admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-29T21:02:22.449173+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-29 21:05:35 +00:00
parent ec553a50c2
commit 45309ec0c1
83 changed files with 5936 additions and 476 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

81
CVE-2024/CVE-2024-109xx/CVE-2024-10900.json
View File

@ -2,23 +2,29 @@
"id": "CVE-2024-10900",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-20T07:15:08.690",
"lastModified": "2024-11-20T07:15:08.690",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:58:31.967",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ProfileGrid \u2013 User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary user meta which can do things like deny an administrator's access to their site. ."
},
{
"lang": "es",
"value": "El complemento ProfileGrid \u2013 User Profiles, Groups and Communities para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n pm_remove_file_attachment() en todas las versiones hasta la 5.9.3.6 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen metadatos de usuario arbitrarios que pueden hacer cosas como denegar el acceso de un administrador a su sitio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -26,12 +32,30 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
@ -47,18 +71,45 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/admin/class-profile-magic-admin.php#L1902",
"source": "security@wordfence.com"
},
"nodes": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3190069%40profilegrid-user-profiles-groups-and-communities&new=3190069%40profilegrid-user-profiles-groups-and-communities&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f?source=cve",
"source": "security@wordfence.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:metagauss:profilegrid:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "5.9.3.7",
"matchCriteriaId": "9F35F51D-E309-48A1-9F9D-3D6A0EDDA701"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/profilegrid-user-profiles-groups-and-communities/trunk/admin/class-profile-magic-admin.php#L1902",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3190069%40profilegrid-user-profiles-groups-and-communities&new=3190069%40profilegrid-user-profiles-groups-and-communities&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a0e5fcfa-ebc9-45f6-9cbc-c9e3540baa6f?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-206xx/CVE-2024-20671.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20671",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:48.963",
"lastModified": "2024-06-11T16:15:17.183",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:40:08.810",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
@ -49,12 +49,52 @@
"value": "CWE-276"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:windows_defender_antimalware_platform:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.18.24010.12",
"matchCriteriaId": "6B5409A5-A83D-44E8-9718-29CBB095738D"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20671",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20671",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-213xx/CVE-2024-21334.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21334",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:49.310",
"lastModified": "2024-05-29T00:15:20.560",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:52:35.697",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
@ -49,12 +49,62 @@
"value": "CWE-416"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:open_management_infrastructure:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.8.1-0",
"matchCriteriaId": "45DDA86F-4F30-4507-8E8B-9974AC049B9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2019:-:*:*:*:*:*:*",
"matchCriteriaId": "0BFD64D6-E8BB-4606-8D4C-EAE586CAD791"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:system_center_operations_manager:2022:-:*:*:*:*:*:*",
"matchCriteriaId": "ABD632BE-513E-4581-9C8C-3A13DA1ADF1F"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

102
CVE-2024/CVE-2024-213xx/CVE-2024-21392.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21392",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:49.637",
"lastModified": "2024-05-29T00:15:32.400",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:52:32.870",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
@ -49,12 +49,100 @@
"value": "CWE-400"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.0.0",
"versionEndExcluding": "7.0.17",
"matchCriteriaId": "703B87E9-C6D6-4C68-B8FE-339ECB852751"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:.net:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.0.0",
"versionEndExcluding": "8.0.3",
"matchCriteriaId": "6B63FDDA-5C8D-4B45-B92C-6D8A12B40493"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:powershell:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.3",
"versionEndExcluding": "7.3.12",
"matchCriteriaId": "BC909F7F-388D-4407-951A-3D22C6061EBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:powershell:7.4:-:*:*:*:*:*:*",
"matchCriteriaId": "FFAAFDC7-5AA2-43E6-BE0B-7E0C02FC39C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.4",
"versionEndExcluding": "17.4.17",
"matchCriteriaId": "C5439C09-DAAE-443D-8789-CFF1D256F043"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.6",
"versionEndExcluding": "17.6.13",
"matchCriteriaId": "773E7E41-31D8-4F6A-AE0B-3B2C217D6A19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.8",
"versionEndExcluding": "17.8.8",
"matchCriteriaId": "44E68F4D-72A4-466D-BF96-CB21C0FC8716"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.9",
"versionEndExcluding": "17.9.3",
"matchCriteriaId": "F44D9E3A-06AA-453D-AB1A-B25BD7591912"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-214xx/CVE-2024-21400.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21400",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:49.797",
"lastModified": "2024-04-11T20:15:29.170",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:52:31.103",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.0,
"baseSeverity": "CRITICAL"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
@ -49,12 +49,52 @@
"value": "CWE-22"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:confidental_containers:*:*:*:*:*:azure_cli:*:*",
"versionEndExcluding": "0.3.3",
"matchCriteriaId": "4B81287D-AEDC-40F4-BDFE-3E4A3E76B91E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21400",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

75
CVE-2024/CVE-2024-214xx/CVE-2024-21419.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21419",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:50.723",
"lastModified": "2024-04-11T20:15:30.777",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:52:29.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -30,12 +32,30 @@
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,12 +69,53 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:dynamics_365:*:*:*:*:on-premises:*:*:*",
"versionStartIncluding": "9.1",
"versionEndExcluding": "9.1.26",
"matchCriteriaId": "E545F0AD-5FA2-491C-8C8A-22DD1AEA3DBC"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21419",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21419",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-214xx/CVE-2024-21423.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21423",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-23T22:15:54.717",
"lastModified": "2024-06-11T15:16:03.297",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:42:08.630",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
@ -49,12 +49,52 @@
"value": "CWE-693"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0.2365.52",
"matchCriteriaId": "25ACA043-6B6E-4990-AC4C-A4E58B4A87F3"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21423",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21423",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-214xx/CVE-2024-21426.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21426",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:51.080",
"lastModified": "2024-05-29T00:15:35.200",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:50:09.910",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
@ -49,12 +49,61 @@
"value": "CWE-416"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:-:*:*:*:subscription:*:*:*",
"matchCriteriaId": "AC8BB33F-44C4-41FE-8B17-68E3C4B38142"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2016:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "F815EF1D-7B60-47BE-9AC2-2548F99F10E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:sharepoint_server:2019:*:*:*:*:*:*:*",
"matchCriteriaId": "6122D014-5BF1-4AF4-8B4D-80205ED7785E"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

77
CVE-2024/CVE-2024-214xx/CVE-2024-21427.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21427",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:51.233",
"lastModified": "2024-04-11T20:15:31.130",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:49:42.757",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
@ -49,12 +49,75 @@
"value": "CWE-287"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6897",
"matchCriteriaId": "412F0026-BBE6-4F7D-ABC2-56E9F1791122"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5696",
"matchCriteriaId": "4EAAB276-D0E4-41CA-8A25-4DE9FC90543E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2402",
"matchCriteriaId": "7103C832-A4FB-4373-8A93-291E7A89B4AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.830",
"matchCriteriaId": "F2B61B79-FEE5-4041-918D-6FE2C92771DC"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

211
CVE-2024/CVE-2024-214xx/CVE-2024-21429.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21429",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:51.400",
"lastModified": "2024-04-11T20:15:31.223",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:43:50.370",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
@ -49,12 +49,209 @@
"value": "CWE-197"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2340",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.763",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

214
CVE-2024/CVE-2024-214xx/CVE-2024-21430.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21430",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:51.573",
"lastModified": "2024-04-11T20:15:31.333",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:44:32.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -23,6 +23,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -30,12 +32,30 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
@ -49,12 +69,194 @@
"value": "CWE-125"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2340",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.763",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21430",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21430",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

152
CVE-2024/CVE-2024-214xx/CVE-2024-21431.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21431",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:51.743",
"lastModified": "2024-06-11T16:15:18.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:44:56.373",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -30,12 +32,30 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
@ -49,12 +69,130 @@
"value": "CWE-732"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2340",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.763",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21431",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21431",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

196
CVE-2024/CVE-2024-214xx/CVE-2024-21432.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21432",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:51.900",
"lastModified": "2024-05-29T00:15:35.527",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:47:25.987",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
@ -49,12 +49,194 @@
"value": "CWE-59"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2340",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.763",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

196
CVE-2024/CVE-2024-214xx/CVE-2024-21433.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21433",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-12T17:15:52.063",
"lastModified": "2024-06-11T16:15:18.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:47:35.220",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
@ -49,12 +49,194 @@
"value": "CWE-367"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "FAE3130D-C88C-42C1-89EF-A8F86254E04D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20526",
"matchCriteriaId": "CFF4870F-71A6-4ED9-B398-0757DC9A9B77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "EA2CA05A-8688-45D6-BC96-627DEB1962E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "F7C03B8B-2E86-4FEB-9925-623CC805AD34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "54A84FB6-B0C7-437B-B95A-F2B4CF18F853"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "4C9B0826-AE47-44B1-988F-6B5CEFB45BD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "E037C8AE-56A8-4507-A34B-371A7D49F28D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "8680C6F7-3E4F-4AE6-914E-D95E571AF70A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "26CD5681-7CC7-42C3-AF89-D6A2C2A5591B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4170",
"matchCriteriaId": "5C9FEFA3-5E9D-4E93-ACBE-B47783601CF5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "68AF6C08-77D6-4786-B476-90D106F02DF0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "C86ACE06-BA02-49BA-B274-441E74F98FB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4170",
"matchCriteriaId": "A4E3CAC2-4FF9-4A3C-B88C-070F5584157D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "647D078D-30D7-445E-AEC6-23EF9DAA6743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2836",
"matchCriteriaId": "EA297849-30A4-485F-A0E6-085312791438"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "18AE871D-E861-46E3-B00A-40B5F4296B36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22621.3296",
"matchCriteriaId": "5526C246-95D3-49B5-B857-AE46B469681A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "B7830F58-69E3-4373-A5C7-2B85A743E7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3296",
"matchCriteriaId": "20DF4699-31FA-404B-BDEA-FE418854F538"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6796",
"matchCriteriaId": "2545664A-E87B-40F7-9C19-53AEC8198B81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5576",
"matchCriteriaId": "FFF3EE72-52DE-4CB2-8D42-74809CD7B292"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2340",
"matchCriteriaId": "9EDA5547-D293-41D0-A10C-4A613E725231"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.763",
"matchCriteriaId": "0AD05A2D-BA23-4B63-8B75-1395F74C36CB"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-261xx/CVE-2024-26167.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26167",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-03-07T21:15:08.273",
"lastModified": "2024-06-11T16:15:19.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:40:52.990",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
@ -49,12 +49,52 @@
"value": "CWE-1021"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "122.0.2365.92",
"matchCriteriaId": "CDD87F1B-24A2-478F-9E37-150909201FB5"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26167",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26167",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-261xx/CVE-2024-26188.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26188",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-23T23:15:09.790",
"lastModified": "2024-06-11T15:16:04.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:41:53.547",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
@ -49,12 +49,52 @@
"value": "CWE-357"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge:*:*:*:*:*:android:*:*",
"versionEndExcluding": "122.0.2365.52",
"matchCriteriaId": "B38B8A44-8708-4D07-AA6D-8ABAC75E15D3"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26188",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26188",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

54
CVE-2024/CVE-2024-261xx/CVE-2024-26192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26192",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-23T23:15:09.960",
"lastModified": "2024-06-11T15:16:04.830",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:41:36.453",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,12 @@
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:L",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 8.2,
"baseSeverity": "HIGH"
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
@ -49,12 +49,52 @@
"value": "CWE-359"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:microsoft:edge_chromium:*:*:*:*:*:*:*:*",
"versionEndExcluding": "122.0.2365.52",
"matchCriteriaId": "25ACA043-6B6E-4990-AC4C-A4E58B4A87F3"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

29
CVE-2024/CVE-2024-353xx/CVE-2024-35366.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-35366",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:19.863",
"lastModified": "2024-11-29T20:15:19.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/1e72f170d58c2547ebd4db4cdf6cfabf",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/sbgdec.c#L389",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ffmpeg/ffmpeg/commit/0bed22d597b78999151e3bde0768b7fe763fc2a6",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-353xx/CVE-2024-35367.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-35367",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:19.957",
"lastModified": "2024-11-29T20:15:19.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer"
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/9754a44845578358f6a403447c458ca4",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavcodec/ppc/vp8dsp_altivec.c#L53",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ffmpeg/ffmpeg/commit/09e6840cf7a3ee07a73c3ae88a020bf27ca1a667",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-353xx/CVE-2024-35368.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-35368",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:20.050",
"lastModified": "2024-11-29T20:15:20.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/7e6e47220ae2b2d2fb4611f0d8a31ec5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/rkmppdec.c#L466",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ffmpeg/ffmpeg/commit/4513300989502090c4fd6560544dce399a8cd53c",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-353xx/CVE-2024-35371.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-35371",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:20.143",
"lastModified": "2024-11-29T20:15:20.143",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/4eb17867f2e375f4824274c5e7b4d384",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ant-media/Ant-Media-Server/blob/ams-v2.8.2/src/main/java/io/antmedia/rest/RestServiceBase.java#L356",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ant-media/ant-media-server/commit/4d4763bd4fd06e515c19544e5170ca0f34c9ce45",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-366xx/CVE-2024-36610.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-36610",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:20.237",
"lastModified": "2024-11-29T20:15:20.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/24e93f2905850235e42ad7db6e878bd5",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/symfony/symfony/blob/v7.0.3/src/Symfony/Component/VarDumper/Cloner/Stub.php#L53",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/symfony/symfony/commit/3ffd495bb3cc4d2e24e35b2d83c5b909cab7e259",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-366xx/CVE-2024-36611.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-36611",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T19:15:06.780",
"lastModified": "2024-11-29T19:15:06.780",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/3581425e0911b716cf8ce4fa30e41e6c",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/symfony/symfony/blob/v7.0.7/src/Symfony/Component/Security/Http/Authenticator/FormLoginAuthenticator.php#L132",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/symfony/symfony/commit/a804ca15fcad279d7727b91d12a667fd5b925995",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-366xx/CVE-2024-36612.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-36612",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:20.340",
"lastModified": "2024-11-29T20:15:20.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/f7ff51d24ebbb29e21dfb70a0c97302b",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/zulip/zulip/blob/8.3/web/src/click_handlers.js",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/zulip/zulip/commit/0a90a13becbf0338a8fc1ad37946e51c2c25b0a5",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-366xx/CVE-2024-36615.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-36615",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T19:15:07.703",
"lastModified": "2024-11-29T19:15:07.703",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/c44e5eaafa8f408eea0c9411205990fb",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/FFmpeg/FFmpeg/blob/n7.0/libavcodec/vp9.c#L1738",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ffmpeg/ffmpeg/commit/0ba058579f332b3060d8470a04ddd3fbf305be61",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-366xx/CVE-2024-36616.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-36616",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T19:15:07.817",
"lastModified": "2024-11-29T19:15:07.817",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/1047524396/ded3e1509d8296ec4a91817867d108e0",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/FFmpeg/FFmpeg/blob/n6.1.1/libavformat/westwood_vqa.c#L265",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/ffmpeg/ffmpeg/commit/86f73277bf014e2ce36dd2594f1e0fb8b3bd6661",
"source": "cve@mitre.org"
}
]
}

39
CVE-2024/CVE-2024-366xx/CVE-2024-36624.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36624",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T18:15:08.440",
"lastModified": "2024-11-29T18:15:08.440",
"lastModified": "2024-11-29T19:15:07.923",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/1047524396/64720d2aa5afd943eb7e5a1ed4808ad6",

198
CVE-2024/CVE-2024-501xx/CVE-2024-50179.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50179",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:15.250",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:34:14.350",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,43 +15,173 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ceph: eliminar la comprobaci\u00f3n de referencia de Fw incorrecta al ensuciar p\u00e1ginas. Al realizar lecturas de E/S directas, tambi\u00e9n intentar\u00e1 marcar las p\u00e1ginas como sucias, pero para la ruta de lectura no mantendr\u00e1 las capacidades de Fw y en ning\u00fan caso obtendr\u00e1 la referencia de Fw."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/11ab19d48ab877430eed0c7d83810970bbcbc4f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/126b567a2ef65fc38a71d832bf1216c56816f231",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/74b302ebad5b43ac17460fa58092d892a3cba6eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/9d4f619153bab7fa59736462967821d6521a38cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c08dfb1b49492c09cf13838c71897493ea3b424e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c26c5ec832dd9e9dcd0a0a892a485c99889b68f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/ea98284fc4fb05f276737d2043b02b62be5a8dfb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f55e003d261baa7c57d51ae5c8ec1f5c26a35c89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f863bfd0a2c6c99011c62ea71ac04f8e78707da9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2",
"versionEndExcluding": "4.19.323",
"matchCriteriaId": "677C8F99-30A1-4F6B-BD3E-FE1550E8BA0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.285",
"matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "795A3EE6-0CAB-4409-A903-151C94ACECC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.55",
"matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.10.14",
"matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.11",
"versionEndExcluding": "6.11.3",
"matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/11ab19d48ab877430eed0c7d83810970bbcbc4f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/126b567a2ef65fc38a71d832bf1216c56816f231",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/74b302ebad5b43ac17460fa58092d892a3cba6eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9d4f619153bab7fa59736462967821d6521a38cb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c08dfb1b49492c09cf13838c71897493ea3b424e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c26c5ec832dd9e9dcd0a0a892a485c99889b68f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ea98284fc4fb05f276737d2043b02b62be5a8dfb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f55e003d261baa7c57d51ae5c8ec1f5c26a35c89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f863bfd0a2c6c99011c62ea71ac04f8e78707da9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

179
CVE-2024/CVE-2024-501xx/CVE-2024-50180.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50180",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:15.313",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:35:40.690",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,158 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fbdev: sisfb: Fix strbuf array overflow Los valores de las variables xres e yres se colocan en strbuf. Estas variables se obtienen de strbuf1. La matriz strbuf1 contiene caracteres num\u00e9ricos y un espacio si la matriz contiene caracteres que no son d\u00edgitos. Luego, al ejecutar sprintf(strbuf, \"%ux%ux8\", xres, yres); se escribir\u00e1n m\u00e1s de 16 bytes en strbuf. Se sugiere aumentar el tama\u00f1o de la matriz strbuf a 24. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/57c4f4db0a194416da237fd09dad9527e00cb587",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527b5e19c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.323",
"matchCriteriaId": "3BC77309-A76B-49EF-A846-844D824E3586"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.285",
"matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "795A3EE6-0CAB-4409-A903-151C94ACECC0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/11c0d49093b82f6c547fd419c41a982d26bdf5ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/252f147b1826cbb30ae0304cf86b66d3bb12b743",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/41cf6f26abe4f491b694c54bd1aa2530369b7510",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/433c84c8495008922534c5cafdae6ff970fb3241",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/57c4f4db0a194416da237fd09dad9527e00cb587",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/688872c4ea4a528cd6a057d545c83506b533ee1f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/889304120ecb2ca30674d89cd4ef15990b6a571c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9cf14f5a2746c19455ce9cb44341b5527b5e19c3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

143
CVE-2024/CVE-2024-501xx/CVE-2024-50181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50181",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:15.390",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:36:52.667",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,130 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: imx: eliminar CLK_SET_PARENT_GATE para mux DRAM para i.MX7D Para el reloj mux relacionado con DRAM i.MX7D, el cambio de fuente de reloj S\u00d3LO debe realizarse en c\u00f3digo asm de bajo nivel sin acceder a DRAM, y luego llamar a la API clk para sincronizar el estado del reloj de HW con el \u00e1rbol clk, nunca debe tocar el cambio de fuente de reloj real a trav\u00e9s de la API clk, por lo que el indicador CLK_SET_PARENT_GATE NO debe agregarse, de lo contrario, el reloj padre de DRAM se deshabilitar\u00e1 cuando DRAM est\u00e9 activo y el sistema se colgar\u00e1."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/11ceb17e6f07cc30410f3a6276cddda248a9b863",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/339273a9ddfe7632b717c2e13e81cbd5d383e1ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/94f6cdc837e38371324cee97dfd2ef1a99a82c98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/a54c441b46a0745683c2eef5a359d22856d27323",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b677b94a9193ec7b6607bd1255172ae59174a382",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d18dc8e14b9c794f58dae1577ccb2ab84a4a1b11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.227",
"matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.168",
"matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/11ceb17e6f07cc30410f3a6276cddda248a9b863",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/339273a9ddfe7632b717c2e13e81cbd5d383e1ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/94f6cdc837e38371324cee97dfd2ef1a99a82c98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a54c441b46a0745683c2eef5a359d22856d27323",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b677b94a9193ec7b6607bd1255172ae59174a382",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d18dc8e14b9c794f58dae1577ccb2ab84a4a1b11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

