From 46fdbbb82049f9b9aecc4aea2a653f95830d27de Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 13 Nov 2024 17:03:52 +0000 Subject: [PATCH] Auto-Update: 2024-11-13T17:00:48.485112+00:00 --- CVE-2014/CVE-2014-21xx/CVE-2014-2120.json | 36 +++- CVE-2021/CVE-2021-412xx/CVE-2021-41277.json | 34 +++- CVE-2024/CVE-2024-100xx/CVE-2024-10012.json | 56 ++++++ CVE-2024/CVE-2024-100xx/CVE-2024-10013.json | 56 ++++++ CVE-2024/CVE-2024-111xx/CVE-2024-11110.json | 43 ++++- CVE-2024/CVE-2024-111xx/CVE-2024-11111.json | 43 ++++- CVE-2024/CVE-2024-111xx/CVE-2024-11115.json | 43 ++++- CVE-2024/CVE-2024-111xx/CVE-2024-11116.json | 43 ++++- CVE-2024/CVE-2024-111xx/CVE-2024-11117.json | 43 ++++- CVE-2024/CVE-2024-111xx/CVE-2024-11165.json | 78 ++++++++ CVE-2024/CVE-2024-111xx/CVE-2024-11168.json | 18 +- CVE-2024/CVE-2024-111xx/CVE-2024-11175.json | 141 +++++++++++++++ CVE-2024/CVE-2024-209xx/CVE-2024-20905.json | 14 +- CVE-2024/CVE-2024-254xx/CVE-2024-25431.json | 45 ++++- CVE-2024/CVE-2024-286xx/CVE-2024-28662.json | 39 +++- CVE-2024/CVE-2024-287xx/CVE-2024-28726.json | 39 +++- CVE-2024/CVE-2024-287xx/CVE-2024-28728.json | 39 +++- CVE-2024/CVE-2024-290xx/CVE-2024-29080.json | 39 +++- CVE-2024/CVE-2024-328xx/CVE-2024-32841.json | 14 +- CVE-2024/CVE-2024-328xx/CVE-2024-32847.json | 14 +- CVE-2024/CVE-2024-347xx/CVE-2024-34780.json | 14 +- CVE-2024/CVE-2024-347xx/CVE-2024-34781.json | 18 +- CVE-2024/CVE-2024-347xx/CVE-2024-34782.json | 18 +- CVE-2024/CVE-2024-347xx/CVE-2024-34784.json | 18 +- CVE-2024/CVE-2024-347xx/CVE-2024-34787.json | 18 +- CVE-2024/CVE-2024-373xx/CVE-2024-37376.json | 18 +- CVE-2024/CVE-2024-386xx/CVE-2024-38655.json | 18 +- CVE-2024/CVE-2024-397xx/CVE-2024-39712.json | 18 +- CVE-2024/CVE-2024-402xx/CVE-2024-40239.json | 33 +++- CVE-2024/CVE-2024-402xx/CVE-2024-40240.json | 33 +++- CVE-2024/CVE-2024-439xx/CVE-2024-43919.json | 49 ++++- CVE-2024/CVE-2024-452xx/CVE-2024-45289.json | 31 +++- CVE-2024/CVE-2024-457xx/CVE-2024-45763.json | 59 +++++- CVE-2024/CVE-2024-477xx/CVE-2024-47769.json | 53 +++++- CVE-2024/CVE-2024-478xx/CVE-2024-47854.json | 60 ++++++- CVE-2024/CVE-2024-47xx/CVE-2024-4741.json | 27 ++- CVE-2024/CVE-2024-485xx/CVE-2024-48510.json | 40 +++++ CVE-2024/CVE-2024-489xx/CVE-2024-48900.json | 33 ++++ CVE-2024/CVE-2024-489xx/CVE-2024-48989.json | 12 +- CVE-2024/CVE-2024-495xx/CVE-2024-49504.json | 66 +++++++ CVE-2024/CVE-2024-495xx/CVE-2024-49505.json | 78 ++++++++ CVE-2024/CVE-2024-495xx/CVE-2024-49506.json | 100 +++++++++++ CVE-2024/CVE-2024-499xx/CVE-2024-49932.json | 69 ++++++- CVE-2024/CVE-2024-499xx/CVE-2024-49933.json | 129 +++++++++++-- CVE-2024/CVE-2024-499xx/CVE-2024-49934.json | 81 ++++++++- CVE-2024/CVE-2024-499xx/CVE-2024-49935.json | 117 +++++++++++- CVE-2024/CVE-2024-499xx/CVE-2024-49938.json | 139 ++++++++++++-- CVE-2024/CVE-2024-500xx/CVE-2024-50089.json | 139 ++++++++++++-- CVE-2024/CVE-2024-501xx/CVE-2024-50152.json | 97 +++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50153.json | 131 +++++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50154.json | 128 ++++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50159.json | 97 +++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50160.json | 121 ++++++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50161.json | 85 ++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50167.json | 162 +++++++++++++++-- CVE-2024/CVE-2024-501xx/CVE-2024-50168.json | 162 +++++++++++++++-- CVE-2024/CVE-2024-501xx/CVE-2024-50170.json | 97 +++++++++- CVE-2024/CVE-2024-501xx/CVE-2024-50172.json | 97 +++++++++- CVE-2024/CVE-2024-502xx/CVE-2024-50206.json | 92 +++++++++- CVE-2024/CVE-2024-503xx/CVE-2024-50330.json | 16 +- CVE-2024/CVE-2024-503xx/CVE-2024-50353.json | 64 ++++++- CVE-2024/CVE-2024-506xx/CVE-2024-50634.json | 45 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50852.json | 21 +++ CVE-2024/CVE-2024-508xx/CVE-2024-50853.json | 21 +++ CVE-2024/CVE-2024-508xx/CVE-2024-50854.json | 21 +++ CVE-2024/CVE-2024-509xx/CVE-2024-50969.json | 25 +++ CVE-2024/CVE-2024-509xx/CVE-2024-50970.json | 25 +++ CVE-2024/CVE-2024-509xx/CVE-2024-50971.json | 25 +++ CVE-2024/CVE-2024-509xx/CVE-2024-50972.json | 25 +++ CVE-2024/CVE-2024-510xx/CVE-2024-51030.json | 72 +++++++- CVE-2024/CVE-2024-510xx/CVE-2024-51055.json | 39 +++- CVE-2024/CVE-2024-511xx/CVE-2024-51152.json | 45 ++++- CVE-2024/CVE-2024-522xx/CVE-2024-52293.json | 60 +++++++ CVE-2024/CVE-2024-522xx/CVE-2024-52295.json | 82 +++++++++ CVE-2024/CVE-2024-522xx/CVE-2024-52298.json | 56 ++++++ CVE-2024/CVE-2024-522xx/CVE-2024-52299.json | 56 ++++++ CVE-2024/CVE-2024-523xx/CVE-2024-52300.json | 56 ++++++ CVE-2024/CVE-2024-523xx/CVE-2024-52301.json | 28 ++- CVE-2024/CVE-2024-523xx/CVE-2024-52305.json | 64 +++++++ CVE-2024/CVE-2024-523xx/CVE-2024-52306.json | 60 +++++++ CVE-2024/CVE-2024-64xx/CVE-2024-6442.json | 57 +++++- CVE-2024/CVE-2024-64xx/CVE-2024-6444.json | 57 +++++- CVE-2024/CVE-2024-72xx/CVE-2024-7295.json | 56 ++++++ CVE-2024/CVE-2024-75xx/CVE-2024-7516.json | 28 ++- CVE-2024/CVE-2024-80xx/CVE-2024-8049.json | 56 ++++++ CVE-2024/CVE-2024-80xx/CVE-2024-8069.json | 38 +++- CVE-2024/CVE-2024-94xx/CVE-2024-9477.json | 85 +++++++++ README.md | 82 ++++++--- _state.csv | 190 +++++++++++--------- 89 files changed, 4857 insertions(+), 332 deletions(-) create mode 100644 CVE-2024/CVE-2024-100xx/CVE-2024-10012.json create mode 100644 CVE-2024/CVE-2024-100xx/CVE-2024-10013.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11165.json create mode 100644 CVE-2024/CVE-2024-111xx/CVE-2024-11175.json create mode 100644 CVE-2024/CVE-2024-485xx/CVE-2024-48510.json create mode 100644 CVE-2024/CVE-2024-489xx/CVE-2024-48900.json create mode 100644 CVE-2024/CVE-2024-495xx/CVE-2024-49504.json create mode 100644 CVE-2024/CVE-2024-495xx/CVE-2024-49505.json create mode 100644 CVE-2024/CVE-2024-495xx/CVE-2024-49506.json create mode 100644 CVE-2024/CVE-2024-508xx/CVE-2024-50852.json create mode 100644 CVE-2024/CVE-2024-508xx/CVE-2024-50853.json create mode 100644 CVE-2024/CVE-2024-508xx/CVE-2024-50854.json create mode 100644 CVE-2024/CVE-2024-509xx/CVE-2024-50969.json create mode 100644 CVE-2024/CVE-2024-509xx/CVE-2024-50970.json create mode 100644 CVE-2024/CVE-2024-509xx/CVE-2024-50971.json create mode 100644 CVE-2024/CVE-2024-509xx/CVE-2024-50972.json create mode 100644 CVE-2024/CVE-2024-522xx/CVE-2024-52293.json create mode 100644 CVE-2024/CVE-2024-522xx/CVE-2024-52295.json create mode 100644 CVE-2024/CVE-2024-522xx/CVE-2024-52298.json create mode 100644 CVE-2024/CVE-2024-522xx/CVE-2024-52299.json create mode 100644 CVE-2024/CVE-2024-523xx/CVE-2024-52300.json create mode 100644 CVE-2024/CVE-2024-523xx/CVE-2024-52305.json create mode 100644 CVE-2024/CVE-2024-523xx/CVE-2024-52306.json create mode 100644 CVE-2024/CVE-2024-72xx/CVE-2024-7295.json create mode 100644 CVE-2024/CVE-2024-80xx/CVE-2024-8049.json create mode 100644 CVE-2024/CVE-2024-94xx/CVE-2024-9477.json diff --git a/CVE-2014/CVE-2014-21xx/CVE-2014-2120.json b/CVE-2014/CVE-2014-21xx/CVE-2014-2120.json index ada1b8c6e7a..f2a0dc795aa 100644 --- a/CVE-2014/CVE-2014-21xx/CVE-2014-2120.json +++ b/CVE-2014/CVE-2014-21xx/CVE-2014-2120.json @@ -2,8 +2,8 @@ "id": "CVE-2014-2120", "sourceIdentifier": "ykramarz@cisco.com", "published": "2014-03-19T01:15:04.007", - "lastModified": "2024-11-13T02:00:01.313", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-13T15:35:00.870", + "vulnStatus": "Modified", "cveTags": [], "cisaExploitAdd": "2024-11-12", "cisaActionDue": "2024-12-03", @@ -20,6 +20,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV2": [ { "source": "nvd@nist.gov", @@ -56,6 +78,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2021/CVE-2021-412xx/CVE-2021-41277.json b/CVE-2021/CVE-2021-412xx/CVE-2021-41277.json index fd182e77a94..0cecc727446 100644 --- a/CVE-2021/CVE-2021-412xx/CVE-2021-41277.json +++ b/CVE-2021/CVE-2021-412xx/CVE-2021-41277.json @@ -2,8 +2,8 @@ "id": "CVE-2021-41277", "sourceIdentifier": "security-advisories@github.com", "published": "2021-11-17T20:15:10.587", - "lastModified": "2024-11-13T02:00:01.323", - "vulnStatus": "Modified", + "lastModified": "2024-11-13T15:35:02.370", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "cisaExploitAdd": "2024-11-12", "cisaActionDue": "2024-12-03", @@ -60,6 +60,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 6.0 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ], "cvssMetricV2": [ @@ -108,6 +128,16 @@ "value": "CWE-200" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10012.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10012.json new file mode 100644 index 00000000000..f905fb858fb --- /dev/null +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10012.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-10012", + "sourceIdentifier": "security@progress.com", + "published": "2024-11-13T16:15:17.143", + "lastModified": "2024-11-13T16:15:17.143", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://docs.telerik.com/devtools/wpf/knowledge-base/kb-security-unsafe-deserialization-cve-2024-10012", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10013.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10013.json new file mode 100644 index 00000000000..a58c91bffd0 --- /dev/null +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10013.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-10013", + "sourceIdentifier": "security@progress.com", + "published": "2024-11-13T16:15:17.387", + "lastModified": "2024-11-13T16:15:17.387", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://docs.telerik.com/devtools/winforms/knowledge-base/unsafe-deserialization-cve-2024-10013", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11110.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11110.json index 3353861acff..aa9f9d5a1e7 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11110.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11110.json @@ -2,16 +2,55 @@ "id": "CVE-2024-11110", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:10.920", - "lastModified": "2024-11-12T21:15:10.920", + "lastModified": "2024-11-13T16:35:04.523", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Extensions in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass site isolation via a crafted Chrome Extension. (Chromium security severity: High)" + }, + { + "lang": "es", + "value": "Una implementaci\u00f3n inadecuada en las extensiones de Google Chrome anteriores a la versi\u00f3n 131.0.6778.69 permiti\u00f3 que un atacante remoto evitara el aislamiento del sitio mediante una extensi\u00f3n de Chrome manipulada. (Gravedad de seguridad de Chromium: alta)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html", diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11111.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11111.json index 572292c1ee4..b7d39a3bcd8 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11111.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11111.json @@ -2,16 +2,55 @@ "id": "CVE-2024-11111", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.000", - "lastModified": "2024-11-12T21:15:11.000", + "lastModified": "2024-11-13T16:35:05.837", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Autofill in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "Una implementaci\u00f3n inadecuada en Autocompletar en Google Chrome anterior a la versi\u00f3n 131.0.6778.69 permiti\u00f3 que un atacante remoto convenciera a un usuario para que realizara gestos espec\u00edficos de la interfaz de usuario para realizar una suplantaci\u00f3n de la interfaz de usuario a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: media)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html", diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11115.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11115.json index 51c89888d3f..8140fe2dfcc 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11115.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11115.json @@ -2,16 +2,55 @@ "id": "CVE-2024-11115", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.280", - "lastModified": "2024-11-12T21:15:11.280", + "lastModified": "2024-11-13T16:35:06.630", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient policy enforcement in Navigation in Google Chrome on iOS prior to 131.0.6778.69 allowed a remote attacker to perform privilege escalation via a series of UI gestures. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n insuficiente de pol\u00edticas en la navegaci\u00f3n en Google Chrome en iOS anterior a la versi\u00f3n 131.0.6778.69 permiti\u00f3 que un atacante remoto realizara una escalada de privilegios a trav\u00e9s de una serie de gestos de la interfaz de usuario. (Gravedad de seguridad de Chromium: media)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html", diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11116.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11116.json index ea7ec63db06..78512dbbfa8 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11116.