uprobe::{insn,ixol} est\u00e1n codificados como matrices de u8, por lo que el compilador y sparse no tienen idea de que estos contienen un valor de 32 bits little-endian. El c\u00f3digo central de uprobes los llena con un memcpy() que de manera similar no maneja el endianness. * Si bien el tipo uprobe_opcode_t es un alias para __le32, tanto arch_uprobe_analyze_insn() como arch_uprobe_skip_sstep() convierten de u8[] al tipo de nombre similar probe_opcode_t, que es un alias para u32. Por lo tanto, no hay una advertencia de conversi\u00f3n de endianness. Solucione esto cambiando los campos arch_uprobe::{insn,ixol} a __le32 y agregando las conversiones __le32_to_cpu() apropiadas antes de consumir la codificaci\u00f3n de instrucciones. El n\u00facleo uprobes copia estos campos como rangos opacos de bytes y, por lo tanto, no se ve afectado por este cambio. Al mismo tiempo, elimine MAX_UINSN_BYTES y use consistentemente AARCH64_INSN_SIZE para mayor claridad. Probado con lo siguiente: | #include | #include | | #define noinline __attribute__((noinline)) | | static noinline void *adrp_self(void) | { | void *addr; | | asm vol\u00e1til( | \" adrp %x0, adrp_self\\n\" | \" add %x0, %x0, :lo12:adrp_self\\n\" | : \"=r\" (addr)); | } | | | int main(int argc, char *argv) | { | void *ptr = adrp_self(); | bool equal = (ptr == adrp_self); | | printf(\"adrp_self => %p\\n\" | \"adrp_self() => %p\\n\" | \"%s\\n\", | adrp_self, ptr, equal ? \"EQUAL\" : \"NOT EQUAL\"); | | return 0; | } .... donde la funci\u00f3n adrp_self() se compil\u00f3 a: | 00000000004007e0 : | 4007e0: 90000000 adrp x0, 400000 <__ehdr_start> | 4007e4: 911f8000 add x0, x0, #0x7e0 | 4007e8: d65f03c0 ret Antes de este parche, no se reconoc\u00eda el ADRP y se asum\u00eda que se pod\u00eda ejecutar paso a paso, lo que provocaba la corrupci\u00f3n del resultado: | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | IGUAL | # echo 'p /root/adrp-self:0x007e0' > /sys/kernel/tracing/uprobe_events | # echo 1 > /sys/kernel/tracing/events/uprobes/enable | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0xffffffffff7e0 | NO IGUAL Despu\u00e9s de este parche, el ADRP se reconoce y simula correctamente: | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | IGUAL | # | # echo 'p /root/adrp-self:0x007e0' > /sys/kernel/tracing/uprobe_events | # echo 1 > /sys/kernel/tracing/events/uprobes/enable | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | IGUAL" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.10", + "versionEndExcluding": "4.19.323", + "matchCriteriaId": "56700326-E491-4B17-B143-B939C5EC1DBE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.229", + "matchCriteriaId": "1A03CABE-9B43-4E7F-951F-10DEEADAA426" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "A9BA1C73-2D2E-45E3-937B-276A28AEB5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.58", + "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/14841bb7a531b96e2dde37423a3b33e75147c60d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3d2530c65be04e93720e30f191a7cf1a3aa8b51c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8165bf83b8a64be801d59cd2532b0d1ffed74d00", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b6a638cb600e13f94b5464724eaa6ab7f3349ca2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf60d19d40184e43d9a624e55a0da73be09e938d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf9ddf9ed94c15564a05bbf6e9f18dffa0c7df80", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e6ab336213918575124d6db43dc5d3554526242e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50195.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50195.json index 86e7199a459..3a1c5e4cbd9 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50195.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50195.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50195", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.280", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:26:50.623", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,174 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: posix-clock: Arreglar la comprobaci\u00f3n timespec64 faltante en pc_clock_settime() Como se\u00f1al\u00f3 Andrew, tendr\u00e1 sentido que el n\u00facleo PTP comprobara el rango tv_sec y tv_nsec de la estructura timespec64 antes de llamar a ptp->info->settime64(). Como dec\u00eda el manual de manual de clock_settime(), si tp.tv_sec es negativo o tp.tv_nsec est\u00e1 fuera del rango [0..999,999,999], deber\u00eda devolver EINVAL, que incluye relojes din\u00e1micos que manejan el reloj PTP, y la condici\u00f3n es consistente con timespec64_valid(). Como sugiri\u00f3 Thomas, timespec64_valid() solo comprueba que el timespec sea v\u00e1lido, pero no garantiza que el tiempo est\u00e9 en un rango v\u00e1lido, as\u00ed que compru\u00e9belo con antelaci\u00f3n usando timespec64_valid_strict() en pc_clock_settime() y devuelva -EINVAL si no es v\u00e1lido. Hay algunos controladores que usan tp->tv_sec y tp->tv_nsec directamente para escribir registros sin comprobaciones de validez y asumen que la capa superior lo ha comprobado, lo cual es peligroso y se beneficiar\u00e1 de esto, como hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(), y algunos controladores pueden eliminar las comprobaciones de s\u00ed mismos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.39", + "versionEndExcluding": "4.19.323", + "matchCriteriaId": "5A3583A3-7039-4012-9458-F67912AED1CA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.228", + "matchCriteriaId": "9062315F-AB89-4ABE-8C13-B75927689F66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.169", + "matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.114", + "matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.58", + "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/29f085345cde24566efb751f39e5d367c381c584", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e0c966bd3e31911b57ef76cec4c5796ebd88e512", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50196.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50196.json index 06837b5f229..d2d1eb97244 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50196.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50196.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50196", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.347", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:28:53.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,131 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: ocelot: arregla el bloqueo del sistema en interrupciones basadas en niveles La implementaci\u00f3n actual solo llama a chained_irq_enter() y chained_irq_exit() si detecta interrupciones pendientes. ``` for (i = 0; i < info->stride; i++) { uregmap_read(info->map, id_reg + 4 * i, \u00ae); if (!reg) continue; chained_irq_enter(parent_chip, desc); ``` Sin embargo, en el caso de que el pin GPIO est\u00e9 configurado en modo de nivel y el controlador principal est\u00e9 configurado en modo de borde, el hardware puede reducir la interrupci\u00f3n GPIO. Como resultado, si la interrupci\u00f3n es lo suficientemente corta, la interrupci\u00f3n principal sigue pendiente mientras se borra la interrupci\u00f3n GPIO; chained_irq_enter() nunca se llama y el sistema se cuelga al intentar dar servicio a la interrupci\u00f3n principal. Mover chained_irq_enter() y chained_irq_exit() fuera del bucle for garantiza que se llamen incluso cuando el hardware reduce la interrupci\u00f3n GPIO. El c\u00f3digo similar con las funciones chained_irq_enter() / chained_irq_exit() que envuelven el bucle de verificaci\u00f3n de interrupciones se puede encontrar en muchos otros controladores: ``` grep -r -A 10 chained_irq_enter drivers/pinctrl ```" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.169", + "matchCriteriaId": "6BDAF23B-6DD3-4FF3-9077-AE6E61F87D65" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.114", + "matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.58", + "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/20728e86289ab463b99b7ab4425515bd26aba417", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4a81800ef05bea5a9896f199677f7b7f5020776a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/655f5d4662b958122b260be05aa6dfdf8768efe6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/93b8ddc54507a227087c60a0013ed833b6ae7d3c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/dcbe9954634807ec54e22bde278b5b269f921381", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50197.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50197.json index 2926225503e..721141aeb5b 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50197.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50197.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50197", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.407", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:33:23.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,90 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: intel: platform: fix error path in device_for_each_child_node() El bucle device_for_each_child_node() requiere llamadas a fwnode_handle_put() en retornos tempranos para decrementar el refcount del nodo secundario y evitar fugas de memoria si se activa esa ruta de error. Hay un retorno temprano dentro de ese bucle en intel_platform_pinctrl_prepare_community(), pero falta fwnode_handle_put(). En lugar de agregar la llamada faltante, la versi\u00f3n con \u00e1mbito del bucle se puede usar para simplificar el c\u00f3digo y evitar errores en el futuro si se agregan nuevos retornos tempranos, ya que el nodo secundario solo se usa para analizar y nunca se asigna." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "DEA3578E-BB87-4486-90C9-D07BD36965C5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/16a6d2e685e8f9a2f51dd5a363d3f97fcad35e22", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be3f7b9f995a6c2ee02767a0319929a2a98adf69", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50198.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50198.json index b6047f0eac8..aa6816ab10c 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50198.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50198.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50198", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.467", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:31:29.787", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,146 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: light: veml6030: fix IIO device retrieval from built-in device El puntero dev que se recibe como argumento en la funci\u00f3n in_illuminance_period_available_show hace referencia al dispositivo integrado en el dispositivo IIO, no en el cliente i2c. Se debe utilizar dev_to_iio_dev() para acceder a los datos correctos. La implementaci\u00f3n actual genera un error de segmentaci\u00f3n en cada intento de leer el atributo porque indio_dev obtiene una asignaci\u00f3n NULL. Este error ha estado presente desde la primera aparici\u00f3n del controlador, aparentemente desde la \u00faltima versi\u00f3n (V6) antes de aplicarse. Hasta entonces se utilizaba un atributo constante y es posible que no se hayan vuelto a probar las \u00faltimas modificaciones." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.228", + "matchCriteriaId": "9062315F-AB89-4ABE-8C13-B75927689F66" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.169", + "matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.114", + "matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.58", + "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-512xx/CVE-2024-51228.json b/CVE-2024/CVE-2024-512xx/CVE-2024-51228.json index e765236b6ec..bd32e4dc8c2 100644 --- a/CVE-2024/CVE-2024-512xx/CVE-2024-51228.json +++ b/CVE-2024/CVE-2024-512xx/CVE-2024-51228.json @@ -2,16 +2,55 @@ "id": "CVE-2024-51228", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-27T17:15:12.800", - "lastModified": "2024-11-27T17:15:12.800", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:15:20.430", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component." + }, + { + "lang": "es", + "value": "Un problema en TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 y TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 y TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 y TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 y TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 y TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del componente /boafrm/formSysCmd." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 6.8, + "baseSeverity": "MEDIUM", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/yckuo-sdc/totolink-boa-api-vulnerabilities", diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52003.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52003.json new file mode 100644 index 00000000000..91fb2d2ba60 --- /dev/null +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52003.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2024-52003", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:08.170", + "lastModified": "2024-11-29T19:15:08.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-601" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/traefik/traefik/pull/11253", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/traefik/traefik/releases/tag/v2.11.14", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/traefik/traefik/releases/tag/v3.2.1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-527xx/CVE-2024-52762.json b/CVE-2024/CVE-2024-527xx/CVE-2024-52762.json index 0bfb5c3f6a4..4a5f9ffe1fc 100644 --- a/CVE-2024/CVE-2024-527xx/CVE-2024-52762.json +++ b/CVE-2024/CVE-2024-527xx/CVE-2024-52762.