136
CVE-2024/CVE-2024-501xx/CVE-2024-50182.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50182",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:15.450",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:38:47.760",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,127 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: secretmem: deshabilitar memfd_secret() si arch no puede establecer el mapa directo Devolver -ENOSYS de la llamada al sistema memfd_secret() si !can_set_direct_map(). Este es el caso, por ejemplo, de algunas configuraciones arm64, donde marcar 4k PTE en el mapa directo como no presentes solo se puede hacer si el mapa directo se configura con una granularidad de 4k en primer lugar (ya que la sem\u00e1ntica break-before-make de ARM no permite dividir f\u00e1cilmente p\u00e1ginas grandes/gigantescas). M\u00e1s precisamente, en sistemas arm64 con !can_set_direct_map(), set_direct_map_invalid_noflush() es una operaci\u00f3n sin efecto, sin embargo, devuelve \u00e9xito (0) en lugar de un error. Esto significa que memfd_secret aparentemente \"funcionar\u00e1\" (por ejemplo, la llamada al sistema tiene \u00e9xito, puede mmap el fd y el error en las p\u00e1ginas), pero en realidad no logra su objetivo de eliminar su memoria del mapa directo. Tenga en cuenta que con este parche, memfd_secret() comenzar\u00e1 a generar errores en sistemas donde can_set_direct_map() devuelve falso (arm64 con CONFIG_RODATA_FULL_DEFAULT_ENABLED=n, CONFIG_DEBUG_PAGEALLOC=n y CONFIG_KFENCE=n), pero eso parece mejor que el error silencioso actual. Dado que CONFIG_RODATA_FULL_DEFAULT_ENABLED tiene como valor predeterminado 'y', la mayor\u00eda de los sistemas arm64 tienen en realidad un memfd_secret() en funcionamiento y no se ven afectados. Al revisar las iteraciones de la serie de parches memfd_secret originales, parece que deshabilitar la llamada al sistema en estos escenarios era el comportamiento previsto [1] (preferible a que set_direct_map_invalid_noflush devuelva un error ya que eso generar\u00eda SIGBUS en el momento de la falla de la p\u00e1gina); sin embargo, la verificaci\u00f3n se abandon\u00f3 entre v16 [2] y v17 [3], cuando secretmem se alej\u00f3 de las asignaciones de CMA. [1]: https://lore.kernel.org/lkml/20201124164930.GK8537@kernel.org/ [2]: https://lore.kernel.org/lkml/20210121122723.3446-11-rppt@kernel.org/#t [3]: https://lore.kernel.org/lkml/20201125092208.12544-10-rppt@kernel.org/"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/532b53cebe58f34ce1c0f34d866f5c0e335c53c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/5ea0b7af38754d2b45ead9257bca47e84662e926",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/757786abe4547eb3d9d0e8350a63bdb0f9824af2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/7caf966390e6e4ebf42775df54e7ee1f280ce677",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d0ae6ffa1aeb297aef89f49cfb894a83c329ebad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "5.15.169",
"matchCriteriaId": "ADC31A5D-676C-45DC-AA72-F69DA6922679"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.113",
"matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.57",
"matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.4",
"matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/532b53cebe58f34ce1c0f34d866f5c0e335c53c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5ea0b7af38754d2b45ead9257bca47e84662e926",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/757786abe4547eb3d9d0e8350a63bdb0f9824af2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7caf966390e6e4ebf42775df54e7ee1f280ce677",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d0ae6ffa1aeb297aef89f49cfb894a83c329ebad",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

159
CVE-2024/CVE-2024-501xx/CVE-2024-50192.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50192",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:16.100",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T19:00:45.733",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,146 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: irqchip/gic-v4: No permitir un VMOVP en un VPE moribundo Kunkun Jiang inform\u00f3 que hay una peque\u00f1a ventana de oportunidad para que el espacio de usuario fuerce un cambio de afinidad para un VPE mientras el VPE ya ha sido desasignado, pero la interrupci\u00f3n del timbre correspondiente a\u00fan es visible en /proc/irq/. Conecte la ejecuci\u00f3n verificando el valor de vmapp_count, que rastrea si el VPE est\u00e1 asignado o no, y devuelve un error en este caso. Esto implica hacer que vmapp_count sea com\u00fan tanto para GICv4.1 como para su antecesor v4.0."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/01282ab5182f85e42234df2ff42f0ce790f465ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/1442ee0011983f0c5c4b92380e6853afb513841a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/64b12b061c5488e2d69e67c4eaae5da64fd30bfe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/755b9532c885b8761fb135fedcd705e21e61cccb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b7d7b7fc876f836f40bf48a87e07ea18756ba196",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d960505a869e66184fff97fb334980a5b797c7c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "5.10.228",
"matchCriteriaId": "23D95807-ADA5-452C-BBD3-C14EA7B6CC6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.169",
"matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.114",
"matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.58",
"matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/01282ab5182f85e42234df2ff42f0ce790f465ff",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1442ee0011983f0c5c4b92380e6853afb513841a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64b12b061c5488e2d69e67c4eaae5da64fd30bfe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/755b9532c885b8761fb135fedcd705e21e61cccb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7d7b7fc876f836f40bf48a87e07ea18756ba196",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d960505a869e66184fff97fb334980a5b797c7c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

158
CVE-2024/CVE-2024-501xx/CVE-2024-50193.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50193",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:16.153",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T19:29:23.710",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,145 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/entry_32: Borrar los b\u00faferes de la CPU despu\u00e9s de restaurar el registro en el retorno NMI Los b\u00faferes de la CPU se borran actualmente despu\u00e9s de la llamada a exc_nmi, pero antes de que se restaure el estado del registro. Esto puede ser adecuado para la mitigaci\u00f3n de MDS, pero no para RDFS. Porque la mitigaci\u00f3n de RDFS requiere que se borren los b\u00faferes de la CPU cuando los registros no tienen datos confidenciales. Mueva CLEAR_CPU_BUFFERS despu\u00e9s de RESTORE_ALL_NMI."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/227358e89703c344008119be7e8ffa3fdb5b92de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/43778de19d2ef129636815274644b9c16e78c66b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/48a2440d0f20c826b884e04377ccc1e4696c84e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/64adf22c4bc73ede920baca5defefb70f190cdbc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6f44a5fc15b5cece0785bc07453db77d99b0a6de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6400eb0b347821efc57760221f8fb6d63b9548a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.228",
"matchCriteriaId": "00E49974-BB63-44B8-8A3C-048EBB86B743"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.169",
"matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.114",
"matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.58",
"matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "DEA3578E-BB87-4486-90C9-D07BD36965C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/227358e89703c344008119be7e8ffa3fdb5b92de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43778de19d2ef129636815274644b9c16e78c66b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/48a2440d0f20c826b884e04377ccc1e4696c84e9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/64adf22c4bc73ede920baca5defefb70f190cdbc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6f44a5fc15b5cece0785bc07453db77d99b0a6de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b6400eb0b347821efc57760221f8fb6d63b9548a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

195
CVE-2024/CVE-2024-501xx/CVE-2024-50194.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50194",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:16.217",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T19:33:26.060",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,174 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: sondas: corrige uprobes para kernels big-endian El c\u00f3digo de uprobes de arm64 est\u00e1 roto para kernels big-endian ya que no convierte la codificaci\u00f3n de instrucciones en memoria (que siempre es little-endian) al endianness nativo del kernel antes de analizar y simular instrucciones. Esto puede resultar en algunos problemas distintos: * El kernel puede rechazar err\u00f3neamente el sondeo de una instrucci\u00f3n que puede sondearse de forma segura. * El kernel puede permitir err\u00f3neamente el paso de una instrucci\u00f3n fuera de l\u00ednea cuando esa instrucci\u00f3n no puede ser pasada fuera de l\u00ednea de forma segura. * El kernel puede simular err\u00f3neamente la instrucci\u00f3n incorrectamente durante la interpretaci\u00f3n de la codificaci\u00f3n de bytes intercambiados. El desajuste de endianness no es detectado por el compilador o sparse porque: * Los campos arch_uprobe::{insn,ixol} est\u00e1n codificados como matrices de u8, por lo que el compilador y sparse no tienen idea de que estos contienen un valor de 32 bits little-endian. El c\u00f3digo central de uprobes los llena con un memcpy() que de manera similar no maneja el endianness. * Si bien el tipo uprobe_opcode_t es un alias para __le32, tanto arch_uprobe_analyze_insn() como arch_uprobe_skip_sstep() convierten de u8[] al tipo de nombre similar probe_opcode_t, que es un alias para u32. Por lo tanto, no hay una advertencia de conversi\u00f3n de endianness. Solucione esto cambiando los campos arch_uprobe::{insn,ixol} a __le32 y agregando las conversiones __le32_to_cpu() apropiadas antes de consumir la codificaci\u00f3n de instrucciones. El n\u00facleo uprobes copia estos campos como rangos opacos de bytes y, por lo tanto, no se ve afectado por este cambio. Al mismo tiempo, elimine MAX_UINSN_BYTES y use consistentemente AARCH64_INSN_SIZE para mayor claridad. Probado con lo siguiente: | #include | #include | | #define noinline __attribute__((noinline)) | | static noinline void *adrp_self(void) | { | void *addr; | | asm vol\u00e1til( | \" adrp %x0, adrp_self\\n\" | \" add %x0, %x0, :lo12:adrp_self\\n\" | : \"=r\" (addr)); | } | | | int main(int argc, char *argv) | { | void *ptr = adrp_self(); | bool equal = (ptr == adrp_self); | | printf(\"adrp_self => %p\\n\" | \"adrp_self() => %p\\n\" | \"%s\\n\", | adrp_self, ptr, equal ? \"EQUAL\" : \"NOT EQUAL\"); | | return 0; | } .... donde la funci\u00f3n adrp_self() se compil\u00f3 a: | 00000000004007e0 : | 4007e0: 90000000 adrp x0, 400000 <__ehdr_start> | 4007e4: 911f8000 add x0, x0, #0x7e0 | 4007e8: d65f03c0 ret Antes de este parche, no se reconoc\u00eda el ADRP y se asum\u00eda que se pod\u00eda ejecutar paso a paso, lo que provocaba la corrupci\u00f3n del resultado: | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | IGUAL | # echo 'p /root/adrp-self:0x007e0' > /sys/kernel/tracing/uprobe_events | # echo 1 > /sys/kernel/tracing/events/uprobes/enable | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0xffffffffff7e0 | NO IGUAL Despu\u00e9s de este parche, el ADRP se reconoce y simula correctamente: | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | IGUAL | # | # echo 'p /root/adrp-self:0x007e0' > /sys/kernel/tracing/uprobe_events | # echo 1 > /sys/kernel/tracing/events/uprobes/enable | # ./adrp-self | adrp_self => 0x4007e0 | adrp_self() => 0x4007e0 | IGUAL"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/14841bb7a531b96e2dde37423a3b33e75147c60d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/3d2530c65be04e93720e30f191a7cf1a3aa8b51c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/8165bf83b8a64be801d59cd2532b0d1ffed74d00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b6a638cb600e13f94b5464724eaa6ab7f3349ca2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf60d19d40184e43d9a624e55a0da73be09e938d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf9ddf9ed94c15564a05bbf6e9f18dffa0c7df80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e6ab336213918575124d6db43dc5d3554526242e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.19.323",
"matchCriteriaId": "56700326-E491-4B17-B143-B939C5EC1DBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.285",
"matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.229",
"matchCriteriaId": "1A03CABE-9B43-4E7F-951F-10DEEADAA426"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.170",
"matchCriteriaId": "A9BA1C73-2D2E-45E3-937B-276A28AEB5FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.115",
"matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.58",
"matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/13f8f1e05f1dc36dbba6cba0ae03354c0dafcde7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/14841bb7a531b96e2dde37423a3b33e75147c60d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3d2530c65be04e93720e30f191a7cf1a3aa8b51c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8165bf83b8a64be801d59cd2532b0d1ffed74d00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b6a638cb600e13f94b5464724eaa6ab7f3349ca2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cf60d19d40184e43d9a624e55a0da73be09e938d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cf9ddf9ed94c15564a05bbf6e9f18dffa0c7df80",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e6ab336213918575124d6db43dc5d3554526242e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

195
CVE-2024/CVE-2024-501xx/CVE-2024-50195.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50195",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:16.280",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:26:50.623",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,174 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: posix-clock: Arreglar la comprobaci\u00f3n timespec64 faltante en pc_clock_settime() Como se\u00f1al\u00f3 Andrew, tendr\u00e1 sentido que el n\u00facleo PTP comprobara el rango tv_sec y tv_nsec de la estructura timespec64 antes de llamar a ptp->info->settime64(). Como dec\u00eda el manual de manual de clock_settime(), si tp.tv_sec es negativo o tp.tv_nsec est\u00e1 fuera del rango [0..999,999,999], deber\u00eda devolver EINVAL, que incluye relojes din\u00e1micos que manejan el reloj PTP, y la condici\u00f3n es consistente con timespec64_valid(). Como sugiri\u00f3 Thomas, timespec64_valid() solo comprueba que el timespec sea v\u00e1lido, pero no garantiza que el tiempo est\u00e9 en un rango v\u00e1lido, as\u00ed que compru\u00e9belo con antelaci\u00f3n usando timespec64_valid_strict() en pc_clock_settime() y devuelva -EINVAL si no es v\u00e1lido. Hay algunos controladores que usan tp->tv_sec y tp->tv_nsec directamente para escribir registros sin comprobaciones de validez y asumen que la capa superior lo ha comprobado, lo cual es peligroso y se beneficiar\u00e1 de esto, como hclge_ptp_settime(), igb_ptp_settime_i210(), _rcar_gen4_ptp_settime(), y algunos controladores pueden eliminar las comprobaciones de s\u00ed mismos."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/29f085345cde24566efb751f39e5d367c381c584",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0c966bd3e31911b57ef76cec4c5796ebd88e512",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.39",
"versionEndExcluding": "4.19.323",
"matchCriteriaId": "5A3583A3-7039-4012-9458-F67912AED1CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.285",
"matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.228",
"matchCriteriaId": "9062315F-AB89-4ABE-8C13-B75927689F66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.169",
"matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.114",
"matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.58",
"matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1ff7247101af723731ea42ed565d54fb8f341264",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/27abbde44b6e71ee3891de13e1a228aa7ce95bfe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/29f085345cde24566efb751f39e5d367c381c584",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/673a1c5a2998acbd429d6286e6cad10f17f4f073",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a3f169e398215e71361774d13bf91a0101283ac2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c8789fbe2bbf75845e45302cba6ffa44e1884d01",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d8794ac20a299b647ba9958f6d657051fc51a540",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e0c966bd3e31911b57ef76cec4c5796ebd88e512",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

140
CVE-2024/CVE-2024-501xx/CVE-2024-50196.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50196",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:16.347",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:28:53.843",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,27 +15,131 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: ocelot: arregla el bloqueo del sistema en interrupciones basadas en niveles La implementaci\u00f3n actual solo llama a chained_irq_enter() y chained_irq_exit() si detecta interrupciones pendientes. ``` for (i = 0; i < info->stride; i++) { uregmap_read(info->map, id_reg + 4 * i, \u00ae); if (!reg) continue; chained_irq_enter(parent_chip, desc); ``` Sin embargo, en el caso de que el pin GPIO est\u00e9 configurado en modo de nivel y el controlador principal est\u00e9 configurado en modo de borde, el hardware puede reducir la interrupci\u00f3n GPIO. Como resultado, si la interrupci\u00f3n es lo suficientemente corta, la interrupci\u00f3n principal sigue pendiente mientras se borra la interrupci\u00f3n GPIO; chained_irq_enter() nunca se llama y el sistema se cuelga al intentar dar servicio a la interrupci\u00f3n principal. Mover chained_irq_enter() y chained_irq_exit() fuera del bucle for garantiza que se llamen incluso cuando el hardware reduce la interrupci\u00f3n GPIO. El c\u00f3digo similar con las funciones chained_irq_enter() / chained_irq_exit() que envuelven el bucle de verificaci\u00f3n de interrupciones se puede encontrar en muchos otros controladores: ``` grep -r -A 10 chained_irq_enter drivers/pinctrl ```"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/20728e86289ab463b99b7ab4425515bd26aba417",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/4a81800ef05bea5a9896f199677f7b7f5020776a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/655f5d4662b958122b260be05aa6dfdf8768efe6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/93b8ddc54507a227087c60a0013ed833b6ae7d3c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/dcbe9954634807ec54e22bde278b5b269f921381",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.169",
"matchCriteriaId": "6BDAF23B-6DD3-4FF3-9077-AE6E61F87D65"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.114",
"matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.58",
"matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/20728e86289ab463b99b7ab4425515bd26aba417",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4a81800ef05bea5a9896f199677f7b7f5020776a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/655f5d4662b958122b260be05aa6dfdf8768efe6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93b8ddc54507a227087c60a0013ed833b6ae7d3c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dcbe9954634807ec54e22bde278b5b269f921381",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

91
CVE-2024/CVE-2024-501xx/CVE-2024-50197.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50197",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:16.407",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:33:23.700",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,90 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: pinctrl: intel: platform: fix error path in device_for_each_child_node() El bucle device_for_each_child_node() requiere llamadas a fwnode_handle_put() en retornos tempranos para decrementar el refcount del nodo secundario y evitar fugas de memoria si se activa esa ruta de error. Hay un retorno temprano dentro de ese bucle en intel_platform_pinctrl_prepare_community(), pero falta fwnode_handle_put(). En lugar de agregar la llamada faltante, la versi\u00f3n con \u00e1mbito del bucle se puede usar para simplificar el c\u00f3digo y evitar errores en el futuro si se agregan nuevos retornos tempranos, ya que el nodo secundario solo se usa para analizar y nunca se asigna."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/16a6d2e685e8f9a2f51dd5a363d3f97fcad35e22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/be3f7b9f995a6c2ee02767a0319929a2a98adf69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "DEA3578E-BB87-4486-90C9-D07BD36965C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/16a6d2e685e8f9a2f51dd5a363d3f97fcad35e22",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/be3f7b9f995a6c2ee02767a0319929a2a98adf69",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

159
CVE-2024/CVE-2024-501xx/CVE-2024-50198.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50198",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-08T06:15:16.467",
"lastModified": "2024-11-08T19:01:03.880",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:31:29.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,146 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: light: veml6030: fix IIO device retrieval from built-in device El puntero dev que se recibe como argumento en la funci\u00f3n in_illuminance_period_available_show hace referencia al dispositivo integrado en el dispositivo IIO, no en el cliente i2c. Se debe utilizar dev_to_iio_dev() para acceder a los datos correctos. La implementaci\u00f3n actual genera un error de segmentaci\u00f3n en cada intento de leer el atributo porque indio_dev obtiene una asignaci\u00f3n NULL. Este error ha estado presente desde la primera aparici\u00f3n del controlador, aparentemente desde la \u00faltima versi\u00f3n (V6) antes de aplicarse. Hasta entonces se utilizaba un atributo constante y es posible que no se hayan vuelto a probar las \u00faltimas modificaciones."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.228",
"matchCriteriaId": "9062315F-AB89-4ABE-8C13-B75927689F66"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.169",
"matchCriteriaId": "18BEDAD6-86F8-457C-952F-C35698B3D07F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.114",
"matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.58",
"matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2cbb41abae65626736b8b52cf3b9339612c5a86a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/50039aec43a82ad2495f2d0fb0c289c8717b4bb2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/905166531831beb067fffe2bdfc98031ffe89087",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bcb90518ccd9e10bf6ab29e31994aab93e4a4361",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bf3ab8e1c28f10df0823d4ff312f83c952b06a15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c7c44e57750c31de43906d97813273fdffcf7d02",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

45
CVE-2024/CVE-2024-512xx/CVE-2024-51228.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-51228",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-27T17:15:12.800",
"lastModified": "2024-11-27T17:15:12.800",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:15:20.430",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component."
},
{
"lang": "es",
"value": "Un problema en TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 y TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 y TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 y TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 y TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 y TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del componente /boafrm/formSysCmd."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yckuo-sdc/totolink-boa-api-vulnerabilities",