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11116.json @@ -2,16 +2,55 @@ "id": "CVE-2024-11116", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.340", - "lastModified": "2024-11-12T21:15:11.340", + "lastModified": "2024-11-13T16:35:07.427", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in Blink in Google Chrome prior to 131.0.6778.69 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)" + }, + { + "lang": "es", + "value": "Una implementaci\u00f3n inadecuada en Blink en Google Chrome anterior a la versi\u00f3n 131.0.6778.69 permiti\u00f3 que un atacante remoto que convenciera a un usuario para que realizara gestos espec\u00edficos de la interfaz de usuario realizara una suplantaci\u00f3n de la interfaz de usuario a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: media)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html", diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11117.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11117.json index 6df9e9c0d6e..fbb68f839b5 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11117.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11117.json @@ -2,16 +2,55 @@ "id": "CVE-2024-11117", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-12T21:15:11.393", - "lastModified": "2024-11-12T21:15:11.393", + "lastModified": "2024-11-13T16:35:08.220", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Inappropriate implementation in FileSystem in Google Chrome prior to 131.0.6778.69 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Low)" + }, + { + "lang": "es", + "value": "Una implementaci\u00f3n inadecuada en FileSystem en Google Chrome anterior a la versi\u00f3n 131.0.6778.69 permiti\u00f3 que un atacante remoto eludiera las restricciones del sistema de archivos a trav\u00e9s de una p\u00e1gina HTML manipulada espec\u00edficamente. (Gravedad de seguridad de Chromium: baja)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop_12.html", diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11165.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11165.json new file mode 100644 index 00000000000..8ad502b019e --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11165.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11165", + "sourceIdentifier": "security@yugabyte.com", + "published": "2024-11-13T15:15:06.877", + "lastModified": "2024-11-13T15:15:06.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An information disclosure vulnerability exists in the backup configuration process where the SAS token is not masked in the configuration response. This oversight results in sensitive information leakage within the yb_backup log files, exposing the SAS token in plaintext. The leakage occurs during the backup procedure, leading to potential unauthorized access to resources associated with the SAS token.\u00a0This issue affects YugabyteDB Anywhere: from 2.20.0.0 before 2.20.7.0, from 2.23.0.0 before 2.23.1.0, from 2024.1.0.0 before 2024.1.3.0." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security@yugabyte.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:L/VI:H/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.7, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "security@yugabyte.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/yugabyte/yugabyte-db/commit/920989b6c0db0222bb7a0cce46febc76cf72d438", + "source": "security@yugabyte.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11168.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11168.json index 85cbaeaa729..88428a1e552 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11168.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11168.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11168", "sourceIdentifier": "cna@python.org", "published": "2024-11-12T22:15:14.920", - "lastModified": "2024-11-12T22:15:14.920", + "lastModified": "2024-11-13T16:35:09.027", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser." + }, + { + "lang": "es", + "value": "Las funciones urllib.parse.urlsplit() y urlparse() validaron incorrectamente los hosts entre corchetes (`[]`), lo que permiti\u00f3 el uso de hosts que no eran IPv6 o IPvFuture. Este comportamiento no se ajustaba a RFC 3986 y potencialmente habilitaba SSRF si una URL es procesada por m\u00e1s de un analizador de URL." } ], "metrics": { @@ -57,6 +61,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-918" + } + ] + } + ], "references": [ { "url": "https://github.com/python/cpython/commit/29f348e232e82938ba2165843c448c2b291504c5", diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11175.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11175.json new file mode 100644 index 00000000000..d268a413963 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11175.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-11175", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-11-13T16:15:17.740", + "lastModified": "2024-11-13T16:15:17.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Public CMS 5.202406.d and classified as problematic. This issue affects some unknown processing of the file /admin/cmsVote/save of the component Voting Management. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is named b9530b9cc1f5cfdad4b637874f59029a6283a65c. It is recommended to apply a patch to fix this issue." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.5, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.1, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + }, + { + "lang": "en", + "value": "CWE-94" + } + ] + } + ], + "references": [ + { + "url": "https://gitee.com/sanluan/PublicCMS/commit/b9530b9cc1f5cfdad4b637874f59029a6283a65c", + "source": "cna@vuldb.com" + }, + { + "url": "https://gitee.com/sanluan/PublicCMS/issues/IB2BUV", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.284351", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.284351", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-209xx/CVE-2024-20905.json b/CVE-2024/CVE-2024-209xx/CVE-2024-20905.json index d70fc643f0b..063e0628df5 100644 --- a/CVE-2024/CVE-2024-209xx/CVE-2024-20905.json +++ b/CVE-2024/CVE-2024-209xx/CVE-2024-20905.json @@ -2,7 +2,7 @@ "id": "CVE-2024-20905", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-02-17T02:15:45.637", - "lastModified": "2024-02-20T19:51:05.510", + "lastModified": "2024-11-13T16:35:09.767", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], "references": [ { "url": "https://www.oracle.com/security-alerts/cpujan2024.html", diff --git a/CVE-2024/CVE-2024-254xx/CVE-2024-25431.json b/CVE-2024/CVE-2024-254xx/CVE-2024-25431.json index 549b3bc5a8b..e0475fa61e2 100644 --- a/CVE-2024/CVE-2024-254xx/CVE-2024-25431.json +++ b/CVE-2024/CVE-2024-254xx/CVE-2024-25431.json @@ -2,16 +2,55 @@ "id": "CVE-2024-25431", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T17:15:06.023", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-13T15:35:07.420", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function." + }, + { + "lang": "es", + "value": "Un problema en bytecodealliance wasm-micro-runtime anterior a v.b3f728c y corregido en el commit 06df58f permite a un atacante remoto escalar privilegios a trav\u00e9s de un archivo manipulado a la funci\u00f3n check_was_abi_compatibility." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gist.github.com/haruki3hhh/bd228e6dcaf8c18140e1074964912b39", diff --git a/CVE-2024/CVE-2024-286xx/CVE-2024-28662.json b/CVE-2024/CVE-2024-286xx/CVE-2024-28662.json index 1fcba879c8d..a714ccebcd8 100644 --- a/CVE-2024/CVE-2024-286xx/CVE-2024-28662.json +++ b/CVE-2024/CVE-2024-286xx/CVE-2024-28662.json @@ -2,7 +2,7 @@ "id": "CVE-2024-28662", "sourceIdentifier": "cve@mitre.org", "published": "2024-03-13T21:16:01.357", - "lastModified": "2024-03-14T12:52:16.723", + "lastModified": "2024-11-13T16:35:11.107", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Existe una vulnerabilidad de Cross Site Scripting en Piwigo anterior a la versi\u00f3n 14.3.0 debido a la falta de sanitizaci\u00f3n en create_tag en admin/include/functions.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d96d389651a5ba9b38690c580", diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28726.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28726.json index 048a993ee52..dddb7dbab6a 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28726.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28726.json @@ -2,7 +2,7 @@ "id": "CVE-2024-28726", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-12T23:15:04.137", - "lastModified": "2024-11-12T23:15:04.137", + "lastModified": "2024-11-13T16:35:11.950", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.1, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/Mrnmap/mrnmap-cve", diff --git a/CVE-2024/CVE-2024-287xx/CVE-2024-28728.json b/CVE-2024/CVE-2024-287xx/CVE-2024-28728.json index bd2611c34de..80dcea70986 100644 --- a/CVE-2024/CVE-2024-287xx/CVE-2024-28728.json +++ b/CVE-2024/CVE-2024-287xx/CVE-2024-28728.json @@ -2,7 +2,7 @@ "id": "CVE-2024-28728", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-12T23:15:04.230", - "lastModified": "2024-11-12T23:15:04.230", + "lastModified": "2024-11-13T16:35:12.757", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://github.com/Mrnmap/mrnmap-cve", diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29080.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29080.json index 60ffe6523e0..91efc6a436b 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29080.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29080.json @@ -2,7 +2,7 @@ "id": "CVE-2024-29080", "sourceIdentifier": "hp-security-alert@hp.com", "published": "2024-07-19T17:15:03.107", - "lastModified": "2024-07-22T13:00:53.287", + "lastModified": "2024-11-13T16:35:13.577", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": " Se han identificado posibles vulnerabilidades en el componente de software HP Display Control dentro del controlador de software de habilitaci\u00f3n de aplicaciones de HP que podr\u00edan permitir una escalada de privilegios." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-281" + } + ] + } + ], "references": [ { "url": "https://support.hp.com/us-en/document/ish_10914875-10914901-16/hpsbhf03954", diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32841.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32841.json index 040bf98950d..eb980333686 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32841.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32841.json @@ -2,7 +2,7 @@ "id": "CVE-2024-32841", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:16.567", - "lastModified": "2024-11-13T02:15:16.567", + "lastModified": "2024-11-13T16:35:14.523", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -35,6 +35,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", diff --git a/CVE-2024/CVE-2024-328xx/CVE-2024-32847.json b/CVE-2024/CVE-2024-328xx/CVE-2024-32847.json index ae4754c9036..173b542bd2c 100644 --- a/CVE-2024/CVE-2024-328xx/CVE-2024-32847.json +++ b/CVE-2024/CVE-2024-328xx/CVE-2024-32847.json @@ -2,7 +2,7 @@ "id": "CVE-2024-32847", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:16.890", - "lastModified": "2024-11-13T02:15:16.890", + "lastModified": "2024-11-13T16:35:15.243", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -35,6 +35,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34780.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34780.json index a9f8988b403..8a89ea0965b 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34780.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34780.json @@ -2,7 +2,7 @@ "id": "CVE-2024-34780", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:17.047", - "lastModified": "2024-11-13T02:15:17.047", + "lastModified": "2024-11-13T16:35:15.963", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -35,6 +35,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34781.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34781.json index 5295fd33ce4..0add835c245 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34781.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34781.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34781", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:17.210", - "lastModified": "2024-11-13T02:15:17.210", + "lastModified": "2024-11-13T16:35:16.703", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de SQL en Ivanti Endpoint Manager antes de la actualizaci\u00f3n de seguridad de noviembre de 2024 o la actualizaci\u00f3n de seguridad de noviembre de 2022 SU6 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34782.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34782.json index e2a44747b03..fbcc423f90a 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34782.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34782.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34782", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:17.367", - "lastModified": "2024-11-13T02:15:17.367", + "lastModified": "2024-11-13T16:35:17.423", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de SQL en Ivanti Endpoint Manager antes de la actualizaci\u00f3n de seguridad de noviembre de 2024 o la actualizaci\u00f3n de seguridad de noviembre de 2022 SU6 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34784.