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52762", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-19T21:15:06.580", - "lastModified": "2024-11-20T20:35:17.280", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T21:00:39.843", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,11 +18,13 @@ "metrics": { "cvssMetricV31": [ { - "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", - "type": "Secondary", + "source": "nvd@nist.gov", + "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", @@ -30,9 +32,27 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "baseScore": 5.4, - "baseSeverity": "MEDIUM" + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.3, "impactScore": 2.7 @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,33 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ganglia:ganglia-web:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7.3", + "versionEndIncluding": "3.76", + "matchCriteriaId": "B7E7806B-9443-4250-A789-F980E207AC13" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/ganglia/ganglia-web/issues/382", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-527xx/CVE-2024-52763.json b/CVE-2024/CVE-2024-527xx/CVE-2024-52763.json index e176632ed1e..d4a4223b669 100644 --- a/CVE-2024/CVE-2024-527xx/CVE-2024-52763.json +++ b/CVE-2024/CVE-2024-527xx/CVE-2024-52763.json @@ -2,20 +2,112 @@ "id": "CVE-2024-52763", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-19T21:15:06.663", - "lastModified": "2024-11-19T21:56:45.533", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T21:00:47.937", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the \"g\" parameter." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente /graph_all_periods.php de Ganglia-web v3.73 a v3.75 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload manipulado espec\u00edficamente para ello e inyectado en el par\u00e1metro \"g\"." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ganglia:ganglia-web:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.7.3", + "versionEndIncluding": "3.7.5", + "matchCriteriaId": "8E81705A-F26F-4A42-85E7-B805BF250475" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/ganglia/ganglia-web/issues/382", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Issue Tracking" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52800.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52800.json new file mode 100644 index 00000000000..1d17ee587cb --- /dev/null +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52800.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-52800", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:08.713", + "lastModified": "2024-11-29T19:15:08.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 2.3, + "baseSeverity": "LOW", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/veraPDF/veraPDF-library/issues/1488", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-4cx5-89vm-833x", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52801.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52801.json new file mode 100644 index 00000000000..1e2ef54eb70 --- /dev/null +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52801.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-52801", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:08.890", + "lastModified": "2024-11-29T19:15:08.890", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically secure. This issue was fixed in version v2.6.4, where cookies are opaque and cryptographically secure strings. All users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-327" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/drakkan/sftpgo/commit/f30a9a2095bf90c0661b04fe038e3b7efc788bc6", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/drakkan/sftpgo/security/advisories/GHSA-6943-qr24-82vx", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/rs/xid", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52809.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52809.json new file mode 100644 index 00000000000..c5b719c022f --- /dev/null +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52809.json @@ -0,0 +1,86 @@ +{ + "id": "CVE-2024-52809", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:09.030", + "lastModified": "2024-11-29T19:15:09.030", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/intlify/vue-i18n/commit/72f0d323006fc7363b18cab62d4522dadd874411", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-9r9m-ffp6-9x4v", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-528xx/CVE-2024-52810.json b/CVE-2024/CVE-2024-528xx/CVE-2024-52810.json new file mode 100644 index 00000000000..72f6b50b7f6 --- /dev/null +++ b/CVE-2024/CVE-2024-528xx/CVE-2024-52810.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-52810", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:09.163", + "lastModified": "2024-11-29T19:15:09.163", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1321" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53504.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53504.json new file mode 100644 index 00000000000..746bf12f845 --- /dev/null +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53504.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-53504", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:20.763", + "lastModified": "2024-11-29T20:15:20.763", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/siyuan-note/siyuan/issues/13058", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/siyuan-note/siyuan/issues/13077", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53505.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53505.json new file mode 100644 index 00000000000..c7a694cb852 --- /dev/null +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53505.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-53505", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:20.853", + "lastModified": "2024-11-29T20:15:20.853", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/siyuan-note/siyuan/issues/13059", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/siyuan-note/siyuan/issues/13077", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53506.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53506.json new file mode 100644 index 00000000000..2134f6420f3 --- /dev/null +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53506.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-53506", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:20.943", + "lastModified": "2024-11-29T20:15:20.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/siyuan-note/siyuan/issues/13060", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/siyuan-note/siyuan/issues/13077", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-535xx/CVE-2024-53507.json b/CVE-2024/CVE-2024-535xx/CVE-2024-53507.json new file mode 100644 index 00000000000..e798c9a41e3 --- /dev/null +++ b/CVE-2024/CVE-2024-535xx/CVE-2024-53507.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-53507", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-29T20:15:21.027", + "lastModified": "2024-11-29T20:15:21.027", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/siyuan-note/siyuan/issues/13057", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/siyuan-note/siyuan/issues/13077", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53848.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53848.json new file mode 100644 index 00000000000..db022b34beb --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53848.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-53848", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:09.290", + "lastModified": "2024-11-29T19:15:09.290", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. `https://example.org/schema.json` will be stored as `schema.json`. This naming allows for conflicts. If an attacker can get a user to run `check-jsonschema` against a malicious schema URL, e.g., `https://example.evil.org/schema.json`, they can insert their own schema into the cache and it will be picked up and used instead of the appropriate schema. Such a cache confusion attack could be used to allow data to pass validation which should have been rejected. This issue has been patched in version 0.30.0. All users are advised to upgrade. A few workarounds exist: 1. Users can use `--no-cache` to disable caching. 2. Users can use `--cache-filename` to select filenames for use in the cache, or to ensure that other usages do not overwrite the cached schema. (Note: this flag is being deprecated as part of the remediation effort.) 3. Users can explicitly download the schema before use as a local file, as in `curl -LOs https://example.org/schema.json; check-jsonschema --schemafile ./schema.json`" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N", + "baseScore": 7.1, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-349" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/python-jsonschema/check-jsonschema/commit/c52714b85e6725b1b24516fbdedacb333b939152", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/python-jsonschema/check-jsonschema/security/advisories/GHSA-q6mv-284r-mp36", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53861.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53861.json new file mode 100644 index 00000000000..fd18e5f8a31 --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53861.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-53861", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:09.433", + "lastModified": "2024-11-29T19:15:09.433", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `\"acb\"` being accepted for `\"_abc_\"`. This is a bug introduced in version 2.10.0: checking the \"iss\" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if \"abc\" not in \"__abcd__\":` being checked instead of `if \"abc\" != \"__abc__\":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N", + "baseScore": 0.0, + "baseSeverity": "NONE", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 0.7, + "impactScore": 0.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-697" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/jpadilla/pyjwt/commit/1570e708672aa9036bc772476beae8bfa48f4131#diff-6893ad4a1c5a36b8af3028db8c8bc3b62418149843fc382faf901eaab008e380R366", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/jpadilla/pyjwt/commit/33022c25525c1020869c71ce2a4109e44ae4ced1", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53864.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53864.json new file mode 100644 index 00000000000..9f60070ffbb --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53864.json @@ -0,0 +1,90 @@ +{ + "id": "CVE-2024-53864", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:09.577", + "lastModified": "2024-11-29T19:15:09.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. This issue has been patched in version 4.6.14. All users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 5.3, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates", + "source": "security-advisories@github.com" + }, + { + "url": "https://doc.ibexa.co/en/latest/update_and_migration/from_4.6/update_from_4.6/#v4614", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ibexa/admin-ui/commit/8ec824a8cf06c566ed88e4c21cc66f7ed42649fc", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/ibexa/admin-ui/security/advisories/GHSA-8w3p-gf85-qcch", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-538xx/CVE-2024-53865.json b/CVE-2024/CVE-2024-538xx/CVE-2024-53865.json new file mode 100644 index 00000000000..f0c71559ea1 --- /dev/null +++ b/CVE-2024/CVE-2024-538xx/CVE-2024-53865.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-53865", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:09.710", + "lastModified": "2024-11-29T19:15:09.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package \"zhmcclient\" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs. 2. The 'ssc-master-pw' and 'zaware-master-pw' properties when updating an LPAR in classic mode, in the zhmcclient API and HMC logs. 3. The 'ssc-master-pw' and 'zaware-master-pw' properties when creating or updating an image activation profile in classic mode, in the zhmcclient API and HMC logs. 4. The 'password' property when creating or updating an HMC user, in the zhmcclient API log. 5. The 'bind-password' property when creating or updating an LDAP server definition, in the zhmcclient API and HMC logs. This issue affects only users of the zhmcclient package that have enabled the Python loggers named \"zhmcclient.api\" (for the API log) or \"zhmcclient.hmc\" (for the HMC log) and that use the functions listed above. This issue has been fixed in zhmcclient version 1.18.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/zhmcclient/python-zhmcclient/commit/ad32781e782d0f604c6da4680fce48e4cc1f4433", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/zhmcclient/python-zhmcclient/security/advisories/GHSA-p57h-3cmc-xpjq", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53909.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53909.json index 1f0be603851..5552bfefb36 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53909.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53909.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53909", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-24T21:15:03.817", - "lastModified": "2024-11-26T16:15:19.210", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:54:47.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,10 +36,40 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/content/support/en_US/security/VTS24-014", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53910.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53910.json index 179f958b6d5..ba81122af5f 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53910.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53910.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53910", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-24T21:15:03.960", - "lastModified": "2024-11-26T16:15:19.597", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:54:55.080", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,10 +36,40 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/content/support/en_US/security/VTS24-014", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53911.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53911.json index a1eba26b64a..60b3953217e 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53911.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53911.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53911", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-24T21:15:04.087", - "lastModified": "2024-11-26T16:15:19.800", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:55:04.683", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,10 +36,40 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/content/support/en_US/security/VTS24-014", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53912.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53912.json index de1d385f8d8..fdb4871ad08 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53912.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53912.