90
CVE-2024/CVE-2024-520xx/CVE-2024-52003.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-52003",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:08.170",
"lastModified": "2024-11-29T19:15:08.170",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://github.com/traefik/traefik/pull/11253",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.14",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/releases/tag/v3.2.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg",
"source": "security-advisories@github.com"
}
]
}

71
CVE-2024/CVE-2024-527xx/CVE-2024-52762.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-52762",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-19T21:15:06.580",
"lastModified": "2024-11-20T20:35:17.280",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T21:00:39.843",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,11 +18,13 @@
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -30,9 +32,27 @@
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,33 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/ganglia/ganglia-web/issues/382",
"source": "cve@mitre.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ganglia:ganglia-web:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.3",
"versionEndIncluding": "3.76",
"matchCriteriaId": "B7E7806B-9443-4250-A789-F980E207AC13"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ganglia/ganglia-web/issues/382",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

104
CVE-2024/CVE-2024-527xx/CVE-2024-52763.json
View File

@ -2,20 +2,112 @@
"id": "CVE-2024-52763",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-19T21:15:06.663",
"lastModified": "2024-11-19T21:56:45.533",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T21:00:47.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the \"g\" parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de Cross-Site Scripting (XSS) en el componente /graph_all_periods.php de Ganglia-web v3.73 a v3.75 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de un payload manipulado espec\u00edficamente para ello e inyectado en el par\u00e1metro \"g\"."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://github.com/ganglia/ganglia-web/issues/382",
"source": "cve@mitre.org"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ganglia:ganglia-web:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.7.3",
"versionEndIncluding": "3.7.5",
"matchCriteriaId": "8E81705A-F26F-4A42-85E7-B805BF250475"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/ganglia/ganglia-web/issues/382",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

82
CVE-2024/CVE-2024-528xx/CVE-2024-52800.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-52800",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:08.713",
"lastModified": "2024-11-29T19:15:08.713",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.3,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://github.com/veraPDF/veraPDF-library/issues/1488",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/veraPDF/veraPDF-library/security/advisories/GHSA-4cx5-89vm-833x",
"source": "security-advisories@github.com"
}
]
}

86
CVE-2024/CVE-2024-528xx/CVE-2024-52801.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-52801",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:08.890",
"lastModified": "2024-11-29T19:15:08.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically secure. This issue was fixed in version v2.6.4, where cookies are opaque and cryptographically secure strings. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"references": [
{
"url": "https://github.com/drakkan/sftpgo/commit/f30a9a2095bf90c0661b04fe038e3b7efc788bc6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/drakkan/sftpgo/security/advisories/GHSA-6943-qr24-82vx",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/rs/xid",
"source": "security-advisories@github.com"
}
]
}

86
CVE-2024/CVE-2024-528xx/CVE-2024-52809.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-52809",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:09.030",
"lastModified": "2024-11-29T19:15:09.030",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/intlify/vue-i18n/commit/72f0d323006fc7363b18cab62d4522dadd874411",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-9r9m-ffp6-9x4v",
"source": "security-advisories@github.com"
}
]
}

82
CVE-2024/CVE-2024-528xx/CVE-2024-52810.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-52810",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:09.163",
"lastModified": "2024-11-29T19:15:09.163",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"references": [
{
"url": "https://github.com/intlify/vue-i18n/commit/9f20909ef8c9232a1072d7818e12ed6d6451024d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/intlify/vue-i18n/security/advisories/GHSA-hjwq-mjwj-4x6c",
"source": "security-advisories@github.com"
}
]
}

25
CVE-2024/CVE-2024-535xx/CVE-2024-53504.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-53504",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:20.763",
"lastModified": "2024-11-29T20:15:20.763",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/siyuan-note/siyuan/issues/13058",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/siyuan-note/siyuan/issues/13077",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-535xx/CVE-2024-53505.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-53505",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:20.853",
"lastModified": "2024-11-29T20:15:20.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/siyuan-note/siyuan/issues/13059",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/siyuan-note/siyuan/issues/13077",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-535xx/CVE-2024-53506.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-53506",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:20.943",
"lastModified": "2024-11-29T20:15:20.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/siyuan-note/siyuan/issues/13060",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/siyuan-note/siyuan/issues/13077",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-535xx/CVE-2024-53507.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-53507",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T20:15:21.027",
"lastModified": "2024-11-29T20:15:21.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/siyuan-note/siyuan/issues/13057",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/siyuan-note/siyuan/issues/13077",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-538xx/CVE-2024-53848.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-53848",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:09.290",
"lastModified": "2024-11-29T19:15:09.290",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. `https://example.org/schema.json` will be stored as `schema.json`. This naming allows for conflicts. If an attacker can get a user to run `check-jsonschema` against a malicious schema URL, e.g., `https://example.evil.org/schema.json`, they can insert their own schema into the cache and it will be picked up and used instead of the appropriate schema. Such a cache confusion attack could be used to allow data to pass validation which should have been rejected. This issue has been patched in version 0.30.0. All users are advised to upgrade. A few workarounds exist: 1. Users can use `--no-cache` to disable caching. 2. Users can use `--cache-filename` to select filenames for use in the cache, or to ensure that other usages do not overwrite the cached schema. (Note: this flag is being deprecated as part of the remediation effort.) 3. Users can explicitly download the schema before use as a local file, as in `curl -LOs https://example.org/schema.json; check-jsonschema --schemafile ./schema.json`"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-349"
}
]
}
],
"references": [
{
"url": "https://github.com/python-jsonschema/check-jsonschema/commit/c52714b85e6725b1b24516fbdedacb333b939152",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/python-jsonschema/check-jsonschema/security/advisories/GHSA-q6mv-284r-mp36",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-538xx/CVE-2024-53861.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-53861",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:09.433",
"lastModified": "2024-11-29T19:15:09.433",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `\"acb\"` being accepted for `\"_abc_\"`. This is a bug introduced in version 2.10.0: checking the \"iss\" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if \"abc\" not in \"__abcd__\":` being checked instead of `if \"abc\" != \"__abc__\":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:N",
"baseScore": 0.0,
"baseSeverity": "NONE",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.7,
"impactScore": 0.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-697"
}
]
}
],
"references": [
{
"url": "https://github.com/jpadilla/pyjwt/commit/1570e708672aa9036bc772476beae8bfa48f4131#diff-6893ad4a1c5a36b8af3028db8c8bc3b62418149843fc382faf901eaab008e380R366",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jpadilla/pyjwt/commit/33022c25525c1020869c71ce2a4109e44ae4ced1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/jpadilla/pyjwt/security/advisories/GHSA-75c5-xw7c-p5pm",
"source": "security-advisories@github.com"
}
]
}

90
CVE-2024/CVE-2024-538xx/CVE-2024-53864.json Normal file
View File

@ -0,0 +1,90 @@
{
"id": "CVE-2024-53864",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:09.577",
"lastModified": "2024-11-29T19:15:09.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. This issue has been patched in version 4.6.14. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://developers.ibexa.co/security-advisories/ibexa-sa-2024-006-vulnerabilities-in-content-name-pattern-commerce-shop-and-varnish-vhost-templates",
"source": "security-advisories@github.com"
},
{
"url": "https://doc.ibexa.co/en/latest/update_and_migration/from_4.6/update_from_4.6/#v4614",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ibexa/admin-ui/commit/8ec824a8cf06c566ed88e4c21cc66f7ed42649fc",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/ibexa/admin-ui/security/advisories/GHSA-8w3p-gf85-qcch",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-538xx/CVE-2024-53865.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-53865",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:09.710",
"lastModified": "2024-11-29T19:15:09.710",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package \"zhmcclient\" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs. 2. The 'ssc-master-pw' and 'zaware-master-pw' properties when updating an LPAR in classic mode, in the zhmcclient API and HMC logs. 3. The 'ssc-master-pw' and 'zaware-master-pw' properties when creating or updating an image activation profile in classic mode, in the zhmcclient API and HMC logs. 4. The 'password' property when creating or updating an HMC user, in the zhmcclient API log. 5. The 'bind-password' property when creating or updating an LDAP server definition, in the zhmcclient API and HMC logs. This issue affects only users of the zhmcclient package that have enabled the Python loggers named \"zhmcclient.api\" (for the API log) or \"zhmcclient.hmc\" (for the HMC log) and that use the functions listed above. This issue has been fixed in zhmcclient version 1.18.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://github.com/zhmcclient/python-zhmcclient/commit/ad32781e782d0f604c6da4680fce48e4cc1f4433",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zhmcclient/python-zhmcclient/security/advisories/GHSA-p57h-3cmc-xpjq",
"source": "security-advisories@github.com"
}
]
}

61
CVE-2024/CVE-2024-539xx/CVE-2024-53909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53909",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T21:15:03.817",
"lastModified": "2024-11-26T16:15:19.210",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:54:47.700",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,10 +36,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.2",
"matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24"
}
]
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-539xx/CVE-2024-53910.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53910",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T21:15:03.960",
"lastModified": "2024-11-26T16:15:19.597",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:54:55.080",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,10 +36,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.2",
"matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24"
}
]
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-539xx/CVE-2024-53911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53911",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T21:15:04.087",
"lastModified": "2024-11-26T16:15:19.800",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:55:04.683",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,10 +36,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.2",
"matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24"
}
]
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-539xx/CVE-2024-53912.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53912",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T21:15:04.210",
"lastModified": "2024-11-26T16:15:20.273",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:55:13.483",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,10 +36,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.2",
"matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24"
}
]
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-539xx/CVE-2024-53913.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53913",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T21:15:04.333",
"lastModified": "2024-11-26T16:15:20.480",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:55:25.543",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,10 +36,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.2",
"matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24"
}
]
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-539xx/CVE-2024-53914.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53914",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T21:15:04.453",
"lastModified": "2024-11-26T16:15:20.700",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:55:35.293",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,10 +36,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.2",
"matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24"
}
]
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-539xx/CVE-2024-53915.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-53915",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-24T21:15:04.580",
"lastModified": "2024-11-26T16:15:20.943",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-29T20:55:43.810",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,10 +36,40 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:veritas:enterprise_vault:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.2",
"matchCriteriaId": "F544FD5D-0101-4A29-B2D7-4E76342F0C24"
}
]
}
]
}
],
"references": [
{
"url": "https://www.veritas.com/content/support/en_US/security/VTS24-014",
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-539xx/CVE-2024-53979.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-53979",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:09.847",
"lastModified": "2024-11-29T19:15:09.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection \"ibm.ibm_zhmc\" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_ftp_password' and 'ssc_master_pw' properties are passed as input to the zhmc_partition Ansible module. 2. The 'ssc_master_pw' and 'zaware_master_pw' properties are passed as input to the zhmc_lpar Ansible module. 3. The 'password' property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The 'bind_password' property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the \"log_file\" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://github.com/zhmcclient/zhmc-ansible-modules/commit/f5579f07da5f02d2496c41a313d4ae7a0a459b1d",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/zhmcclient/zhmc-ansible-modules/security/advisories/GHSA-mw6c-f428-jx4f",
"source": "security-advisories@github.com"
}
]
}

102
CVE-2024/CVE-2024-539xx/CVE-2024-53980.json Normal file
View File

@ -0,0 +1,102 @@
{
"id": "CVE-2024-53980",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:09.993",
"lastModified": "2024-11-29T19:15:09.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless loop on a CC2538 as receiver. Before PR #20998, the receiver would check for the location of the CRC bit using the packet length byte by considering all 8 bits, instead of discarding bit 7, which is what the radio does. This then results into reading outside of the RX FIFO. Although it prints an error when attempting to read outside of the RX FIFO, it will continue doing this. This may lead to a discrepancy in the CRC check according to the firmware and the radio. If the CPU judges the CRC as correct and the radio is set to `AUTO_ACK`, when the packet requests and acknowledgment the CPU will go into the state `CC2538_STATE_TX_ACK`. However, if the radio judged the CRC as incorrect, it will not send an acknowledgment, and thus the `TXACKDONE` event will not fire. It will then never return to the state `CC2538_STATE_READY` since the baseband processing is still disabled. Then the CPU will be in an endless loop. Since setting to idle is not forced, it won't do it if the radio's state is not `CC2538_STATE_READY`. A fix has not yet been made."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-835"
}
]
}
],
"references": [
{
"url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L183",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L417",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L419",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/cpu/cc2538/radio/cc2538_rf_radio_ops.c#L421-L422",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/blob/1a418ccfedeb79dbce1d79f49e63a28906184794/sys/net/link_layer/ieee802154/submac.c#L149",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/pull/20998",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/RIOT-OS/RIOT/security/advisories/GHSA-m75q-8vj8-wppw",
"source": "security-advisories@github.com"
}
]
}

60
CVE-2024/CVE-2024-539xx/CVE-2024-53983.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-53983",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-29T19:15:10.137",
"lastModified": "2024-11-29T19:15:10.137",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git config injection. The vulnerability allows an attacker to capture privileged git tokens used by the Backstage Scaffolder plugin. With these tokens, unauthorized access to sensitive resources in git can be achieved. The impact is considered medium severity as the Backstage Threat Model recommends restricting access to adding and editing templates in the Backstage Catalog plugin. The issue has been resolved in versions `v0.4.12`, `v0.5.1` and `v0.6.1` of the `@backstage/plugin-scaffolder-node` package. Users are encouraged to upgrade to this version to mitigate the vulnerability. Users are advised to upgrade. Users unable to upgrade may ensure that templates do not change git config."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.0,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-qmc2-jpr5-7rg9",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/backstage/backstage/tree/master/plugins/scaffolder-node",
"source": "security-advisories@github.com"
}
]
}

45
CVE-2024/CVE-2024-541xx/CVE-2024-54123.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54123",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T04:15:03.940",
"lastModified": "2024-11-29T04:15:03.940",
"vulnStatus": "Received",
"lastModified": "2024-11-29T19:15:10.287",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format."
},
{
"lang": "es",
"value": "Backdrop CMS anterior a 1.28.4 y 1.29.x anterior a 1.29.2 permiten XSS a trav\u00e9s de un documento SVG, si la etiqueta SVG est\u00e1 permitida para un formato de texto."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://backdropcms.org/security/backdrop-sa-core-2024-002",

45
CVE-2024/CVE-2024-541xx/CVE-2024-54124.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54124",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-29T04:15:04.113",
"lastModified": "2024-11-29T04:15:04.113",
"vulnStatus": "Received",
"lastModified": "2024-11-29T19:15:10.443",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen."
},
{
"lang": "es",
"value": "En el estado de contrase\u00f1a de Click Studios anterior a la compilaci\u00f3n 9920, existe una posible escalada de permisos en la pantalla de edici\u00f3n de carpeta."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.clickstudios.com.au/passwordstate-changelog.aspx",

50
CVE-2024/CVE-2024-87xx/CVE-2024-8726.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-8726",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-20T07:15:09.580",
"lastModified": "2024-11-20T07:15:09.580",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:59:02.697",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento MailChimp Forms de MailMunch para WordPress es vulnerable a ataques de cross site scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 3.2.3 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace."
}
],
"metrics": {
@ -19,6 +23,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -26,9 +32,7 @@
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
@ -47,14 +51,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3189361%40mailchimp-forms-by-mailmunch&new=3189361%40mailchimp-forms-by-mailmunch&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
"nodes": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1a1c5e7-75a4-4ca5-9707-4076b92e0c33?source=cve",
"source": "security@wordfence.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mailmunch:mailchimp_forms:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.4",
"matchCriteriaId": "6F56F83F-7813-4669-8F37-CAAEDC05D877"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3189361%40mailchimp-forms-by-mailmunch&new=3189361%40mailchimp-forms-by-mailmunch&sfp_email=&sfph_mail=",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a1a1c5e7-75a4-4ca5-9707-4076b92e0c33?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-88xx/CVE-2024-8825.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8825",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:20.817",
"lastModified": "2024-11-22T21:15:20.817",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:20:44.863",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24263."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos PDF fuera de los l\u00edmites en el editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PDF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24263."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -37,7 +64,7 @@
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +73,35 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1248/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1248/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-88xx/CVE-2024-8826.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8826",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:20.937",
"lastModified": "2024-11-22T21:15:20.937",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:08:47.553",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24305."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos XPS fuera de los l\u00edmites en PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24305."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -37,7 +64,7 @@
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +73,35 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1249/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1249/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-88xx/CVE-2024-8827.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8827",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.050",
"lastModified": "2024-11-22T21:15:21.050",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:20:34.137",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor PPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of PPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24306."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos PPM del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos PPM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24306."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -37,7 +64,7 @@
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +73,35 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1250/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1250/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-88xx/CVE-2024-8828.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8828",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.167",
"lastModified": "2024-11-22T21:15:21.167",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:20:25.293",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24313."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos EMF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EMF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24313."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1251/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1251/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

62
CVE-2024/CVE-2024-88xx/CVE-2024-8829.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8829",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.290",
"lastModified": "2024-11-22T21:15:21.290",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:20:01.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24314."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos EMF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EMF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24314."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +73,35 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1252/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1252/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-88xx/CVE-2024-8830.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8830",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.410",
"lastModified": "2024-11-22T21:15:21.410",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:19:22.237",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24315."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos XPS del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24315."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -37,7 +64,7 @@
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1253/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1253/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2024/CVE-2024-88xx/CVE-2024-8831.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8831",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.530",
"lastModified": "2024-11-22T21:15:21.530",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:19:09.460",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. \n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24316."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos XPS fuera de los l\u00edmites en PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24316."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -37,7 +64,7 @@
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1254/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1254/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2024/CVE-2024-88xx/CVE-2024-8832.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8832",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.647",
"lastModified": "2024-11-22T21:15:21.647",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:18:52.840",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24317."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos EMF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos EMF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24317."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1255/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1255/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2024/CVE-2024-88xx/CVE-2024-8833.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8833",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.753",
"lastModified": "2024-11-22T21:15:21.753",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:18:39.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24318."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos XPS fuera de los l\u00edmites en PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24318."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -37,7 +64,7 @@
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1256/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1256/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2024/CVE-2024-88xx/CVE-2024-8834.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8834",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.863",
"lastModified": "2024-11-22T21:15:21.863",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:18:18.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24319."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos TIF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre las instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos TIF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24319."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1257/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1257/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2024/CVE-2024-88xx/CVE-2024-8835.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8835",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:21.983",
"lastModified": "2024-11-22T21:15:21.983",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:17:52.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24320."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos JB2 de PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JB2. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24320."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1258/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1258/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

63
CVE-2024/CVE-2024-88xx/CVE-2024-8836.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8836",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:22.103",
"lastModified": "2024-11-22T21:15:22.103",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:17:29.823",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24354."
},
{
"lang": "es",
"value": "Vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n de lectura fuera de los l\u00edmites en el an\u00e1lisis de archivos TIF del editor PDF-XChange. Esta vulnerabilidad permite a atacantes remotos divulgar informaci\u00f3n confidencial sobre instalaciones afectadas del editor PDF-XChange. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos TIF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esto junto con otras vulnerabilidades para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual. Era ZDI-CAN-24354."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1259/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1259/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

65
CVE-2024/CVE-2024-88xx/CVE-2024-8837.json
View File

@ -2,15 +2,42 @@
"id": "CVE-2024-8837",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:22.210",
"lastModified": "2024-11-22T21:15:22.210",
"vulnStatus": "Received",
"lastModified": "2024-11-29T20:10:41.130",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24408."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos XPS fuera de los l\u00edmites en PDF-XChange Editor. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de PDF-XChange Editor. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos XPS. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24408."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -37,7 +64,7 @@
"weaknesses": [
{
"source": "zdi-disclosures@trendmicro.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -46,10 +73,36 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1260/",
"source": "zdi-disclosures@trendmicro.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-tools:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "C93EFAC4-4B02-41B1-A788-0A7FC98CD499"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pdf-xchange:pdf-xchange_editor:10.3.0.386:*:*:*:*:*:*:*",
"matchCriteriaId": "207FF12C-548C-425F-9474-61148DBE69C2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1260/",
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