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34784.json index bef533d6f55..991426ecd54 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34784.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34784.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34784", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:17.527", - "lastModified": "2024-11-13T02:15:17.527", + "lastModified": "2024-11-13T16:35:18.153", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de SQL en Ivanti Endpoint Manager antes de la actualizaci\u00f3n de seguridad de noviembre de 2024 o la actualizaci\u00f3n de seguridad de noviembre de 2022 SU6 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", diff --git a/CVE-2024/CVE-2024-347xx/CVE-2024-34787.json b/CVE-2024/CVE-2024-347xx/CVE-2024-34787.json index 65c9674ef5e..4a30fb49eca 100644 --- a/CVE-2024/CVE-2024-347xx/CVE-2024-34787.json +++ b/CVE-2024/CVE-2024-347xx/CVE-2024-34787.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34787", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:17.687", - "lastModified": "2024-11-13T02:15:17.687", + "lastModified": "2024-11-13T16:35:18.883", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required." + }, + { + "lang": "es", + "value": "El path traversal en Ivanti Endpoint Manager antes de la actualizaci\u00f3n de seguridad de noviembre de 2024 o la actualizaci\u00f3n de seguridad de noviembre de 2022 SU6 permite que un atacante local no autenticado logre la ejecuci\u00f3n del c\u00f3digo. Se requiere la interacci\u00f3n del usuario." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37376.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37376.json index 7dc8ea899be..b40b7041cb1 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37376.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37376.json @@ -2,13 +2,17 @@ "id": "CVE-2024-37376", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:17.850", - "lastModified": "2024-11-13T02:15:17.850", + "lastModified": "2024-11-13T16:35:19.627", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de SQL en Ivanti Endpoint Manager antes de la actualizaci\u00f3n de seguridad de noviembre de 2024 o la actualizaci\u00f3n de seguridad de noviembre de 2022 SU6 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", diff --git a/CVE-2024/CVE-2024-386xx/CVE-2024-38655.json b/CVE-2024/CVE-2024-386xx/CVE-2024-38655.json index f81c9bac10c..a1d05b0ae8a 100644 --- a/CVE-2024/CVE-2024-386xx/CVE-2024-38655.json +++ b/CVE-2024/CVE-2024-386xx/CVE-2024-38655.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38655", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:18.650", - "lastModified": "2024-11-13T02:15:18.650", + "lastModified": "2024-11-13T16:35:20.357", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Argument injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de argumentos en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.1 y en Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.1 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39712.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39712.json index 4ebc4160e7d..4bc72dcd5ce 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39712.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39712.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39712", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:19.480", - "lastModified": "2024-11-13T02:15:19.480", + "lastModified": "2024-11-13T16:35:21.090", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Argument injection in Ivanti Connect Secure before version 22.7R2.1 and 9.1R18.7 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution." + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de argumentos en Ivanti Connect Secure anterior a la versi\u00f3n 22.7R2.1 y 9.1R18.7 y en Ivanti Policy Secure anterior a la versi\u00f3n 22.7R1.1 permite que un atacante remoto autenticado con privilegios de administrador logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { @@ -35,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-88" + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", diff --git a/CVE-2024/CVE-2024-402xx/CVE-2024-40239.json b/CVE-2024/CVE-2024-402xx/CVE-2024-40239.json index 22bb23448ba..7767161d2d4 100644 --- a/CVE-2024/CVE-2024-402xx/CVE-2024-40239.json +++ b/CVE-2024/CVE-2024-402xx/CVE-2024-40239.json @@ -2,16 +2,43 @@ "id": "CVE-2024-40239", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.000", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-13T15:35:08.997", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function." + }, + { + "lang": "es", + "value": "Un problema de control de acceso incorrecto en la aplicaci\u00f3n para Android Life: Personal Diary, Journal 17.5.0 permite que un atacante f\u00edsicamente pr\u00f3ximo escale privilegios a trav\u00e9s de la funci\u00f3n de autenticaci\u00f3n de huellas dactilares." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.2 + } + ] + }, "references": [ { "url": "https://play.google.com/store/apps/details?id=com.hitbytes.minidiarynotes", diff --git a/CVE-2024/CVE-2024-402xx/CVE-2024-40240.json b/CVE-2024/CVE-2024-402xx/CVE-2024-40240.json index a7dd293caf9..d011e1a193e 100644 --- a/CVE-2024/CVE-2024-402xx/CVE-2024-40240.json +++ b/CVE-2024/CVE-2024-402xx/CVE-2024-40240.json @@ -2,16 +2,43 @@ "id": "CVE-2024-40240", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.130", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-13T16:35:22.010", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function." + }, + { + "lang": "es", + "value": "Un problema de control de acceso incorrecto en la aplicaci\u00f3n para Android de HomeServe Home Repair - 3.3.4 permite que un atacante f\u00edsicamente pr\u00f3ximo escale privilegios a trav\u00e9s de la funci\u00f3n de autenticaci\u00f3n de huellas dactilares." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 5.2 + } + ] + }, "references": [ { "url": "http://homeserve.com", diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43919.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43919.json index 829cae2cba9..9183e19d7fd 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43919.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43919.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43919", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-01T15:15:48.450", - "lastModified": "2024-11-01T20:24:53.730", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:02:22.520", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -12,11 +12,31 @@ }, { "lang": "es", - "value": " Vulnerabilidad de control de acceso en YARPP YARPP permite . Este problema afecta a YARPP: desde n/a hasta 5.30.10." + "value": " Vulnerabilidad de control de acceso en YARPP YARPP permite. Este problema afecta a YARPP: desde n/a hasta 5.30.10." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:yarpp:yet_another_related_posts_plugin:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.30.10", + "matchCriteriaId": "81BE6000-91B1-444A-A59C-AFB75744B104" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/yet-another-related-posts-plugin/wordpress-yet-another-related-posts-plugin-yarpp-plugin-5-30-10-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45289.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45289.json index a14edf07ba8..98bc3f1bb5c 100644 --- a/CVE-2024/CVE-2024-452xx/CVE-2024-45289.json +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45289.json @@ -2,16 +2,43 @@ "id": "CVE-2024-45289", "sourceIdentifier": "secteam@freebsd.org", "published": "2024-11-12T15:15:10.070", - "lastModified": "2024-11-12T15:48:59.103", + "lastModified": "2024-11-13T15:35:09.787", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option.\n\nFetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option." + }, + { + "lang": "es", + "value": "La librer\u00eda fetch(3) utiliza variables de entorno para pasar cierta informaci\u00f3n, incluida la ruta del archivo de revocaci\u00f3n. El nombre de la variable de entorno que utiliza fetch(1) para pasar el nombre del archivo a la librer\u00eda era incorrecto, por lo que, en efecto, se ignoraba la opci\u00f3n. Fetch seguir\u00eda conect\u00e1ndose a un host que presente un certificado incluido en el archivo de revocaci\u00f3n que se pasa a la opci\u00f3n --crl." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "secteam@freebsd.org", diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45763.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45763.json index 047346f7654..24e4a787872 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45763.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45763.json @@ -2,17 +2,41 @@ "id": "CVE-2024-45763", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-08T17:15:06.243", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-13T16:52:22.340", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity." + }, + { + "lang": "es", + "value": "Dell Enterprise SONiC OS, versi\u00f3n(es) 4.1.x, 4.2.x, contiene(n) una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando del sistema operativo (\"inyecci\u00f3n de comando del sistema operativo\"). Un atacante con privilegios elevados y acceso remoto podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n del comando. Se trata de una vulnerabilidad de gravedad cr\u00edtica, por lo que Dell recomienda a los clientes que actualicen la versi\u00f3n lo antes posible." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -47,10 +71,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:enterprise_sonic_distribution:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.0", + "versionEndExcluding": "4.1.6", + "matchCriteriaId": "B562D424-8BFD-4EB8-B420-BBB9A9487BFD" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:dell:enterprise_sonic_distribution:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2.0", + "versionEndExcluding": "4.2.2", + "matchCriteriaId": "062610CC-696D-4014-AB7A-BA99EA7E0A24" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47769.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47769.json index b81e5798887..705e778a70a 100644 --- a/CVE-2024/CVE-2024-477xx/CVE-2024-47769.json +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47769.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47769", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-04T15:15:13.427", - "lastModified": "2024-10-07T17:48:28.117", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:12:54.033", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -55,14 +75,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:idurarapp:idurar:*:*:*:*:*:*:*:*", + "versionEndIncluding": "4.1.0", + "matchCriteriaId": "EDD0B833-86DC-4D22-A69B-B91B776DFBE2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/idurar/idurar-erp-crm/commit/949bc6fe31f3175c9e1864d30cf6c8110179ac14", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/idurar/idurar-erp-crm/security/advisories/GHSA-948g-2vm7-mfv7", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47854.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47854.json index 147211895aa..f78d7266cca 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47854.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47854.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47854", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-04T06:15:03.027", - "lastModified": "2024-10-06T21:15:12.920", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:25:13.953", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cve@mitre.org", "type": "Secondary", @@ -39,10 +59,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:veritas:data_insight:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0", + "versionEndExcluding": "7.1", + "matchCriteriaId": "1B75FCA7-1E8A-4DF3-8C59-4B820F38B832" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/content/support/en_US/security/VTS24-010", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-47xx/CVE-2024-4741.json b/CVE-2024/CVE-2024-47xx/CVE-2024-4741.json index a12479f6d4f..59fce38992b 100644 --- a/CVE-2024/CVE-2024-47xx/CVE-2024-4741.json +++ b/CVE-2024/CVE-2024-47xx/CVE-2024-4741.json @@ -2,7 +2,7 @@ "id": "CVE-2024-4741", "sourceIdentifier": "openssl-security@openssl.org", "published": "2024-11-13T11:15:04.480", - "lastModified": "2024-11-13T11:15:04.480", + "lastModified": "2024-11-13T15:35:12.740", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "Issue summary: Calling the OpenSSL API function SSL_free_buffers may cause\nmemory to be accessed that was previously freed in some situations\n\nImpact summary: A use after free can have a range of potential consequences such\nas the corruption of valid data, crashes or execution of arbitrary code.\nHowever, only applications that directly call the SSL_free_buffers function are\naffected by this issue. Applications that do not call this function are not\nvulnerable. Our investigations indicate that this function is rarely used by\napplications.