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53912", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-24T21:15:04.210", - "lastModified": "2024-11-26T16:15:20.273", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:55:13.483", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,10 +36,40 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/content/support/en_US/security/VTS24-014", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53913.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53913.json index 2601109eaf3..5912acdce02 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53913.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53913.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53913", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-24T21:15:04.333", - "lastModified": "2024-11-26T16:15:20.480", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:55:25.543", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,10 +36,40 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/content/support/en_US/security/VTS24-014", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53914.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53914.json index c8acd6683bb..f197585b352 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53914.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53914.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53914", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-24T21:15:04.453", - "lastModified": "2024-11-26T16:15:20.700", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:55:35.293", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,10 +36,40 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/content/support/en_US/security/VTS24-014", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53915.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53915.json index 17e275dbc10..13fd8eb9bfc 100644 --- a/CVE-2024/CVE-2024-539xx/CVE-2024-53915.json +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53915.json @@ -2,8 +2,8 @@ "id": "CVE-2024-53915", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-24T21:15:04.580", - "lastModified": "2024-11-26T16:15:20.943", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-29T20:55:43.810", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -36,10 +36,40 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 9.8, + "baseSeverity": "CRITICAL", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 } ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*", + "versionEndExcluding": "15.2", + "matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/content/support/en_US/security/VTS24-014", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53979.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53979.json new file mode 100644 index 00000000000..9087b843a6f --- /dev/null +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53979.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-53979", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:09.847", + "lastModified": "2024-11-29T19:15:09.847", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection \"ibm.ibm_zhmc\" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_ftp_password' and 'ssc_master_pw' properties are passed as input to the zhmc_partition Ansible module. 2. The 'ssc_master_pw' and 'zaware_master_pw' properties are passed as input to the zhmc_lpar Ansible module. 3. The 'password' property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The 'bind_password' property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the \"log_file\" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "baseScore": 8.2, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.5, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/zhmcclient/zhmc-ansible-modules/commit/f5579f07da5f02d2496c41a313d4ae7a0a459b1d", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/zhmcclient/zhmc-ansible-modules/security/advisories/GHSA-mw6c-f428-jx4f", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53980.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53980.json new file mode 100644 index 00000000000..676957b3161 --- /dev/null +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53980.json @@ -0,0 +1,102 @@ +{ + "id": "CVE-2024-53980", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:09.993", + "lastModified": "2024-11-29T19:15:09.993", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless loop on a CC2538 as receiver. Before PR #20998, the receiver would check for the location of the CRC bit using the packet length byte by considering all 8 bits, instead of discarding bit 7, which is what the radio does. This then results into reading outside of the RX FIFO. Although it prints an error when attempting to read outside of the RX FIFO, it will continue doing this. This may lead to a discrepancy in the CRC check according to the firmware and the radio. If the CPU judges the CRC as correct and the radio is set to `AUTO_ACK`, when the packet requests and acknowledgment the CPU will go into the state `CC2538_STATE_TX_ACK`. However, if the radio judged the CRC as incorrect, it will not send an acknowledgment, and thus the `TXACKDONE` event will not fire. It will then never return to the state `CC2538_STATE_READY` since the baseband processing is still disabled. Then the CPU will be in an endless loop. Since setting to idle is not forced, it won't do it if the radio's state is not `CC2538_STATE_READY`. A fix has not yet been made." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "baseScore": 6.9, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L183", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L417", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L419", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L421-L422", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/sys/net/link_layer/ieee802154/submac.c#L149", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RIOT-OS/RIOT/pull/20998", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-m75q-8vj8-wppw", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-539xx/CVE-2024-53983.json b/CVE-2024/CVE-2024-539xx/CVE-2024-53983.json new file mode 100644 index 00000000000..9e7a426da1d --- /dev/null +++ b/CVE-2024/CVE-2024-539xx/CVE-2024-53983.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-53983", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-29T19:15:10.137", + "lastModified": "2024-11-29T19:15:10.137", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git config injection. The vulnerability allows an attacker to capture privileged git tokens used by the Backstage Scaffolder plugin. With these tokens, unauthorized access to sensitive resources in git can be achieved. The impact is considered medium severity as the Backstage Threat Model recommends restricting access to adding and editing templates in the Backstage Catalog plugin. The issue has been resolved in versions `v0.4.12`, `v0.5.1` and `v0.6.1` of the `@backstage/plugin-scaffolder-node` package. Users are encouraged to upgrade to this version to mitigate the vulnerability. Users are advised to upgrade. Users unable to upgrade may ensure that templates do not change git config." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N", + "baseScore": 5.4, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.0, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/backstage/backstage/security/advisories/GHSA-qmc2-jpr5-7rg9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/backstage/backstage/tree/master/plugins/scaffolder-node", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54123.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54123.json index d691239ba30..b8d74cfd6d2 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54123.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54123.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54123", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-29T04:15:03.940", - "lastModified": "2024-11-29T04:15:03.940", - "vulnStatus": "Received", + "lastModified": "2024-11-29T19:15:10.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format." + }, + { + "lang": "es", + "value": "Backdrop CMS anterior a 1.28.4 y 1.29.x anterior a 1.29.2 permiten XSS a trav\u00e9s de un documento SVG, si la etiqueta SVG est\u00e1 permitida para un formato de texto." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://backdropcms.org/security/backdrop-sa-core-2024-002", diff --git a/CVE-2024/CVE-2024-541xx/CVE-2024-54124.json b/CVE-2024/CVE-2024-541xx/CVE-2024-54124.json index e1cdbe1f4d1..e75740138cc 100644 --- a/CVE-2024/CVE-2024-541xx/CVE-2024-54124.json +++ b/CVE-2024/CVE-2024-541xx/CVE-2024-54124.json @@ -2,16 +2,55 @@ "id": "CVE-2024-54124", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-29T04:15:04.113", - "lastModified": "2024-11-29T04:15:04.113", - "vulnStatus": "Received", + "lastModified": "2024-11-29T19:15:10.443", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen." + }, + { + "lang": "es", + "value": "En el estado de contrase\u00f1a de Click Studios anterior a la compilaci\u00f3n 9920, existe una posible escalada de permisos en la pantalla de edici\u00f3n de carpeta." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "baseScore": 8.8, + "baseSeverity": "HIGH", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx", diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8726.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8726.json index 50091d541a3..d2d85f862d2 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8726.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8726.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8726", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-20T07:15:09.580", - "lastModified": "2024-11-20T07:15:09.580", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:59:02.697", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento MailChimp Forms de MailMunch para WordPress es vulnerable a ataques de cross site scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 3.2.3 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { @@ -19,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -26,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 @@ -47,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:mailmunch:mailchimp_forms:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.4", + "matchCriteriaId": "6F56F83F-7813-4669-8F37-CAAEDC05D877" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3189361%40mailchimp-forms-by-mailmunch&new=3189361%40mailchimp-forms-by-mailmunch&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1a1c5e7-75a4-4ca5-9707-4076b92e0c33?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8825.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8825.json index 73387210065..c55c0ef74b0 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8825.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8825.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8825", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:20.817", - "lastModified": "2024-11-22T21:15:20.817", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:20:44.863", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24263." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos PDF fuera de los l\u00edmites en el editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24263." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +64,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +73,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1248/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8826.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8826.json index 7b81c829f74..77c536ef259 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8826.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8826.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8826", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:20.937", - "lastModified": "2024-11-22T21:15:20.937", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:08:47.553", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24305." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos XPS fuera de los l\u00edmites en PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24305." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +64,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +73,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1249/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8827.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8827.json index 38b386428f7..49fb60bbd8d 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8827.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8827.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8827", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.050", - "lastModified": "2024-11-22T21:15:21.050", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:20:34.137", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor PPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24306." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos PPM del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PPM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24306." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +64,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +73,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1250/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8828.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8828.json index 4e533819746..6ef89c354de 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8828.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8828.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8828", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.167", - "lastModified": "2024-11-22T21:15:21.167", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:20:25.293", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24313." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos EMF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EMF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24313." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1251/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8829.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8829.json index 64e84770260..0b625f74658 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8829.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8829.