77
CVE-2024/CVE-2024-97xx/CVE-2024-9777.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9777",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-19T13:15:04.850",
"lastModified": "2024-11-19T21:57:32.967",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-29T20:57:53.423",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -23,6 +23,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +32,7 @@
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
@ -51,26 +51,59 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://themes.trac.wordpress.org/browser/ashe/2.242/functions.php#L101",
"source": "security@wordfence.com"
},
"nodes": [
{
"url": "https://themes.trac.wordpress.org/browser/ashe/2.242/functions.php#L112",
"source": "security@wordfence.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://themes.trac.wordpress.org/changeset/248853/",
"source": "security@wordfence.com"
},
{
"url": "https://wordpress.org/themes/ashe/",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce6c2f36-9eed-482f-9201-8d26e8c5c369?source=cve",
"source": "security@wordfence.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:wp-royal-themes:ashe:*:*:*:*:free:wordpress:*:*",
"versionEndExcluding": "2.244",
"matchCriteriaId": "752CE538-7F69-4594-BFAD-6BD782CAF984"
}
]
}
]
}
],
"references": [
{
"url": "https://themes.trac.wordpress.org/browser/ashe/2.242/functions.php#L101",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://themes.trac.wordpress.org/browser/ashe/2.242/functions.php#L112",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://themes.trac.wordpress.org/changeset/248853/",
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://wordpress.org/themes/ashe/",
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/ce6c2f36-9eed-482f-9201-8d26e8c5c369?source=cve",
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

102
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-29T19:01:00.794531+00:00
2024-11-29T21:02:22.449173+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-29T18:28:16.227000+00:00
2024-11-29T21:00:47.937000+00:00
```
### Last Data Feed Release
@ -33,61 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
271681
271706
```
### CVEs added in the last Commit
Recently added CVEs: `17`
Recently added CVEs: `25`
- [CVE-2024-35369](CVE-2024/CVE-2024-353xx/CVE-2024-35369.json) (`2024-11-29T17:15:07.707`)
- [CVE-2024-36617](CVE-2024/CVE-2024-366xx/CVE-2024-36617.json) (`2024-11-29T18:15:07.230`)
- [CVE-2024-36618](CVE-2024/CVE-2024-366xx/CVE-2024-36618.json) (`2024-11-29T18:15:07.390`)
- [CVE-2024-36619](CVE-2024/CVE-2024-366xx/CVE-2024-36619.json) (`2024-11-29T17:15:07.813`)
- [CVE-2024-36620](CVE-2024/CVE-2024-366xx/CVE-2024-36620.json) (`2024-11-29T18:15:07.787`)
- [CVE-2024-36621](CVE-2024/CVE-2024-366xx/CVE-2024-36621.json) (`2024-11-29T18:15:07.993`)
- [CVE-2024-36622](CVE-2024/CVE-2024-366xx/CVE-2024-36622.json) (`2024-11-29T18:15:08.140`)
- [CVE-2024-36623](CVE-2024/CVE-2024-366xx/CVE-2024-36623.json) (`2024-11-29T18:15:08.293`)
- [CVE-2024-36624](CVE-2024/CVE-2024-366xx/CVE-2024-36624.json) (`2024-11-29T18:15:08.440`)
- [CVE-2024-36625](CVE-2024/CVE-2024-366xx/CVE-2024-36625.json) (`2024-11-29T17:15:07.903`)
- [CVE-2024-36626](CVE-2024/CVE-2024-366xx/CVE-2024-36626.json) (`2024-11-29T17:15:07.990`)
- [CVE-2024-47193](CVE-2024/CVE-2024-471xx/CVE-2024-47193.json) (`2024-11-29T17:15:08.087`)
- [CVE-2024-49360](CVE-2024/CVE-2024-493xx/CVE-2024-49360.json) (`2024-11-29T18:15:09.307`)
- [CVE-2024-49803](CVE-2024/CVE-2024-498xx/CVE-2024-49803.json) (`2024-11-29T17:15:08.180`)
- [CVE-2024-49804](CVE-2024/CVE-2024-498xx/CVE-2024-49804.json) (`2024-11-29T17:15:08.330`)
- [CVE-2024-49805](CVE-2024/CVE-2024-498xx/CVE-2024-49805.json) (`2024-11-29T17:15:08.470`)
- [CVE-2024-49806](CVE-2024/CVE-2024-498xx/CVE-2024-49806.json) (`2024-11-29T17:15:08.627`)
- [CVE-2024-35366](CVE-2024/CVE-2024-353xx/CVE-2024-35366.json) (`2024-11-29T20:15:19.863`)
- [CVE-2024-35367](CVE-2024/CVE-2024-353xx/CVE-2024-35367.json) (`2024-11-29T20:15:19.957`)
- [CVE-2024-35368](CVE-2024/CVE-2024-353xx/CVE-2024-35368.json) (`2024-11-29T20:15:20.050`)
- [CVE-2024-35371](CVE-2024/CVE-2024-353xx/CVE-2024-35371.json) (`2024-11-29T20:15:20.143`)
- [CVE-2024-36610](CVE-2024/CVE-2024-366xx/CVE-2024-36610.json) (`2024-11-29T20:15:20.237`)
- [CVE-2024-36611](CVE-2024/CVE-2024-366xx/CVE-2024-36611.json) (`2024-11-29T19:15:06.780`)
- [CVE-2024-36612](CVE-2024/CVE-2024-366xx/CVE-2024-36612.json) (`2024-11-29T20:15:20.340`)
- [CVE-2024-36615](CVE-2024/CVE-2024-366xx/CVE-2024-36615.json) (`2024-11-29T19:15:07.703`)
- [CVE-2024-36616](CVE-2024/CVE-2024-366xx/CVE-2024-36616.json) (`2024-11-29T19:15:07.817`)
- [CVE-2024-52003](CVE-2024/CVE-2024-520xx/CVE-2024-52003.json) (`2024-11-29T19:15:08.170`)
- [CVE-2024-52800](CVE-2024/CVE-2024-528xx/CVE-2024-52800.json) (`2024-11-29T19:15:08.713`)
- [CVE-2024-52801](CVE-2024/CVE-2024-528xx/CVE-2024-52801.json) (`2024-11-29T19:15:08.890`)
- [CVE-2024-52809](CVE-2024/CVE-2024-528xx/CVE-2024-52809.json) (`2024-11-29T19:15:09.030`)
- [CVE-2024-52810](CVE-2024/CVE-2024-528xx/CVE-2024-52810.json) (`2024-11-29T19:15:09.163`)
- [CVE-2024-53504](CVE-2024/CVE-2024-535xx/CVE-2024-53504.json) (`2024-11-29T20:15:20.763`)
- [CVE-2024-53505](CVE-2024/CVE-2024-535xx/CVE-2024-53505.json) (`2024-11-29T20:15:20.853`)
- [CVE-2024-53506](CVE-2024/CVE-2024-535xx/CVE-2024-53506.json) (`2024-11-29T20:15:20.943`)
- [CVE-2024-53507](CVE-2024/CVE-2024-535xx/CVE-2024-53507.json) (`2024-11-29T20:15:21.027`)
- [CVE-2024-53848](CVE-2024/CVE-2024-538xx/CVE-2024-53848.json) (`2024-11-29T19:15:09.290`)
- [CVE-2024-53861](CVE-2024/CVE-2024-538xx/CVE-2024-53861.json) (`2024-11-29T19:15:09.433`)
- [CVE-2024-53864](CVE-2024/CVE-2024-538xx/CVE-2024-53864.json) (`2024-11-29T19:15:09.577`)
- [CVE-2024-53865](CVE-2024/CVE-2024-538xx/CVE-2024-53865.json) (`2024-11-29T19:15:09.710`)
- [CVE-2024-53979](CVE-2024/CVE-2024-539xx/CVE-2024-53979.json) (`2024-11-29T19:15:09.847`)
- [CVE-2024-53980](CVE-2024/CVE-2024-539xx/CVE-2024-53980.json) (`2024-11-29T19:15:09.993`)
- [CVE-2024-53983](CVE-2024/CVE-2024-539xx/CVE-2024-53983.json) (`2024-11-29T19:15:10.137`)
### CVEs modified in the last Commit
Recently modified CVEs: `29`
Recently modified CVEs: `56`
- [CVE-2024-52777](CVE-2024/CVE-2024-527xx/CVE-2024-52777.json) (`2024-11-29T18:15:10.153`)
- [CVE-2024-52778](CVE-2024/CVE-2024-527xx/CVE-2024-52778.json) (`2024-11-29T18:15:10.380`)
- [CVE-2024-52779](CVE-2024/CVE-2024-527xx/CVE-2024-52779.json) (`2024-11-29T18:15:10.597`)
- [CVE-2024-52780](CVE-2024/CVE-2024-527xx/CVE-2024-52780.json) (`2024-11-29T18:15:10.813`)
- [CVE-2024-52781](CVE-2024/CVE-2024-527xx/CVE-2024-52781.json) (`2024-11-29T18:15:11.050`)
- [CVE-2024-52782](CVE-2024/CVE-2024-527xx/CVE-2024-52782.json) (`2024-11-29T18:15:11.313`)
- [CVE-2024-6818](CVE-2024/CVE-2024-68xx/CVE-2024-6818.json) (`2024-11-29T18:24:59.937`)
- [CVE-2024-6819](CVE-2024/CVE-2024-68xx/CVE-2024-6819.json) (`2024-11-29T18:25:32.827`)
- [CVE-2024-6820](CVE-2024/CVE-2024-68xx/CVE-2024-6820.json) (`2024-11-29T18:25:55.430`)
- [CVE-2024-6821](CVE-2024/CVE-2024-68xx/CVE-2024-6821.json) (`2024-11-29T18:26:30.487`)
- [CVE-2024-6822](CVE-2024/CVE-2024-68xx/CVE-2024-6822.json) (`2024-11-29T18:26:48.817`)
- [CVE-2024-9243](CVE-2024/CVE-2024-92xx/CVE-2024-9243.json) (`2024-11-29T17:28:22.387`)
- [CVE-2024-9244](CVE-2024/CVE-2024-92xx/CVE-2024-9244.json) (`2024-11-29T18:21:36.713`)
- [CVE-2024-9245](CVE-2024/CVE-2024-92xx/CVE-2024-9245.json) (`2024-11-29T18:21:03.150`)
- [CVE-2024-9246](CVE-2024/CVE-2024-92xx/CVE-2024-9246.json) (`2024-11-29T18:20:40.157`)
- [CVE-2024-9247](CVE-2024/CVE-2024-92xx/CVE-2024-9247.json) (`2024-11-29T18:20:25.970`)
- [CVE-2024-9248](CVE-2024/CVE-2024-92xx/CVE-2024-9248.json) (`2024-11-29T18:20:16.670`)
- [CVE-2024-9249](CVE-2024/CVE-2024-92xx/CVE-2024-9249.json) (`2024-11-29T18:19:58.630`)
- [CVE-2024-9250](CVE-2024/CVE-2024-92xx/CVE-2024-9250.json) (`2024-11-29T18:19:42.407`)
- [CVE-2024-9251](CVE-2024/CVE-2024-92xx/CVE-2024-9251.json) (`2024-11-29T18:19:25.770`)
- [CVE-2024-9252](CVE-2024/CVE-2024-92xx/CVE-2024-9252.json) (`2024-11-29T18:19:06.727`)
- [CVE-2024-9253](CVE-2024/CVE-2024-92xx/CVE-2024-9253.json) (`2024-11-29T18:18:32.773`)
- [CVE-2024-9254](CVE-2024/CVE-2024-92xx/CVE-2024-9254.json) (`2024-11-29T18:17:31.663`)
- [CVE-2024-9255](CVE-2024/CVE-2024-92xx/CVE-2024-9255.json) (`2024-11-29T18:17:15.040`)
- [CVE-2024-9256](CVE-2024/CVE-2024-92xx/CVE-2024-9256.json) (`2024-11-29T18:17:00.713`)
- [CVE-2024-52763](CVE-2024/CVE-2024-527xx/CVE-2024-52763.json) (`2024-11-29T21:00:47.937`)
- [CVE-2024-53909](CVE-2024/CVE-2024-539xx/CVE-2024-53909.json) (`2024-11-29T20:54:47.700`)
- [CVE-2024-53910](CVE-2024/CVE-2024-539xx/CVE-2024-53910.json) (`2024-11-29T20:54:55.080`)
- [CVE-2024-53911](CVE-2024/CVE-2024-539xx/CVE-2024-53911.json) (`2024-11-29T20:55:04.683`)
- [CVE-2024-53912](CVE-2024/CVE-2024-539xx/CVE-2024-53912.json) (`2024-11-29T20:55:13.483`)
- [CVE-2024-53913](CVE-2024/CVE-2024-539xx/CVE-2024-53913.json) (`2024-11-29T20:55:25.543`)
- [CVE-2024-53914](CVE-2024/CVE-2024-539xx/CVE-2024-53914.json) (`2024-11-29T20:55:35.293`)
- [CVE-2024-53915](CVE-2024/CVE-2024-539xx/CVE-2024-53915.json) (`2024-11-29T20:55:43.810`)
- [CVE-2024-54123](CVE-2024/CVE-2024-541xx/CVE-2024-54123.json) (`2024-11-29T19:15:10.287`)
- [CVE-2024-54124](CVE-2024/CVE-2024-541xx/CVE-2024-54124.json) (`2024-11-29T19:15:10.443`)
- [CVE-2024-8726](CVE-2024/CVE-2024-87xx/CVE-2024-8726.json) (`2024-11-29T20:59:02.697`)
- [CVE-2024-8825](CVE-2024/CVE-2024-88xx/CVE-2024-8825.json) (`2024-11-29T20:20:44.863`)
- [CVE-2024-8826](CVE-2024/CVE-2024-88xx/CVE-2024-8826.json) (`2024-11-29T20:08:47.553`)
- [CVE-2024-8827](CVE-2024/CVE-2024-88xx/CVE-2024-8827.json) (`2024-11-29T20:20:34.137`)
- [CVE-2024-8828](CVE-2024/CVE-2024-88xx/CVE-2024-8828.json) (`2024-11-29T20:20:25.293`)
- [CVE-2024-8829](CVE-2024/CVE-2024-88xx/CVE-2024-8829.json) (`2024-11-29T20:20:01.307`)
- [CVE-2024-8830](CVE-2024/CVE-2024-88xx/CVE-2024-8830.json) (`2024-11-29T20:19:22.237`)
- [CVE-2024-8831](CVE-2024/CVE-2024-88xx/CVE-2024-8831.json) (`2024-11-29T20:19:09.460`)
- [CVE-2024-8832](CVE-2024/CVE-2024-88xx/CVE-2024-8832.json) (`2024-11-29T20:18:52.840`)
- [CVE-2024-8833](CVE-2024/CVE-2024-88xx/CVE-2024-8833.json) (`2024-11-29T20:18:39.087`)
- [CVE-2024-8834](CVE-2024/CVE-2024-88xx/CVE-2024-8834.json) (`2024-11-29T20:18:18.010`)
- [CVE-2024-8835](CVE-2024/CVE-2024-88xx/CVE-2024-8835.json) (`2024-11-29T20:17:52.063`)
- [CVE-2024-8836](CVE-2024/CVE-2024-88xx/CVE-2024-8836.json) (`2024-11-29T20:17:29.823`)
- [CVE-2024-8837](CVE-2024/CVE-2024-88xx/CVE-2024-8837.json) (`2024-11-29T20:10:41.130`)
- [CVE-2024-9777](CVE-2024/CVE-2024-97xx/CVE-2024-9777.json) (`2024-11-29T20:57:53.423`)
## Download and Usage