\n\nThe SSL_free_buffers function is used to free the internal OpenSSL buffer used\nwhen processing an incoming record from the network. The call is only expected\nto succeed if the buffer is not currently in use. However, two scenarios have\nbeen identified where the buffer is freed even when still in use.\n\nThe first scenario occurs where a record header has been received from the\nnetwork and processed by OpenSSL, but the full record body has not yet arrived.\nIn this case calling SSL_free_buffers will succeed even though a record has only\nbeen partially processed and the buffer is still in use.\n\nThe second scenario occurs where a full record containing application data has\nbeen received and processed by OpenSSL but the application has only read part of\nthis data. Again a call to SSL_free_buffers will succeed even though the buffer\nis still in use.\n\nWhile these scenarios could occur accidentally during normal operation a\nmalicious attacker could attempt to engineer a stituation where this occurs.\nWe are not aware of this issue being actively exploited.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "openssl-security@openssl.org", diff --git a/CVE-2024/CVE-2024-485xx/CVE-2024-48510.json b/CVE-2024/CVE-2024-485xx/CVE-2024-48510.json new file mode 100644 index 00000000000..9183c534758 --- /dev/null +++ b/CVE-2024/CVE-2024-485xx/CVE-2024-48510.json @@ -0,0 +1,40 @@ +{ + "id": "CVE-2024-48510", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-13T15:15:07.463", + "lastModified": "2024-11-13T15:15:07.463", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://gist.github.com/thomas-chauchefoin-bentley-systems/855218959116f870f08857cce2aec731", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/haf/DotNetZip.Semverd", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/haf/DotNetZip.Semverd/blob/e487179b33a9a0f2631eed5fb04d2c952ea5377a/src/Zip.Shared/ZipEntry.Extract.cs#L1365-L1410", + "source": "cve@mitre.org" + }, + { + "url": "https://www.nuget.org/packages/DotNetZip/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48900.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48900.json new file mode 100644 index 00000000000..f3c6aeccea5 --- /dev/null +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48900.json @@ -0,0 +1,33 @@ +{ + "id": "CVE-2024-48900", + "sourceIdentifier": "secalert@redhat.com", + "published": "2024-11-13T15:15:07.577", + "lastModified": "2024-11-13T15:15:07.577", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in Moodle. Additional checks are required to ensure users with permission to view badge recipients can only access lists of those they are intended to have access to." + } + ], + "metrics": {}, + "weaknesses": [ + { + "source": "secalert@redhat.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2318818", + "source": "secalert@redhat.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48989.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48989.json index 838a6e0f3fc..1fbdd9bd215 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48989.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48989.json @@ -2,7 +2,7 @@ "id": "CVE-2024-48989", "sourceIdentifier": "psirt@bosch.com", "published": "2024-11-13T14:15:15.417", - "lastModified": "2024-11-13T14:15:15.417", + "lastModified": "2024-11-13T15:35:10.510", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -45,6 +45,16 @@ "value": "CWE-400" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], "references": [ diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49504.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49504.json new file mode 100644 index 00000000000..c0b570829d7 --- /dev/null +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49504.json @@ -0,0 +1,66 @@ +{ + "id": "CVE-2024-49504", + "sourceIdentifier": "meissner@suse.de", + "published": "2024-11-13T15:15:07.767", + "lastModified": "2024-11-13T15:15:07.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "grub2 allowed attackers with access to the grub shell to access files on the encrypted disks." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.0, + "baseSeverity": "HIGH" + } + } + ] + }, + "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49504", + "source": "meissner@suse.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49505.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49505.json new file mode 100644 index 00000000000..5630751dea2 --- /dev/null +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49505.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-49505", + "sourceIdentifier": "meissner@suse.de", + "published": "2024-11-13T15:15:07.860", + "lastModified": "2024-11-13T15:15:07.860", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in openSUSE Tumbleweed MirrorCache allows the execution of arbitrary JS via reflected XSS in the\u00a0 REGEX and P parameters.\nThis issue affects MirrorCache before 1.083." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "meissner@suse.de", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49505", + "source": "meissner@suse.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49506.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49506.json new file mode 100644 index 00000000000..d84f6ea84b3 --- /dev/null +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49506.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-49506", + "sourceIdentifier": "meissner@suse.de", + "published": "2024-11-13T15:15:08.070", + "lastModified": "2024-11-13T15:35:11.613", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "meissner@suse.de", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 0.0, + "baseSeverity": "NONE" + }, + "exploitabilityScore": 1.8, + "impactScore": 0.0 + } + ] + }, + "weaknesses": [ + { + "source": "meissner@suse.de", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-377" + } + ] + } + ], + "references": [ + { + "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2024-49506", + "source": "meissner@suse.de" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49932.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49932.json index 4f1b51a7f9a..998ed22d479 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49932.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49932.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49932", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.140", - "lastModified": "2024-10-23T15:13:25.583", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:01:49.790", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,74 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: no leer con anticipaci\u00f3n el inodo de reubicaci\u00f3n en RST En la reubicaci\u00f3n, hacemos lectura anticipada en el inodo de reubicaci\u00f3n, pero si el sistema de archivos est\u00e1 respaldado por un \u00e1rbol de bandas RAID, podemos obtener ENOENT (por ejemplo, debido a que las extensiones preasignadas no se asignan en el RST) a partir de la b\u00fasqueda. Pero readahead no maneja el error y env\u00eda lecturas no v\u00e1lidas al dispositivo, lo que causa una afirmaci\u00f3n en el c\u00f3digo de la lista scatter-gather: BTRFS info (device nvme1n1): balance: start -d -m -s BTRFS info (device nvme1n1): relocating block group 6480920576 flags data|raid0 BTRFS error (device nvme1n1): cannot find raid-stripe for logical [6481928192, 6481969152] devid 2, profile raid0 ------------[ cortar aqu\u00ed ]------------ \u00a1ERROR del kernel en include/linux/scatterlist.h:115! Ups: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP PTI CPU: 0 PID: 1012 Comm: btrfs No contaminado 6.10.0-rc7+ #567 RIP: 0010:__blk_rq_map_sg+0x339/0x4a0 RSP: 0018:ffffc90001a43820 EFLAGS: 00010202 RAX: 000000000000000 RBX: 000000000000000 RCX: ffffea00045d4802 RDX: 0000000117520000 RSI: 0000000000000000 RDI: ffff8881027d1000 RBP: 0000000000003000 R08: ffffea00045d4902 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000001000 R12: ffff8881003d10b8 R13: ffffc90001a438f0 R14: 000000000000000 R15: 0000000000003000 FS: 00007fcc048a6900(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000002cd11000 CR3: 00000001109ea001 CR4: 0000000000370eb0 Seguimiento de llamadas: ? __die_body.cold+0x14/0x25 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x65/0x80 ? __blk_rq_map_sg+0x339/0x4a0 ? exc_invalid_op+0x50/0x70 ? __blk_rq_map_sg+0x339/0x4a0 ? asm_exc_invalid_op+0x1a/0x20 ? __blk_rq_map_sg+0x339/0x4a0 nvme_prep_rq.part.0+0x9d/0x770 nvme_queue_rq+0x7d/0x1e0 __blk_mq_issue_directly+0x2a/0x90 ? blk_mq_get_budget_and_tag+0x61/0x90 blk_mq_try_issue_list_directly+0x56/0xf0 blk_mq_flush_plug_list.part.0+0x52b/0x5d0 __blk_flush_plug+0xc6/0x110 blk_finish_plug+0x28/0x40 read_pages+0x160/0x1c0 page_cache_ra_unbounded+0x109/0x180 relocate_file_extent_cluster+0x611/0x6a0 ? btrfs_search_slot+0xba4/0xd20 ? balance_dirty_pages_ratelimited_flags+0x26/0xb00 relocate_data_extent.constprop.0+0x134/0x160 relocate_block_group+0x3f2/0x500 btrfs_relocate_block_group+0x250/0x430 btrfs_relocate_chunk+0x3f/0x130 btrfs_balance+0x71b/0xef0 ? kmalloc_trace_noprof+0x13b/0x280 btrfs_ioctl+0x2c2e/0x3030 ? kvfree_call_rcu+0x1e6/0x340 ? list_lru_add_obj+0x66/0x80 ? mntput_no_expire+0x3a/0x220 __x64_sys_ioctl+0x96/0xc0 do_syscall_64+0x54/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7fcc04514f9b C\u00f3digo: No se puede acceder a los bytes del c\u00f3digo de operaci\u00f3n en 0x7fcc04514f71. RSP: 002b:00007ffeba923370 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00007fcc04514f9b RDX: 00007ffeba923460 RSI: 00000000c4009420 RDI: 0000000000000003 RBP: 000000000000000 R08: 0000000000000013 R09: 0000000000000001 R10: 00007fcc043fbba8 R11: 0000000000000246 R12: 00007ffeba924fc5 R13: 00007ffeba923460 R14: 0000000000000002 R15: 00000000004d4bb0 M\u00f3dulos vinculados en: ---[ fin del seguimiento 000000000000000 ]--- RIP: 0010:__blk_rq_map_sg+0x339/0x4a0 RSP: 0018:ffffc90001a43820 EFLAGS: 00010202 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffea00045d4802 RDX: 0000000117520000 RSI: 0000000000000000 RDI: ffff8881027d1000 RBP: 0000000000003000 R08: ffffea00045d4902 R09: 0000000000000000 R10: 0000000000000000 R11: 00000000000001000 R12: ffff8881003d10b8 R13: ffffc90001a438f0 R14: 0000000000000000 R15: 0000000000003000 FS: 00007fcc048a6900(0000) GS:ffff88813bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fcc04514f71 CR3: 00000001109ea001 CR4: 0000000000370eb0 N\u00facleo p ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.11.3", + "matchCriteriaId": "6D5FF9C2-A011-4A64-B614-F9244ED2EA0D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/04915240e2c3a018e4c7f23418478d27226c8957", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f7a1218a983ab98aba140dc20b25f60b39ee4033", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49933.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49933.json index 5e99b1ac51b..7fc573eae64 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49933.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49933.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49933", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.210", - "lastModified": "2024-10-23T15:13:25.583", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:09:09.597", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,144 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: blk_iocost: corrige m\u00e1s cambios fuera de los l\u00edmites Recientemente, la ejecuci\u00f3n de UBSAN detect\u00f3 algunos cambios fuera de los l\u00edmites en la funci\u00f3n ioc_forgive_debts(): UBSAN: cambio fuera de los l\u00edmites en block/blk-iocost.c:2142:38 el exponente de cambio 80 es demasiado grande para el tipo de 64 bits 'u64' (tambi\u00e9n conocido como 'unsigned long long') ... UBSAN: cambio fuera de los l\u00edmites en block/blk-iocost.c:2144:30 el exponente de cambio 80 es demasiado grande para el tipo de 64 bits 'u64' (tambi\u00e9n conocido como 'unsigned long long') ... Seguimiento de llamadas: dump_stack_lvl+0xca/0x130 __ubsan_handle_shift_out_of_bounds+0x22c/0x280 ? __lock_acquire+0x6441/0x7c10 ioc_timer_fn+0x6cec/0x7750 ? blk_iocost_init+0x720/0x720 ? call_timer_fn+0x5d/0x470 call_timer_fn+0xfa/0x470 ? blk_iocost_init+0x720/0x720 __run_timer_base+0x519/0x700 ... No se identific\u00f3 el impacto real de este problema, pero propongo corregir el comportamiento indefinido. La soluci\u00f3n propuesta para evitar esos cambios fuera de los l\u00edmites consiste en precalcular el exponente antes de usarlo en las operaciones de cambio tomando el valor m\u00ednimo del exponente real y la cantidad m\u00e1xima posible de bits." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.227", + "matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.55", + "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.14", + "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.3", + "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1ab2cfe19700fb3dde4c7dfec392acff34db3120", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1b120f151871eb47ce9f283c007af3f8ae1d990e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1f61d509257d6a05763d05bf37943b35306522b1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/364022095bdd4108efdaaa68576afa4712a5d085", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/59121bb38fdc01434ea3fe361ee02b59f036227f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9bce8005ec0dcb23a58300e8522fe4a31da606fa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f4ef9bef023d5c543cb0f3194ecacfd47ef590ec", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49934.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49934.json index 25eb67ec15b..ab50fd9dca5 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49934.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49934.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49934", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.273", - "lastModified": "2024-10-23T15:13:25.583", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:18:14.487", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,88 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/inode: Evitar que dump_mapping() acceda a dentry.d_name.name no v\u00e1lido Se observa que se produce un bloqueo durante la eliminaci\u00f3n activa de un dispositivo de memoria, en el que el usuario est\u00e1 accediendo a hugetlb. Consulte el seguimiento de llamadas de la siguiente manera: ------------[ cortar aqu\u00ed ]------------ ADVERTENCIA: CPU: 1 PID: 14045 en arch/x86/mm/fault.c:1278 do_user_addr_fault+0x2a0/0x790 M\u00f3dulos vinculados en: kmem device_dax cxl_mem cxl_pmem cxl_port cxl_pci dax_hmem dax_pmem nd_pmem cxl_acpi nd_btt cxl_core crc32c_intel nvme virtiofs fuse nvme_core nfit libnvdimm dm_multipath scsi_dh_rdac scsi_dh_emc s mirror dm_region_hash dm_log dm_mod CPU: 1 PID: 14045 Comm: daxctl No contaminado 6.10.0-rc2-lizhijian+ #492 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 01/04/2014 RIP: 0010:do_user_addr_fault+0x2a0/0x790 C\u00f3digo: 48 8b 00 a8 04 0f 84 b5 fe ff ff e9 1c ff ff ff 4c 89 e9 4c 89 e2 be 01 00 00 00 bf 02 00 00 00 e8 b5 ef 24 00 e9 42 fe ff ff <0f> 0b 48 83 c4 08 4c 89 ea 48 89 ee 4c 89 e7 5b 5d 41 5c 41 5d 41 RSP: 0000:ffffc90000a575f0 EFLAGS: 00010046 RAX: ffff88800c303600 RBX: 0000000000000000 RCX: 000000000000000 RDX: 00000000000001000 RSI: ffffffff82504162 RDI: ffffffff824b2c36 RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000000000 R11: 0000000000000000 R12: ffffc90000a57658 R13: 0000000000001000 R14: ffff88800bc2e040 R15: 000000000000000 FS: 00007f51cb57d880(0000) GS:ffff88807fd00000(0000) knlGS:000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000001000 CR3: 00000000072e2004 CR4: 00000000001706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ? __warn+0x8d/0x190 ? do_user_addr_fault+0x2a0/0x790 ? report_bug+0x1c3/0x1d0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 ? do_user_addr_fault+0x2a0/0x790 ? exc_page_fault+0x31/0x200 exc_page_fault+0x68/0x200 <...snip...> ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000001000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI ---[ fin del seguimiento 000000000000000 ]--- ERROR: no se puede manejar el error de p\u00e1gina para la direcci\u00f3n: 0000000000001000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 800000000ad92067 P4D 800000000ad92067 PUD 7677067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 14045 Comm: daxctl Kdump: cargado Tainted: GW 6.10.0-rc2-lizhijian+ #492 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:dentry_name+0x1f4/0x440 <...snip...> ? dentry_name+0x2fa/0x440 vsnprintf+0x1f3/0x4f0 vprintk_store+0x23a/0x540 vprintk_emit+0x6d/0x330 _printk+0x58/0x80 dump_mapping+0x10b/0x1a0 ? __pfx_free_object_rcu+0x10/0x10 __dump_page+0x26b/0x3e0 ? vprintk_emit+0xe0/0x330 ? _printk+0x58/0x80 ? dump_page+0x17/0x50 dump_page+0x17/0x50 do_migrate_range+0x2f7/0x7f0 ? do_migrate_range+0x42/0x7f0 ? offline_pages+0x2f4/0x8c0 offline_pages+0x60a/0x8c0 memory_subsys_offline+0x9f/0x1c0 ? lockdep_hardirqs_on+0x77/0x100 ? _raw_spin_unlock_irqrestore+0x38/0x60 device_offline+0xe3/0x110 state_store+0x6e/0xc0 kernfs_fop_write_iter+0x143/0x200 vfs_write+0x39f/0x560 ksys_write+0x65/0xf0 do_syscall_64+0x62/0x130 Anteriormente, se han realizado algunas comprobaciones de cordura en dump_mapping() antes de que la funci\u00f3n de impresi\u00f3n analice '%pd', aunque a\u00fan es posible encontrarse con un dentry.d_name.name no v\u00e1lido. Dado que dump_mapping() solo necesita volcar el nombre del archivo, recup\u00e9relo por s\u00ed mismo de una manera m\u00e1s segura para ----truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.10.14", + "matchCriteriaId": "652638C5-5F25-4DF3-AD42-DD3252A97152" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.3", + "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/7f7b850689ac06a62befe26e1fd1806799e7f152", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef921bc72328b577cb45772ff7921cba4773b74a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f92b8829c6e75632de4e2b9f70e7a7e6c5c2ba98", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49935.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49935.json index 2228ba72315..446f0718330 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49935.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49935.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49935", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.350", - "lastModified": "2024-10-23T15:13:25.583", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:21:55.297", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: PAD: corrige fallo en exit_round_robin() El kernel ocasionalmente fallo en cpumask_clear_cpu(), que se llama dentro de exit_round_robin(), porque al ejecutar clear_bit(nr, addr) con nr establecido en 0xffffffff, el c\u00e1lculo de la direcci\u00f3n puede causar una desalineaci\u00f3n dentro de la memoria, lo que lleva al acceso a una direcci\u00f3n de memoria no v\u00e1lida. ---------- ERROR: no se puede manejar la solicitud de paginaci\u00f3n del n\u00facleo en ffffffffe0740618 ... CPU: 3 PID: 2919323 Comm: acpi_pad/14 Kdump: cargado Tainted: G OE X --------- - - 4.18.0-425.19.2.el8_7.x86_64 #1 ... RIP: 0010:power_saving_thread+0x313/0x411 [acpi_pad] C\u00f3digo: 89 cd 48 89 d3 eb d1 48 c7 c7 55 70 72 c0 e8 64 86 b0 e4 c6 05 0d a1 02 00 01 e9 bc fd ff ff 45 89 e4 42 8b 04 a5 20 82 72 c0 48 0f b3 05 f4 9c 01 00 42 c7 04 a5 20 82 72 c0 ff ff ff ff 31 RSP: 0018:ff72a5d51fa77ec8 EFLAGS: 00010202 RAX: 00000000ffffffff RBX: ff462981e5d8cb80 RCX: 000000000000000 RDX: 000000000000000 RSI: 0000000000000246 RDI: 0000000000000246 RBP: ff46297556959d80 R08: 0000000000000382 R09: ff46297c8d0f38d8 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000000e R13: 0000000000000000 R1 4: ffffffffffffffff R15: 000000000000000e FS: 0000000000000000(0000) GS:ff46297a800c0000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffffffe0740618 CR3: 0000007e20410004 CR4: 0000000000771ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Rastreo de llamadas: ? acpi_pad_add+0x120/0x120 [acpi_pad] kthread+0x10b/0x130 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x1f/0x40 ... CR2: ffffffffe0740618 crash> dis -lr ffffffffc0726923 ... /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 114 0xffffffffc0726918 : mov %r12d,%r12d /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./include/linux/cpumask.h: 325 0xffffffffc072691b : mov -0x3f8d7de0(,%r12,4),%eax /usr/src/debug/kernel-4.18.0-425.19.2.el8_7/linux-4.18.0-425.19.2.el8_7.x86_64/./arch/x86/include/asm/bitops.h: 80 0xffffffffc0726923 : crash btr %rax,0x19cf4(%rip) # 0xffffffffc0740620 crash> px tsk_in_cpu[14] $66 = 0xffffffff crash> px 0xffffffffc072692c+0x19cf4 $99 = 0xffffffffc0740620 crash> sym 0xffffffffc0740620 ffffffffc0740620 (b) pad_busy_cpus_bits [acpi_pad] crash> px pad_busy_cpus_bits[0] $42 = 0xfffc0 ---------- Para solucionar esto, aseg\u00farese de que tsk_in_cpu[tsk_index] != -1 antes de llamar cpumask_clear_cpu() en exit_round_robin(), tal como se hace en round_robin_cpu(). [ rjw: Edici\u00f3n del tema, evitar actualizaciones al mismo valor ]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "F032D82B-5582-4DF5-B921-BFE0BD301364" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.55", + "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.14", + "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.3", + "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/03593dbb0b272ef7b0358b099841e65735422aca", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0a2ed70a549e61c5181bad5db418d223b68ae932", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/27c045f868f0e5052c6b532868a65e0cd250c8fc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/68a599da16ebad442ce295d8d2d5c488e3992822", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/68a8e45743d6a120f863fb14b72dc59616597019", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/92e5661b7d0727ab912b76625a88b33fdb9b609a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-499xx/CVE-2024-49938.json b/CVE-2024/CVE-2024-499xx/CVE-2024-49938.json index 5daac661cd7..c15e2c5aaf4 100644 --- a/CVE-2024/CVE-2024-499xx/CVE-2024-49938.json +++ b/CVE-2024/CVE-2024-499xx/CVE-2024-49938.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49938", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-10-21T18:15:15.547", - "lastModified": "2024-11-08T16:15:32.180", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:25:11.290", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,43 +15,158 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath9k_htc: Use __skb_set_length() para restablecer urb antes de volver a enviar Syzbot se\u00f1ala que skb_trim() tiene una comprobaci\u00f3n de cordura en la longitud existente del skb, que puede no inicializarse en algunas rutas de error. La intenci\u00f3n aqu\u00ed es claramente solo restablecer la longitud a cero antes de volver a enviar, as\u00ed que cambie a llamar a __skb_set_length(skb, 0) directamente. Adem\u00e1s, __skb_set_length() ya contiene una llamada a skb_reset_tail_pointer(), as\u00ed que elimine la llamada redundante. El informe de syzbot vino de ath9k_hif_usb_reg_in_cb(), pero hay un uso similar de skb_trim() en ath9k_hif_usb_rx_cb(), cambie ambos mientras estamos en eso." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-824" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.227", + "matchCriteriaId": "EB525A44-6338-4857-AD90-EA2860D1AD1F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.55", + "matchCriteriaId": "E90B9576-56C4-47BC-AAB0-C5B2D438F5D0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.14", + "matchCriteriaId": "4C16BCE0-FFA0-4599-BE0A-1FD65101C021" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.3", + "matchCriteriaId": "54D9C704-D679-41A7-9C40-10A6B1E7FFE9" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/012ae530afa0785102360de452745d33c99a321b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2c230210ec0ae6ed08306ac70dc21c24b817bb95", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6a875220670475d9247e576c15dc29823100a4e4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/94745807f3ebd379f23865e6dab196f220664179", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a9f4e28e8adaf0715bd4e01462af0a52ee46b01f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b02eb7c86ff2ef1411c3095ec8a52b13f68db04f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d1f2fbc6a769081503f6ffedbb5cd1ac497f0e77", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e37e348835032d6940ec89308cc8996ded691d2d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e6b9bf32e0695e4f374674002de0527d2a6768eb", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50089.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50089.json index 409bca01d8f..7a47f7ec93a 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50089.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50089.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50089", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.410", - "lastModified": "2024-11-08T16:15:46.337", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T16:59:43.830", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,154 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: unicode: No aplicar may\u00fasculas y min\u00fasculas especiales a los puntos de c\u00f3digo que se puedan ignorar. No necesitamos manejarlos por separado. En su lugar, simplemente dejamos que se descompongan o se conviertan en may\u00fasculas y min\u00fasculas por s\u00ed mismos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "374FAAF8-6ECD-4787-AF8A-997F15711D19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.227", + "matchCriteriaId": "795A3EE6-0CAB-4409-A903-151C94ACECC0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.168", + "matchCriteriaId": "4D51C05D-455B-4D8D-89E7-A58E140B864C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.113", + "matchCriteriaId": "D01BD22E-ACD1-4618-9D01-6116570BE1EE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.57", + "matchCriteriaId": "05D83DB8-7465-4F88-AFB2-980011992AC1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.4", + "matchCriteriaId": "AA84D336-CE9A-4535-B901-1AD77EC17C34" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/18b5f47e7da46d3a0d7331e48befcaf151ed2ddf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/21526498d25e54bda3c650f756493d63fd9131b7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/39fffca572844d733b137a0ff9eacd67b9b0c8e3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5c26d2f1d3f5e4be3e196526bead29ecb139cf91", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/651b954cd8d5b0a358ceb47c93876bb6201224e4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/876d3577a5b353e482d9228d45fa0d82bf1af53a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ac20736861f3c9c8e0a78273a4c57e9bcb0d8cc6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50152.