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8829", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.290", - "lastModified": "2024-11-22T21:15:21.290", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:20:01.307", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24314." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos EMF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EMF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24314." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1252/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8830.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8830.json index 06ee7798cf1..281e8905a48 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8830.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8830.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8830", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.410", - "lastModified": "2024-11-22T21:15:21.410", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:19:22.237", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24315." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos XPS del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24315." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +64,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1253/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8831.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8831.json index 6f371f020d2..f09af9a3f98 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8831.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8831.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8831", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.530", - "lastModified": "2024-11-22T21:15:21.530", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:19:09.460", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24316." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos XPS fuera de los l\u00edmites en PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24316." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +64,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1254/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8832.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8832.json index 3e16a777ed5..af0939a15d6 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8832.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8832.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8832", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.647", - "lastModified": "2024-11-22T21:15:21.647", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:18:52.840", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24317." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos EMF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EMF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24317." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1255/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8833.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8833.json index caf8e1f2410..2b325841ec0 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8833.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8833.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8833", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.753", - "lastModified": "2024-11-22T21:15:21.753", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:18:39.087", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24318." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos XPS fuera de los l\u00edmites en PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24318." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +64,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1256/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8834.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8834.json index 3caaf969677..0418a54349c 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8834.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8834.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8834", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.863", - "lastModified": "2024-11-22T21:15:21.863", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:18:18.010", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24319." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos TIF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos TIF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24319." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1257/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8835.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8835.json index 3925c51b309..707d89d08e0 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8835.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8835.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8835", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:21.983", - "lastModified": "2024-11-22T21:15:21.983", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:17:52.063", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24320." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos JB2 de PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JB2. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24320." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1258/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8836.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8836.json index d6a1effd5e6..c10fe77502d 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8836.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8836.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8836", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:22.103", - "lastModified": "2024-11-22T21:15:22.103", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:17:29.823", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24354." + }, + { + "lang": "es", + "value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos TIF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos TIF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24354." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", + "baseScore": 5.5, + "baseSeverity": "MEDIUM", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1259/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8837.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8837.json index d9f7414f702..39960049196 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8837.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8837.json @@ -2,15 +2,42 @@ "id": "CVE-2024-8837", "sourceIdentifier": "zdi-disclosures@trendmicro.com", "published": "2024-11-22T21:15:22.210", - "lastModified": "2024-11-22T21:15:22.210", - "vulnStatus": "Received", + "lastModified": "2024-11-29T20:10:41.130", + "vulnStatus": "Analyzed", + "cveTags": [], "descriptions": [ { "lang": "en", "value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24408." + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos XPS fuera de los l\u00edmites en PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24408." } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "baseScore": 7.8, + "baseSeverity": "HIGH", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "zdi-disclosures@trendmicro.com", @@ -37,7 +64,7 @@ "weaknesses": [ { "source": "zdi-disclosures@trendmicro.com", - "type": "Primary", + "type": "Secondary", "description": [ { "lang": "en", @@ -46,10 +73,36 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*", + "matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1260/", - "source": "zdi-disclosures@trendmicro.com" + "source": "zdi-disclosures@trendmicro.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9777.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9777.json index a84a06faf6c..23b75af853b 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9777.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9777.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9777", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T13:15:04.850", - "lastModified": "2024-11-19T21:57:32.967", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-29T20:57:53.423", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -23,6 +23,8 @@ "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "baseScore": 6.1, + "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", @@ -30,9 +32,7 @@ "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", - "availabilityImpact": "NONE", - "baseScore": 6.1, - "baseSeverity": "MEDIUM" + "availabilityImpact": "NONE" }, "exploitabilityScore": 2.8, "impactScore": 2.7 @@ -51,26 +51,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wp-royal-themes:ashe:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "2.244", + "matchCriteriaId": "752CE538-7F69-4594-BFAD-6BD782CAF984" + } + ] + } + ] + } + ], "references": [ { "url": "https://themes.trac.wordpress.org/browser/ashe/2.242/functions.php#L101", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://themes.trac.wordpress.org/browser/ashe/2.242/functions.php#L112", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://themes.trac.wordpress.org/changeset/248853/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://wordpress.org/themes/ashe/", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce6c2f36-9eed-482f-9201-8d26e8c5c369?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/README.md b/README.md index 2acdd3cb9b2..cf2fb7831d5 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-29T19:01:00.794531+00:00 +2024-11-29T21:02:22.449173+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-29T18:28:16.227000+00:00 +2024-11-29T21:00:47.937000+00:00 ``` ### Last Data Feed Release @@ -33,61 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -271681 +271706 ``` ### CVEs added in the last Commit -Recently added CVEs: `17` +Recently added CVEs: `25` -- [CVE-2024-35369](CVE-2024/CVE-2024-353xx/CVE-2024-35369.json) (`2024-11-29T17:15:07.707`) -- [CVE-2024-36617](CVE-2024/CVE-2024-366xx/CVE-2024-36617.json) (`2024-11-29T18:15:07.230`) -- [CVE-2024-36618](CVE-2024/CVE-2024-366xx/CVE-2024-36618.json) (`2024-11-29T18:15:07.390`) -- [CVE-2024-36619](CVE-2024/CVE-2024-366xx/CVE-2024-36619.json) (`2024-11-29T17:15:07.813`) -- [CVE-2024-36620](CVE-2024/CVE-2024-366xx/CVE-2024-36620.json) (`2024-11-29T18:15:07.787`) -- [CVE-2024-36621](CVE-2024/CVE-2024-366xx/CVE-2024-36621.json) (`2024-11-29T18:15:07.993`) -- [CVE-2024-36622](CVE-2024/CVE-2024-366xx/CVE-2024-36622.json) (`2024-11-29T18:15:08.140`) -- [CVE-2024-36623](CVE-2024/CVE-2024-366xx/CVE-2024-36623.json) (`2024-11-29T18:15:08.293`) -- [CVE-2024-36624](CVE-2024/CVE-2024-366xx/CVE-2024-36624.json) (`2024-11-29T18:15:08.440`) -- [CVE-2024-36625](CVE-2024/CVE-2024-366xx/CVE-2024-36625.json) (`2024-11-29T17:15:07.903`) -- [CVE-2024-36626](CVE-2024/CVE-2024-366xx/CVE-2024-36626.json) (`2024-11-29T17:15:07.990`) -- [CVE-2024-47193](CVE-2024/CVE-2024-471xx/CVE-2024-47193.json) (`2024-11-29T17:15:08.087`) -- [CVE-2024-49360](CVE-2024/CVE-2024-493xx/CVE-2024-49360.json) (`2024-11-29T18:15:09.307`) -- [CVE-2024-49803](CVE-2024/CVE-2024-498xx/CVE-2024-49803.json) (`2024-11-29T17:15:08.180`) -- [CVE-2024-49804](CVE-2024/CVE-2024-498xx/CVE-2024-49804.json) (`2024-11-29T17:15:08.330`) -- [CVE-2024-49805](CVE-2024/CVE-2024-498xx/CVE-2024-49805.json) (`2024-11-29T17:15:08.470`) -- [CVE-2024-49806](CVE-2024/CVE-2024-498xx/CVE-2024-49806.json) (`2024-11-29T17:15:08.627`) +- [CVE-2024-35366](CVE-2024/CVE-2024-353xx/CVE-2024-35366.json) (`2024-11-29T20:15:19.863`) +- [CVE-2024-35367](CVE-2024/CVE-2024-353xx/CVE-2024-35367.json) (`2024-11-29T20:15:19.957`) +- [CVE-2024-35368](CVE-2024/CVE-2024-353xx/CVE-2024-35368.json) (`2024-11-29T20:15:20.050`) +- [CVE-2024-35371](CVE-2024/CVE-2024-353xx/CVE-2024-35371.json) (`2024-11-29T20:15:20.143`) +- [CVE-2024-36610](CVE-2024/CVE-2024-366xx/CVE-2024-36610.json) (`2024-11-29T20:15:20.237`) +- [CVE-2024-36611](CVE-2024/CVE-2024-366xx/CVE-2024-36611.json) (`2024-11-29T19:15:06.780`) +- [CVE-2024-36612](CVE-2024/CVE-2024-366xx/CVE-2024-36612.json) (`2024-11-29T20:15:20.340`) +- [CVE-2024-36615](CVE-2024/CVE-2024-366xx/CVE-2024-36615.json) (`2024-11-29T19:15:07.703`) +- [CVE-2024-36616](CVE-2024/CVE-2024-366xx/CVE-2024-36616.json) (`2024-11-29T19:15:07.817`) +- [CVE-2024-52003](CVE-2024/CVE-2024-520xx/CVE-2024-52003.json) (`2024-11-29T19:15:08.170`) +- [CVE-2024-52800](CVE-2024/CVE-2024-528xx/CVE-2024-52800.json) (`2024-11-29T19:15:08.713`) +- [CVE-2024-52801](CVE-2024/CVE-2024-528xx/CVE-2024-52801.json) (`2024-11-29T19:15:08.890`) +- [CVE-2024-52809](CVE-2024/CVE-2024-528xx/CVE-2024-52809.json) (`2024-11-29T19:15:09.030`) +- [CVE-2024-52810](CVE-2024/CVE-2024-528xx/CVE-2024-52810.json) (`2024-11-29T19:15:09.163`) +- [CVE-2024-53504](CVE-2024/CVE-2024-535xx/CVE-2024-53504.json) (`2024-11-29T20:15:20.763`) +- [CVE-2024-53505](CVE-2024/CVE-2024-535xx/CVE-2024-53505.json) (`2024-11-29T20:15:20.853`) +- [CVE-2024-53506](CVE-2024/CVE-2024-535xx/CVE-2024-53506.json) (`2024-11-29T20:15:20.943`) +- [CVE-2024-53507](CVE-2024/CVE-2024-535xx/CVE-2024-53507.json) (`2024-11-29T20:15:21.027`) +- [CVE-2024-53848](CVE-2024/CVE-2024-538xx/CVE-2024-53848.json) (`2024-11-29T19:15:09.290`) +- [CVE-2024-53861](CVE-2024/CVE-2024-538xx/CVE-2024-53861.json) (`2024-11-29T19:15:09.433`) +- [CVE-2024-53864](CVE-2024/CVE-2024-538xx/CVE-2024-53864.json) (`2024-11-29T19:15:09.577`) +- [CVE-2024-53865](CVE-2024/CVE-2024-538xx/CVE-2024-53865.json) (`2024-11-29T19:15:09.710`) +- [CVE-2024-53979](CVE-2024/CVE-2024-539xx/CVE-2024-53979.json) (`2024-11-29T19:15:09.847`) +- [CVE-2024-53980](CVE-2024/CVE-2024-539xx/CVE-2024-53980.json) (`2024-11-29T19:15:09.993`) +- [CVE-2024-53983](CVE-2024/CVE-2024-539xx/CVE-2024-53983.json) (`2024-11-29T19:15:10.137`) ### CVEs modified in the last Commit -Recently modified CVEs: `29` +Recently modified CVEs: `56` -- [CVE-2024-52777](CVE-2024/CVE-2024-527xx/CVE-2024-52777.json) (`2024-11-29T18:15:10.153`) -- [CVE-2024-52778](CVE-2024/CVE-2024-527xx/CVE-2024-52778.json) (`2024-11-29T18:15:10.380`) -- [CVE-2024-52779](CVE-2024/CVE-2024-527xx/CVE-2024-52779.json) (`2024-11-29T18:15:10.597`) -- [CVE-2024-52780](CVE-2024/CVE-2024-527xx/CVE-2024-52780.json) (`2024-11-29T18:15:10.813`) -- [CVE-2024-52781](CVE-2024/CVE-2024-527xx/CVE-2024-52781.json) (`2024-11-29T18:15:11.050`) -- [CVE-2024-52782](CVE-2024/CVE-2024-527xx/CVE-2024-52782.json) (`2024-11-29T18:15:11.313`) -- [CVE-2024-6818](CVE-2024/CVE-2024-68xx/CVE-2024-6818.json) (`2024-11-29T18:24:59.937`) -- [CVE-2024-6819](CVE-2024/CVE-2024-68xx/CVE-2024-6819.json) (`2024-11-29T18:25:32.827`) -- [CVE-2024-6820](CVE-2024/CVE-2024-68xx/CVE-2024-6820.json) (`2024-11-29T18:25:55.430`) -- [CVE-2024-6821](CVE-2024/CVE-2024-68xx/CVE-2024-6821.json) (`2024-11-29T18:26:30.487`) -- [CVE-2024-6822](CVE-2024/CVE-2024-68xx/CVE-2024-6822.json) (`2024-11-29T18:26:48.817`) -- [CVE-2024-9243](CVE-2024/CVE-2024-92xx/CVE-2024-9243.json) (`2024-11-29T17:28:22.387`) -- [CVE-2024-9244](CVE-2024/CVE-2024-92xx/CVE-2024-9244.json) (`2024-11-29T18:21:36.713`) -- [CVE-2024-9245](CVE-2024/CVE-2024-92xx/CVE-2024-9245.json) (`2024-11-29T18:21:03.150`) -- [CVE-2024-9246](CVE-2024/CVE-2024-92xx/CVE-2024-9246.json) (`2024-11-29T18:20:40.157`) -- [CVE-2024-9247](CVE-2024/CVE-2024-92xx/CVE-2024-9247.json) (`2024-11-29T18:20:25.970`) -- [CVE-2024-9248](CVE-2024/CVE-2024-92xx/CVE-2024-9248.json) (`2024-11-29T18:20:16.670`) -- [CVE-2024-9249](CVE-2024/CVE-2024-92xx/CVE-2024-9249.json) (`2024-11-29T18:19:58.630`) -- [CVE-2024-9250](CVE-2024/CVE-2024-92xx/CVE-2024-9250.json) (`2024-11-29T18:19:42.407`) -- [CVE-2024-9251](CVE-2024/CVE-2024-92xx/CVE-2024-9251.json) (`2024-11-29T18:19:25.770`) -- [CVE-2024-9252](CVE-2024/CVE-2024-92xx/CVE-2024-9252.json) (`2024-11-29T18:19:06.727`) -- [CVE-2024-9253](CVE-2024/CVE-2024-92xx/CVE-2024-9253.json) (`2024-11-29T18:18:32.773`) -- [CVE-2024-9254](CVE-2024/CVE-2024-92xx/CVE-2024-9254.json) (`2024-11-29T18:17:31.663`) -- [CVE-2024-9255](CVE-2024/CVE-2024-92xx/CVE-2024-9255.json) (`2024-11-29T18:17:15.040`) -- [CVE-2024-9256](CVE-2024/CVE-2024-92xx/CVE-2024-9256.json) (`2024-11-29T18:17:00.713`) +- [CVE-2024-52763](CVE-2024/CVE-2024-527xx/CVE-2024-52763.json) (`2024-11-29T21:00:47.937`) +- [CVE-2024-53909](CVE-2024/CVE-2024-539xx/CVE-2024-53909.json) (`2024-11-29T20:54:47.700`) +- [CVE-2024-53910](CVE-2024/CVE-2024-539xx/CVE-2024-53910.json) (`2024-11-29T20:54:55.080`) +- [CVE-2024-53911](CVE-2024/CVE-2024-539xx/CVE-2024-53911.json) (`2024-11-29T20:55:04.683`) +- [CVE-2024-53912](CVE-2024/CVE-2024-539xx/CVE-2024-53912.json) (`2024-11-29T20:55:13.483`) +- [CVE-2024-53913](CVE-2024/CVE-2024-539xx/CVE-2024-53913.json) (`2024-11-29T20:55:25.543`) +- [CVE-2024-53914](CVE-2024/CVE-2024-539xx/CVE-2024-53914.json) (`2024-11-29T20:55:35.293`) +- [CVE-2024-53915](CVE-2024/CVE-2024-539xx/CVE-2024-53915.json) (`2024-11-29T20:55:43.810`) +- [CVE-2024-54123](CVE-2024/CVE-2024-541xx/CVE-2024-54123.json) (`2024-11-29T19:15:10.287`) +- [CVE-2024-54124](CVE-2024/CVE-2024-541xx/CVE-2024-54124.json) (`2024-11-29T19:15:10.443`) +- [CVE-2024-8726](CVE-2024/CVE-2024-87xx/CVE-2024-8726.json) (`2024-11-29T20:59:02.697`) +- [CVE-2024-8825](CVE-2024/CVE-2024-88xx/CVE-2024-8825.json) (`2024-11-29T20:20:44.863`) +- [CVE-2024-8826](CVE-2024/CVE-2024-88xx/CVE-2024-8826.json) (`2024-11-29T20:08:47.553`) +- [CVE-2024-8827](CVE-2024/CVE-2024-88xx/CVE-2024-8827.json) (`2024-11-29T20:20:34.137`) +- [CVE-2024-8828](CVE-2024/CVE-2024-88xx/CVE-2024-8828.json) (`2024-11-29T20:20:25.293`) +- [CVE-2024-8829](CVE-2024/CVE-2024-88xx/CVE-2024-8829.json) (`2024-11-29T20:20:01.307`) +- [CVE-2024-8830](CVE-2024/CVE-2024-88xx/CVE-2024-8830.json) (`2024-11-29T20:19:22.237`) +- [CVE-2024-8831](CVE-2024/CVE-2024-88xx/CVE-2024-8831.json) (`2024-11-29T20:19:09.460`) +- [CVE-2024-8832](CVE-2024/CVE-2024-88xx/CVE-2024-8832.json) (`2024-11-29T20:18:52.840`) +- [CVE-2024-8833](CVE-2024/CVE-2024-88xx/CVE-2024-8833.json) (`2024-11-29T20:18:39.087`) +- [CVE-2024-8834](CVE-2024/CVE-2024-88xx/CVE-2024-8834.json) (`2024-11-29T20:18:18.010`) +- [CVE-2024-8835](CVE-2024/CVE-2024-88xx/CVE-2024-8835.json) (`2024-11-29T20:17:52.063`) +- [CVE-2024-8836](CVE-2024/CVE-2024-88xx/CVE-2024-8836.json) (`2024-11-29T20:17:29.823`) +- [CVE-2024-8837](CVE-2024/CVE-2024-88xx/CVE-2024-8837.json) (`2024-11-29T20:10:41.130`) +- [CVE-2024-9777](CVE-2024/CVE-2024-97xx/CVE-2024-9777.json) (`2024-11-29T20:57:53.423`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 9c68e8d45e6..ca5ea83c88c 100644 --- a/_state.csv +++ b/_state.csv @@ -4731,7 +4731,7 @@ CVE-2002-0362,0,0,692252ac1ccbb38da948252d3ef88a6bd3193a707d0316ca1cb4a1e750a8e1 CVE-2002-0363,0,0,8db74d5aa5042b75630dc3bcc4e3c9bf43cd682acf9f6e3f1ba19a14b153553c,2008-09-05T20:27:50.277000 CVE-2002-0364,0,0,129f4ae9e98d4a15ac82ee5d69160106e0425f498577239c6951991ee5308e50,2018-10-30T16:25:10.357000 CVE-2002-0366,0,0,b7cd2aac0c9abae9d18c018e9814945cc9ca6b3b4396305504d178e5242c5dc1,2019-04-30T14:27:13.710000 -CVE-2002-0367,0,1,8dcd873975db3c242e2a7c2f04974dbbc5d90db3b63b53f1b55d70084c183a8e,2024-11-29T17:34:53.500000 +CVE-2002-0367,0,0,8dcd873975db3c242e2a7c2f04974dbbc5d90db3b63b53f1b55d70084c183a8e,2024-11-29T17:34:53.500000 CVE-2002-0368,0,0,b6425eecac451d976002a2eedf1ffb54489ae03e9e34317218ceda56dedebbd2,2020-04-09T13:46:52.293000 CVE-2002-0369,0,0,c90797363bdfb91ce5f63af7a0b5bfa2c0ed978522a007d452839ebb024cc6e5,2018-10-12T21:31:22.237000 CVE-2002-0370,0,0,9d8f697be42cd4fbd49b1647dc925b1df44b69585f5adf5669b47a921b6907a9,2018-10-12T21:31:22.517000 @@ -234807,7 +234807,7 @@ CVE-2023-45854,0,0,fd1b599fb467628f9bb2341124630f6a56ef04897dcdb698cc71199c6ed35 CVE-2023-45855,0,0,912d651ace420e3e306dbd306a33a1e9381017090da4aa2e9ea6f83c20cb2d32,2023-10-19T12:47:29.590000 CVE-2023-45856,0,0,9549076e6d0a6fd1b223e9b67c01e74b49d52dd52325c68b86809e5c56a367bc,2023-10-19T12:51:51.217000 CVE-2023-45857,0,0,73cdaec7d516e0e7ed8e90335cf635a85ba7d5cc487bbd7bc0e61ce086b2cacc,2024-06-21T19:15:29.593000 -CVE-2023-45859,0,1,f291abdcb3ed12d5d40bbd40b46a15b726e7694ec280919a8f1b2b5b7b0e94af,2024-11-29T17:15:04.770000 +CVE-2023-45859,0,0,f291abdcb3ed12d5d40bbd40b46a15b726e7694ec280919a8f1b2b5b7b0e94af,2024-11-29T17:15:04.770000 CVE-2023-4586,0,0,104df30f216072a0247c5bd44506e020988038789133d6aa41fc04bb32e2f895,2023-12-06T22:15:06.693000 CVE-2023-45860,0,0,ca8a1401ae7c184e27cbc7f8d7c23abcd5830dcaec3cd73c6280ff7bd9f2c727,2024-11-06T17:35:24.870000 CVE-2023-45862,0,0,a3fb90f83c4489594bd26a84b93eb5897361e2bdfb615fcafc80fdd37f3c643d,2024-01-08T17:41:12.320000 @@ -243309,7 +243309,7 @@ CVE-2024-10897,0,0,5090338464622dc9d5ece2556a5b89ff3e6aa995d53aa797095eaa9a0db6f CVE-2024-10898,0,0,29bba6e208449ebd52631361f4bdc8eca3c372d754cd58876d30ee6c07372718,2024-11-26T20:32:20.217000 CVE-2024-10899,0,0,3af5ea7b90e5da0230215c5076c9eff9b3749f9f5f947443d89625612842d08a,2024-11-26T21:01:21.643000 CVE-2024-1090,0,0,2d0b80c82d6d153c4e0b5412c3fcf892da86ac73a72da4cbf84bfbb064bdcb0c,2024-02-29T13:49:29.390000 -CVE-2024-10900,0,0,f0a1068a03da92137242d5778d1db0773cba2fb63def13779ff35e3410d8f989,2024-11-20T07:15:08.690000 +CVE-2024-10900,0,1,5438023601d5947725ce57a2b51b24b31a697395c49ac1553534945223b38a58,2024-11-29T20:58:31.967000 CVE-2024-1091,0,0,54ee7e9ca708166212a73aaa10e4715176fe17b55fbce1ee0ea8f95d289d46a5,2024-02-29T13:49:29.390000 CVE-2024-10913,0,0,4e9b29333972ed20a30c4eccde2c9645761370bd1f3d0211dcdd27a3f9c3d9cf,2024-11-20T14:15:17.253000 CVE-2024-10914,0,0,0e11c1731905763ffc173784369687971adc0677422c26a81c4aa2918d85e560,2024-11-24T15:15:06.090000 @@ -244405,7 +244405,7 @@ CVE-2024-1750,0,0,7f9ce3864064263c9a72249a090e6a4b7033b154fc6d744d107ff4cdf65d12 CVE-2024-1751,0,0,154c401fe290eec38fd9c24bb6a8378784a8ac703cfa36934de32237c4b2fc0e,2024-03-13T18:15:58.530000 CVE-2024-1752,0,0,ebd28678960fb125918a034bc6797117b5ad867c71cd1502baeff6b2a6777f59,2024-10-27T23:35:02.790000 CVE-2024-1753,0,0,97eb25eefdb4797c38bcadc3519b75967ef4d30f53fb9cc57a3b33325f64503d,2024-11-26T20:15:26.237000 -CVE-2024-1754,0,1,1a62e04cfc963db540100c68219b255ef7962cf0c80d59371fd17c6fd5a6366b,2024-11-29T18:15:06.763000 +CVE-2024-1754,0,0,1a62e04cfc963db540100c68219b255ef7962cf0c80d59371fd17c6fd5a6366b,2024-11-29T18:15:06.763000 CVE-2024-1755,0,0,3d3eb53461864a2d0b6846883348dbee673cb6d9a59185cf31292954d770d20b,2024-07-08T14:17:11.257000 CVE-2024-1756,0,0,3e84813a966b3d138c76e22bdd3fcd8ab2964d96bf9c77ed86651d769e5bb5a7,2024-04-24T13:39:42.883000 CVE-2024-1758,0,0,d15e0bdd627b2bfb68bda6210ab897317a25f93acdbc05229487955f3c0bb2f1,2024-02-26T16:32:25.577000 @@ -245116,7 +245116,7 @@ CVE-2024-20667,0,0,9d5c87b92b390b6ea82da7c9e633e5a17c87d51d922713c3d873a0f77449a CVE-2024-20669,0,0,f0c902f60789f9dc18d42d1330ca1f80cdc454a4d5b89781b9df633a47d4c661,2024-04-10T13:24:22.187000 CVE-2024-2067,0,0,8291771316cf392475e14c13e92e6fa7b48bf072b9ca3ea306126fc052a45f60,2024-05-17T02:38:01.493000 CVE-2024-20670,0,0,0b09c1865cde63a5f73fcf3c23f43c88436f13584e9768b43db156ed2524cc12,2024-04-10T13:24:22.187000 -CVE-2024-20671,0,0,d863502dfda4d0ca90a0a14ea37d277ca8e948af1a8018fd91d3e97fe6d7da9d,2024-06-11T16:15:17.183000 +CVE-2024-20671,0,1,6b0a7f41059b2984fe800d80092f13f75ad163ac7e615b02ff43563d05f345cb,2024-11-29T20:40:08.810000 CVE-2024-20672,0,0,2a2ae3b672a71823076941440200b49123ed47b379e2ba84eaa542df20ae3ed6,2024-06-11T15:15:56.723000 CVE-2024-20673,0,0,92359ae1babe87f9d2569c86c5d2659bf4645ee0674948fdd4bd4a81fec3df6d,2024-06-11T15:15:56.927000 CVE-2024-20674,0,0,da1fed3fc9882951bbd9a307c57a38164e881c2c901c1975152e12872c8dd97c,2024-06-11T15:15:57.087000 @@ -245785,7 +245785,7 @@ CVE-2024-21330,0,0,b2ac5d60b9bce9457d738f60e3ac9bb05697d436bd7be2810a9e1f7c3a676 CVE-2024-21331,0,0,92cd30ae764b239f28c0a8df0c95713f1cf63a2fae07aa40ae29b0b0ea46cc37,2024-07-09T18:18:38.713000 CVE-2024-21332,0,0,e26f081e210bc97138c2c24c4864fe4562659ce63b5b575f0c0fb25cc97812b8,2024-07-09T18:18:38.713000 CVE-2024-21333,0,0,32851108840c7a13c1ee82ea16c50177907e4bcd2e482894344fc3874564fc20,2024-07-09T18:18:38.713000 -CVE-2024-21334,0,0,bb98735e0397eef282b3bf0c8a7f17fd1a894c0580516f67c50b6ae552edb8b3,2024-05-29T00:15:20.560000 +CVE-2024-21334,0,1,a2fadb28958f4c873cb0666784d6c1f11fe970b44d08bbb31b67617f0dfb3d6a,2024-11-29T20:52:35.697000 CVE-2024-21335,0,0,d3be0da75c93e40dc74ef43532ac464e7457c464e235cbe682e70d325b6a979e,2024-07-09T18:18:38.713000 CVE-2024-21336,0,0,4632192569ed60af4d57d1dd58a5b140d682aa1d82fc677d5ec51bcb39be3541,2024-06-11T15:15:59.553000 CVE-2024-21337,0,0,1ed4e9ec6936be258d1de771e0acb5830541ca48fb0a246032f3c3930147d134,2024-05-29T00:15:20.793000 @@ -245849,7 +245849,7 @@ CVE-2024-21389,0,0,45e04e95ea2df4355a256491d2fd84dc18fc915c0e6f04b4c26e5cb7104a1 CVE-2024-2139,0,0,b3135502da92e95e16c2b5b9fb535ef64e920678d73e9ac518e10c09c2ae19dd,2024-03-27T12:29:30.307000 CVE-2024-21390,0,0,825edcf38cfbeb450d8ce686d8ed931b72dd5fbbd9947124a708715e091607ac,2024-04-11T20:15:28.173000 CVE-2024-21391,0,0,abcc609910d8356bbf221f6824538c8f8dccb2b167955bff922a627eaed11837,2024-05-29T00:15:32.207000 -CVE-2024-21392,0,0,e195439aeadd693f775dc7b2e07887ff33a72283d657dcf4356dc680f9866d97,2024-05-29T00:15:32.400000 +CVE-2024-21392,0,1,f456f49aab1a6749cce2eb5b590eaeaa8b7133a2c686945470441f78eb54e1bb,2024-11-29T20:52:32.870000 CVE-2024-21393,0,0,38081cbb15c019a6d6a5ebae688b74c2cac694832eb96676185080e3d938325e,2024-05-29T00:15:32.587000 CVE-2024-21394,0,0,aa75466b0aaf4d3ff3bbec78793ccbcfd1afc16c532cab8eae1991bcd2df2554,2024-05-29T00:15:32.707000 CVE-2024-21395,0,0,e344e1d068e814165683c2d644d3dff647258b1ba561cb9b39845a1e1518a759,2024-05-29T00:15:32.827000 @@ -245858,7 +245858,7 @@ CVE-2024-21397,0,0,b0ec241328054a214047be8b8375fba9ad1406b2a99b2fb228fd123085bb3 CVE-2024-21398,0,0,c4c7d6f98e04a810853dfb263ff519362e5129031c36304acc0da85b748d5ae9,2024-07-09T18:18:38.713000 CVE-2024-21399,0,0,001820e0109335f5a2640c4a5189f5fe8ac80b4b4f2ff4d1526569f2ec1fd18f,2024-06-11T15:16:02.503000 CVE-2024-2140,0,0,f13df4d472ba646e6aac958170cf967e223db17be65b98ce4a37e6d44e80809a,2024-04-01T01:12:59.077000 -CVE-2024-21400,0,0,da8277c9b07afba17ab7b2697668cebd1905952dc7d0b43230c5dd98b3c906f2,2024-04-11T20:15:29.170000 +CVE-2024-21400,0,1,2de01f4dbeb37da40535fdb046ba8fe35fb67bd6f8108c5aa79d114487cbb998,2024-11-29T20:52:31.103000 CVE-2024-21401,0,0,4b2a9c60547467c59f9b439a18da60452bb72bfbcd0f28b98d7478e2777b8310,2024-05-29T00:15:33.247000 CVE-2024-21402,0,0,30768b38d5acb186afa5a073ad3bf20aec4d542134aab6ee100b1ef4d75c9e65,2024-05-29T00:15:33.383000 CVE-2024-21403,0,0,8f71e0b167eb11d7fdd6149f06e349c1f5d981ec85fc70817f5e47a2e0410a89,2024-10-07T14:03:00.607000 @@ -245878,22 +245878,22 @@ CVE-2024-21415,0,0,42bcd1202ef0ba594d559bd9441152ac5ae9644c270ba50531381a1aa41e9 CVE-2024-21416,0,0,7cc6fd4c84942ce1dc818417cef771869802afebc6e3c7d7b19ed19e00198c83,2024-09-20T18:55:14.573000 CVE-2024-21417,0,0,b49ef9a4a1641236078c066f567251303fbb25636e983b46ec501a6c4a0c9cb3,2024-07-11T13:05:54.930000 CVE-2024-21418,0,0,0f25c581a81e174a088bbd635450254be7b5c931f905496efb1385b8f25ccca1,2024-05-29T00:15:34.853000 -CVE-2024-21419,0,0,e14cbf8653efa36d4d95c26c723d3b529d88b23a73e43ef96db6054f518ce906,2024-04-11T20:15:30.777000 +CVE-2024-21419,0,1,3cb3fdb5be67b19326a793bdd9f0d7cc48c79a6f3fd2ccef4d9014d402593d28,2024-11-29T20:52:29.267000 CVE-2024-2142,0,0,44f8897a85c55e986bec9130d64561487683ff5057711f75d9355872ef6d360c,2024-04-01T01:12:59.077000 CVE-2024-21420,0,0,dbdb3da803abfd446d4196a8fbdd1a526fe0842184e24ea68b2aaa7257e503ef,2024-10-07T14:05:29.367000 CVE-2024-21421,0,0,aa003351515fa6a13b090cbacd30e2c8bf4eb2017cb79e6a1063d808b3f7cdca,2024-03-12T17:46:17.273000 -CVE-2024-21423,0,0,13dc0ecc7bfbb4f5b92a3170ab4cae2b8d2de511257aaf572933bffbc6f2ae09,2024-06-11T15:16:03.297000 +CVE-2024-21423,0,1,f9af7e37fa4ac00db3d27c63c91f6cab8fd61fd4e0cd58b29bafe7da8fbc1bbb,2024-11-29T20:42:08.630000 CVE-2024-21424,0,0,77e44977e766588a59c87cb45706c3bfc2a9108d9dbf7fbc64f556e35f14f570,2024-04-10T13:24:00.070000 CVE-2024-21425,0,0,2812cfc5eff10f169d419b1ab02c34a9eddedbeb477ccb53ff000f9cf064044f,2024-07-09T18:18:38.713000 -CVE-2024-21426,0,0,bf58e3ab2d0d8fef26a271d142d4ddbc32efd83cf1484da4e621fa84ad0ab648,2024-05-29T00:15:35.200000 -CVE-2024-21427,0,0,a203f4e2c3489f685ae409b07ac750b7c17a3c0b573d7557437d389da21dae29,2024-04-11T20:15:31.130000 +CVE-2024-21426,0,1,28cc51db69ba03e1e83cb7f3a9f5914be340ff48d83ec7285f47ab6e4a1893d0,2024-11-29T20:50:09.910000 +CVE-2024-21427,0,1,c8fca909f1ebd3caf8e518589319c47ad8bb6383ef7d8dedc9738dca072eb2c7,2024-11-29T20:49:42.757000 CVE-2024-21428,0,0,d4326ce0e7de9ba79740916e4b692bd60f0e0e1e1ad6ad9543bd3e7e8895901a,2024-07-09T18:18:38.713000 -CVE-2024-21429,0,0,f06428fbd106022c704fe75f56593c47f00c7769560ad8bf515561b79ff02e56,2024-04-11T20:15:31.223000 +CVE-2024-21429,0,1,79bf9da0c0c440cacc8d7c59a249e2fecfe91cb5928203b47289aa3010fba9f8,2024-11-29T20:43:50.370000 CVE-2024-2143,0,0,b4196c236271ea86599a9a6a71fa5d263ddeb4583a563a5493a42f4b531b62e8,2024-04-01T01:12:59.077000 -CVE-2024-21430,0,0,e952ae4cf447cd295645cce29646bf9b8b37e88c4e9b315bafcb04dcaa54bf2e,2024-04-11T20:15:31.333000 -CVE-2024-21431,0,0,9745c92e106edef49c2b017438fa440bd55a4bf553740f319116ac19d4208e60,2024-06-11T16:15:18.230000 -CVE-2024-21432,0,0,87b816a113d713051ce0a184e6532d68fb39ee02a86ec198f54d1e2fef367683,2024-05-29T00:15:35.527000 -CVE-2024-21433,0,0,11232fe764b0771a49b8a0ae9226f0d587f78f4493eee55bf3ffa96e98092b1a,2024-06-11T16:15:18.377000 +CVE-2024-21430,0,1,0c82706eb5221197af87e1f265a82dd4b412c443a76d8a68cabb9de79ab86d7a,2024-11-29T20:44:32.717000 +CVE-2024-21431,0,1,adb271f7c07729890dc0e6600645b6eea17bdcd896aadfcebe92e54de18d6777,2024-11-29T20:44:56.373000 +CVE-2024-21432,0,1,b26b06b5af97e258df7fe189dd0fd737f77add3019eecc5409fe9334ce5a5d02,2024-11-29T20:47:25.987000 +CVE-2024-21433,0,1,100deeaf7e9386a87e131a946114df15ff214b00b65b78941702d176f64f5d82,2024-11-29T20:47:35.220000 CVE-2024-21434,0,0,b1361f70a03881d0b7783b1f104c7680681900021804a88dbbfddef6ed773234,2024-04-11T20:15:31.620000 CVE-2024-21435,0,0,af4c6ac7ef76f0f67a1ba6277b5a8737b11e09d1129e2401445d4e52e15c50e8,2024-05-29T00:15:35.713000 CVE-2024-21436,0,0,00556a431a6d8f3334e9f93cd607dfc16f3cab8684b005c0250ef6e1b8b30f19,2024-05-29T00:15:35.830000 @@ -249252,7 +249252,7 @@ CVE-2024-26163,0,0,1cec6fd5081dd6336471bb2c93b29cc598ec8cf690b6a4f047866b54bc86e CVE-2024-26164,0,0,97e84461485204919561d873bba734d2b5d91bb4f6ec5c1ad6eb15a94be78498,2024-04-11T20:15:33.877000 CVE-2024-26165,0,0,83eab2c0875e9b88a1f7ce329398a5e0cce759e0512193fa6f5822a067798b74,2024-06-11T16:15:19.780000 CVE-2024-26166,0,0,2dced7e6cfb444dab6a8949445585382808844907087fc776f21c6d4c672ba6a,2024-04-11T20:15:33.987000 -CVE-2024-26167,0,0,bbd84f3e641e9d975722dcd02ef6a412570e8d613f30b550ec8c1746242bc7cf,2024-06-11T16:15:19.920000 +CVE-2024-26167,0,1,8855bcc7e86d2bfb321c97571f709e8374a60be9ce3b496dc4c11c762f54238c,2024-11-29T20:40:52.990000 CVE-2024-26168,0,0,79980e86f7902cdfbf2750e2f70229d42c3911a1aa52728ae4a317e89b62a526,2024-04-10T13:24:00.070000 CVE-2024-26169,0,0,1019f2fc447e0f9753156720ba4d1d39073dcb9223b8501955c81cf0a85bd6ec,2024-11-29T16:24:31.767000 CVE-2024-2617,0,0,c735ab59fafbabeeafc878072d5ef91a88b0cb8e9dc08af938860e93db5c996f,2024-07-03T01:53:23.587000 @@ -249274,12 +249274,12 @@ CVE-2024-26183,0,0,4d74cd74f15c42ef83e07da0fea854b9308a2d6867480d27e88f16b8021a5 CVE-2024-26184,0,0,9a9469b525a1c0948733fdbbefd0c134cd0d1bfb19cc88ca9e1172b5dc220da3,2024-07-17T14:58:41.847000 CVE-2024-26185,0,0,9feef43ee36b690f774d8b3be3682410d3a24414bd3e53eb7eb31b5bf9351714,2024-05-29T00:15:37.420000 CVE-2024-26186,0,0,36ccb09d2bf153f937e5e66344d4acad5c2798a004f521a6a2f0b10de8b37b05,2024-09-23T16:48:36.993000 -CVE-2024-26188,0,0,f211739728663bae1418bea21124610d1eca871de3fac0df538712e0d37e5a9a,2024-06-11T15:16:04.713000 +CVE-2024-26188,0,1,dc54c4d9a5d848ec0b1e8b8383a55a611364acd7c047ade8b5f14981ef4b7578,2024-11-29T20:41:53.547000 CVE-2024-26189,0,0,2a49ee8d4a0ba2f801fc699ef40f2bf3b0913e4387987b37ad42d4a5aa46f00e,2024-04-10T13:24:00.070000 CVE-2024-2619,0,0,3ad4efc25cc381a08190aaf20f81de7fb62ed67d01a5b4fb428e260f22ab5802,2024-05-17T18:36:05.263000 CVE-2024-26190,0,0,2c15f1de93d1a079b40144981fb69e3fc0cface9d9c13ad726466b53618f3452,2024-05-29T00:15:37.597000 CVE-2024-26191,0,0,6e7a0054b262a9288872fe975e02e1e98f0d17f2e6eb60a988c9ddaadd8538a4,2024-09-23T16:51:43.927000 -CVE-2024-26192,0,0,ab2d8571efc827a85f890805b2a975a3bb570e6ed0706c8ad58a934f27b5a8d2,2024-06-11T15:16:04.830000 +CVE-2024-26192,0,1,902591bef94f52ba914c3fcd6fecc2d37a089b0a8650f5c905e8f55fef155ff1,2024-11-29T20:41:36.453000 CVE-2024-26193,0,0,8fddc835a44742351670403f475d1a7fbbfaa53f469d57320747dbc6b6cb5a20,2024-04-10T13:24:00.070000 CVE-2024-26194,0,0,11c479afbc9197da02f6a4aa14d5718e799cccfb9f0ca6804619eeb622290024,2024-04-10T13:24:00.070000 CVE-2024-26195,0,0,f9685945e615e0cfe189b9bd1c92904f15fea6beba07eb018c4de9659528b4d4,2024-04-10T13:24:00.070000 @@ -256139,8 +256139,12 @@ CVE-2024-35359,0,0,790098a5aa254df92059c385ad6325db39cd91d13b49630a333bac1d583fc CVE-2024-3536,0,0,67ef0d9459ffa6371d38db2913b0c14e7a0dd926c6d86f1aea2fa988c69cefc5,2024-05-17T02:39:59.897000 CVE-2024-35361,0,0,94079fbeae6f3e32a28e0bb042dbf7a904fcf03ef2f5fc193b1b6ac0fc4c26ea,2024-07-03T02:01:38.550000 CVE-2024-35362,0,0,234501ffddb96c378ce0415c69c86b74ffa92255e774ec0584c4ec784483afc1,2024-05-22T18:59:20.240000 -CVE-2024-35369,1,1,6df28d8460fe7b04f0a2efffc7b9a631fe258a88dc12fbb0a17d1341163bedc4,2024-11-29T18:15:06.983000 +CVE-2024-35366,1,1,9b84de888d50ddbd7efcc8707ea3df5f70e05d0c67de0741833ade895b234c7a,2024-11-29T20:15:19.863000 +CVE-2024-35367,1,1,4cf1651bad5e480a4d826c3f8e668cb9c693764d20895a38503f6b2564a1fcb2,2024-11-29T20:15:19.957000 +CVE-2024-35368,1,1,b29911c8c82dc3259e072b942eea7a4d1149791db93f1fecc5fe0708cef54fcf,2024-11-29T20:15:20.050000 +CVE-2024-35369,0,0,6df28d8460fe7b04f0a2efffc7b9a631fe258a88dc12fbb0a17d1341163bedc4,2024-11-29T18:15:06.983000 CVE-2024-3537,0,0,7295965fffde5e283abb275e5228fcf2f24e25d29556dedbad478c14243435cd,2024-05-17T02:39:59.987000 +CVE-2024-35371,1,1,3451d96059fd4d38b9b56c8029c259808886cc489aad6ecd6a8e5b4dc96d8c65,2024-11-29T20:15:20.143000 CVE-2024-35373,0,0,014fa23f7024d690cb16f55fa9fe5c207924e838da0219b265271af9723dff82,2024-08-19T18:35:12.200000 CVE-2024-35374,0,0,aa83a1884752e38a4efa40b8d631e010f03947873314106502ec442b10442cd7,2024-08-20T15:35:14.870000 CVE-2024-35375,0,0,ed34ddd9d512918cc00e937f04fcc44b2e98fec270008373eac869e7c2125c2d,2024-05-24T01:15:30.977000 @@ -257138,17 +257142,22 @@ CVE-2024-3660,0,0,c3c1c3312c8a9566bf9feedf7d8876d18d19f4aa50138300852d5ac195117e CVE-2024-36600,0,0,e7eab002c297c7d5ce5dd570ac3b60c68bd283d5ad8a781f4e7d7381b748121c,2024-07-03T02:03:24.687000 CVE-2024-36604,0,0,ceabd4d65e8e525e1dbe1c2ad39c0fe240ecb352a8c95aa43d6d84024ca2af4a,2024-08-15T19:35:12.673000 CVE-2024-3661,0,0,c42cca3fa75d9e1e2e62908451948484a5d5cca5f29f392158a6d0b59eb829bd,2024-07-01T15:15:17.187000 -CVE-2024-36617,1,1,c18e2eb9b33d632f63d305b3eb6f50e7d6743c0489ab5af161e69fa56de5ba4b,2024-11-29T18:15:07.230000 -CVE-2024-36618,1,1,f1fe269f8119cc1956333354d8d1ebbf16ea9be0fb3347b792a87c6a5e02f274,2024-11-29T18:15:07.390000 -CVE-2024-36619,1,1,d30e29b19403999a360d49eb2b7510653e8a4eeae72cc3067a2b6e14731d746f,2024-11-29T18:15:07.550000 +CVE-2024-36610,1,1,312841435172043d5dd2190cf6b8c2300f7c9822702ef3e5fa4446eac6b961e2,2024-11-29T20:15:20.237000 +CVE-2024-36611,1,1,42465fba5d209a57964c1117a778f054088fdce7482f6b6bd27c3304a10b7c3d,2024-11-29T19:15:06.780000 +CVE-2024-36612,1,1,fdd926ad563891ccb6e110831ad8dd9cdcf5f661c8c399d337246f268066a229,2024-11-29T20:15:20.340000 +CVE-2024-36615,1,1,2f8c6f09c7b5113fafb5a41f7e4cbad94a7ad0500652cf2d1c05a06d469ab9d0,2024-11-29T19:15:07.703000 +CVE-2024-36616,1,1,30073513037d78480eea5288925f8e6f4e5b29c346f1de578cf8c107b66d46e5,2024-11-29T19:15:07.817000 +CVE-2024-36617,0,0,c18e2eb9b33d632f63d305b3eb6f50e7d6743c0489ab5af161e69fa56de5ba4b,2024-11-29T18:15:07.230000 +CVE-2024-36618,0,0,f1fe269f8119cc1956333354d8d1ebbf16ea9be0fb3347b792a87c6a5e02f274,2024-11-29T18:15:07.390000 +CVE-2024-36619,0,0,d30e29b19403999a360d49eb2b7510653e8a4eeae72cc3067a2b6e14731d746f,2024-11-29T18:15:07.550000 CVE-2024-3662,0,0,bf35bc71372b512799f21214c4add2ef96949612530c04611b0774c90b1261c4,2024-04-15T13:15:31.997000 -CVE-2024-36620,1,1,bd940859e3a70ba9f20daee48c18afd5e689ded5655791c03dcd144494e8ab28,2024-11-29T18:15:07.787000 -CVE-2024-36621,1,1,395c2e8d706b3be77e22c8c62abd8cdfeac4ff3d292f427ab7129b4c0bf7529f,2024-11-29T18:15:07.993000 -CVE-2024-36622,1,1,be48e05186f5ac071984ac26618b6189df06db278a956e908f53e3b956f07a62,2024-11-29T18:15:08.140000 -CVE-2024-36623,1,1,5b0927c621a8ce8b7dff6d101236e2659ea986ccf06dc2c525fa93aebc3aee45,2024-11-29T18:15:08.293000 -CVE-2024-36624,1,1,e8da640bd88dfa42ea05f2e9cb3d684e190ff87df1ea3dcec33e639e2148fd61,2024-11-29T18:15:08.440000 -CVE-2024-36625,1,1,7c23d2425847fcff4ab6a41af1e0a7a10f21527b69c1199afaca70ff1a9c9744,2024-11-29T18:15:08.607000 -CVE-2024-36626,1,1,7dca574daa62085fcbacc3d2cfa724a9215be24530b261fdff176e59425b90fb,2024-11-29T18:15:08.840000 +CVE-2024-36620,0,0,bd940859e3a70ba9f20daee48c18afd5e689ded5655791c03dcd144494e8ab28,2024-11-29T18:15:07.787000 +CVE-2024-36621,0,0,395c2e8d706b3be77e22c8c62abd8cdfeac4ff3d292f427ab7129b4c0bf7529f,2024-11-29T18:15:07.993000 +CVE-2024-36622,0,0,be48e05186f5ac071984ac26618b6189df06db278a956e908f53e3b956f07a62,2024-11-29T18:15:08.140000 +CVE-2024-36623,0,0,5b0927c621a8ce8b7dff6d101236e2659ea986ccf06dc2c525fa93aebc3aee45,2024-11-29T18:15:08.293000 +CVE-2024-36624,0,1,0a7b2aae5839929f5368ebe0e8fb0a7dbe600d4804ac108be619ee97ae88a044,2024-11-29T19:15:07.923000 +CVE-2024-36625,0,0,7c23d2425847fcff4ab6a41af1e0a7a10f21527b69c1199afaca70ff1a9c9744,2024-11-29T18:15:08.607000 +CVE-2024-36626,0,0,7dca574daa62085fcbacc3d2cfa724a9215be24530b261fdff176e59425b90fb,2024-11-29T18:15:08.840000 CVE-2024-3663,0,0,aac8884135ebb34dcb3248cfa17d27356201b5565d5879d71d9c52eb44a76d97,2024-05-22T12:46:53.887000 CVE-2024-3664,0,0,69a025fac493e1b730af34edf299abefa2f6b022c562e137962af1b86cd1f7fa,2024-04-23T12:52:09.397000 CVE-2024-36647,0,0,c31e7e6b8080244a2de4852013b2b5eae9e0c7673d9ba9c0d0cbf4624eea7349,2024-07-03T02:03:25.473000 @@ -262663,7 +262672,7 @@ CVE-2024-44302,0,0,8ecfedad59d8a53cf201de7999f2b2a1319aa7dcff5d0590cb4d2b5e11349 CVE-2024-44306,0,0,30e6b62b20cb4827539838b9ad1117b1c4caf5a6a100e3fa44a4d9f09dbdd63c,2024-11-20T16:35:23.177000 CVE-2024-44307,0,0,9e70c08c83168f1b166f0adb0f44da27d930f75021e34e9c4988cb0e1544104b,2024-11-20T16:35:24.267000 CVE-2024-44308,0,0,acc369578912d118b4a89ca8ee5987b89635f4149292d31f719e55be8c103584,2024-11-27T19:35:10.147000 -CVE-2024-44309,0,1,52770843bac18ca9341a93eea8b19ddbef2c8812b70a8cb8a748cb3c19c4c5a4,2024-11-29T18:28:16.227000 +CVE-2024-44309,0,0,52770843bac18ca9341a93eea8b19ddbef2c8812b70a8cb8a748cb3c19c4c5a4,2024-11-29T18:28:16.227000 CVE-2024-4431,0,0,8d95de6ec075320f55907047db89835dd68db45859f7bae49d6625b2a3240b6b,2024-05-24T01:15:30.977000 CVE-2024-4432,0,0,492ff6791a7b1a2e081b9c5249b748792a54b9554ba3a2422039c4bfa6a7bf50,2024-05-20T13:00:34.807000 CVE-2024-4433,0,0,29650c676957862ed8f96380f29298acd09e1ae0c4c0eae7a19f73eb896474af,2024-05-02T18:00:37.360000 @@ -264267,7 +264276,7 @@ CVE-2024-47189,0,0,7d3af50eb7bb8d000bc263107eea64000b2f13c8fe93501539ce47dbaede0 CVE-2024-4719,0,0,5f15010ce3da97593d62bd8e5cbd7e4df0db8fec077945fcbb72e898184ff8a0,2024-06-20T20:15:19.763000 CVE-2024-47190,0,0,c28957383dc3dd3b2a854256bc3acd5f30b8dfbbdad3bc6f637c477d8da8c5fb,2024-11-08T19:35:17.860000 CVE-2024-47191,0,0,2d0ea97c75991dd32a2813bf0ef51251f3610baaa622ce7906ea2e3545fc5ab0,2024-10-10T12:51:56.987000 -CVE-2024-47193,1,1,4117699582bc378455b40481ad0ff7f4e4c60ef41e2b329a76d1749150a1bfee,2024-11-29T18:15:09.090000 +CVE-2024-47193,0,0,4117699582bc378455b40481ad0ff7f4e4c60ef41e2b329a76d1749150a1bfee,2024-11-29T18:15:09.090000 CVE-2024-47194,0,0,0afa0b09ca6b7bbd6bd860b01b5c9153eec47be962883f1807d6c455d470088c,2024-10-16T18:15:04.043000 CVE-2024-47195,0,0,13778db546c78cfe27d2d127a511510e1d599b625eb31f21fc4e65992e2127a0,2024-10-16T18:11:29.990000 CVE-2024-47196,0,0,854c9d23e22c82e5339f8a331c929fb519fa43506b02445ee87a1d94228daed1,2024-10-16T18:07:38.850000 @@ -265515,7 +265524,7 @@ CVE-2024-49357,0,0,6503b40a74a6613085cacc3815bfdb01e01bab8ce0bff54535ea857ed7d26 CVE-2024-49358,0,0,df99e254916c8dff27bc118ecfd140161a54ef4581a6841d720c531a5bf44aba,2024-11-06T15:27:26.637000 CVE-2024-49359,0,0,cc09522176dca55ed443e811571748ebfc3f0f5a4f89d4ec44c17a0a8a645881,2024-11-06T15:27:02.347000 CVE-2024-4936,0,0,51b2c41822c3ce01e84bd55c02328ac3499013d52d632d2af56d406c35d5a658,2024-08-06T18:29:27.013000 -CVE-2024-49360,1,1,2ffb400d9ebd91bfe485575a99d85aa57a0f01e8ea35bd70f12a3403b8614670,2024-11-29T18:15:09.307000 +CVE-2024-49360,0,0,2ffb400d9ebd91bfe485575a99d85aa57a0f01e8ea35bd70f12a3403b8614670,2024-11-29T18:15:09.307000 CVE-2024-49361,0,0,f551e9abf09d421b2a081416ae11d1d19a91d21656c86d2519f1c7f0e281007d,2024-10-21T17:10:22.857000 CVE-2024-49362,0,0,607782a5d34a0bcea667b4613803b3479fadb0d82404a368be33f1da13be2d17,2024-11-15T13:58:08.913000 CVE-2024-49366,0,0,1ea5441e3f8684e26cb3e2ee03927aa37cfc22f8ddf1688cacc08e4a6c38e9c1,2024-11-07T15:15:04.587000 @@ -265744,10 +265753,10 @@ CVE-2024-49777,0,0,314466c2b7b0e20ad6728b0e7432b53a78d87374e0a21437c089e38cdba9a CVE-2024-49778,0,0,b40056776286249c4f0e7d406280c79c53290f21552c8f5c4b72da612431d704,2024-11-15T18:35:36.260000 CVE-2024-4978,0,0,5928c3b846f5437fa931d5f8f8094b6c99b5e796eec27a2a5602f4b07774db40,2024-05-31T16:03:52.247000 CVE-2024-4980,0,0,1d2b61808b4cae121d6a29c34adc83b7ce102dcc100d7578fef807794b8506ae,2024-05-22T12:46:53.887000 -CVE-2024-49803,1,1,30615ba6473270e94c2833aa4649b1ea1fdd0c02316445abe4b259c0a28956a2,2024-11-29T17:15:08.180000 -CVE-2024-49804,1,1,db904ce5f54a262127becc5b1778fbd990ccd03638eda6e11294f8bb498f5cdc,2024-11-29T17:15:08.330000 -CVE-2024-49805,1,1,1d65fbd3e28686a51dafe657852fc38a91c4aa31ee2592d66c88805e48b03e77,2024-11-29T17:15:08.470000 -CVE-2024-49806,1,1,818cac3e93e8176bc5d45c74473e955505275ab8a3e4e80c69e50cc55c82d6fb,2024-11-29T17:15:08.627000 +CVE-2024-49803,0,0,30615ba6473270e94c2833aa4649b1ea1fdd0c02316445abe4b259c0a28956a2,2024-11-29T17:15:08.180000 +CVE-2024-49804,0,0,db904ce5f54a262127becc5b1778fbd990ccd03638eda6e11294f8bb498f5cdc,2024-11-29T17:15:08.330000 +CVE-2024-49805,0,0,1d65fbd3e28686a51dafe657852fc38a91c4aa31ee2592d66c88805e48b03e77,2024-11-29T17:15:08.470000 +CVE-2024-49806,0,0,818cac3e93e8176bc5d45c74473e955505275ab8a3e4e80c69e50cc55c82d6fb,2024-11-29T17:15:08.627000 CVE-2024-4983,0,0,47e5eccd768078063df4e275a1ffdcd617ddbc2b7b8451c89e2e261cf23ec523,2024-06-27T12:47:19.847000 CVE-2024-4984,0,0,9f2b9cbe42298dc633fd7a95b66e0d4fdcec1b53d37f19261bcfa2f1a75e3637,2024-05-16T13:03:05.353000 CVE-2024-4985,0,0,df226dda87642aeec36f0fe802a8cb1e52b5f8e667dcfe00ff42a5cc0d642f7f,2024-05-21T12:37:59.687000 @@ -266102,11 +266111,11 @@ CVE-2024-50175,0,0,1dd04fe7e094a215fa5b2a47ea2eae040e04b44ec6d616bd452f4a4ed1eb2 CVE-2024-50176,0,0,0bad9ef923589f31e0464c96d6ee2434d25795707eba801c32d45ddd11f3d20d,2024-11-27T20:14:34.360000 CVE-2024-50177,0,0,4fb8b3ddb9af9f8a097a514d03b2080fd60587a0766bf44f8281e4c2a563510e,2024-11-08T19:01:03.880000 CVE-2024-50178,0,0,eb6ed4bd84ba259d56915cd99f2b35efefd2f01c043441a7f05771cbd0e57d90,2024-11-27T20:11:52.110000 -CVE-2024-50179,0,0,c4648a1cb0e6158035aacfb89d04c61220618558c59d96ca6f1b6a6c714359cc,2024-11-08T19:01:03.880000 +CVE-2024-50179,0,1,04adec6ece540a01d1ee9288ee8f51f83801ebaf343e3cd445929a412a36c84f,2024-11-29T20:34:14.350000 CVE-2024-5018,0,0,ae4fae87d25d0ffdabf3f24c5b2aeefbd28a66a0c556c5b46ab6064495fdefe3,2024-08-21T16:00:23.410000 -CVE-2024-50180,0,0,f4c303721e730f9a393f439aaca4004ec106f60afc624c423e36e265c2d3fdc1,2024-11-08T19:01:03.880000 -CVE-2024-50181,0,0,bb4c6997ad59bbb97410a6f650ed4dec30e3dc1c6d446601908c086d1d208f2a,2024-11-08T19:01:03.880000 -CVE-2024-50182,0,0,16bf6296184bc3002b7393b9684655e4277d04239189c6f359e716998ded10b4,2024-11-08T19:01:03.880000 +CVE-2024-50180,0,1,cf4c8e6c15b9f741b0c0bfa604d0cfe58a38ee1c257a25fc7ea93d7471cc58f8,2024-11-29T20:35:40.690000 +CVE-2024-50181,0,1,f16eff39b0ab37ef17ea241d14ae52e7fa64bf6e3b7097227844b21199555f5e,2024-11-29T20:36:52.667000 +CVE-2024-50182,0,1,6738925cc907b051baea56f323ceab8cf3bc357791144d1faa6ef6ed966954d8,2024-11-29T20:38:47.760000 CVE-2024-50183,0,0,1a5c85761b67f4951d4aead272e8cbaeeb6fb4ad164fc8c52190afa66b3996f3,2024-11-08T19:01:03.880000 CVE-2024-50184,0,0,cb05ed3cbf4320d0b6539ece765682947c4e4dd01f32eb669ed72a68abce565e,2024-11-08T19:01:03.880000 CVE-2024-50185,0,0,595738e2988b3e2c25066779b5891f8412116ebeed8b468125ac9343052411c0,2024-11-08T19:01:03.880000 @@ -266117,13 +266126,13 @@ CVE-2024-50189,0,0,5d4f496901033a53673f3eb245c0783e3367982581bb1f34ad55281445cbc CVE-2024-5019,0,0,208ddc99e1f67b7d6822e7ee095131f1b9c059678d4d2eeb2b2f9eae704845da,2024-08-21T13:43:03.670000 CVE-2024-50190,0,0,2962a78db58b5eff7333f4f943b026fd8630dab04243ae02339e9f901787f7d2,2024-11-08T19:01:03.880000 CVE-2024-50191,0,0,a6db09c765b7d3d35c26042d26dc5603def4093fc6f320ce46df0d5416572571,2024-11-08T19:01:03.880000 -CVE-2024-50192,0,0,f094a0b99ff5542604e1b792e783e7c7237fcb61e2ca3115600517ad809944d9,2024-11-08T19:01:03.880000 -CVE-2024-50193,0,0,50f904eeb07f25863f05f238144d22e76d3e511a58fe12ad4d5abd0361bc97e7,2024-11-08T19:01:03.880000 -CVE-2024-50194,0,0,c7de65c1763aaab8f315d17fa3d61877cfaeac8aebf218b476edfbf024dbd7ce,2024-11-08T19:01:03.880000 -CVE-2024-50195,0,0,ee6e23f184f82b041e70dd009ccfd73b68b4f1251d93e8bb828b8169f943c022,2024-11-08T19:01:03.880000 -CVE-2024-50196,0,0,f3344a2a383617bb57f8e7b99598da7f3e018b81b0a69d14af792213a5382acb,2024-11-08T19:01:03.880000 -CVE-2024-50197,0,0,59a6be3df417d3a3c55a1bbb45af16915fd95dff36c9159ced00351e34496f33,2024-11-08T19:01:03.880000 -CVE-2024-50198,0,0,3ea33cdf4ab9bb3fd3852a87897dffcacdce0ff880fdd50c45b48b25cf5b6305,2024-11-08T19:01:03.880000 +CVE-2024-50192,0,1,c63addfc8ced2b086c990b79a9316ef60d0c871b32679a650a4651f7c1584eac,2024-11-29T19:00:45.733000 +CVE-2024-50193,0,1,cdcb73db336e1b3804f6930b8d0d72f531d36affe38055af409d00e3eb0e592c,2024-11-29T19:29:23.710000 +CVE-2024-50194,0,1,426419d359b9a48931872d3b17b8f19b6404793a867bd8299ab6d640e9ba5434,2024-11-29T19:33:26.060000 +CVE-2024-50195,0,1,2c6694528987098c90635214fa32688caaf82b9b9d755d386303fc29c6ab70a8,2024-11-29T20:26:50.623000 +CVE-2024-50196,0,1,675ca6a3533eddc8a6d45432592fdaaf1bb5dced0aa110561a6b06a466e576c0,2024-11-29T20:28:53.843000 +CVE-2024-50197,0,1,893b8d49a3c8bfcb1b7ca77d5de84df33485e9af4e3168bdf23d38eaaa3f1acc,2024-11-29T20:33:23.700000 +CVE-2024-50198,0,1,c618d856f80a65c389660bf5305caa4f554130dfdf672d6f63bde935a5b36126,2024-11-29T20:31:29.787000 CVE-2024-50199,0,0,790411aeb1eb3c29f71ef981d65498f2cd8c66850ab6f2c0880f47cb2a5c0da3,2024-11-08T19:01:03.880000 CVE-2024-50200,0,0,39818810e6a92ba66da874110ced722f11de013303f8d602e577eeb9e4e93e06,2024-11-08T19:01:03.880000 CVE-2024-50201,0,0,09a1d2ed13abd2226e3074bd37eb9876228c60757af6992d6779c0487fabffe2,2024-11-19T16:08:36.890000 @@ -266729,7 +266738,7 @@ CVE-2024-5121,0,0,98477bc3a7c67683bd43da705ad15db6f590ce85a12aaf89110d94461e6c3b CVE-2024-51211,0,0,581556a1bd92632bbd04cf9aebe233d1f5e96f417c538ff40e3ed80078a79ca9,2024-11-12T13:56:54.483000 CVE-2024-51213,0,0,a598a44042c959028b27d1b964937a81a14ecccc57789a4658084176eb433102,2024-11-12T18:35:33.433000 CVE-2024-5122,0,0,b102c5894de9c993bdf361c85aa63dd17cb454ea5ed33d3ad3120a6c50356b5e,2024-06-04T19:21:00.963000 -CVE-2024-51228,0,0,ac26ba41591551e7b354eebad63edb6c2e6671b4cadbb1ad2fb2ebaf77cd607b,2024-11-27T17:15:12.800000 +CVE-2024-51228,0,1,294a28aa06aa347fc595d895098cf7c224edf806b9b37339527f928a6a82f84c,2024-11-29T20:15:20.430000 CVE-2024-5123,0,0,c6ee92320f25e8ca50da0e044240269e2ddcb04724d5d630d165dc261fdc83ba,2024-06-04T19:21:01.063000 CVE-2024-5124,0,0,ddf4d98394e08878019bd952c44f2cfd27f047274d82fb0e14f997780f16638c,2024-11-04T11:15:06.937000 CVE-2024-51240,0,0,7445c6ba47df36c0613eb4cb1195b6f0f9ac8d38ec29d4a0f09a129257d8d4ff,2024-11-06T20:35:34.963000 @@ -267262,6 +267271,7 @@ CVE-2024-51998,0,0,19a2e1052c10533bdc1ed034b91b5ec816f585536da2e947441dab97cd0af CVE-2024-52000,0,0,53607fd920c5e6c0c523f59cb394de5d5c634c469499e12c0f4cb198af2d27c3,2024-11-12T13:56:54.483000 CVE-2024-52001,0,0,ee27726a1c73b7b7f6e5760fe3ce79bb84c8b16431699361ef4c426b16c2de6e,2024-11-12T13:56:54.483000 CVE-2024-52002,0,0,c00913d7259c42a7cc8354350f7a82513ce9d83d7bd5962c00b4cf14c2a1047a,2024-11-12T13:56:54.483000 +CVE-2024-52003,1,1,547d974ce5473fbdc586b143bb803661fb6b34d9b6c117ffda49ea4ee4b6165e,2024-11-29T19:15:08.170000 CVE-2024-52004,0,0,5fa07d0a35480bd23f86ea684f2a0f66c5e4b9b2bf1fbc1961b6e8f9dcc625fa,2024-11-12T13:56:54.483000 CVE-2024-52007,0,0,9b9844f37c4a4c3cef932fa358d8594e2305c52695217b7622048372b9ab612f,2024-11-12T13:56:54.483000 CVE-2024-52008,0,0,262060a233ecffd7ebab469c10cac8fdefe6653fedfb294b7540834b512d5966,2024-11-26T19:15:29.583000 @@ -267583,20 +267593,20 @@ CVE-2024-52755,0,0,201980ce6d3d391174749cb677e5eff116245b0c1dc48789b3b9b50b5ef85 CVE-2024-52757,0,0,6a532c18cf38d202abc15a627e9192ed6d4c483d87e76d03918e63d2f51dbf79,2024-11-22T17:15:10.150000 CVE-2024-52759,0,0,efd0fc3be433f7896365088928907f2feb653062abfc384aa04c2ee4da0825f4,2024-11-22T17:15:10.323000 CVE-2024-5276,0,0,b98c8bf623aeff1994feca32cb34066ea8ef6a81fb35099972c112f59613dd44,2024-06-26T12:44:29.693000 -CVE-2024-52762,0,0,2da142212af1f3c370b1753b9867e2dc76148c3ba2e7239c746267d4ce514522,2024-11-20T20:35:17.280000 -CVE-2024-52763,0,0,c5573017d062db00f6bed25c6759761baf5200224a59e32fc8cc1b829343cac2,2024-11-19T21:56:45.533000 +CVE-2024-52762,0,1,0ba93538cdcceffbc2ce711add8a68aa6535f792ec7a07bfa4c816b008d21953,2024-11-29T21:00:39.843000 +CVE-2024-52763,0,1,bf728b5a47dd0413d8210dc0bce8f5be7122657bdb084f64d14e2b08f6408d30,2024-11-29T21:00:47.937000 CVE-2024-52765,0,0,215d573d92d5d4ab707e8db266a06400b9c1cb39b63c86b9575271eef3bcc4b8,2024-11-26T17:15:25.557000 CVE-2024-52769,0,0,b6cb45d7326db7c74bf072246ac67a1dfffc75d7966f0886ca77640876da3fd2,2024-11-20T17:15:19.907000 CVE-2024-5277,0,0,c22b3e398c55d24f660b1a45a3310a9c6b0abef458e72374f87af318fc09202a,2024-10-09T14:49:25.753000 CVE-2024-52770,0,0,7aa9649a9670c716ce311ac92684885a9b795e1a2574f48cc59bb70ef562262a,2024-11-20T17:15:20.200000 CVE-2024-52771,0,0,57831cc0aec212fa9f5452cd5864fd9f742774698e80266ca54ea858d750ac1e,2024-11-27T17:15:14.017000 -CVE-2024-52777,0,1,64e7b72fe32cb4968a962563d856a2231056c89633c94757ea0dfdf732e2b8c8,2024-11-29T18:15:10.153000 -CVE-2024-52778,0,1,0d7c141afc6542521f20f345782c189938c8dba8da3d966c743f9aa38022b330,2024-11-29T18:15:10.380000 -CVE-2024-52779,0,1,91f1c0161a891b11086a5b7fbd1f678ee80532934636a4e9c82a724641b59b86,2024-11-29T18:15:10.597000 +CVE-2024-52777,0,0,64e7b72fe32cb4968a962563d856a2231056c89633c94757ea0dfdf732e2b8c8,2024-11-29T18:15:10.153000 +CVE-2024-52778,0,0,0d7c141afc6542521f20f345782c189938c8dba8da3d966c743f9aa38022b330,2024-11-29T18:15:10.380000 +CVE-2024-52779,0,0,91f1c0161a891b11086a5b7fbd1f678ee80532934636a4e9c82a724641b59b86,2024-11-29T18:15:10.597000 CVE-2024-5278,0,0,f0307415163f20adf37f2c92a0ed4578caa6aa4e699bedaa3aae52fa3124b77a,2024-10-17T13:56:49.813000 -CVE-2024-52780,0,1,82042deefad98949145c91480a3b4b87d93998db4ccaa8b2cdd3bfbc559eb4fd,2024-11-29T18:15:10.813000 -CVE-2024-52781,0,1,b6bc04ad7551ed5a2221d9ceaa743bd51bb14324b0257dd4645857a44bf4aee5,2024-11-29T18:15:11.050000 -CVE-2024-52782,0,1,f43b2fcf8a8e0966ecd1f28ecad14edd08283c02970f2952246fb8ceb6300812,2024-11-29T18:15:11.313000 +CVE-2024-52780,0,0,82042deefad98949145c91480a3b4b87d93998db4ccaa8b2cdd3bfbc559eb4fd,2024-11-29T18:15:10.813000 +CVE-2024-52781,0,0,b6bc04ad7551ed5a2221d9ceaa743bd51bb14324b0257dd4645857a44bf4aee5,2024-11-29T18:15:11.050000 +CVE-2024-52782,0,0,f43b2fcf8a8e0966ecd1f28ecad14edd08283c02970f2952246fb8ceb6300812,2024-11-29T18:15:11.313000 CVE-2024-52787,0,0,f0be565609d1e673f989f286ed2b83aaf7115a7b1858a856c2ab7b57c986e03e,2024-11-27T17:15:14.397000 CVE-2024-52788,0,0,4abe1fd7690362e0e6e7183fadbb1999ee1afb82444324d21e730957cf5066a2,2024-11-22T17:15:10.490000 CVE-2024-52789,0,0,f640d56967c5320ac75d58f4ec0e813038d23df15a507a7fb489e9968905a84b,2024-11-22T17:15:10.660000 @@ -267604,9 +267614,13 @@ CVE-2024-5279,0,0,2c6d1e53ece85fba55c2b83835d7abf75ca4da167ddbecc0aa984e59d469dd CVE-2024-52793,0,0,0bf635877e4ed12608107333336dcfd2b6a54401c02c3262c9d2babe5054c5c5,2024-11-22T16:15:34.103000 CVE-2024-52796,0,0,c4bd427fdb738f1679f0a9210a59387be5f22896c83df074062019be41d6dd7e,2024-11-20T17:15:20.953000 CVE-2024-5280,0,0,86594c27d113c80fe7aa0a775d64720f8f3d823c49f62206ae5f1ae12a324b16,2024-08-01T13:59:43.187000 +CVE-2024-52800,1,1,33614182cc9b4d3349a9904c03846eec72212dbb8490ca45f9ad64e956176494,2024-11-29T19:15:08.713000 +CVE-2024-52801,1,1,d525f21f1148c8de036d0ddf88b67ee0013549964accf061ff9bd87a44f68775,2024-11-29T19:15:08.890000 CVE-2024-52802,0,0,ff357ae423b4185f6e8528f29c93636cc2249c9e015517449516a4f8158b5ed5,2024-11-22T16:15:34.283000 CVE-2024-52804,0,0,8f245cf45089b95fdaaac467eb0e4e1eb7afae864da129b7e5bc629b398d8ade,2024-11-22T16:15:34.417000 +CVE-2024-52809,1,1,989c6fa478d553e2d01696ef3757f80543cb54fc9b37563f1acf5b5911de0279,2024-11-29T19:15:09.030000 CVE-2024-5281,0,0,d8e0f0c592f3cfcf36fc66f961b905d6afba3d53af3789e65e13042755c0a3cb,2024-08-01T13:59:43.367000 +CVE-2024-52810,1,1,72dcf4c0c2683dd3fe0322cd1ee30a3ed4e5f334c6c81826d75b9f5c61e14c8f,2024-11-29T19:15:09.163000 CVE-2024-52811,0,0,d732a17bde6f16ede8be31f96ee410aad0e3e114ed23b65cb7e34c8157552b5c,2024-11-25T19:15:11.567000 CVE-2024-52814,0,0,05155b182462de438f0b1b6215658fb7f90ef7f2af8e5a0e3c447f1976037015,2024-11-22T16:15:34.553000 CVE-2024-5282,0,0,d02e51c4b0ee276cbc37162ff12b0d5f63d5cb6622dea90c00e2302f02b5f264,2024-08-01T13:59:43.553000 @@ -267772,6 +267786,10 @@ CVE-2024-5347,0,0,16093735dbce016cf2430c73a4d8045f77e47434e1c219ace83416138a28cb CVE-2024-5348,0,0,bc3d8d1f3668d1fc879553d2a82a62e6b9980757b64bfd9f1d5fdacf853f73c6,2024-06-03T14:46:24.250000 CVE-2024-5349,0,0,095035450c60a13c08898917421d5656b2399179b1253e40806dcf47c3a4d9f7,2024-07-03T15:44:23.807000 CVE-2024-5350,0,0,8440f1aab6c7debe55a047353772f60d1de30f1b1b7f7fc13c3946381d3b4f12,2024-05-28T12:39:42.673000 +CVE-2024-53504,1,1,7b94acf3236703c440799d7cea37ecf926431af8ccfa327a5bdac99daac96a25,2024-11-29T20:15:20.763000 +CVE-2024-53505,1,1,a48aa2a3f2b02e57c4384e6ed488ff8a0bd7c8c19b15bc8f8b5a06a4955c7a08,2024-11-29T20:15:20.853000 +CVE-2024-53506,1,1,ba2e698ad390074012b311e33d17d473f0ae54b1e9303f2625175edc4f7ce59c,2024-11-29T20:15:20.943000 +CVE-2024-53507,1,1,c5e946052b7a1eef03672c0a3197d790626776dff0c07041d5c8e1cd1640a81d,2024-11-29T20:15:21.027000 CVE-2024-5351,0,0,5b3be503117b69cfbfdb88b1fae31317d85f3a58c24bc4f082dcbe98687cb2c4,2024-06-04T19:21:05.570000 CVE-2024-5352,0,0,da1c4d8b4e23dadce106da9517801ea125925e8071854aa14e0650ba3020a2bf,2024-06-21T18:15:11.303000 CVE-2024-5353,0,0,525ae1f28e269a2f910a2998894d881f94e776efad76469271fac08c213e4cb6,2024-06-04T19:21:05.680000 @@ -267829,26 +267847,30 @@ CVE-2024-5383,0,0,d150bf26fb35d2a14ee1eb4bf942c0bdbcc9199cee0de8b154db204bf6e235 CVE-2024-5384,0,0,73e6d40ec5d3477f7ae6e5e9fbabb11a01cb879f05dde3e0d9f2c2760497516c,2024-06-04T19:21:07.913000 CVE-2024-53843,0,0,fb790ea92e56bce04d8543f109eb747d943f316d3eeab0b48f576ddbb2ed9eb5,2024-11-26T00:15:07.430000 CVE-2024-53844,0,0,f54d4575fccfa45cb1306e55e04ed154008d30b320d65227acd00b96c54e3472,2024-11-26T19:15:31.463000 +CVE-2024-53848,1,1,4943d65b2b1e25705325ac81d74abb04005ec4fd6d8cb031814f1f81e80b88e2,2024-11-29T19:15:09.290000 CVE-2024-53849,0,0,7af089348f539339d95898472d9d3628c7f064721068fcc5bf049d36df5b9760,2024-11-27T00:15:18.223000 CVE-2024-5385,0,0,5113296fe5b95e2ca5ffa573f35631b642d4f934e6e56cfebf21d51c8e50ce86,2024-05-28T12:39:28.377000 CVE-2024-53855,0,0,3b7a475c32d1d09fe2eb4189fd1d6fb7d653d88d8eb34139f0255f4c5d06f551,2024-11-27T19:15:33.563000 CVE-2024-53858,0,0,6c64b7a629ccdbeeaa44425cb24892d67f2dbeb5f6725b97741be6047ebd2567,2024-11-27T22:15:05.520000 CVE-2024-53859,0,0,4facd2b494aef0ff73beaf08d6d1ca6f6f9ab5c48842cb7bed7f8b39e94a454f,2024-11-27T22:15:05.673000 CVE-2024-53860,0,0,f686ec46a02a9bc4a804217b41a7af4658fb7390d2c722028f65e08a7a2b5414,2024-11-27T22:15:05.833000 +CVE-2024-53861,1,1,a65f03f3f651364136c909e8ecc868a7d260812665c52bd4fa163e7f079f01ea,2024-11-29T19:15:09.433000 +CVE-2024-53864,1,1,5333aa1d756baa8b2b2af9d321f1e4bf84fee7810b77a54afa507c359fe16403,2024-11-29T19:15:09.577000 +CVE-2024-53865,1,1,4a38354939a410a34cc87939fb2218794cb79b60b95dc7b6ebed34b8c98c2e76,2024-11-29T19:15:09.710000 CVE-2024-5387,0,0,d7455745fd4e2043656d894120ace9fd562ab2b459405f5c80fb87774616ea6e,2024-06-03T19:15:09.500000 CVE-2024-5388,0,0,88068f2d18329bc2e1ad4660154ccfa55826fed94a4e1660b5757c6715c273a8,2024-06-03T19:15:09.557000 CVE-2024-5389,0,0,f6aaaf23dff2a1d7f90a7950cdbb76e8322ef8c0ff1bf8f6173fe4634d169b69,2024-07-09T19:15:13.853000 CVE-2024-53899,0,0,ca94e39391001349829a2f872ca5d1d0c6ef0f2f07a2a901a4f8c2f87ada266a,2024-11-26T18:23:09.517000 CVE-2024-5390,0,0,577e03013c579fd5ea5c07b95a092cd4d32be3fa4130d25da9e61ffe468007ab,2024-06-04T19:21:08.020000 CVE-2024-53901,0,0,52cbcc170c451b305e90c5f0e2a88558d86a9bc5446c93579e76a9aa43a0081d,2024-11-26T19:52:01.653000 -CVE-2024-53909,0,0,0cc1acc764218c2cb52cd0a51a4c5a586232eafd17e1fbcd3dd59fcbec94b8eb,2024-11-26T16:15:19.210000 +CVE-2024-53909,0,1,f496b480d61110aca5ba4afaa8506ac48e157eddeacabdc9f46723c429d54992,2024-11-29T20:54:47.700000 CVE-2024-5391,0,0,a7c29f93c1b76aed47351138468a6c5b251b9f9a4ad39cf688118719a36ed1c7,2024-06-07T20:15:12.687000 -CVE-2024-53910,0,0,8e680173798cf8aba57b99387a23b6a832549a64c0d41791ee255a5fdf770d81,2024-11-26T16:15:19.597000 -CVE-2024-53911,0,0,cdd0edaab936c66ec39c290bffde6254b84091c4fb08fa4a5eeced1ab8862e2e,2024-11-26T16:15:19.800000 -CVE-2024-53912,0,0,e6fb43b2737cbcef51e1f874439414b1eb4c2f7a8143f7711c40052685e1c8e1,2024-11-26T16:15:20.273000 -CVE-2024-53913,0,0,db26b2b1e2298beed3b0db25806c1bedf5fbe7d70658f946838e985da0217084,2024-11-26T16:15:20.480000 -CVE-2024-53914,0,0,99735abb7c2ed42da934a1a9995a70c9a86da0f5e52dfc853c7764c9915f1f97,2024-11-26T16:15:20.700000 -CVE-2024-53915,0,0,2b435e6209b4777d69d6b127cd04d8b412034b2878f2216636381cb24425f30d,2024-11-26T16:15:20.943000 +CVE-2024-53910,0,1,b42cc0f8352ffa3f12c2a867329f0f66efd78292ca02cc30bc8a41459e9297ac,2024-11-29T20:54:55.080000 +CVE-2024-53911,0,1,7b75124c4de0e1dec78550d56f66099b6b64e5835d2cd608b69ffc2c6a2f62d8,2024-11-29T20:55:04.683000 +CVE-2024-53912,0,1,1f4db0332861ddc3d21771f81e88e64303e6668de99899f3afc95f8e7d972622,2024-11-29T20:55:13.483000 +CVE-2024-53913,0,1,f29eb48b3cfa8a7826d6fe7adbaf2bce87f89a85e25f58c699946a9277a37df3,2024-11-29T20:55:25.543000 +CVE-2024-53914,0,1,e050babf2e1b2fa263009de5875d826c83245812f4e7813c8d122d68332fd2a8,2024-11-29T20:55:35.293000 +CVE-2024-53915,0,1,4605c52b83221ae0e3cdd10a9aad63d660542ba26783410343eed38f4ba2ed72,2024-11-29T20:55:43.810000 CVE-2024-53916,0,0,8b397b00703240f42bfc4c720e49d6f6e4984c2220fee564d2c3c72e3311b723,2024-11-27T17:15:15.127000 CVE-2024-5392,0,0,b24872fec717fdd1d01c0a9d16cd8dae85d0db85954b236e74ba95a5e5c8352c,2024-06-04T19:21:08.117000 CVE-2024-53920,0,0,d20c3dd3d3a0856cc626272b3d8ad44701e7a3636060e73cd0d1d84df2576a28,2024-11-27T16:15:15.037000 @@ -267860,7 +267882,10 @@ CVE-2024-5396,0,0,d0f735b85e524715ed1861b804d3fb37a4720102a88b42bc6f1eec50bfcc09 CVE-2024-5397,0,0,79c82f6af34f5d76edc0fe512c9b3e616bf4c7ca15c122380ba9806c73a591a6,2024-06-04T19:21:08.733000 CVE-2024-53975,0,0,db2852f15c06d19ca698273a0c2e6819bbf9c83aca00ef4837eb933aa4601eda,2024-11-27T15:15:26.923000 CVE-2024-53976,0,0,8d5f56cf46e847394bbb16bbccc754e64a340211b5713f291e4e6fbe540b2487,2024-11-26T16:15:21.430000 +CVE-2024-53979,1,1,daaf571bfcfd25ad5803f97558dcc6ea565a6375b17d8bed4a6f9cee29769cb2,2024-11-29T19:15:09.847000 CVE-2024-5398,0,0,1fca9edd99ff7753e0d36d6f4d73a5a23ccf8ab9dd992541f79488471e393289,2024-06-11T10:15:13.690000 +CVE-2024-53980,1,1,f2c4b71c263d54957f07bea69df75ebb3d992381d97f959d8cfdaa259a929ae9,2024-11-29T19:15:09.993000 +CVE-2024-53983,1,1,53274ba64b5204fbd988c3ba5170f84dc187572b2bad72061a88e06a87cfa81a,2024-11-29T19:15:10.137000 CVE-2024-5399,0,0,6f591a4ee360dfdb4118262029ef6ec2f3647ffdfa160e81ed9cdadb88ac0f1d,2024-05-28T12:39:28.377000 CVE-2024-5400,0,0,094967d50b5003fa8a1a95a7cd40ccdb2300c03695bb818acf6e11d6054c6ffe,2024-05-28T12:39:28.377000 CVE-2024-54003,0,0,2506866a989efaeab3da1a8a5555a804f26e4215f0a647f04a179f236368dfb1,2024-11-27T20:15:26.133000 @@ -267876,8 +267901,8 @@ CVE-2024-5409,0,0,cf17c00e2696039626da2501323bb63130e64564f7c70e2680f61c8296b748 CVE-2024-5410,0,0,33a5ba9b12c1e74f0aa24bc0d8928f8ff241dde36fed372d790c69ac128b19a7,2024-06-10T17:16:34.350000 CVE-2024-5411,0,0,6f38aadf376ed626f84103b80eadf7d4a3da9be020ddcb9fa408be6d4c8307b5,2024-06-10T17:16:34.440000 CVE-2024-5412,0,0,5e7f5482cbb5bbe521f2cd5ff48f80c18806840859b33baffa51a21bf41b87d8,2024-09-06T18:07:43.940000 -CVE-2024-54123,0,0,272253f66f81a9da9c93725563b0d10a5b42d4819ed6396847d047f0f363865d,2024-11-29T04:15:03.940000 -CVE-2024-54124,0,0,5a8988f44658135a9a17a6de4f6f04a577ef9dfd68bf1cdee53282fc0a7015b2,2024-11-29T04:15:04.113000 +CVE-2024-54123,0,1,adb9d810678343393bca99901a3c1b47719ef78df3ca8f4e2f7e11c7b4e0333a,2024-11-29T19:15:10.287000 +CVE-2024-54124,0,1,d93261f0be0c719ea94f116c38fdd88edcab344178e1fea1cd1f60fbeb46997e,2024-11-29T19:15:10.443000 CVE-2024-5413,0,0,b448c8c4fee794a9903e33e6c17f07ddeb3dd7c0bc677024b75809ef047d2c8a,2024-05-28T14:59:09.827000 CVE-2024-5414,0,0,08acc305e6c9bea4a9589fa3dba157ea62649fb0f8c0ee74aad6ddc09386f1c2,2024-05-28T14:59:09.827000 CVE-2024-5415,0,0,d8ba178a70f3cfb2a3911a07d12ef045cc2ca261b5b8d85db5edc9c9636eef1e,2024-05-28T14:59:09.827000 @@ -269134,11 +269159,11 @@ CVE-2024-6814,0,0,de17dadc03a3a7b793b54f2a6cb99adf9aac2d3ddb1fae1587e0c4f510c1fc CVE-2024-6815,0,0,6507021e6a1c22d5db4cd218e87c50419a6b4cfd9d917ac6233f4e1a335890c3,2024-11-22T20:15:12.130000 CVE-2024-6816,0,0,818edf56f3e4478c42879c68c446767ff7cef181798ba5cf4248d98c3fec9996,2024-11-22T20:15:12.243000 CVE-2024-6817,0,0,3f6972e4fa5e75377694724e6a8b3ebca6f73976bc617501662f16096abb3f0c,2024-11-22T20:15:12.367000 -CVE-2024-6818,0,1,0eedeae6370434feeaeb3077a95ee64ca32cfb8805b5270fc0d181a3ea595e28,2024-11-29T18:24:59.937000 -CVE-2024-6819,0,1,861769e6bf059192518c3bcbf3205a1760078c90ab6b55f0cba52dbb4f181e0b,2024-11-29T18:25:32.827000 -CVE-2024-6820,0,1,727cd1d0020a6821562720981c796a5e4665aac672660f319ada1162d18a0ed3,2024-11-29T18:25:55.430000 -CVE-2024-6821,0,1,fa16de4c649fbf5617c0148fe26dd343be6174da96e7e81df60a99061d693da9,2024-11-29T18:26:30.487000 -CVE-2024-6822,0,1,0efed4213ee6fb42d3e5ca61e43018232d4c8da40b8843d8737b00514e2859aa,2024-11-29T18:26:48.817000 +CVE-2024-6818,0,0,0eedeae6370434feeaeb3077a95ee64ca32cfb8805b5270fc0d181a3ea595e28,2024-11-29T18:24:59.937000 +CVE-2024-6819,0,0,861769e6bf059192518c3bcbf3205a1760078c90ab6b55f0cba52dbb4f181e0b,2024-11-29T18:25:32.827000 +CVE-2024-6820,0,0,727cd1d0020a6821562720981c796a5e4665aac672660f319ada1162d18a0ed3,2024-11-29T18:25:55.430000 +CVE-2024-6821,0,0,fa16de4c649fbf5617c0148fe26dd343be6174da96e7e81df60a99061d693da9,2024-11-29T18:26:30.487000 +CVE-2024-6822,0,0,0efed4213ee6fb42d3e5ca61e43018232d4c8da40b8843d8737b00514e2859aa,2024-11-29T18:26:48.817000 CVE-2024-6823,0,0,1e2d1c8757819689d6550f5aeeb754dc03b20b4dd91487b47d8b2bbdb01a8e63,2024-08-13T12:58:25.437000 CVE-2024-6824,0,0,2b5b10cc415939a34f32e5b37be54f877a179f9144de8a5e8476b884ab80faa8,2024-08-08T13:04:18.753000 CVE-2024-6826,0,0,abddedb129e27da630545079500556677df6390a29a7544ea32b991f1e68fa19,2024-10-25T12:56:07.750000 @@ -270709,7 +270734,7 @@ CVE-2024-8720,0,0,2f0e821428fb20df24eeb1115d6165ec35266f54d9cfaa09a98cadbec3449f CVE-2024-8723,0,0,730229d7deadc7b514e5d898656fee12ba111958411cb7eec6e86089a429ce7e,2024-10-02T17:00:23.603000 CVE-2024-8724,0,0,41e3dd453fbe3c0072e7ab470e5d529ac122f059bb60a2be671564b989c49676,2024-09-27T15:56:00.073000 CVE-2024-8725,0,0,bda4a6515a704fa51f2d759f535270e57676d8c1b87d3a5cc5dc6f9e3d99ebf6,2024-10-01T14:16:42.727000 -CVE-2024-8726,0,0,0345452338a158fa01c96af5ebb22f409ba75fe205cc5596278e081210a150a5,2024-11-20T07:15:09.580000 +CVE-2024-8726,0,1,576ba4982f4dcb9927e3dea296f260d0b31716526d20c03d0c73c7835b326f41,2024-11-29T20:59:02.697000 CVE-2024-8727,0,0,cb79e2fb4f4e8ddff2e3cdbb1cbb30b7c8fce0689b3d497e10ebbff2e74dd2da,2024-10-04T13:51:25.567000 CVE-2024-8728,0,0,d061a0a3e4a793bdc334c9b032908af2152405a24e9b06b2723d960e58ba5c92,2024-10-04T13:51:25.567000 CVE-2024-8729,0,0,d5e2470679c3739002ae67f8937e40f51aaa077d58da9fcd25b709dc6eb342aa,2024-10-15T13:40:37.917000 @@ -270792,19 +270817,19 @@ CVE-2024-8821,0,0,ae151ee0d4e66a38e1f953a2cb9ea4ca6988ec553e5f5170989052d93bb257 CVE-2024-8822,0,0,a61b4cb8c6aee1f5be80cd3b5032f2305f85bca0bf17e2e56b4eda9d422d7d75,2024-11-22T21:15:20.470000 CVE-2024-8823,0,0,adc9090f6175b10dd86864237a283448073ad2580380ddb2e56ede96b2c41cdb,2024-11-22T21:15:20.583000 CVE-2024-8824,0,0,f51c50e2d27567217553c8b3618880c98307c7f5a4ab0101d5b5f492a5fb59fa,2024-11-22T21:15:20.697000 -CVE-2024-8825,0,0,3b31c721e38b33abb5cdf1ee3956606bbc1c6a1733fdc196e3a2f30ced67be2b,2024-11-22T21:15:20.817000 -CVE-2024-8826,0,0,e7e9d6aa0f1fd1d6b4d352ee0856a561e8a5871a5be4c68853dfb557498f8fb9,2024-11-22T21:15:20.937000 -CVE-2024-8827,0,0,622974cbae0d97a5ab75702fe787fc408df169ef3015f97cf1de3839c6a908fc,2024-11-22T21:15:21.050000 -CVE-2024-8828,0,0,b438dadbcc55f0f1c02368e3c38c5805fa2082c923a15d8f5532d596aadcc176,2024-11-22T21:15:21.167000 -CVE-2024-8829,0,0,01b69a1937004d144da5767dc372bd20a47eb2964b16cece3ba9014599227437,2024-11-22T21:15:21.290000 -CVE-2024-8830,0,0,554c2d8806d33390e1d7303407e6216e13607d49a8f1fb2fdfcf743d8858b25d,2024-11-22T21:15:21.410000 -CVE-2024-8831,0,0,e153c7c27d679c09293c1200749a6159a720f5930bb384bec3bc264b1de12602,2024-11-22T21:15:21.530000 -CVE-2024-8832,0,0,7882181a50eedd3d5207f08c53dc335f892f1d6fa36eb7de9341283890cfb601,2024-11-22T21:15:21.647000 -CVE-2024-8833,0,0,b38dbeefabc6d72630098e839a1794bc6e35bb99b6d75a2e0e92f58728342d33,2024-11-22T21:15:21.753000 -CVE-2024-8834,0,0,1a417ca1244ff741b2ed03e4fce22dcb386cae107f703c48271934da3672656c,2024-11-22T21:15:21.863000 -CVE-2024-8835,0,0,3f706b3881546b7e2afbd61cb70918a5eafc66d196c2fa5e2765a15b8d8da01a,2024-11-22T21:15:21.983000 -CVE-2024-8836,0,0,74751ab41988e9fbe48c39034254496af5b7ab85817c766c5ace4654bc1f06a9,2024-11-22T21:15:22.103000 -CVE-2024-8837,0,0,0e5d0469f09e98889f2d99b189461c49337e05c7ca4b2a24255ec6d5e89d6b10,2024-11-22T21:15:22.210000 +CVE-2024-8825,0,1,386facc7f478cbfcfa85ec990ba31bcaed7eca7d9ceff17e6e15478683dda148,2024-11-29T20:20:44.863000 +CVE-2024-8826,0,1,f4e52980884276b4d0670106e2ba49b1b78815b10ae4ced581158a7b704c52a8,2024-11-29T20:08:47.553000 +CVE-2024-8827,0,1,61f5eb5ff8ecf0faa7db8953d296c535df6bfdf7ae19ad117bcc6010c4727fb8,2024-11-29T20:20:34.137000 +CVE-2024-8828,0,1,d559c62077bcc610b766063a624f7c16b8a43274948124059b52f21bf839a580,2024-11-29T20:20:25.293000 +CVE-2024-8829,0,1,0b00b0056fe9202481efcc7dac8f714f1666f6a79039f86654dd08247a4c1ca1,2024-11-29T20:20:01.307000 +CVE-2024-8830,0,1,a3051a23e2e7cc11dfa7f2c928b555d6212575353d95198002add0e62a8c43f5,2024-11-29T20:19:22.237000 +CVE-2024-8831,0,1,1ac38d02ba72d0682f55168d63a034b50c7e2f3bffca78dd0c510a840391f85c,2024-11-29T20:19:09.460000 +CVE-2024-8832,0,1,abc35d7e3f3c88d08da905867049c542ddba9c4037a0e6f7e3cbd2e9a3dda073,2024-11-29T20:18:52.840000 +CVE-2024-8833,0,1,f531ac3549fd3b7afcb3c76073ac4d456c85974c9921faf6f518b95dd23716cb,2024-11-29T20:18:39.087000 +CVE-2024-8834,0,1,ccf3b1cbd9b873f9e8f2c6c9b25ea0d55c495129845f242b63c5f3111f065fc7,2024-11-29T20:18:18.010000 +CVE-2024-8835,0,1,ac7088e58560f5b8a53a89d7053ca91953fa04c930410cf78b9450022c4f09c2,2024-11-29T20:17:52.063000 +CVE-2024-8836,0,1,79e7b0ebef3f34831f5721ae680df12c7c8fda724633587fb2447905129a1385,2024-11-29T20:17:29.823000 +CVE-2024-8837,0,1,89e656db04439e6a29296845420167328da47c051242908b0604e6fd8193f958,2024-11-29T20:10:41.130000 CVE-2024-8838,0,0,e676463d3f7f0a87971635160e5f6d89ae25b12ed9d7c1e6f9c006cc6f501b53,2024-11-22T21:15:22.317000 CVE-2024-8839,0,0,2acbb4e8a6b1624d1785c0132d951382284f4d937031ff128ac25b7244df8702,2024-11-22T21:15:22.427000 CVE-2024-8840,0,0,bd5b89e0d8e6d7cd1adbf7994707d06af9e474015537950245cf092af468c08b,2024-11-22T21:15:22.537000 @@ -271098,20 +271123,20 @@ CVE-2024-9239,0,0,d86a5771a66b30aba935030c74b5d361f6c7cbe3962e519bfa6ec1487c74b1 CVE-2024-9240,0,0,64e490409dd599c74da5a2492515b43ccd4793b118bdb242162550231e348320,2024-10-18T12:53:04.627000 CVE-2024-9241,0,0,6c5cc70c23164aeead7a2ffa985d7e69869a7cd0428a8503a9e9f624c0c87b24,2024-10-07T18:51:20.950000 CVE-2024-9242,0,0,2931ce38d642cfa320383051a5a41609f3e037ff0fe51760f16b233825fad051,2024-10-08T16:26:06.147000 -CVE-2024-9243,0,1,efe629b032da2f4badecca644d5a5748b1ffdd47e90f183569a752e0108554d5,2024-11-29T17:28:22.387000 -CVE-2024-9244,0,1,df8aa4c19a67397a9ff7f5b85a4fa3648e38d1b6a86fc8996da24738930d1a67,2024-11-29T18:21:36.713000 -CVE-2024-9245,0,1,82b5da406f863e1ff102b7364cdea6dd249d70cd4fc12286d7c5af7ad5583971,2024-11-29T18:21:03.150000 -CVE-2024-9246,0,1,effe98462b60788309b8c10d4195fef661fee9259252be624b02e8d0894434dd,2024-11-29T18:20:40.157000 -CVE-2024-9247,0,1,e95fc330f947ad4abed8a22af06f7cbe17d7518db4d7c495c6272e8527b42c21,2024-11-29T18:20:25.970000 -CVE-2024-9248,0,1,5d36f3121d509c6cd193b5d837ea5ca02cb0a83c5b9c24e166b95c3632f75011,2024-11-29T18:20:16.670000 -CVE-2024-9249,0,1,d25528c602535b913675d238b8aa6677004e25291c93d0704b7d1a8460492629,2024-11-29T18:19:58.630000 -CVE-2024-9250,0,1,9d390cb3704d8145c60396028ad9fb23b13570263a1443f5d31fd04dda36dfab,2024-11-29T18:19:42.407000 -CVE-2024-9251,0,1,44d4ca2a5e05156edf3ca82f2346b42f349fd404efa5324a9e3e656d284b1752,2024-11-29T18:19:25.770000 -CVE-2024-9252,0,1,2680d86674472b52996e153453f6af0dfae4363b585ff92bc8545e881a370260,2024-11-29T18:19:06.727000 -CVE-2024-9253,0,1,8deb45874f368402d2e8267bdd80d22218d667a369f413173fc1bab2f02e0c8d,2024-11-29T18:18:32.773000 -CVE-2024-9254,0,1,5cf58c6ed253aacbd7d68cb5d7eda5d2c4c673bd66d6e0f12b8ab7db9807b96f,2024-11-29T18:17:31.663000 -CVE-2024-9255,0,1,688775b632124e822bb9426bda046e8f6f29595c6213534ab3930935af218df7,2024-11-29T18:17:15.040000 -CVE-2024-9256,0,1,3cca80ad6510af9986479b87828fe97955ba908cd307377d7659a0e4289380d2,2024-11-29T18:17:00.713000 +CVE-2024-9243,0,0,efe629b032da2f4badecca644d5a5748b1ffdd47e90f183569a752e0108554d5,2024-11-29T17:28:22.387000 +CVE-2024-9244,0,0,df8aa4c19a67397a9ff7f5b85a4fa3648e38d1b6a86fc8996da24738930d1a67,2024-11-29T18:21:36.713000 +CVE-2024-9245,0,0,82b5da406f863e1ff102b7364cdea6dd249d70cd4fc12286d7c5af7ad5583971,2024-11-29T18:21:03.150000 +CVE-2024-9246,0,0,effe98462b60788309b8c10d4195fef661fee9259252be624b02e8d0894434dd,2024-11-29T18:20:40.157000 +CVE-2024-9247,0,0,e95fc330f947ad4abed8a22af06f7cbe17d7518db4d7c495c6272e8527b42c21,2024-11-29T18:20:25.970000 +CVE-2024-9248,0,0,5d36f3121d509c6cd193b5d837ea5ca02cb0a83c5b9c24e166b95c3632f75011,2024-11-29T18:20:16.670000 +CVE-2024-9249,0,0,d25528c602535b913675d238b8aa6677004e25291c93d0704b7d1a8460492629,2024-11-29T18:19:58.630000 +CVE-2024-9250,0,0,9d390cb3704d8145c60396028ad9fb23b13570263a1443f5d31fd04dda36dfab,2024-11-29T18:19:42.407000 +CVE-2024-9251,0,0,44d4ca2a5e05156edf3ca82f2346b42f349fd404efa5324a9e3e656d284b1752,2024-11-29T18:19:25.770000 +CVE-2024-9252,0,0,2680d86674472b52996e153453f6af0dfae4363b585ff92bc8545e881a370260,2024-11-29T18:19:06.727000 +CVE-2024-9253,0,0,8deb45874f368402d2e8267bdd80d22218d667a369f413173fc1bab2f02e0c8d,2024-11-29T18:18:32.773000 +CVE-2024-9254,0,0,5cf58c6ed253aacbd7d68cb5d7eda5d2c4c673bd66d6e0f12b8ab7db9807b96f,2024-11-29T18:17:31.663000 +CVE-2024-9255,0,0,688775b632124e822bb9426bda046e8f6f29595c6213534ab3930935af218df7,2024-11-29T18:17:15.040000 +CVE-2024-9256,0,0,3cca80ad6510af9986479b87828fe97955ba908cd307377d7659a0e4289380d2,2024-11-29T18:17:00.713000 CVE-2024-9257,0,0,069193eb3884fdef344f93e2f6ac9b78dbf729bbb7402c16ec2baadbb3832947,2024-11-22T21:15:23.787000 CVE-2024-9258,0,0,dead427af30f8ff875059650d01008dd6a93625fa5d19061b8e08b64f09006d2,2024-11-25T17:15:32.283000 CVE-2024-9259,0,0,2cabaa7ed0a6383d684de5974ee246b50557210200ad738850acd35849d59f3e,2024-11-25T17:13:49.060000 @@ -271497,7 +271522,7 @@ CVE-2024-9768,0,0,904cffc60d5e826fadde1f9279bf1637d0038b817b76c6a013f678cc172cfc CVE-2024-9772,0,0,043bc7caa6859562432d521f3501fd215394ad297fe3470375010095d76d8604,2024-11-25T20:03:01.613000 CVE-2024-9775,0,0,2266a7b7c620bc11662bc20c96e5d18079c0f9f6e1ea844a74a70c443b303718,2024-11-26T01:45:57.317000 CVE-2024-9776,0,0,9273f765f44bf9e907460b214d240344a8be5b3a239edcb0f9ffb7d3f96c7d26,2024-11-25T18:45:54.377000 -CVE-2024-9777,0,0,1e36961484bf4b33413a224fc6189a86ad1224818320d3b39ec4c80bcb37268f,2024-11-19T21:57:32.967000 +CVE-2024-9777,0,1,93ee86692c4d166322b2f54769a2de3ae116ef1efe45b8b5542abe4611d31128,2024-11-29T20:57:53.423000 CVE-2024-9778,0,0,c5789fd51af706bd1104828309e4c0bbf44a70e2aa01bf36b8318a8802f25b3a,2024-11-25T19:20:37.163000 CVE-2024-9780,0,0,82a65b59c0bb0f4aa37b7bc9835ace6b2d8eb95b730adf88705db9589433fda5,2024-10-17T14:18:18.433000 CVE-2024-9781,0,0,4766ae4e21ddab4bdbe139c0afc58af6fd761963f021734b932e1a0e147ffb05,2024-11-25T18:09:33.853000