227
_state.csv
View File

@ -4731,7 +4731,7 @@ CVE-2002-0362,0,0,692252ac1ccbb38da948252d3ef88a6bd3193a707d0316ca1cb4a1e750a8e1
CVE-2002-0363,0,0,8db74d5aa5042b75630dc3bcc4e3c9bf43cd682acf9f6e3f1ba19a14b153553c,2008-09-05T20:27:50.277000
CVE-2002-0364,0,0,129f4ae9e98d4a15ac82ee5d69160106e0425f498577239c6951991ee5308e50,2018-10-30T16:25:10.357000
CVE-2002-0366,0,0,b7cd2aac0c9abae9d18c018e9814945cc9ca6b3b4396305504d178e5242c5dc1,2019-04-30T14:27:13.710000
CVE-2002-0367,0,1,8dcd873975db3c242e2a7c2f04974dbbc5d90db3b63b53f1b55d70084c183a8e,2024-11-29T17:34:53.500000
CVE-2002-0367,0,0,8dcd873975db3c242e2a7c2f04974dbbc5d90db3b63b53f1b55d70084c183a8e,2024-11-29T17:34:53.500000
CVE-2002-0368,0,0,b6425eecac451d976002a2eedf1ffb54489ae03e9e34317218ceda56dedebbd2,2020-04-09T13:46:52.293000
CVE-2002-0369,0,0,c90797363bdfb91ce5f63af7a0b5bfa2c0ed978522a007d452839ebb024cc6e5,2018-10-12T21:31:22.237000
CVE-2002-0370,0,0,9d8f697be42cd4fbd49b1647dc925b1df44b69585f5adf5669b47a921b6907a9,2018-10-12T21:31:22.517000
@ -234807,7 +234807,7 @@ CVE-2023-45854,0,0,fd1b599fb467628f9bb2341124630f6a56ef04897dcdb698cc71199c6ed35
CVE-2023-45855,0,0,912d651ace420e3e306dbd306a33a1e9381017090da4aa2e9ea6f83c20cb2d32,2023-10-19T12:47:29.590000
CVE-2023-45856,0,0,9549076e6d0a6fd1b223e9b67c01e74b49d52dd52325c68b86809e5c56a367bc,2023-10-19T12:51:51.217000
CVE-2023-45857,0,0,73cdaec7d516e0e7ed8e90335cf635a85ba7d5cc487bbd7bc0e61ce086b2cacc,2024-06-21T19:15:29.593000
CVE-2023-45859,0,1,f291abdcb3ed12d5d40bbd40b46a15b726e7694ec280919a8f1b2b5b7b0e94af,2024-11-29T17:15:04.770000
CVE-2023-45859,0,0,f291abdcb3ed12d5d40bbd40b46a15b726e7694ec280919a8f1b2b5b7b0e94af,2024-11-29T17:15:04.770000
CVE-2023-4586,0,0,104df30f216072a0247c5bd44506e020988038789133d6aa41fc04bb32e2f895,2023-12-06T22:15:06.693000
CVE-2023-45860,0,0,ca8a1401ae7c184e27cbc7f8d7c23abcd5830dcaec3cd73c6280ff7bd9f2c727,2024-11-06T17:35:24.870000
CVE-2023-45862,0,0,a3fb90f83c4489594bd26a84b93eb5897361e2bdfb615fcafc80fdd37f3c643d,2024-01-08T17:41:12.320000
@ -243309,7 +243309,7 @@ CVE-2024-10897,0,0,5090338464622dc9d5ece2556a5b89ff3e6aa995d53aa797095eaa9a0db6f
CVE-2024-10898,0,0,29bba6e208449ebd52631361f4bdc8eca3c372d754cd58876d30ee6c07372718,2024-11-26T20:32:20.217000
CVE-2024-10899,0,0,3af5ea7b90e5da0230215c5076c9eff9b3749f9f5f947443d89625612842d08a,2024-11-26T21:01:21.643000
CVE-2024-1090,0,0,2d0b80c82d6d153c4e0b5412c3fcf892da86ac73a72da4cbf84bfbb064bdcb0c,2024-02-29T13:49:29.390000
CVE-2024-10900,0,0,f0a1068a03da92137242d5778d1db0773cba2fb63def13779ff35e3410d8f989,2024-11-20T07:15:08.690000
CVE-2024-10900,0,1,5438023601d5947725ce57a2b51b24b31a697395c49ac1553534945223b38a58,2024-11-29T20:58:31.967000
CVE-2024-1091,0,0,54ee7e9ca708166212a73aaa10e4715176fe17b55fbce1ee0ea8f95d289d46a5,2024-02-29T13:49:29.390000
CVE-2024-10913,0,0,4e9b29333972ed20a30c4eccde2c9645761370bd1f3d0211dcdd27a3f9c3d9cf,2024-11-20T14:15:17.253000
CVE-2024-10914,0,0,0e11c1731905763ffc173784369687971adc0677422c26a81c4aa2918d85e560,2024-11-24T15:15:06.090000
@ -244405,7 +244405,7 @@ CVE-2024-1750,0,0,7f9ce3864064263c9a72249a090e6a4b7033b154fc6d744d107ff4cdf65d12
CVE-2024-1751,0,0,154c401fe290eec38fd9c24bb6a8378784a8ac703cfa36934de32237c4b2fc0e,2024-03-13T18:15:58.530000
CVE-2024-1752,0,0,ebd28678960fb125918a034bc6797117b5ad867c71cd1502baeff6b2a6777f59,2024-10-27T23:35:02.790000
CVE-2024-1753,0,0,97eb25eefdb4797c38bcadc3519b75967ef4d30f53fb9cc57a3b33325f64503d,2024-11-26T20:15:26.237000
CVE-2024-1754,0,1,1a62e04cfc963db540100c68219b255ef7962cf0c80d59371fd17c6fd5a6366b,2024-11-29T18:15:06.763000
CVE-2024-1754,0,0,1a62e04cfc963db540100c68219b255ef7962cf0c80d59371fd17c6fd5a6366b,2024-11-29T18:15:06.763000
CVE-2024-1755,0,0,3d3eb53461864a2d0b6846883348dbee673cb6d9a59185cf31292954d770d20b,2024-07-08T14:17:11.257000
CVE-2024-1756,0,0,3e84813a966b3d138c76e22bdd3fcd8ab2964d96bf9c77ed86651d769e5bb5a7,2024-04-24T13:39:42.883000
CVE-2024-1758,0,0,d15e0bdd627b2bfb68bda6210ab897317a25f93acdbc05229487955f3c0bb2f1,2024-02-26T16:32:25.577000
@ -245116,7 +245116,7 @@ CVE-2024-20667,0,0,9d5c87b92b390b6ea82da7c9e633e5a17c87d51d922713c3d873a0f77449a
CVE-2024-20669,0,0,f0c902f60789f9dc18d42d1330ca1f80cdc454a4d5b89781b9df633a47d4c661,2024-04-10T13:24:22.187000
CVE-2024-2067,0,0,8291771316cf392475e14c13e92e6fa7b48bf072b9ca3ea306126fc052a45f60,2024-05-17T02:38:01.493000
CVE-2024-20670,0,0,0b09c1865cde63a5f73fcf3c23f43c88436f13584e9768b43db156ed2524cc12,2024-04-10T13:24:22.187000
CVE-2024-20671,0,0,d863502dfda4d0ca90a0a14ea37d277ca8e948af1a8018fd91d3e97fe6d7da9d,2024-06-11T16:15:17.183000
CVE-2024-20671,0,1,6b0a7f41059b2984fe800d80092f13f75ad163ac7e615b02ff43563d05f345cb,2024-11-29T20:40:08.810000
CVE-2024-20672,0,0,2a2ae3b672a71823076941440200b49123ed47b379e2ba84eaa542df20ae3ed6,2024-06-11T15:15:56.723000
CVE-2024-20673,0,0,92359ae1babe87f9d2569c86c5d2659bf4645ee0674948fdd4bd4a81fec3df6d,2024-06-11T15:15:56.927000
CVE-2024-20674,0,0,da1fed3fc9882951bbd9a307c57a38164e881c2c901c1975152e12872c8dd97c,2024-06-11T15:15:57.087000
@ -245785,7 +245785,7 @@ CVE-2024-21330,0,0,b2ac5d60b9bce9457d738f60e3ac9bb05697d436bd7be2810a9e1f7c3a676
CVE-2024-21331,0,0,92cd30ae764b239f28c0a8df0c95713f1cf63a2fae07aa40ae29b0b0ea46cc37,2024-07-09T18:18:38.713000
CVE-2024-21332,0,0,e26f081e210bc97138c2c24c4864fe4562659ce63b5b575f0c0fb25cc97812b8,2024-07-09T18:18:38.713000
CVE-2024-21333,0,0,32851108840c7a13c1ee82ea16c50177907e4bcd2e482894344fc3874564fc20,2024-07-09T18:18:38.713000
CVE-2024-21334,0,0,bb98735e0397eef282b3bf0c8a7f17fd1a894c0580516f67c50b6ae552edb8b3,2024-05-29T00:15:20.560000
CVE-2024-21334,0,1,a2fadb28958f4c873cb0666784d6c1f11fe970b44d08bbb31b67617f0dfb3d6a,2024-11-29T20:52:35.697000
CVE-2024-21335,0,0,d3be0da75c93e40dc74ef43532ac464e7457c464e235cbe682e70d325b6a979e,2024-07-09T18:18:38.713000
CVE-2024-21336,0,0,4632192569ed60af4d57d1dd58a5b140d682aa1d82fc677d5ec51bcb39be3541,2024-06-11T15:15:59.553000
CVE-2024-21337,0,0,1ed4e9ec6936be258d1de771e0acb5830541ca48fb0a246032f3c3930147d134,2024-05-29T00:15:20.793000
@ -245849,7 +245849,7 @@ CVE-2024-21389,0,0,45e04e95ea2df4355a256491d2fd84dc18fc915c0e6f04b4c26e5cb7104a1
CVE-2024-2139,0,0,b3135502da92e95e16c2b5b9fb535ef64e920678d73e9ac518e10c09c2ae19dd,2024-03-27T12:29:30.307000
CVE-2024-21390,0,0,825edcf38cfbeb450d8ce686d8ed931b72dd5fbbd9947124a708715e091607ac,2024-04-11T20:15:28.173000
CVE-2024-21391,0,0,abcc609910d8356bbf221f6824538c8f8dccb2b167955bff922a627eaed11837,2024-05-29T00:15:32.207000
CVE-2024-21392,0,0,e195439aeadd693f775dc7b2e07887ff33a72283d657dcf4356dc680f9866d97,2024-05-29T00:15:32.400000
CVE-2024-21392,0,1,f456f49aab1a6749cce2eb5b590eaeaa8b7133a2c686945470441f78eb54e1bb,2024-11-29T20:52:32.870000
CVE-2024-21393,0,0,38081cbb15c019a6d6a5ebae688b74c2cac694832eb96676185080e3d938325e,2024-05-29T00:15:32.587000
CVE-2024-21394,0,0,aa75466b0aaf4d3ff3bbec78793ccbcfd1afc16c532cab8eae1991bcd2df2554,2024-05-29T00:15:32.707000
CVE-2024-21395,0,0,e344e1d068e814165683c2d644d3dff647258b1ba561cb9b39845a1e1518a759,2024-05-29T00:15:32.827000
@ -245858,7 +245858,7 @@ CVE-2024-21397,0,0,b0ec241328054a214047be8b8375fba9ad1406b2a99b2fb228fd123085bb3
CVE-2024-21398,0,0,c4c7d6f98e04a810853dfb263ff519362e5129031c36304acc0da85b748d5ae9,2024-07-09T18:18:38.713000
CVE-2024-21399,0,0,001820e0109335f5a2640c4a5189f5fe8ac80b4b4f2ff4d1526569f2ec1fd18f,2024-06-11T15:16:02.503000
CVE-2024-2140,0,0,f13df4d472ba646e6aac958170cf967e223db17be65b98ce4a37e6d44e80809a,2024-04-01T01:12:59.077000
CVE-2024-21400,0,0,da8277c9b07afba17ab7b2697668cebd1905952dc7d0b43230c5dd98b3c906f2,2024-04-11T20:15:29.170000
CVE-2024-21400,0,1,2de01f4dbeb37da40535fdb046ba8fe35fb67bd6f8108c5aa79d114487cbb998,2024-11-29T20:52:31.103000
CVE-2024-21401,0,0,4b2a9c60547467c59f9b439a18da60452bb72bfbcd0f28b98d7478e2777b8310,2024-05-29T00:15:33.247000
CVE-2024-21402,0,0,30768b38d5acb186afa5a073ad3bf20aec4d542134aab6ee100b1ef4d75c9e65,2024-05-29T00:15:33.383000
CVE-2024-21403,0,0,8f71e0b167eb11d7fdd6149f06e349c1f5d981ec85fc70817f5e47a2e0410a89,2024-10-07T14:03:00.607000
@ -245878,22 +245878,22 @@ CVE-2024-21415,0,0,42bcd1202ef0ba594d559bd9441152ac5ae9644c270ba50531381a1aa41e9
CVE-2024-21416,0,0,7cc6fd4c84942ce1dc818417cef771869802afebc6e3c7d7b19ed19e00198c83,2024-09-20T18:55:14.573000
CVE-2024-21417,0,0,b49ef9a4a1641236078c066f567251303fbb25636e983b46ec501a6c4a0c9cb3,2024-07-11T13:05:54.930000
CVE-2024-21418,0,0,0f25c581a81e174a088bbd635450254be7b5c931f905496efb1385b8f25ccca1,2024-05-29T00:15:34.853000
CVE-2024-21419,0,0,e14cbf8653efa36d4d95c26c723d3b529d88b23a73e43ef96db6054f518ce906,2024-04-11T20:15:30.777000
CVE-2024-21419,0,1,3cb3fdb5be67b19326a793bdd9f0d7cc48c79a6f3fd2ccef4d9014d402593d28,2024-11-29T20:52:29.267000
CVE-2024-2142,0,0,44f8897a85c55e986bec9130d64561487683ff5057711f75d9355872ef6d360c,2024-04-01T01:12:59.077000
CVE-2024-21420,0,0,dbdb3da803abfd446d4196a8fbdd1a526fe0842184e24ea68b2aaa7257e503ef,2024-10-07T14:05:29.367000
CVE-2024-21421,0,0,aa003351515fa6a13b090cbacd30e2c8bf4eb2017cb79e6a1063d808b3f7cdca,2024-03-12T17:46:17.273000
CVE-2024-21423,0,0,13dc0ecc7bfbb4f5b92a3170ab4cae2b8d2de511257aaf572933bffbc6f2ae09,2024-06-11T15:16:03.297000
CVE-2024-21423,0,1,f9af7e37fa4ac00db3d27c63c91f6cab8fd61fd4e0cd58b29bafe7da8fbc1bbb,2024-11-29T20:42:08.630000
CVE-2024-21424,0,0,77e44977e766588a59c87cb45706c3bfc2a9108d9dbf7fbc64f556e35f14f570,2024-04-10T13:24:00.070000
CVE-2024-21425,0,0,2812cfc5eff10f169d419b1ab02c34a9eddedbeb477ccb53ff000f9cf064044f,2024-07-09T18:18:38.713000
CVE-2024-21426,0,0,bf58e3ab2d0d8fef26a271d142d4ddbc32efd83cf1484da4e621fa84ad0ab648,2024-05-29T00:15:35.200000
CVE-2024-21427,0,0,a203f4e2c3489f685ae409b07ac750b7c17a3c0b573d7557437d389da21dae29,2024-04-11T20:15:31.130000
CVE-2024-21426,0,1,28cc51db69ba03e1e83cb7f3a9f5914be340ff48d83ec7285f47ab6e4a1893d0,2024-11-29T20:50:09.910000
CVE-2024-21427,0,1,c8fca909f1ebd3caf8e518589319c47ad8bb6383ef7d8dedc9738dca072eb2c7,2024-11-29T20:49:42.757000
CVE-2024-21428,0,0,d4326ce0e7de9ba79740916e4b692bd60f0e0e1e1ad6ad9543bd3e7e8895901a,2024-07-09T18:18:38.713000
CVE-2024-21429,0,0,f06428fbd106022c704fe75f56593c47f00c7769560ad8bf515561b79ff02e56,2024-04-11T20:15:31.223000
CVE-2024-21429,0,1,79bf9da0c0c440cacc8d7c59a249e2fecfe91cb5928203b47289aa3010fba9f8,2024-11-29T20:43:50.370000
CVE-2024-2143,0,0,b4196c236271ea86599a9a6a71fa5d263ddeb4583a563a5493a42f4b531b62e8,2024-04-01T01:12:59.077000
CVE-2024-21430,0,0,e952ae4cf447cd295645cce29646bf9b8b37e88c4e9b315bafcb04dcaa54bf2e,2024-04-11T20:15:31.333000
CVE-2024-21431,0,0,9745c92e106edef49c2b017438fa440bd55a4bf553740f319116ac19d4208e60,2024-06-11T16:15:18.230000
CVE-2024-21432,0,0,87b816a113d713051ce0a184e6532d68fb39ee02a86ec198f54d1e2fef367683,2024-05-29T00:15:35.527000
CVE-2024-21433,0,0,11232fe764b0771a49b8a0ae9226f0d587f78f4493eee55bf3ffa96e98092b1a,2024-06-11T16:15:18.377000
CVE-2024-21430,0,1,0c82706eb5221197af87e1f265a82dd4b412c443a76d8a68cabb9de79ab86d7a,2024-11-29T20:44:32.717000
CVE-2024-21431,0,1,adb271f7c07729890dc0e6600645b6eea17bdcd896aadfcebe92e54de18d6777,2024-11-29T20:44:56.373000
CVE-2024-21432,0,1,b26b06b5af97e258df7fe189dd0fd737f77add3019eecc5409fe9334ce5a5d02,2024-11-29T20:47:25.987000
CVE-2024-21433,0,1,100deeaf7e9386a87e131a946114df15ff214b00b65b78941702d176f64f5d82,2024-11-29T20:47:35.220000
CVE-2024-21434,0,0,b1361f70a03881d0b7783b1f104c7680681900021804a88dbbfddef6ed773234,2024-04-11T20:15:31.620000
CVE-2024-21435,0,0,af4c6ac7ef76f0f67a1ba6277b5a8737b11e09d1129e2401445d4e52e15c50e8,2024-05-29T00:15:35.713000
CVE-2024-21436,0,0,00556a431a6d8f3334e9f93cd607dfc16f3cab8684b005c0250ef6e1b8b30f19,2024-05-29T00:15:35.830000
@ -249252,7 +249252,7 @@ CVE-2024-26163,0,0,1cec6fd5081dd6336471bb2c93b29cc598ec8cf690b6a4f047866b54bc86e
CVE-2024-26164,0,0,97e84461485204919561d873bba734d2b5d91bb4f6ec5c1ad6eb15a94be78498,2024-04-11T20:15:33.877000
CVE-2024-26165,0,0,83eab2c0875e9b88a1f7ce329398a5e0cce759e0512193fa6f5822a067798b74,2024-06-11T16:15:19.780000
CVE-2024-26166,0,0,2dced7e6cfb444dab6a8949445585382808844907087fc776f21c6d4c672ba6a,2024-04-11T20:15:33.987000
CVE-2024-26167,0,0,bbd84f3e641e9d975722dcd02ef6a412570e8d613f30b550ec8c1746242bc7cf,2024-06-11T16:15:19.920000
CVE-2024-26167,0,1,8855bcc7e86d2bfb321c97571f709e8374a60be9ce3b496dc4c11c762f54238c,2024-11-29T20:40:52.990000
CVE-2024-26168,0,0,79980e86f7902cdfbf2750e2f70229d42c3911a1aa52728ae4a317e89b62a526,2024-04-10T13:24:00.070000
CVE-2024-26169,0,0,1019f2fc447e0f9753156720ba4d1d39073dcb9223b8501955c81cf0a85bd6ec,2024-11-29T16:24:31.767000
CVE-2024-2617,0,0,c735ab59fafbabeeafc878072d5ef91a88b0cb8e9dc08af938860e93db5c996f,2024-07-03T01:53:23.587000
@ -249274,12 +249274,12 @@ CVE-2024-26183,0,0,4d74cd74f15c42ef83e07da0fea854b9308a2d6867480d27e88f16b8021a5
CVE-2024-26184,0,0,9a9469b525a1c0948733fdbbefd0c134cd0d1bfb19cc88ca9e1172b5dc220da3,2024-07-17T14:58:41.847000
CVE-2024-26185,0,0,9feef43ee36b690f774d8b3be3682410d3a24414bd3e53eb7eb31b5bf9351714,2024-05-29T00:15:37.420000
CVE-2024-26186,0,0,36ccb09d2bf153f937e5e66344d4acad5c2798a004f521a6a2f0b10de8b37b05,2024-09-23T16:48:36.993000
CVE-2024-26188,0,0,f211739728663bae1418bea21124610d1eca871de3fac0df538712e0d37e5a9a,2024-06-11T15:16:04.713000
CVE-2024-26188,0,1,dc54c4d9a5d848ec0b1e8b8383a55a611364acd7c047ade8b5f14981ef4b7578,2024-11-29T20:41:53.547000
CVE-2024-26189,0,0,2a49ee8d4a0ba2f801fc699ef40f2bf3b0913e4387987b37ad42d4a5aa46f00e,2024-04-10T13:24:00.070000
CVE-2024-2619,0,0,3ad4efc25cc381a08190aaf20f81de7fb62ed67d01a5b4fb428e260f22ab5802,2024-05-17T18:36:05.263000
CVE-2024-26190,0,0,2c15f1de93d1a079b40144981fb69e3fc0cface9d9c13ad726466b53618f3452,2024-05-29T00:15:37.597000