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50152.json index 66ada974944..b482b342e82 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50152.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50152.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50152", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.850", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:15:56.840", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,104 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: se corrige una posible doble liberaci\u00f3n en smb2_set_ea() Advertencia del comprobador est\u00e1tico de Clang (scan-build): fs/smb/client/smb2ops.c:1304:2: Intento de liberar memoria liberada. 1304 | kfree(ea); | ^~~~~~~~~ Hay una doble liberaci\u00f3n en tal caso: 'ea se inicializa a NULL' -> 'primera asignaci\u00f3n de memoria exitosa para ea' -> 'algo fall\u00f3, goto sea_exit' -> 'primera liberaci\u00f3n de memoria para ea' -> 'goto replay_again' -> 'segundo goto sea_exit antes de asignar memoria para ea' -> 'la segunda liberaci\u00f3n de memoria para ea result\u00f3 en una doble liberaci\u00f3n'. Reinicialice 'ea' a NULL cerca de la etiqueta replay_again, puede solucionar este problema de doble liberaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.32", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "15752D93-7E64-45C3-AA2D-6A544F5E615F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.8", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "2CAA29A6-36B4-4C90-A862-A816F65153DB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/19ebc1e6cab334a8193398d4152deb76019b5d34", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b1813c220b76f60b1727984794377c4aa849d4c1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c9f758ecf2562dfdd4adf12c22921b5de8366123", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50153.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50153.json index 78b0c439f7c..c332b7dfa3b 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50153.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50153.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50153", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.917", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:23:49.717", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,144 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: target: core: Corregir null-ptr-deref en target_alloc_device() KASAN ha informado de un problema de null-ptr-deref: ERROR: KASAN: null-ptr-deref en target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_report+0xb9/0xf0 target_alloc_device+0xbc4/0xbe0 [target_core_mod] core_dev_setup_virtual_lun0+0xef/0x1f0 [target_core_mod] target_core_init_configfs+0x205/0x420 [target_core_mod] do_one_initcall+0xdd/0x4e0 ... entry_SYSCALL_64_after_hwframe+0x76/0x7e En target_alloc_device(), si falla la asignaci\u00f3n de memoria para las colas dev, dev se liberar\u00e1 mediante dev->transport->free_device(), pero dev->transport no se inicializa en ese momento, lo que generar\u00e1 un problema de referencia de puntero nulo. Se soluciona este error liberando dev con hba->backend->ops->free_device()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "A9BA1C73-2D2E-45E3-937B-276A28AEB5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:5.10.180:*:*:*:*:*:*:*", + "matchCriteriaId": "E57BBF5A-3C2F-4683-90E9-C55C20DA0392" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/14a6a2adb440e4ae97bee73b2360946bd033dadd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/39e02fa90323243187c91bb3e8f2f5f6a9aacfc7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/895ab729425ef9bf3b6d2f8d0853abe64896f314", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8c1e6717f60d31f8af3937c23c4f1498529584e1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b80e9bc85bd9af378e7eac83e15dd129557bbdb6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fca6caeb4a61d240f031914413fcc69534f6dc03", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json index 2c507348ddb..fdc83d3dbda 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50154.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50154", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:06.987", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T16:17:12.473", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,139 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp/dccp: No use timer_pending() en reqsk_queue_unlink(). Martin KaFai Lau inform\u00f3 de un use-after-free [0] en reqsk_timer_handler(). \"\"\" Estamos viendo un use-after-free de un programa bpf adjunto a trace_tcp_retransmit_synack. El programa pasa el req->sk al ayudante del kernel bpf_sk_storage_get_tracing que comprueba si hay valores nulos antes de usarlo. \"\"\" El commit 83fccfc3940c (\"inet: soluciona un posible bloqueo en reqsk_queue_unlink()\") agreg\u00f3 timer_pending() en reqsk_queue_unlink() para no llamar a del_timer_sync() desde reqsk_timer_handler(), pero introdujo una peque\u00f1a ventana de ejecuci\u00f3n. Antes de que se llame al temporizador, expire_timers() llama a detach_timer(timer, true) para borrar timer->entry.pprev y lo marca como no pendiente. Si reqsk_queue_unlink() comprueba timer_pending() justo despu\u00e9s de que expire_timers() llame a detach_timer(), TCP no detectar\u00e1 del_timer_sync(); el temporizador reqsk seguir\u00e1 funcionando y enviar\u00e1 varios SYN+ACK hasta que expire. El UAF informado podr\u00eda ocurrir si se cierra req->sk antes de la expiraci\u00f3n del temporizador, que es 63 s por defecto. El escenario ser\u00eda 1. inet_csk_complete_hashdance() llama a inet_csk_reqsk_queue_drop(), pero se omite del_timer_sync() 2. se ejecuta el temporizador reqsk y se programa nuevamente 3. se acepta req->sk y reqsk_put() decrementa rsk_refcnt, pero el temporizador reqsk a\u00fan tiene otro, e inet_csk_accept() no borra req->sk para sockets que no sean TFO 4. se cierra sk 5. se ejecuta nuevamente el temporizador reqsk y BPF toca req->sk No usemos timer_pending() pasando el contexto del llamador a __inet_csk_reqsk_queue_drop(). Tenga en cuenta que el temporizador reqsk est\u00e1 fijado, por lo que el problema no ocurre en la mayor\u00eda de los casos de uso. [1] [0] ERROR: KFENCE: lectura de use-after-free en bpf_sk_storage_get_tracing+0x2e/0x1b0 Lectura de use-after-free en 0x00000000a891fb3a (en kfence-#1): bpf_sk_storage_get_tracing+0x2e/0x1b0 bpf_prog_5ea3e95db6da0438_tcp_retransmit_synack+0x1d20/0x1dda bpf_trace_run2+0x4c/0xc0 tcp_rtx_synack+0xf9/0x100 reqsk_timer_handler+0xda/0x3d0 run_timer_softirq+0x292/0x8a0 irq_exit_rcu+0xf5/0x320 sysvec_apic_timer_interrupt+0x6d/0x80 asm_sysvec_apic_timer_interrupt+0x16/0x20 intel_idle_irq+0x5a/0xa0 cpuidle_enter_state+0x94/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb kfence-#1: 0x00000000a72cc7b6-0x00000000d97616d9, tama\u00f1o=2376, cach\u00e9=TCPv6 asignado por la tarea 0 en la CPU 9 en 260507.901592s: sk_prot_alloc+0x35/0x140 sk_clone_lock+0x1f/0x3f0 inet_csk_clone_lock+0x15/0x160 tcp_create_openreq_child+0x1f/0x410 tcp_v6_syn_recv_sock+0x1da/0x700 tcp_check_req+0x1fb/0x510 tcp_v6_rcv+0x98b/0x1420 ipv6_list_rcv+0x2258/0x26e0 napi_complete_done+0x5b1/0x2990 mlx5e_napi_poll+0x2ae/0x8d0 net_rx_action+0x13e/0x590 irq_exit_rcu+0xf5/0x320 common_interrupt+0x80/0x90 asm_common_interrupt+0x22/0x40 cpuidle_enter_state+0xfb/0x273 cpu_startup_entry+0x15e/0x260 start_secondary+0x8a/0x90 secondary_startup_64_no_verify+0xfa/0xfb liberado por la tarea 0 en la CPU 9 a las 260507.927527 s: rcu_core_si+0x4ff/0xf10 irq_exit_rcu+0xf5/0x320 sysvec_apic_timer_interrupt+0x6d/0x80 asm_sysvec_apic_timer_interrupt+0x16/0x20 cpu_idle_entrada_estado+0xfb/0x273 cpu_inicio_entrada+0x15e/0x260 inicio_secundario+0x8a/0x90 inicio_secundario_64_sin_verificaci\u00f3n+0xfa/0xfb" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.0, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.1.11", + "versionEndExcluding": "4.2", + "matchCriteriaId": "3CD6E092-00BA-470A-BD6E-9FF38E84DB99" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "D37DEB92-5329-47EC-94B1-051761C1F534" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5071beb59ee416e8ab456ac8647a4dabcda823b1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/51e34db64f4e43c7b055ccf881b7f3e0c31bb26d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8459d61fbf24967839a70235165673148c7c7f17", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/997ae8da14f1639ce6fb66a063dab54031cd61b3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e8c526f2bdf1845bedaf6a478816a3d06fa78b8f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50159.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50159.json index 6c0f9b1932d..f380afe124f 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50159.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50159.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50159", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.333", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T16:19:28.807", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,104 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firmware: arm_scmi: Se corrige la doble liberaci\u00f3n en scmi_debugfs_common_setup() El verificador est\u00e1tico de Clang (scan-build) arroja la siguiente advertencia: | drivers/firmware/arm_scmi/driver.c:line 2915, column 2 | Intenta liberar la memoria liberada. Cuando devm_add_action_or_reset() falla, scmi_debugfs_common_cleanup() se ejecutar\u00e1 dos veces, lo que provoca una doble liberaci\u00f3n de 'dbg->name'. Elimina el scmi_debugfs_common_cleanup() redundante para solucionar este problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.3", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "FE6BAC9A-DCE6-4768-8A7A-24AA8A77B015" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/39b13dce1a91cdfc3bec9238f9e89094551bd428", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6d91d07913aee90556362d648d6a28a1eda419dc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fb324fdaf546bf14bc4c17e0037bca6cb952b121", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50160.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50160.json index fb5cfd586e2..774fe986335 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50160.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50160.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50160", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.403", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T16:13:39.750", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,132 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ALSA: hda/cs8409: Se corrige una posible desreferencia de NULL. Si snd_hda_gen_add_kctl no puede asignar memoria y devuelve NULL, se producir\u00e1 una desreferencia de puntero NULL en la siguiente l\u00ednea. Dado que la funci\u00f3n dolphin_fixups es una funci\u00f3n hda_fixup que no deber\u00eda devolver ning\u00fan error, se debe agregar una comprobaci\u00f3n simple antes de la desreferencia e ignorar el error. Encontrado por Linux Verification Center (linuxtesting.org) con SVACE." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "7CE95756-0E56-4B60-BD49-639A182D313E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/21dc97d5086fdabbe278786bb0a03cbf2e26c793", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4e19aca8db696b6ba4dd8c73657405e15c695f14", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8971fd61210d75fd2af225621cd2fcc87eb1847c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a5dd71a8b849626f42d08a5e73d382f2016fc7bc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c9bd4a82b4ed32c6d1c90500a52063e6e341517f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50161.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50161.json index b1a4d7e3ab3..690cabd30d6 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50161.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50161.