CVE-2024-26191,0,0,6e7a0054b262a9288872fe975e02e1e98f0d17f2e6eb60a988c9ddaadd8538a4,2024-09-23T16:51:43.927000
CVE-2024-26192,0,0,ab2d8571efc827a85f890805b2a975a3bb570e6ed0706c8ad58a934f27b5a8d2,2024-06-11T15:16:04.830000
CVE-2024-26192,0,1,902591bef94f52ba914c3fcd6fecc2d37a089b0a8650f5c905e8f55fef155ff1,2024-11-29T20:41:36.453000
CVE-2024-26193,0,0,8fddc835a44742351670403f475d1a7fbbfaa53f469d57320747dbc6b6cb5a20,2024-04-10T13:24:00.070000
CVE-2024-26194,0,0,11c479afbc9197da02f6a4aa14d5718e799cccfb9f0ca6804619eeb622290024,2024-04-10T13:24:00.070000
CVE-2024-26195,0,0,f9685945e615e0cfe189b9bd1c92904f15fea6beba07eb018c4de9659528b4d4,2024-04-10T13:24:00.070000
@ -256139,8 +256139,12 @@ CVE-2024-35359,0,0,790098a5aa254df92059c385ad6325db39cd91d13b49630a333bac1d583fc
CVE-2024-3536,0,0,67ef0d9459ffa6371d38db2913b0c14e7a0dd926c6d86f1aea2fa988c69cefc5,2024-05-17T02:39:59.897000
CVE-2024-35361,0,0,94079fbeae6f3e32a28e0bb042dbf7a904fcf03ef2f5fc193b1b6ac0fc4c26ea,2024-07-03T02:01:38.550000
CVE-2024-35362,0,0,234501ffddb96c378ce0415c69c86b74ffa92255e774ec0584c4ec784483afc1,2024-05-22T18:59:20.240000
CVE-2024-35369,1,1,6df28d8460fe7b04f0a2efffc7b9a631fe258a88dc12fbb0a17d1341163bedc4,2024-11-29T18:15:06.983000
CVE-2024-35366,1,1,9b84de888d50ddbd7efcc8707ea3df5f70e05d0c67de0741833ade895b234c7a,2024-11-29T20:15:19.863000
CVE-2024-35367,1,1,4cf1651bad5e480a4d826c3f8e668cb9c693764d20895a38503f6b2564a1fcb2,2024-11-29T20:15:19.957000
CVE-2024-35368,1,1,b29911c8c82dc3259e072b942eea7a4d1149791db93f1fecc5fe0708cef54fcf,2024-11-29T20:15:20.050000
CVE-2024-35369,0,0,6df28d8460fe7b04f0a2efffc7b9a631fe258a88dc12fbb0a17d1341163bedc4,2024-11-29T18:15:06.983000
CVE-2024-3537,0,0,7295965fffde5e283abb275e5228fcf2f24e25d29556dedbad478c14243435cd,2024-05-17T02:39:59.987000
CVE-2024-35371,1,1,3451d96059fd4d38b9b56c8029c259808886cc489aad6ecd6a8e5b4dc96d8c65,2024-11-29T20:15:20.143000
CVE-2024-35373,0,0,014fa23f7024d690cb16f55fa9fe5c207924e838da0219b265271af9723dff82,2024-08-19T18:35:12.200000
CVE-2024-35374,0,0,aa83a1884752e38a4efa40b8d631e010f03947873314106502ec442b10442cd7,2024-08-20T15:35:14.870000
CVE-2024-35375,0,0,ed34ddd9d512918cc00e937f04fcc44b2e98fec270008373eac869e7c2125c2d,2024-05-24T01:15:30.977000
@ -257138,17 +257142,22 @@ CVE-2024-3660,0,0,c3c1c3312c8a9566bf9feedf7d8876d18d19f4aa50138300852d5ac195117e
CVE-2024-36600,0,0,e7eab002c297c7d5ce5dd570ac3b60c68bd283d5ad8a781f4e7d7381b748121c,2024-07-03T02:03:24.687000
CVE-2024-36604,0,0,ceabd4d65e8e525e1dbe1c2ad39c0fe240ecb352a8c95aa43d6d84024ca2af4a,2024-08-15T19:35:12.673000
CVE-2024-3661,0,0,c42cca3fa75d9e1e2e62908451948484a5d5cca5f29f392158a6d0b59eb829bd,2024-07-01T15:15:17.187000
CVE-2024-36617,1,1,c18e2eb9b33d632f63d305b3eb6f50e7d6743c0489ab5af161e69fa56de5ba4b,2024-11-29T18:15:07.230000
CVE-2024-36618,1,1,f1fe269f8119cc1956333354d8d1ebbf16ea9be0fb3347b792a87c6a5e02f274,2024-11-29T18:15:07.390000
CVE-2024-36619,1,1,d30e29b19403999a360d49eb2b7510653e8a4eeae72cc3067a2b6e14731d746f,2024-11-29T18:15:07.550000
CVE-2024-36610,1,1,312841435172043d5dd2190cf6b8c2300f7c9822702ef3e5fa4446eac6b961e2,2024-11-29T20:15:20.237000
CVE-2024-36611,1,1,42465fba5d209a57964c1117a778f054088fdce7482f6b6bd27c3304a10b7c3d,2024-11-29T19:15:06.780000
CVE-2024-36612,1,1,fdd926ad563891ccb6e110831ad8dd9cdcf5f661c8c399d337246f268066a229,2024-11-29T20:15:20.340000
CVE-2024-36615,1,1,2f8c6f09c7b5113fafb5a41f7e4cbad94a7ad0500652cf2d1c05a06d469ab9d0,2024-11-29T19:15:07.703000
CVE-2024-36616,1,1,30073513037d78480eea5288925f8e6f4e5b29c346f1de578cf8c107b66d46e5,2024-11-29T19:15:07.817000
CVE-2024-36617,0,0,c18e2eb9b33d632f63d305b3eb6f50e7d6743c0489ab5af161e69fa56de5ba4b,2024-11-29T18:15:07.230000
CVE-2024-36618,0,0,f1fe269f8119cc1956333354d8d1ebbf16ea9be0fb3347b792a87c6a5e02f274,2024-11-29T18:15:07.390000
CVE-2024-36619,0,0,d30e29b19403999a360d49eb2b7510653e8a4eeae72cc3067a2b6e14731d746f,2024-11-29T18:15:07.550000
CVE-2024-3662,0,0,bf35bc71372b512799f21214c4add2ef96949612530c04611b0774c90b1261c4,2024-04-15T13:15:31.997000
CVE-2024-36620,1,1,bd940859e3a70ba9f20daee48c18afd5e689ded5655791c03dcd144494e8ab28,2024-11-29T18:15:07.787000
CVE-2024-36621,1,1,395c2e8d706b3be77e22c8c62abd8cdfeac4ff3d292f427ab7129b4c0bf7529f,2024-11-29T18:15:07.993000
CVE-2024-36622,1,1,be48e05186f5ac071984ac26618b6189df06db278a956e908f53e3b956f07a62,2024-11-29T18:15:08.140000
CVE-2024-36623,1,1,5b0927c621a8ce8b7dff6d101236e2659ea986ccf06dc2c525fa93aebc3aee45,2024-11-29T18:15:08.293000
CVE-2024-36624,1,1,e8da640bd88dfa42ea05f2e9cb3d684e190ff87df1ea3dcec33e639e2148fd61,2024-11-29T18:15:08.440000
CVE-2024-36625,1,1,7c23d2425847fcff4ab6a41af1e0a7a10f21527b69c1199afaca70ff1a9c9744,2024-11-29T18:15:08.607000
CVE-2024-36626,1,1,7dca574daa62085fcbacc3d2cfa724a9215be24530b261fdff176e59425b90fb,2024-11-29T18:15:08.840000
CVE-2024-36620,0,0,bd940859e3a70ba9f20daee48c18afd5e689ded5655791c03dcd144494e8ab28,2024-11-29T18:15:07.787000
CVE-2024-36621,0,0,395c2e8d706b3be77e22c8c62abd8cdfeac4ff3d292f427ab7129b4c0bf7529f,2024-11-29T18:15:07.993000
CVE-2024-36622,0,0,be48e05186f5ac071984ac26618b6189df06db278a956e908f53e3b956f07a62,2024-11-29T18:15:08.140000
CVE-2024-36623,0,0,5b0927c621a8ce8b7dff6d101236e2659ea986ccf06dc2c525fa93aebc3aee45,2024-11-29T18:15:08.293000
CVE-2024-36624,0,1,0a7b2aae5839929f5368ebe0e8fb0a7dbe600d4804ac108be619ee97ae88a044,2024-11-29T19:15:07.923000
CVE-2024-36625,0,0,7c23d2425847fcff4ab6a41af1e0a7a10f21527b69c1199afaca70ff1a9c9744,2024-11-29T18:15:08.607000
CVE-2024-36626,0,0,7dca574daa62085fcbacc3d2cfa724a9215be24530b261fdff176e59425b90fb,2024-11-29T18:15:08.840000
CVE-2024-3663,0,0,aac8884135ebb34dcb3248cfa17d27356201b5565d5879d71d9c52eb44a76d97,2024-05-22T12:46:53.887000
CVE-2024-3664,0,0,69a025fac493e1b730af34edf299abefa2f6b022c562e137962af1b86cd1f7fa,2024-04-23T12:52:09.397000
CVE-2024-36647,0,0,c31e7e6b8080244a2de4852013b2b5eae9e0c7673d9ba9c0d0cbf4624eea7349,2024-07-03T02:03:25.473000
@ -262663,7 +262672,7 @@ CVE-2024-44302,0,0,8ecfedad59d8a53cf201de7999f2b2a1319aa7dcff5d0590cb4d2b5e11349
CVE-2024-44306,0,0,30e6b62b20cb4827539838b9ad1117b1c4caf5a6a100e3fa44a4d9f09dbdd63c,2024-11-20T16:35:23.177000
CVE-2024-44307,0,0,9e70c08c83168f1b166f0adb0f44da27d930f75021e34e9c4988cb0e1544104b,2024-11-20T16:35:24.267000
CVE-2024-44308,0,0,acc369578912d118b4a89ca8ee5987b89635f4149292d31f719e55be8c103584,2024-11-27T19:35:10.147000
CVE-2024-44309,0,1,52770843bac18ca9341a93eea8b19ddbef2c8812b70a8cb8a748cb3c19c4c5a4,2024-11-29T18:28:16.227000
CVE-2024-44309,0,0,52770843bac18ca9341a93eea8b19ddbef2c8812b70a8cb8a748cb3c19c4c5a4,2024-11-29T18:28:16.227000
CVE-2024-4431,0,0,8d95de6ec075320f55907047db89835dd68db45859f7bae49d6625b2a3240b6b,2024-05-24T01:15:30.977000
CVE-2024-4432,0,0,492ff6791a7b1a2e081b9c5249b748792a54b9554ba3a2422039c4bfa6a7bf50,2024-05-20T13:00:34.807000
CVE-2024-4433,0,0,29650c676957862ed8f96380f29298acd09e1ae0c4c0eae7a19f73eb896474af,2024-05-02T18:00:37.360000
@ -264267,7 +264276,7 @@ CVE-2024-47189,0,0,7d3af50eb7bb8d000bc263107eea64000b2f13c8fe93501539ce47dbaede0
CVE-2024-4719,0,0,5f15010ce3da97593d62bd8e5cbd7e4df0db8fec077945fcbb72e898184ff8a0,2024-06-20T20:15:19.763000
CVE-2024-47190,0,0,c28957383dc3dd3b2a854256bc3acd5f30b8dfbbdad3bc6f637c477d8da8c5fb,2024-11-08T19:35:17.860000
CVE-2024-47191,0,0,2d0ea97c75991dd32a2813bf0ef51251f3610baaa622ce7906ea2e3545fc5ab0,2024-10-10T12:51:56.987000
CVE-2024-47193,1,1,4117699582bc378455b40481ad0ff7f4e4c60ef41e2b329a76d1749150a1bfee,2024-11-29T18:15:09.090000
CVE-2024-47193,0,0,4117699582bc378455b40481ad0ff7f4e4c60ef41e2b329a76d1749150a1bfee,2024-11-29T18:15:09.090000
CVE-2024-47194,0,0,0afa0b09ca6b7bbd6bd860b01b5c9153eec47be962883f1807d6c455d470088c,2024-10-16T18:15:04.043000
CVE-2024-47195,0,0,13778db546c78cfe27d2d127a511510e1d599b625eb31f21fc4e65992e2127a0,2024-10-16T18:11:29.990000
CVE-2024-47196,0,0,854c9d23e22c82e5339f8a331c929fb519fa43506b02445ee87a1d94228daed1,2024-10-16T18:07:38.850000
@ -265515,7 +265524,7 @@ CVE-2024-49357,0,0,6503b40a74a6613085cacc3815bfdb01e01bab8ce0bff54535ea857ed7d26
CVE-2024-49358,0,0,df99e254916c8dff27bc118ecfd140161a54ef4581a6841d720c531a5bf44aba,2024-11-06T15:27:26.637000
CVE-2024-49359,0,0,cc09522176dca55ed443e811571748ebfc3f0f5a4f89d4ec44c17a0a8a645881,2024-11-06T15:27:02.347000
CVE-2024-4936,0,0,51b2c41822c3ce01e84bd55c02328ac3499013d52d632d2af56d406c35d5a658,2024-08-06T18:29:27.013000
CVE-2024-49360,1,1,2ffb400d9ebd91bfe485575a99d85aa57a0f01e8ea35bd70f12a3403b8614670,2024-11-29T18:15:09.307000
CVE-2024-49360,0,0,2ffb400d9ebd91bfe485575a99d85aa57a0f01e8ea35bd70f12a3403b8614670,2024-11-29T18:15:09.307000
CVE-2024-49361,0,0,f551e9abf09d421b2a081416ae11d1d19a91d21656c86d2519f1c7f0e281007d,2024-10-21T17:10:22.857000
CVE-2024-49362,0,0,607782a5d34a0bcea667b4613803b3479fadb0d82404a368be33f1da13be2d17,2024-11-15T13:58:08.913000
CVE-2024-49366,0,0,1ea5441e3f8684e26cb3e2ee03927aa37cfc22f8ddf1688cacc08e4a6c38e9c1,2024-11-07T15:15:04.587000
@ -265744,10 +265753,10 @@ CVE-2024-49777,0,0,314466c2b7b0e20ad6728b0e7432b53a78d87374e0a21437c089e38cdba9a
CVE-2024-49778,0,0,b40056776286249c4f0e7d406280c79c53290f21552c8f5c4b72da612431d704,2024-11-15T18:35:36.260000
CVE-2024-4978,0,0,5928c3b846f5437fa931d5f8f8094b6c99b5e796eec27a2a5602f4b07774db40,2024-05-31T16:03:52.247000
CVE-2024-4980,0,0,1d2b61808b4cae121d6a29c34adc83b7ce102dcc100d7578fef807794b8506ae,2024-05-22T12:46:53.887000
CVE-2024-49803,1,1,30615ba6473270e94c2833aa4649b1ea1fdd0c02316445abe4b259c0a28956a2,2024-11-29T17:15:08.180000
CVE-2024-49804,1,1,db904ce5f54a262127becc5b1778fbd990ccd03638eda6e11294f8bb498f5cdc,2024-11-29T17:15:08.330000
CVE-2024-49805,1,1,1d65fbd3e28686a51dafe657852fc38a91c4aa31ee2592d66c88805e48b03e77,2024-11-29T17:15:08.470000
CVE-2024-49806,1,1,818cac3e93e8176bc5d45c74473e955505275ab8a3e4e80c69e50cc55c82d6fb,2024-11-29T17:15:08.627000
CVE-2024-49803,0,0,30615ba6473270e94c2833aa4649b1ea1fdd0c02316445abe4b259c0a28956a2,2024-11-29T17:15:08.180000
CVE-2024-49804,0,0,db904ce5f54a262127becc5b1778fbd990ccd03638eda6e11294f8bb498f5cdc,2024-11-29T17:15:08.330000
CVE-2024-49805,0,0,1d65fbd3e28686a51dafe657852fc38a91c4aa31ee2592d66c88805e48b03e77,2024-11-29T17:15:08.470000
CVE-2024-49806,0,0,818cac3e93e8176bc5d45c74473e955505275ab8a3e4e80c69e50cc55c82d6fb,2024-11-29T17:15:08.627000
CVE-2024-4983,0,0,47e5eccd768078063df4e275a1ffdcd617ddbc2b7b8451c89e2e261cf23ec523,2024-06-27T12:47:19.847000
CVE-2024-4984,0,0,9f2b9cbe42298dc633fd7a95b66e0d4fdcec1b53d37f19261bcfa2f1a75e3637,2024-05-16T13:03:05.353000
CVE-2024-4985,0,0,df226dda87642aeec36f0fe802a8cb1e52b5f8e667dcfe00ff42a5cc0d642f7f,2024-05-21T12:37:59.687000
@ -266102,11 +266111,11 @@ CVE-2024-50175,0,0,1dd04fe7e094a215fa5b2a47ea2eae040e04b44ec6d616bd452f4a4ed1eb2
CVE-2024-50176,0,0,0bad9ef923589f31e0464c96d6ee2434d25795707eba801c32d45ddd11f3d20d,2024-11-27T20:14:34.360000
CVE-2024-50177,0,0,4fb8b3ddb9af9f8a097a514d03b2080fd60587a0766bf44f8281e4c2a563510e,2024-11-08T19:01:03.880000
CVE-2024-50178,0,0,eb6ed4bd84ba259d56915cd99f2b35efefd2f01c043441a7f05771cbd0e57d90,2024-11-27T20:11:52.110000
CVE-2024-50179,0,0,c4648a1cb0e6158035aacfb89d04c61220618558c59d96ca6f1b6a6c714359cc,2024-11-08T19:01:03.880000
CVE-2024-50179,0,1,04adec6ece540a01d1ee9288ee8f51f83801ebaf343e3cd445929a412a36c84f,2024-11-29T20:34:14.350000
CVE-2024-5018,0,0,ae4fae87d25d0ffdabf3f24c5b2aeefbd28a66a0c556c5b46ab6064495fdefe3,2024-08-21T16:00:23.410000
CVE-2024-50180,0,0,f4c303721e730f9a393f439aaca4004ec106f60afc624c423e36e265c2d3fdc1,2024-11-08T19:01:03.880000
CVE-2024-50181,0,0,bb4c6997ad59bbb97410a6f650ed4dec30e3dc1c6d446601908c086d1d208f2a,2024-11-08T19:01:03.880000
CVE-2024-50182,0,0,16bf6296184bc3002b7393b9684655e4277d04239189c6f359e716998ded10b4,2024-11-08T19:01:03.880000
CVE-2024-50180,0,1,cf4c8e6c15b9f741b0c0bfa604d0cfe58a38ee1c257a25fc7ea93d7471cc58f8,2024-11-29T20:35:40.690000
CVE-2024-50181,0,1,f16eff39b0ab37ef17ea241d14ae52e7fa64bf6e3b7097227844b21199555f5e,2024-11-29T20:36:52.667000
CVE-2024-50182,0,1,6738925cc907b051baea56f323ceab8cf3bc357791144d1faa6ef6ed966954d8,2024-11-29T20:38:47.760000
CVE-2024-50183,0,0,1a5c85761b67f4951d4aead272e8cbaeeb6fb4ad164fc8c52190afa66b3996f3,2024-11-08T19:01:03.880000
CVE-2024-50184,0,0,cb05ed3cbf4320d0b6539ece765682947c4e4dd01f32eb669ed72a68abce565e,2024-11-08T19:01:03.880000
CVE-2024-50185,0,0,595738e2988b3e2c25066779b5891f8412116ebeed8b468125ac9343052411c0,2024-11-08T19:01:03.880000
@ -266117,13 +266126,13 @@ CVE-2024-50189,0,0,5d4f496901033a53673f3eb245c0783e3367982581bb1f34ad55281445cbc
CVE-2024-5019,0,0,208ddc99e1f67b7d6822e7ee095131f1b9c059678d4d2eeb2b2f9eae704845da,2024-08-21T13:43:03.670000
CVE-2024-50190,0,0,2962a78db58b5eff7333f4f943b026fd8630dab04243ae02339e9f901787f7d2,2024-11-08T19:01:03.880000
CVE-2024-50191,0,0,a6db09c765b7d3d35c26042d26dc5603def4093fc6f320ce46df0d5416572571,2024-11-08T19:01:03.880000
CVE-2024-50192,0,0,f094a0b99ff5542604e1b792e783e7c7237fcb61e2ca3115600517ad809944d9,2024-11-08T19:01:03.880000
CVE-2024-50193,0,0,50f904eeb07f25863f05f238144d22e76d3e511a58fe12ad4d5abd0361bc97e7,2024-11-08T19:01:03.880000
CVE-2024-50194,0,0,c7de65c1763aaab8f315d17fa3d61877cfaeac8aebf218b476edfbf024dbd7ce,2024-11-08T19:01:03.880000
CVE-2024-50195,0,0,ee6e23f184f82b041e70dd009ccfd73b68b4f1251d93e8bb828b8169f943c022,2024-11-08T19:01:03.880000
CVE-2024-50196,0,0,f3344a2a383617bb57f8e7b99598da7f3e018b81b0a69d14af792213a5382acb,2024-11-08T19:01:03.880000
CVE-2024-50197,0,0,59a6be3df417d3a3c55a1bbb45af16915fd95dff36c9159ced00351e34496f33,2024-11-08T19:01:03.880000
CVE-2024-50198,0,0,3ea33cdf4ab9bb3fd3852a87897dffcacdce0ff880fdd50c45b48b25cf5b6305,2024-11-08T19:01:03.880000