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50161", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.480", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T16:36:57.413", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,90 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Verificar el info_cnt restante antes de repetir los campos btf Al intentar repetir los campos btf para una matriz de estructuras anidadas, no verifica el info_cnt restante. Se informar\u00e1 el siguiente error cuando el valor de ret * nelems sea mayor que BTF_FIELDS_MAX: ------------[ cortar aqu\u00ed ]------------ UBSAN: array-index-out-of-bounds en ../kernel/bpf/btf.c:3951:49 el \u00edndice 11 est\u00e1 fuera de rango para el tipo 'btf_field_info [11]' CPU: 6 UID: 0 PID: 411 Comm: test_progs ...... 6.11.0-rc4+ #1 Tainted: [O]=OOT_MODULE Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS ... Seguimiento de llamadas: dump_stack_lvl+0x57/0x70 dump_stack+0x10/0x20 ubsan_epilogue+0x9/0x40 __ubsan_handle_fuera_de_l\u00edmites+0x6f/0x80 ? kallsyms_lookup_name+0x48/0xb0 btf_parse_fields+0x992/0xce0 map_create+0x591/0x770 __sys_bpf+0x229/0x2410 __x64_sys_bpf+0x1f/0x30 x64_sys_call+0x199/0x9f0 do_syscall_64+0x3b/0xc0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7fea56f2cc5d ...... ---[ fin del seguimiento ]--- Arr\u00e9glelo comprobando el info_cnt restante en btf_repeat_fields() antes de repetir los campos btf." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-129" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.11", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "35973F0F-C32F-4D88-B0FE-C75F65A0002B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/6f957d972feee9b385ea3ae6530310a84e55ba71", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/797d73ee232dd1833dec4824bc53a22032e97c1c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50167.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50167.json index e61416532de..f2adbd98daf 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50167.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50167.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50167", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.893", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:29:54.590", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,179 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: be2net: corrige una posible p\u00e9rdida de memoria en be_xmit(). Be_xmit() devuelve NETDEV_TX_OK sin liberar skb en caso de que be_xmit_enqueue() falle, agregue dev_kfree_skb_any() para solucionarlo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.2", + "versionEndExcluding": "4.19.323", + "matchCriteriaId": "677C8F99-30A1-4F6B-BD3E-FE1550E8BA0A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.229", + "matchCriteriaId": "1A03CABE-9B43-4E7F-951F-10DEEADAA426" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "A9BA1C73-2D2E-45E3-937B-276A28AEB5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/4c5f170ef4f85731a4d43ad9a6ac51106c0946be", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/641c1beed52bf3c6deb0193fe4d38ec9ff75d2ae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6b7ce8ee01c33c380aaa5077ff25215492e7eb0e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/77bc881d370e850b7f3cd2b5eae67d596b40efbc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/919ab6e2370289a2748780f44a43333cd3878aa7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/941026023c256939943a47d1c66671526befbb26", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e4dd8bfe0f6a23acd305f9b892c00899089bd621", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e86a79b804e26e3b7f1e415b22a085c0bb7ea3d3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50168.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50168.json index d1604739d2e..f7a880db7a4 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50168.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50168.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50168", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:07.960", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T16:16:31.747", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,179 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sun3_82586: corrige una posible p\u00e9rdida de memoria en sun3_82586_send_packet(). sun3_82586_send_packet() devuelve NETDEV_TX_OK sin liberar skb en caso de que skb->len sea demasiado largo, agrega dev_kfree_skb() para solucionarlo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.6.12", + "versionEndExcluding": "4.19.323", + "matchCriteriaId": "412BD203-5581-4B41-81A3-77F90DAD48A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.285", + "matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.229", + "matchCriteriaId": "1A03CABE-9B43-4E7F-951F-10DEEADAA426" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.170", + "matchCriteriaId": "A9BA1C73-2D2E-45E3-937B-276A28AEB5FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.115", + "matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*", + "matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/137010d26dc5cd47cd62fef77cbe952d31951b7a", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1a17a4ac2d57102497fac53b53c666dba6a0c20d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2cb3f56e827abb22c4168ad0c1bbbf401bb2f3b8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6dc937a3086e344f965ca5c459f8f3eb6b68d890", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/84f2bac74000dbb7a177d9b98a17031ec8d07ec5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8d5b20fbc548650019afa96822b6a33ea4ec8aa5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9c6ce55e6f0bd1541f112833006b4052614c7d94", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/db755e55349045375c5c7036e8650afb3ff419d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50170.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50170.json index f342111dfd8..a32baa9abc1 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50170.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50170.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50170", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:08.093", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T16:44:31.073", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,104 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: bcmasp: corrige una posible p\u00e9rdida de memoria en bcmasp_xmit(). bcmasp_xmit() devuelve NETDEV_TX_OK sin liberar skb en caso de que falle el mapeo, agregue dev_kfree_skb() para solucionarlo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "7DD6A680-9CD9-4AC0-B481-31440B98FFD9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/7218de0778aefbbbcfe474a55f88bbf6f244627d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f689f20d3e09f2d4d0a2c575a9859115a33e68bd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fed07d3eb8a8d9fcc0e455175a89bc6445d6faed", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50172.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50172.json index 9deadb02e93..35f2e29f862 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50172.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50172.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50172", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-07T10:15:08.227", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:55:27.260", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,104 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/bnxt_re: Se corrige una posible p\u00e9rdida de memoria En bnxt_re_setup_chip_ctx() cuando bnxt_qplib_map_db_bar() falla, el controlador no libera la memoria asignada para \"rdev->chip_ctx\"." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-401" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.5", + "versionEndExcluding": "6.6.59", + "matchCriteriaId": "5B14E06A-B243-4F9C-99C6-5970A8D9D9A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3fc5410f225d1651580a4aeb7c72f55e28673b53", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/595fa9b17201028d35f92d450fc0ecda873fe469", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/73e04a6114e08b5eb10e589e12b680955accb376", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50206.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50206.json index eb69f3a7b63..218f4f094f1 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50206.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50206.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50206", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-08T06:15:16.963", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-13T16:56:25.937", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,97 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ethernet: mtk_eth_soc: se corrige la corrupci\u00f3n de memoria durante la inicializaci\u00f3n de fq DMA. El bucle responsable de asignar hasta b\u00faferes MTK_FQ_DMA_LENGTH solo debe tocar la cantidad de descriptores, de lo contrario, termina corrompiendo la memoria no relacionada. Corrija el recuento de iteraciones del bucle en consecuencia." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9.6", + "versionEndExcluding": "6.10", + "matchCriteriaId": "AEE76B76-CD40-4103-8E82-768D583AB8A8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10", + "versionEndExcluding": "6.11.6", + "matchCriteriaId": "DB1EF597-EE20-41B9-A601-99CB57D64A94" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/68cd084e3ec1512cd383cb3e9cf0ab7ab413724c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/88806efc034a9830f483963326b99930ad519af1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50330.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50330.json index ab147522dcc..2e83559e191 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50330.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50330.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50330", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:25.573", - "lastModified": "2024-11-12T16:15:25.573", + "lastModified": "2024-11-13T16:35:25.000", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update\u00a0allows a remote unauthenticated attacker to achieve remote code execution." + }, + { + "lang": "es", + "value": "La inyecci\u00f3n de SQL en Ivanti Endpoint Manager antes de la actualizaci\u00f3n de seguridad de noviembre de 2024 o la actualizaci\u00f3n de seguridad de noviembre de 2022 SU6 permite que un atacante remoto no autenticado logre la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { @@ -36,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50353.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50353.json index 395c8e0a1d2..8673893d64c 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50353.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50353.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50353", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-30T14:15:07.790", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:15:19.900", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,14 +81,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:iowacomputergurus:aspnetcore.utilities.cloudstorage:*:*:*:*:*:*:*:*", + "versionEndExcluding": "8.0.0", + "matchCriteriaId": "B807C101-2DF0-4CAB-9310-1A0186960459" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/commit/8ea534481181a063175f457082662fdcad9a41ff", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/IowaComputerGurus/aspnetcore.utilities.cloudstorage/security/advisories/GHSA-24mc-gc52-47jv", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50634.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50634.json index 61a66d2539e..a22934c608f 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50634.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50634.json @@ -2,16 +2,55 @@ "id": "CVE-2024-50634", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T17:15:06.570", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-13T15:35:12.950", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en un token JWT d\u00e9bil en Watcharr v1.43.0 y versiones anteriores permite a los atacantes realizar una escalada de privilegios mediante un token JWT manipulado a medida. Esta vulnerabilidad no se limita a la escalada de privilegios, sino que tambi\u00e9n afecta a todas las funciones que requieren autenticaci\u00f3n." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-319" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/yamerooo123/CVE/tree/main/CVE-2024-50634", diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50852.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50852.json new file mode 100644 index 00000000000..ca11fb658ff --- /dev/null +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50852.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-50852", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-13T15:15:08.897", + "lastModified": "2024-11-13T15:15:08.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetUSBPartitionUmount/overview.