CVE-2024-50192,0,1,c63addfc8ced2b086c990b79a9316ef60d0c871b32679a650a4651f7c1584eac,2024-11-29T19:00:45.733000
CVE-2024-50193,0,1,cdcb73db336e1b3804f6930b8d0d72f531d36affe38055af409d00e3eb0e592c,2024-11-29T19:29:23.710000
CVE-2024-50194,0,1,426419d359b9a48931872d3b17b8f19b6404793a867bd8299ab6d640e9ba5434,2024-11-29T19:33:26.060000
CVE-2024-50195,0,1,2c6694528987098c90635214fa32688caaf82b9b9d755d386303fc29c6ab70a8,2024-11-29T20:26:50.623000
CVE-2024-50196,0,1,675ca6a3533eddc8a6d45432592fdaaf1bb5dced0aa110561a6b06a466e576c0,2024-11-29T20:28:53.843000
CVE-2024-50197,0,1,893b8d49a3c8bfcb1b7ca77d5de84df33485e9af4e3168bdf23d38eaaa3f1acc,2024-11-29T20:33:23.700000
CVE-2024-50198,0,1,c618d856f80a65c389660bf5305caa4f554130dfdf672d6f63bde935a5b36126,2024-11-29T20:31:29.787000
CVE-2024-50199,0,0,790411aeb1eb3c29f71ef981d65498f2cd8c66850ab6f2c0880f47cb2a5c0da3,2024-11-08T19:01:03.880000
CVE-2024-50200,0,0,39818810e6a92ba66da874110ced722f11de013303f8d602e577eeb9e4e93e06,2024-11-08T19:01:03.880000
CVE-2024-50201,0,0,09a1d2ed13abd2226e3074bd37eb9876228c60757af6992d6779c0487fabffe2,2024-11-19T16:08:36.890000
@ -266729,7 +266738,7 @@ CVE-2024-5121,0,0,98477bc3a7c67683bd43da705ad15db6f590ce85a12aaf89110d94461e6c3b
CVE-2024-51211,0,0,581556a1bd92632bbd04cf9aebe233d1f5e96f417c538ff40e3ed80078a79ca9,2024-11-12T13:56:54.483000
CVE-2024-51213,0,0,a598a44042c959028b27d1b964937a81a14ecccc57789a4658084176eb433102,2024-11-12T18:35:33.433000
CVE-2024-5122,0,0,b102c5894de9c993bdf361c85aa63dd17cb454ea5ed33d3ad3120a6c50356b5e,2024-06-04T19:21:00.963000
CVE-2024-51228,0,0,ac26ba41591551e7b354eebad63edb6c2e6671b4cadbb1ad2fb2ebaf77cd607b,2024-11-27T17:15:12.800000
CVE-2024-51228,0,1,294a28aa06aa347fc595d895098cf7c224edf806b9b37339527f928a6a82f84c,2024-11-29T20:15:20.430000
CVE-2024-5123,0,0,c6ee92320f25e8ca50da0e044240269e2ddcb04724d5d630d165dc261fdc83ba,2024-06-04T19:21:01.063000
CVE-2024-5124,0,0,ddf4d98394e08878019bd952c44f2cfd27f047274d82fb0e14f997780f16638c,2024-11-04T11:15:06.937000
CVE-2024-51240,0,0,7445c6ba47df36c0613eb4cb1195b6f0f9ac8d38ec29d4a0f09a129257d8d4ff,2024-11-06T20:35:34.963000
@ -267262,6 +267271,7 @@ CVE-2024-51998,0,0,19a2e1052c10533bdc1ed034b91b5ec816f585536da2e947441dab97cd0af
CVE-2024-52000,0,0,53607fd920c5e6c0c523f59cb394de5d5c634c469499e12c0f4cb198af2d27c3,2024-11-12T13:56:54.483000
CVE-2024-52001,0,0,ee27726a1c73b7b7f6e5760fe3ce79bb84c8b16431699361ef4c426b16c2de6e,2024-11-12T13:56:54.483000
CVE-2024-52002,0,0,c00913d7259c42a7cc8354350f7a82513ce9d83d7bd5962c00b4cf14c2a1047a,2024-11-12T13:56:54.483000
CVE-2024-52003,1,1,547d974ce5473fbdc586b143bb803661fb6b34d9b6c117ffda49ea4ee4b6165e,2024-11-29T19:15:08.170000
CVE-2024-52004,0,0,5fa07d0a35480bd23f86ea684f2a0f66c5e4b9b2bf1fbc1961b6e8f9dcc625fa,2024-11-12T13:56:54.483000
CVE-2024-52007,0,0,9b9844f37c4a4c3cef932fa358d8594e2305c52695217b7622048372b9ab612f,2024-11-12T13:56:54.483000
CVE-2024-52008,0,0,262060a233ecffd7ebab469c10cac8fdefe6653fedfb294b7540834b512d5966,2024-11-26T19:15:29.583000
@ -267583,20 +267593,20 @@ CVE-2024-52755,0,0,201980ce6d3d391174749cb677e5eff116245b0c1dc48789b3b9b50b5ef85
CVE-2024-52757,0,0,6a532c18cf38d202abc15a627e9192ed6d4c483d87e76d03918e63d2f51dbf79,2024-11-22T17:15:10.150000
CVE-2024-52759,0,0,efd0fc3be433f7896365088928907f2feb653062abfc384aa04c2ee4da0825f4,2024-11-22T17:15:10.323000
CVE-2024-5276,0,0,b98c8bf623aeff1994feca32cb34066ea8ef6a81fb35099972c112f59613dd44,2024-06-26T12:44:29.693000
CVE-2024-52762,0,0,2da142212af1f3c370b1753b9867e2dc76148c3ba2e7239c746267d4ce514522,2024-11-20T20:35:17.280000
CVE-2024-52763,0,0,c5573017d062db00f6bed25c6759761baf5200224a59e32fc8cc1b829343cac2,2024-11-19T21:56:45.533000
CVE-2024-52762,0,1,0ba93538cdcceffbc2ce711add8a68aa6535f792ec7a07bfa4c816b008d21953,2024-11-29T21:00:39.843000
CVE-2024-52763,0,1,bf728b5a47dd0413d8210dc0bce8f5be7122657bdb084f64d14e2b08f6408d30,2024-11-29T21:00:47.937000
CVE-2024-52765,0,0,215d573d92d5d4ab707e8db266a06400b9c1cb39b63c86b9575271eef3bcc4b8,2024-11-26T17:15:25.557000
CVE-2024-52769,0,0,b6cb45d7326db7c74bf072246ac67a1dfffc75d7966f0886ca77640876da3fd2,2024-11-20T17:15:19.907000
CVE-2024-5277,0,0,c22b3e398c55d24f660b1a45a3310a9c6b0abef458e72374f87af318fc09202a,2024-10-09T14:49:25.753000
CVE-2024-52770,0,0,7aa9649a9670c716ce311ac92684885a9b795e1a2574f48cc59bb70ef562262a,2024-11-20T17:15:20.200000
CVE-2024-52771,0,0,57831cc0aec212fa9f5452cd5864fd9f742774698e80266ca54ea858d750ac1e,2024-11-27T17:15:14.017000
CVE-2024-52777,0,1,64e7b72fe32cb4968a962563d856a2231056c89633c94757ea0dfdf732e2b8c8,2024-11-29T18:15:10.153000
CVE-2024-52778,0,1,0d7c141afc6542521f20f345782c189938c8dba8da3d966c743f9aa38022b330,2024-11-29T18:15:10.380000
CVE-2024-52779,0,1,91f1c0161a891b11086a5b7fbd1f678ee80532934636a4e9c82a724641b59b86,2024-11-29T18:15:10.597000
CVE-2024-52777,0,0,64e7b72fe32cb4968a962563d856a2231056c89633c94757ea0dfdf732e2b8c8,2024-11-29T18:15:10.153000
CVE-2024-52778,0,0,0d7c141afc6542521f20f345782c189938c8dba8da3d966c743f9aa38022b330,2024-11-29T18:15:10.380000
CVE-2024-52779,0,0,91f1c0161a891b11086a5b7fbd1f678ee80532934636a4e9c82a724641b59b86,2024-11-29T18:15:10.597000
CVE-2024-5278,0,0,f0307415163f20adf37f2c92a0ed4578caa6aa4e699bedaa3aae52fa3124b77a,2024-10-17T13:56:49.813000
CVE-2024-52780,0,1,82042deefad98949145c91480a3b4b87d93998db4ccaa8b2cdd3bfbc559eb4fd,2024-11-29T18:15:10.813000
CVE-2024-52781,0,1,b6bc04ad7551ed5a2221d9ceaa743bd51bb14324b0257dd4645857a44bf4aee5,2024-11-29T18:15:11.050000
CVE-2024-52782,0,1,f43b2fcf8a8e0966ecd1f28ecad14edd08283c02970f2952246fb8ceb6300812,2024-11-29T18:15:11.313000
CVE-2024-52780,0,0,82042deefad98949145c91480a3b4b87d93998db4ccaa8b2cdd3bfbc559eb4fd,2024-11-29T18:15:10.813000
CVE-2024-52781,0,0,b6bc04ad7551ed5a2221d9ceaa743bd51bb14324b0257dd4645857a44bf4aee5,2024-11-29T18:15:11.050000
CVE-2024-52782,0,0,f43b2fcf8a8e0966ecd1f28ecad14edd08283c02970f2952246fb8ceb6300812,2024-11-29T18:15:11.313000
CVE-2024-52787,0,0,f0be565609d1e673f989f286ed2b83aaf7115a7b1858a856c2ab7b57c986e03e,2024-11-27T17:15:14.397000
CVE-2024-52788,0,0,4abe1fd7690362e0e6e7183fadbb1999ee1afb82444324d21e730957cf5066a2,2024-11-22T17:15:10.490000
CVE-2024-52789,0,0,f640d56967c5320ac75d58f4ec0e813038d23df15a507a7fb489e9968905a84b,2024-11-22T17:15:10.660000
@ -267604,9 +267614,13 @@ CVE-2024-5279,0,0,2c6d1e53ece85fba55c2b83835d7abf75ca4da167ddbecc0aa984e59d469dd
CVE-2024-52793,0,0,0bf635877e4ed12608107333336dcfd2b6a54401c02c3262c9d2babe5054c5c5,2024-11-22T16:15:34.103000
CVE-2024-52796,0,0,c4bd427fdb738f1679f0a9210a59387be5f22896c83df074062019be41d6dd7e,2024-11-20T17:15:20.953000
CVE-2024-5280,0,0,86594c27d113c80fe7aa0a775d64720f8f3d823c49f62206ae5f1ae12a324b16,2024-08-01T13:59:43.187000
CVE-2024-52800,1,1,33614182cc9b4d3349a9904c03846eec72212dbb8490ca45f9ad64e956176494,2024-11-29T19:15:08.713000
CVE-2024-52801,1,1,d525f21f1148c8de036d0ddf88b67ee0013549964accf061ff9bd87a44f68775,2024-11-29T19:15:08.890000
CVE-2024-52802,0,0,ff357ae423b4185f6e8528f29c93636cc2249c9e015517449516a4f8158b5ed5,2024-11-22T16:15:34.283000
CVE-2024-52804,0,0,8f245cf45089b95fdaaac467eb0e4e1eb7afae864da129b7e5bc629b398d8ade,2024-11-22T16:15:34.417000
CVE-2024-52809,1,1,989c6fa478d553e2d01696ef3757f80543cb54fc9b37563f1acf5b5911de0279,2024-11-29T19:15:09.030000
CVE-2024-5281,0,0,d8e0f0c592f3cfcf36fc66f961b905d6afba3d53af3789e65e13042755c0a3cb,2024-08-01T13:59:43.367000
CVE-2024-52810,1,1,72dcf4c0c2683dd3fe0322cd1ee30a3ed4e5f334c6c81826d75b9f5c61e14c8f,2024-11-29T19:15:09.163000
CVE-2024-52811,0,0,d732a17bde6f16ede8be31f96ee410aad0e3e114ed23b65cb7e34c8157552b5c,2024-11-25T19:15:11.567000
CVE-2024-52814,0,0,05155b182462de438f0b1b6215658fb7f90ef7f2af8e5a0e3c447f1976037015,2024-11-22T16:15:34.553000
CVE-2024-5282,0,0,d02e51c4b0ee276cbc37162ff12b0d5f63d5cb6622dea90c00e2302f02b5f264,2024-08-01T13:59:43.553000
@ -267772,6 +267786,10 @@ CVE-2024-5347,0,0,16093735dbce016cf2430c73a4d8045f77e47434e1c219ace83416138a28cb
CVE-2024-5348,0,0,bc3d8d1f3668d1fc879553d2a82a62e6b9980757b64bfd9f1d5fdacf853f73c6,2024-06-03T14:46:24.250000
CVE-2024-5349,0,0,095035450c60a13c08898917421d5656b2399179b1253e40806dcf47c3a4d9f7,2024-07-03T15:44:23.807000
CVE-2024-5350,0,0,8440f1aab6c7debe55a047353772f60d1de30f1b1b7f7fc13c3946381d3b4f12,2024-05-28T12:39:42.673000
CVE-2024-53504,1,1,7b94acf3236703c440799d7cea37ecf926431af8ccfa327a5bdac99daac96a25,2024-11-29T20:15:20.763000
CVE-2024-53505,1,1,a48aa2a3f2b02e57c4384e6ed488ff8a0bd7c8c19b15bc8f8b5a06a4955c7a08,2024-11-29T20:15:20.853000
CVE-2024-53506,1,1,ba2e698ad390074012b311e33d17d473f0ae54b1e9303f2625175edc4f7ce59c,2024-11-29T20:15:20.943000
CVE-2024-53507,1,1,c5e946052b7a1eef03672c0a3197d790626776dff0c07041d5c8e1cd1640a81d,2024-11-29T20:15:21.027000
CVE-2024-5351,0,0,5b3be503117b69cfbfdb88b1fae31317d85f3a58c24bc4f082dcbe98687cb2c4,2024-06-04T19:21:05.570000
CVE-2024-5352,0,0,da1c4d8b4e23dadce106da9517801ea125925e8071854aa14e0650ba3020a2bf,2024-06-21T18:15:11.303000
CVE-2024-5353,0,0,525ae1f28e269a2f910a2998894d881f94e776efad76469271fac08c213e4cb6,2024-06-04T19:21:05.680000
@ -267829,26 +267847,30 @@ CVE-2024-5383,0,0,d150bf26fb35d2a14ee1eb4bf942c0bdbcc9199cee0de8b154db204bf6e235
CVE-2024-5384,0,0,73e6d40ec5d3477f7ae6e5e9fbabb11a01cb879f05dde3e0d9f2c2760497516c,2024-06-04T19:21:07.913000
CVE-2024-53843,0,0,fb790ea92e56bce04d8543f109eb747d943f316d3eeab0b48f576ddbb2ed9eb5,2024-11-26T00:15:07.430000
CVE-2024-53844,0,0,f54d4575fccfa45cb1306e55e04ed154008d30b320d65227acd00b96c54e3472,2024-11-26T19:15:31.463000
CVE-2024-53848,1,1,4943d65b2b1e25705325ac81d74abb04005ec4fd6d8cb031814f1f81e80b88e2,2024-11-29T19:15:09.290000
CVE-2024-53849,0,0,7af089348f539339d95898472d9d3628c7f064721068fcc5bf049d36df5b9760,2024-11-27T00:15:18.223000
CVE-2024-5385,0,0,5113296fe5b95e2ca5ffa573f35631b642d4f934e6e56cfebf21d51c8e50ce86,2024-05-28T12:39:28.377000
CVE-2024-53855,0,0,3b7a475c32d1d09fe2eb4189fd1d6fb7d653d88d8eb34139f0255f4c5d06f551,2024-11-27T19:15:33.563000
CVE-2024-53858,0,0,6c64b7a629ccdbeeaa44425cb24892d67f2dbeb5f6725b97741be6047ebd2567,2024-11-27T22:15:05.520000
CVE-2024-53859,0,0,4facd2b494aef0ff73beaf08d6d1ca6f6f9ab5c48842cb7bed7f8b39e94a454f,2024-11-27T22:15:05.673000
CVE-2024-53860,0,0,f686ec46a02a9bc4a804217b41a7af4658fb7390d2c722028f65e08a7a2b5414,2024-11-27T22:15:05.833000
CVE-2024-53861,1,1,a65f03f3f651364136c909e8ecc868a7d260812665c52bd4fa163e7f079f01ea,2024-11-29T19:15:09.433000
CVE-2024-53864,1,1,5333aa1d756baa8b2b2af9d321f1e4bf84fee7810b77a54afa507c359fe16403,2024-11-29T19:15:09.577000
CVE-2024-53865,1,1,4a38354939a410a34cc87939fb2218794cb79b60b95dc7b6ebed34b8c98c2e76,2024-11-29T19:15:09.710000
CVE-2024-5387,0,0,d7455745fd4e2043656d894120ace9fd562ab2b459405f5c80fb87774616ea6e,2024-06-03T19:15:09.500000
CVE-2024-5388,0,0,88068f2d18329bc2e1ad4660154ccfa55826fed94a4e1660b5757c6715c273a8,2024-06-03T19:15:09.557000
CVE-2024-5389,0,0,f6aaaf23dff2a1d7f90a7950cdbb76e8322ef8c0ff1bf8f6173fe4634d169b69,2024-07-09T19:15:13.853000
CVE-2024-53899,0,0,ca94e39391001349829a2f872ca5d1d0c6ef0f2f07a2a901a4f8c2f87ada266a,2024-11-26T18:23:09.517000
CVE-2024-5390,0,0,577e03013c579fd5ea5c07b95a092cd4d32be3fa4130d25da9e61ffe468007ab,2024-06-04T19:21:08.020000
CVE-2024-53901,0,0,52cbcc170c451b305e90c5f0e2a88558d86a9bc5446c93579e76a9aa43a0081d,2024-11-26T19:52:01.653000
CVE-2024-53909,0,0,0cc1acc764218c2cb52cd0a51a4c5a586232eafd17e1fbcd3dd59fcbec94b8eb,2024-11-26T16:15:19.210000
CVE-2024-53909,0,1,f496b480d61110aca5ba4afaa8506ac48e157eddeacabdc9f46723c429d54992,2024-11-29T20:54:47.700000
CVE-2024-5391,0,0,a7c29f93c1b76aed47351138468a6c5b251b9f9a4ad39cf688118719a36ed1c7,2024-06-07T20:15:12.687000
CVE-2024-53910,0,0,8e680173798cf8aba57b99387a23b6a832549a64c0d41791ee255a5fdf770d81,2024-11-26T16:15:19.597000
CVE-2024-53911,0,0,cdd0edaab936c66ec39c290bffde6254b84091c4fb08fa4a5eeced1ab8862e2e,2024-11-26T16:15:19.800000
CVE-2024-53912,0,0,e6fb43b2737cbcef51e1f874439414b1eb4c2f7a8143f7711c40052685e1c8e1,2024-11-26T16:15:20.273000
CVE-2024-53913,0,0,db26b2b1e2298beed3b0db25806c1bedf5fbe7d70658f946838e985da0217084,2024-11-26T16:15:20.480000
CVE-2024-53914,0,0,99735abb7c2ed42da934a1a9995a70c9a86da0f5e52dfc853c7764c9915f1f97,2024-11-26T16:15:20.700000
CVE-2024-53915,0,0,2b435e6209b4777d69d6b127cd04d8b412034b2878f2216636381cb24425f30d,2024-11-26T16:15:20.943000
CVE-2024-53910,0,1,b42cc0f8352ffa3f12c2a867329f0f66efd78292ca02cc30bc8a41459e9297ac,2024-11-29T20:54:55.080000
CVE-2024-53911,0,1,7b75124c4de0e1dec78550d56f66099b6b64e5835d2cd608b69ffc2c6a2f62d8,2024-11-29T20:55:04.683000
CVE-2024-53912,0,1,1f4db0332861ddc3d21771f81e88e64303e6668de99899f3afc95f8e7d972622,2024-11-29T20:55:13.483000
CVE-2024-53913,0,1,f29eb48b3cfa8a7826d6fe7adbaf2bce87f89a85e25f58c699946a9277a37df3,2024-11-29T20:55:25.543000
CVE-2024-53914,0,1,e050babf2e1b2fa263009de5875d826c83245812f4e7813c8d122d68332fd2a8,2024-11-29T20:55:35.293000
CVE-2024-53915,0,1,4605c52b83221ae0e3cdd10a9aad63d660542ba26783410343eed38f4ba2ed72,2024-11-29T20:55:43.810000
CVE-2024-53916,0,0,8b397b00703240f42bfc4c720e49d6f6e4984c2220fee564d2c3c72e3311b723,2024-11-27T17:15:15.127000
CVE-2024-5392,0,0,b24872fec717fdd1d01c0a9d16cd8dae85d0db85954b236e74ba95a5e5c8352c,2024-06-04T19:21:08.117000
CVE-2024-53920,0,0,d20c3dd3d3a0856cc626272b3d8ad44701e7a3636060e73cd0d1d84df2576a28,2024-11-27T16:15:15.037000
@ -267860,7 +267882,10 @@ CVE-2024-5396,0,0,d0f735b85e524715ed1861b804d3fb37a4720102a88b42bc6f1eec50bfcc09
CVE-2024-5397,0,0,79c82f6af34f5d76edc0fe512c9b3e616bf4c7ca15c122380ba9806c73a591a6,2024-06-04T19:21:08.733000
CVE-2024-53975,0,0,db2852f15c06d19ca698273a0c2e6819bbf9c83aca00ef4837eb933aa4601eda,2024-11-27T15:15:26.923000
CVE-2024-53976,0,0,8d5f56cf46e847394bbb16bbccc754e64a340211b5713f291e4e6fbe540b2487,2024-11-26T16:15:21.430000
CVE-2024-53979,1,1,daaf571bfcfd25ad5803f97558dcc6ea565a6375b17d8bed4a6f9cee29769cb2,2024-11-29T19:15:09.847000
CVE-2024-5398,0,0,1fca9edd99ff7753e0d36d6f4d73a5a23ccf8ab9dd992541f79488471e393289,2024-06-11T10:15:13.690000
CVE-2024-53980,1,1,f2c4b71c263d54957f07bea69df75ebb3d992381d97f959d8cfdaa259a929ae9,2024-11-29T19:15:09.993000
CVE-2024-53983,1,1,53274ba64b5204fbd988c3ba5170f84dc187572b2bad72061a88e06a87cfa81a,2024-11-29T19:15:10.137000
CVE-2024-5399,0,0,6f591a4ee360dfdb4118262029ef6ec2f3647ffdfa160e81ed9cdadb88ac0f1d,2024-05-28T12:39:28.377000
CVE-2024-5400,0,0,094967d50b5003fa8a1a95a7cd40ccdb2300c03695bb818acf6e11d6054c6ffe,2024-05-28T12:39:28.377000
CVE-2024-54003,0,0,2506866a989efaeab3da1a8a5555a804f26e4215f0a647f04a179f236368dfb1,2024-11-27T20:15:26.133000
@ -267876,8 +267901,8 @@ CVE-2024-5409,0,0,cf17c00e2696039626da2501323bb63130e64564f7c70e2680f61c8296b748
CVE-2024-5410,0,0,33a5ba9b12c1e74f0aa24bc0d8928f8ff241dde36fed372d790c69ac128b19a7,2024-06-10T17:16:34.350000
CVE-2024-5411,0,0,6f38aadf376ed626f84103b80eadf7d4a3da9be020ddcb9fa408be6d4c8307b5,2024-06-10T17:16:34.440000
CVE-2024-5412,0,0,5e7f5482cbb5bbe521f2cd5ff48f80c18806840859b33baffa51a21bf41b87d8,2024-09-06T18:07:43.940000
CVE-2024-54123,0,0,272253f66f81a9da9c93725563b0d10a5b42d4819ed6396847d047f0f363865d,2024-11-29T04:15:03.940000
CVE-2024-54124,0,0,5a8988f44658135a9a17a6de4f6f04a577ef9dfd68bf1cdee53282fc0a7015b2,2024-11-29T04:15:04.113000
CVE-2024-54123,0,1,adb9d810678343393bca99901a3c1b47719ef78df3ca8f4e2f7e11c7b4e0333a,2024-11-29T19:15:10.287000
CVE-2024-54124,0,1,d93261f0be0c719ea94f116c38fdd88edcab344178e1fea1cd1f60fbeb46997e,2024-11-29T19:15:10.443000
CVE-2024-5413,0,0,b448c8c4fee794a9903e33e6c17f07ddeb3dd7c0bc677024b75809ef047d2c8a,2024-05-28T14:59:09.827000
CVE-2024-5414,0,0,08acc305e6c9bea4a9589fa3dba157ea62649fb0f8c0ee74aad6ddc09386f1c2,2024-05-28T14:59:09.827000
CVE-2024-5415,0,0,d8ba178a70f3cfb2a3911a07d12ef045cc2ca261b5b8d85db5edc9c9636eef1e,2024-05-28T14:59:09.827000
@ -269134,11 +269159,11 @@ CVE-2024-6814,0,0,de17dadc03a3a7b793b54f2a6cb99adf9aac2d3ddb1fae1587e0c4f510c1fc
CVE-2024-6815,0,0,6507021e6a1c22d5db4cd218e87c50419a6b4cfd9d917ac6233f4e1a335890c3,2024-11-22T20:15:12.130000
CVE-2024-6816,0,0,818edf56f3e4478c42879c68c446767ff7cef181798ba5cf4248d98c3fec9996,2024-11-22T20:15:12.243000
CVE-2024-6817,0,0,3f6972e4fa5e75377694724e6a8b3ebca6f73976bc617501662f16096abb3f0c,2024-11-22T20:15:12.367000
CVE-2024-6818,0,1,0eedeae6370434feeaeb3077a95ee64ca32cfb8805b5270fc0d181a3ea595e28,2024-11-29T18:24:59.937000
CVE-2024-6819,0,1,861769e6bf059192518c3bcbf3205a1760078c90ab6b55f0cba52dbb4f181e0b,2024-11-29T18:25:32.827000
CVE-2024-6820,0,1,727cd1d0020a6821562720981c796a5e4665aac672660f319ada1162d18a0ed3,2024-11-29T18:25:55.430000
CVE-2024-6821,0,1,fa16de4c649fbf5617c0148fe26dd343be6174da96e7e81df60a99061d693da9,2024-11-29T18:26:30.487000
CVE-2024-6822,0,1,0efed4213ee6fb42d3e5ca61e43018232d4c8da40b8843d8737b00514e2859aa,2024-11-29T18:26:48.817000
CVE-2024-6818,0,0,0eedeae6370434feeaeb3077a95ee64ca32cfb8805b5270fc0d181a3ea595e28,2024-11-29T18:24:59.937000
CVE-2024-6819,0,0,861769e6bf059192518c3bcbf3205a1760078c90ab6b55f0cba52dbb4f181e0b,2024-11-29T18:25:32.827000
CVE-2024-6820,0,0,727cd1d0020a6821562720981c796a5e4665aac672660f319ada1162d18a0ed3,2024-11-29T18:25:55.430000
CVE-2024-6821,0,0,fa16de4c649fbf5617c0148fe26dd343be6174da96e7e81df60a99061d693da9,2024-11-29T18:26:30.487000
CVE-2024-6822,0,0,0efed4213ee6fb42d3e5ca61e43018232d4c8da40b8843d8737b00514e2859aa,2024-11-29T18:26:48.817000
CVE-2024-6823,0,0,1e2d1c8757819689d6550f5aeeb754dc03b20b4dd91487b47d8b2bbdb01a8e63,2024-08-13T12:58:25.437000
CVE-2024-6824,0,0,2b5b10cc415939a34f32e5b37be54f877a179f9144de8a5e8476b884ab80faa8,2024-08-08T13:04:18.753000
CVE-2024-6826,0,0,abddedb129e27da630545079500556677df6390a29a7544ea32b991f1e68fa19,2024-10-25T12:56:07.750000
@ -270709,7 +270734,7 @@ CVE-2024-8720,0,0,2f0e821428fb20df24eeb1115d6165ec35266f54d9cfaa09a98cadbec3449f
CVE-2024-8723,0,0,730229d7deadc7b514e5d898656fee12ba111958411cb7eec6e86089a429ce7e,2024-10-02T17:00:23.603000
CVE-2024-8724,0,0,41e3dd453fbe3c0072e7ab470e5d529ac122f059bb60a2be671564b989c49676,2024-09-27T15:56:00.073000
CVE-2024-8725,0,0,bda4a6515a704fa51f2d759f535270e57676d8c1b87d3a5cc5dc6f9e3d99ebf6,2024-10-01T14:16:42.727000
CVE-2024-8726,0,0,0345452338a158fa01c96af5ebb22f409ba75fe205cc5596278e081210a150a5,2024-11-20T07:15:09.580000
CVE-2024-8726,0,1,576ba4982f4dcb9927e3dea296f260d0b31716526d20c03d0c73c7835b326f41,2024-11-29T20:59:02.697000
CVE-2024-8727,0,0,cb79e2fb4f4e8ddff2e3cdbb1cbb30b7c8fce0689b3d497e10ebbff2e74dd2da,2024-10-04T13:51:25.567000
CVE-2024-8728,0,0,d061a0a3e4a793bdc334c9b032908af2152405a24e9b06b2723d960e58ba5c92,2024-10-04T13:51:25.567000
CVE-2024-8729,0,0,d5e2470679c3739002ae67f8937e40f51aaa077d58da9fcd25b709dc6eb342aa,2024-10-15T13:40:37.917000
@ -270792,19 +270817,19 @@ CVE-2024-8821,0,0,ae151ee0d4e66a38e1f953a2cb9ea4ca6988ec553e5f5170989052d93bb257
CVE-2024-8822,0,0,a61b4cb8c6aee1f5be80cd3b5032f2305f85bca0bf17e2e56b4eda9d422d7d75,2024-11-22T21:15:20.470000
CVE-2024-8823,0,0,adc9090f6175b10dd86864237a283448073ad2580380ddb2e56ede96b2c41cdb,2024-11-22T21:15:20.583000
CVE-2024-8824,0,0,f51c50e2d27567217553c8b3618880c98307c7f5a4ab0101d5b5f492a5fb59fa,2024-11-22T21:15:20.697000
CVE-2024-8825,0,0,3b31c721e38b33abb5cdf1ee3956606bbc1c6a1733fdc196e3a2f30ced67be2b,2024-11-22T21:15:20.817000
CVE-2024-8826,0,0,e7e9d6aa0f1fd1d6b4d352ee0856a561e8a5871a5be4c68853dfb557498f8fb9,2024-11-22T21:15:20.937000
CVE-2024-8827,0,0,622974cbae0d97a5ab75702fe787fc408df169ef3015f97cf1de3839c6a908fc,2024-11-22T21:15:21.050000
CVE-2024-8828,0,0,b438dadbcc55f0f1c02368e3c38c5805fa2082c923a15d8f5532d596aadcc176,2024-11-22T21:15:21.167000
CVE-2024-8829,0,0,01b69a1937004d144da5767dc372bd20a47eb2964b16cece3ba9014599227437,2024-11-22T21:15:21.290000
CVE-2024-8830,0,0,554c2d8806d33390e1d7303407e6216e13607d49a8f1fb2fdfcf743d8858b25d,2024-11-22T21:15:21.410000
CVE-2024-8831,0,0,e153c7c27d679c09293c1200749a6159a720f5930bb384bec3bc264b1de12602,2024-11-22T21:15:21.530000
CVE-2024-8832,0,0,7882181a50eedd3d5207f08c53dc335f892f1d6fa36eb7de9341283890cfb601,2024-11-22T21:15:21.647000
CVE-2024-8833,0,0,b38dbeefabc6d72630098e839a1794bc6e35bb99b6d75a2e0e92f58728342d33,2024-11-22T21:15:21.753000
CVE-2024-8834,0,0,1a417ca1244ff741b2ed03e4fce22dcb386cae107f703c48271934da3672656c,2024-11-22T21:15:21.863000
CVE-2024-8835,0,0,3f706b3881546b7e2afbd61cb70918a5eafc66d196c2fa5e2765a15b8d8da01a,2024-11-22T21:15:21.983000
CVE-2024-8836,0,0,74751ab41988e9fbe48c39034254496af5b7ab85817c766c5ace4654bc1f06a9,2024-11-22T21:15:22.103000
CVE-2024-8837,0,0,0e5d0469f09e98889f2d99b189461c49337e05c7ca4b2a24255ec6d5e89d6b10,2024-11-22T21:15:22.210000
CVE-2024-8825,0,1,386facc7f478cbfcfa85ec990ba31bcaed7eca7d9ceff17e6e15478683dda148,2024-11-29T20:20:44.863000
CVE-2024-8826,0,1,f4e52980884276b4d0670106e2ba49b1b78815b10ae4ced581158a7b704c52a8,2024-11-29T20:08:47.553000
CVE-2024-8827,0,1,61f5eb5ff8ecf0faa7db8953d296c535df6bfdf7ae19ad117bcc6010c4727fb8,2024-11-29T20:20:34.137000
CVE-2024-8828,0,1,d559c62077bcc610b766063a624f7c16b8a43274948124059b52f21bf839a580,2024-11-29T20:20:25.293000
CVE-2024-8829,0,1,0b00b0056fe9202481efcc7dac8f714f1666f6a79039f86654dd08247a4c1ca1,2024-11-29T20:20:01.307000
CVE-2024-8830,0,1,a3051a23e2e7cc11dfa7f2c928b555d6212575353d95198002add0e62a8c43f5,2024-11-29T20:19:22.237000
CVE-2024-8831,0,1,1ac38d02ba72d0682f55168d63a034b50c7e2f3bffca78dd0c510a840391f85c,2024-11-29T20:19:09.460000
CVE-2024-8832,0,1,abc35d7e3f3c88d08da905867049c542ddba9c4037a0e6f7e3cbd2e9a3dda073,2024-11-29T20:18:52.840000
CVE-2024-8833,0,1,f531ac3549fd3b7afcb3c76073ac4d456c85974c9921faf6f518b95dd23716cb,2024-11-29T20:18:39.087000
CVE-2024-8834,0,1,ccf3b1cbd9b873f9e8f2c6c9b25ea0d55c495129845f242b63c5f3111f065fc7,2024-11-29T20:18:18.010000
CVE-2024-8835,0,1,ac7088e58560f5b8a53a89d7053ca91953fa04c930410cf78b9450022c4f09c2,2024-11-29T20:17:52.063000
CVE-2024-8836,0,1,79e7b0ebef3f34831f5721ae680df12c7c8fda724633587fb2447905129a1385,2024-11-29T20:17:29.823000
CVE-2024-8837,0,1,89e656db04439e6a29296845420167328da47c051242908b0604e6fd8193f958,2024-11-29T20:10:41.130000
CVE-2024-8838,0,0,e676463d3f7f0a87971635160e5f6d89ae25b12ed9d7c1e6f9c006cc6f501b53,2024-11-22T21:15:22.317000
CVE-2024-8839,0,0,2acbb4e8a6b1624d1785c0132d951382284f4d937031ff128ac25b7244df8702,2024-11-22T21:15:22.427000
CVE-2024-8840,0,0,bd5b89e0d8e6d7cd1adbf7994707d06af9e474015537950245cf092af468c08b,2024-11-22T21:15:22.537000
@ -271098,20 +271123,20 @@ CVE-2024-9239,0,0,d86a5771a66b30aba935030c74b5d361f6c7cbe3962e519bfa6ec1487c74b1
CVE-2024-9240,0,0,64e490409dd599c74da5a2492515b43ccd4793b118bdb242162550231e348320,2024-10-18T12:53:04.627000
CVE-2024-9241,0,0,6c5cc70c23164aeead7a2ffa985d7e69869a7cd0428a8503a9e9f624c0c87b24,2024-10-07T18:51:20.950000
CVE-2024-9242,0,0,2931ce38d642cfa320383051a5a41609f3e037ff0fe51760f16b233825fad051,2024-10-08T16:26:06.147000
CVE-2024-9243,0,1,efe629b032da2f4badecca644d5a5748b1ffdd47e90f183569a752e0108554d5,2024-11-29T17:28:22.387000
CVE-2024-9244,0,1,df8aa4c19a67397a9ff7f5b85a4fa3648e38d1b6a86fc8996da24738930d1a67,2024-11-29T18:21:36.713000
CVE-2024-9245,0,1,82b5da406f863e1ff102b7364cdea6dd249d70cd4fc12286d7c5af7ad5583971,2024-11-29T18:21:03.150000
CVE-2024-9246,0,1,effe98462b60788309b8c10d4195fef661fee9259252be624b02e8d0894434dd,2024-11-29T18:20:40.157000
CVE-2024-9247,0,1,e95fc330f947ad4abed8a22af06f7cbe17d7518db4d7c495c6272e8527b42c21,2024-11-29T18:20:25.970000
CVE-2024-9248,0,1,5d36f3121d509c6cd193b5d837ea5ca02cb0a83c5b9c24e166b95c3632f75011,2024-11-29T18:20:16.670000
CVE-2024-9249,0,1,d25528c602535b913675d238b8aa6677004e25291c93d0704b7d1a8460492629,2024-11-29T18:19:58.630000
CVE-2024-9250,0,1,9d390cb3704d8145c60396028ad9fb23b13570263a1443f5d31fd04dda36dfab,2024-11-29T18:19:42.407000
CVE-2024-9251,0,1,44d4ca2a5e05156edf3ca82f2346b42f349fd404efa5324a9e3e656d284b1752,2024-11-29T18:19:25.770000
CVE-2024-9252,0,1,2680d86674472b52996e153453f6af0dfae4363b585ff92bc8545e881a370260,2024-11-29T18:19:06.727000
CVE-2024-9253,0,1,8deb45874f368402d2e8267bdd80d22218d667a369f413173fc1bab2f02e0c8d,2024-11-29T18:18:32.773000
CVE-2024-9254,0,1,5cf58c6ed253aacbd7d68cb5d7eda5d2c4c673bd66d6e0f12b8ab7db9807b96f,2024-11-29T18:17:31.663000
CVE-2024-9255,0,1,688775b632124e822bb9426bda046e8f6f29595c6213534ab3930935af218df7,2024-11-29T18:17:15.040000
CVE-2024-9256,0,1,3cca80ad6510af9986479b87828fe97955ba908cd307377d7659a0e4289380d2,2024-11-29T18:17:00.713000
CVE-2024-9243,0,0,efe629b032da2f4badecca644d5a5748b1ffdd47e90f183569a752e0108554d5,2024-11-29T17:28:22.387000
CVE-2024-9244,0,0,df8aa4c19a67397a9ff7f5b85a4fa3648e38d1b6a86fc8996da24738930d1a67,2024-11-29T18:21:36.713000
CVE-2024-9245,0,0,82b5da406f863e1ff102b7364cdea6dd249d70cd4fc12286d7c5af7ad5583971,2024-11-29T18:21:03.150000
CVE-2024-9246,0,0,effe98462b60788309b8c10d4195fef661fee9259252be624b02e8d0894434dd,2024-11-29T18:20:40.157000
CVE-2024-9247,0,0,e95fc330f947ad4abed8a22af06f7cbe17d7518db4d7c495c6272e8527b42c21,2024-11-29T18:20:25.970000
CVE-2024-9248,0,0,5d36f3121d509c6cd193b5d837ea5ca02cb0a83c5b9c24e166b95c3632f75011,2024-11-29T18:20:16.670000
CVE-2024-9249,0,0,d25528c602535b913675d238b8aa6677004e25291c93d0704b7d1a8460492629,2024-11-29T18:19:58.630000
CVE-2024-9250,0,0,9d390cb3704d8145c60396028ad9fb23b13570263a1443f5d31fd04dda36dfab,2024-11-29T18:19:42.407000
CVE-2024-9251,0,0,44d4ca2a5e05156edf3ca82f2346b42f349fd404efa5324a9e3e656d284b1752,2024-11-29T18:19:25.770000
CVE-2024-9252,0,0,2680d86674472b52996e153453f6af0dfae4363b585ff92bc8545e881a370260,2024-11-29T18:19:06.727000
CVE-2024-9253,0,0,8deb45874f368402d2e8267bdd80d22218d667a369f413173fc1bab2f02e0c8d,2024-11-29T18:18:32.773000
CVE-2024-9254,0,0,5cf58c6ed253aacbd7d68cb5d7eda5d2c4c673bd66d6e0f12b8ab7db9807b96f,2024-11-29T18:17:31.663000
CVE-2024-9255,0,0,688775b632124e822bb9426bda046e8f6f29595c6213534ab3930935af218df7,2024-11-29T18:17:15.040000
CVE-2024-9256,0,0,3cca80ad6510af9986479b87828fe97955ba908cd307377d7659a0e4289380d2,2024-11-29T18:17:00.713000
CVE-2024-9257,0,0,069193eb3884fdef344f93e2f6ac9b78dbf729bbb7402c16ec2baadbb3832947,2024-11-22T21:15:23.787000
CVE-2024-9258,0,0,dead427af30f8ff875059650d01008dd6a93625fa5d19061b8e08b64f09006d2,2024-11-25T17:15:32.283000
CVE-2024-9259,0,0,2cabaa7ed0a6383d684de5974ee246b50557210200ad738850acd35849d59f3e,2024-11-25T17:13:49.060000
@ -271497,7 +271522,7 @@ CVE-2024-9768,0,0,904cffc60d5e826fadde1f9279bf1637d0038b817b76c6a013f678cc172cfc
CVE-2024-9772,0,0,043bc7caa6859562432d521f3501fd215394ad297fe3470375010095d76d8604,2024-11-25T20:03:01.613000
CVE-2024-9775,0,0,2266a7b7c620bc11662bc20c96e5d18079c0f9f6e1ea844a74a70c443b303718,2024-11-26T01:45:57.317000
CVE-2024-9776,0,0,9273f765f44bf9e907460b214d240344a8be5b3a239edcb0f9ffb7d3f96c7d26,2024-11-25T18:45:54.377000
CVE-2024-9777,0,0,1e36961484bf4b33413a224fc6189a86ad1224818320d3b39ec4c80bcb37268f,2024-11-19T21:57:32.967000
CVE-2024-9777,0,1,93ee86692c4d166322b2f54769a2de3ae116ef1efe45b8b5542abe4611d31128,2024-11-29T20:57:53.423000
CVE-2024-9778,0,0,c5789fd51af706bd1104828309e4c0bbf44a70e2aa01bf36b8318a8802f25b3a,2024-11-25T19:20:37.163000
CVE-2024-9780,0,0,82a65b59c0bb0f4aa37b7bc9835ace6b2d8eb95b730adf88705db9589433fda5,2024-10-17T14:18:18.433000
CVE-2024-9781,0,0,4766ae4e21ddab4bdbe139c0afc58af6fd761963f021734b932e1a0e147ffb05,2024-11-25T18:09:33.853000

Can't render this file because it is too large.