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50853.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50853.json new file mode 100644 index 00000000000..ba1f8a8db34 --- /dev/null +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50853.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-50853", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-13T15:15:08.953", + "lastModified": "2024-11-13T15:15:08.953", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetDebugCfg/overview.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50854.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50854.json new file mode 100644 index 00000000000..501e0533aff --- /dev/null +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50854.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-50854", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-13T15:15:09.010", + "lastModified": "2024-11-13T15:15:09.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/zp9080/Tenda/blob/main/Tenda-G3v3.0%20V15.11.0.20-formSetPortMapping/overview.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50969.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50969.json new file mode 100644 index 00000000000..37476e83205 --- /dev/null +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50969.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50969", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-13T16:15:18.960", + "lastModified": "2024-11-13T16:15:18.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Reflected cross-site scripting (XSS) vulnerability in browse.php of Code-projects Jonnys Liquor 1.0 allows remote attackers to inject arbitrary web scripts or HTML via the search parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://code-projects.org/jonnys-liquor-in-php-css-javascript-and-mysql-free-download/", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/Akhlak2511/CVE-2024-50969", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50970.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50970.json new file mode 100644 index 00000000000..7f58ab90290 --- /dev/null +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50970.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50970", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-13T16:15:19.043", + "lastModified": "2024-11-13T16:15:19.043", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Akhlak2511/CVE-2024-50970", + "source": "cve@mitre.org" + }, + { + "url": "https://itsourcecode.com/free-projects/php-project/online-furniture-shop-in-php-projects-free-source-code-and-database/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50971.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50971.json new file mode 100644 index 00000000000..ce3b418e6c7 --- /dev/null +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50971.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50971", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-13T16:15:19.113", + "lastModified": "2024-11-13T16:15:19.113", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability in print.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the map_id parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Akhlak2511/CVE-2024-50971", + "source": "cve@mitre.org" + }, + { + "url": "https://itsourcecode.com/free-projects/php-project/construction-management-system-project-in-php-with-source-code/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50972.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50972.json new file mode 100644 index 00000000000..a02bf6e4517 --- /dev/null +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50972.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-50972", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-13T16:15:19.180", + "lastModified": "2024-11-13T16:15:19.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A SQL injection vulnerability in printtool.php of Itsourcecode Construction Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the borrow_id parameter." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/Akhlak2511/CVE-2024-50972", + "source": "cve@mitre.org" + }, + { + "url": "https://itsourcecode.com/free-projects/php-project/construction-management-system-project-in-php-with-source-code/", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51030.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51030.json index 7416dda163b..7235eb1f712 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51030.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51030.json @@ -2,24 +2,86 @@ "id": "CVE-2024-51030", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.463", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-13T16:47:16.060", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en manage_client.php y view_cab.php de Sourcecodester Cab Management System 1.0 permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro id, lo que lleva a un acceso no autorizado y a un posible compromiso de datos confidenciales dentro de la base de datos." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:cab_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "62692EFD-FCF7-4257-9FDD-81F20FAF20E7" + } + ] + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/vighneshnair7/CVE-2024-51030", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json index b7bb2e21cdf..554e6f1bccb 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json @@ -2,7 +2,7 @@ "id": "CVE-2024-51055", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T19:15:06.190", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-13T16:35:25.810", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Un problema en Hoosk v1.7.1 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el componente config.php." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://github.com/havok89/Hoosk/issues/66", diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51152.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51152.json index f4e74ebd0a5..bb3c976fbb8 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51152.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51152.json @@ -2,16 +2,55 @@ "id": "CVE-2024-51152", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T18:15:17.753", - "lastModified": "2024-11-08T19:01:03.880", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-13T15:35:14.280", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga de archivos en Laravel CMS v.1.4.7 y anteriores permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente shell.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://co-a1natas.feishu.cn/docx/GuYjd2lDEoxNhVxPa9Yc1akknee", diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52293.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52293.json new file mode 100644 index 00000000000..e0520459cec --- /dev/null +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52293.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-52293", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-13T16:15:19.307", + "lastModified": "2024-11-13T16:15:19.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via twig SSTI. This is a sequel to CVE-2023-40035. This vulnerability is fixed in 4.12.2 and 5.4.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/craftcms/cms/commit/123e48a696de1e2f63ab519d4730eb3b87beaa58", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/craftcms/cms/security/advisories/GHSA-f3cw-hg6r-chfv", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52295.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52295.json new file mode 100644 index 00000000000..a5b4407dddc --- /dev/null +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52295.json @@ -0,0 +1,82 @@ +{ + "id": "CVE-2024-52295", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-13T16:15:19.550", + "lastModified": "2024-11-13T16:15:19.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and OID are hardcoded. The vulnerability has been fixed in v2.10.2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + } + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/dataease/dataease/commit/e755248d59543bcd668ace495f293ff735fa82e9", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/dataease/dataease/security/advisories/GHSA-45v9-gfcv-xcq6", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52298.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52298.json new file mode 100644 index 00000000000..8ebc8353264 --- /dev/null +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52298.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52298", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-13T16:15:19.713", + "lastModified": "2024-11-13T16:15:19.713", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the \"Delegate my view right\" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs to provide the reference to a PDF file to the macro. To obtain the reference of the desired attachment, the attacker can access the Page Index, Attachments tab. Even if the UI shows N/A, the user can inspect the page and check the HTTP request that fetches the live data entries. The attachment URL is available in the returned JSON for all attachments, including protected ones and allows getting the necessary values. This vulnerability is fixed in version 2.5.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-615" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-hph4-7j37-7c97", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52299.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52299.json new file mode 100644 index 00000000000..76b2641f1c8 --- /dev/null +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52299.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52299", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-13T16:15:19.990", + "lastModified": "2024-11-13T16:15:19.990", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the \"key\" that is passed to prevent this is computed incorrectly, calling skip on the digest stream doesn't update the digest. This is fixed in 2.5.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-340" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-522m-m242-jr9p", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52300.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52300.json new file mode 100644 index 00000000000..0c7df3a5ea9 --- /dev/null +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52300.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52300", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-13T16:15:20.240", + "lastModified": "2024-11-13T16:15:20.240", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact the confidentiality, integrity and availability of the whole XWiki installation when an admin visits the page with the malicious code. This is fixed in 2.5.6." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/xwikisas/macro-pdfviewer/security/advisories/GHSA-84wx-6vfp-5m6g", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52301.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52301.json index 1a15b033e9d..2caf68c3b63 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52301.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52301.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52301", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-12T20:15:14.087", - "lastModified": "2024-11-12T20:15:14.087", + "lastModified": "2024-11-13T15:35:15.693", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Laravel is a web application framework. When the register_argc_argv php directive is set to on , and users call any URL with a special crafted query string, they are able to change the environment used by the framework when handling the request. The vulnerability fixed in 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23, and 11.31.0. The framework now ignores argv values for environment detection on non-cli SAPIs." + }, + { + "lang": "es", + "value": "Laravel es un framework de aplicaciones web. Cuando la directiva de php register_argc_argv est\u00e1 establecida en on y los usuarios llaman a cualquier URL con una cadena de consulta especialmente manipulada, pueden cambiar el entorno que utiliza el framework al procesar la solicitud. La vulnerabilidad se corrigi\u00f3 en 6.20.45, 7.30.7, 8.83.28, 9.52.17, 10.48.23 y 11.31.0. El framework ahora ignora los valores argv para la detecci\u00f3n del entorno en SAPI que no son de CLI." } ], "metrics": { @@ -55,6 +59,28 @@ "baseSeverity": "HIGH" } } + ], + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 0.0, + "baseSeverity": "NONE" + }, + "exploitabilityScore": 3.9, + "impactScore": 0.0 + } ] }, "weaknesses": [ diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52305.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52305.json new file mode 100644 index 00000000000..bd41951b271 --- /dev/null +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52305.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-52305", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-13T16:15:20.473", + "lastModified": "2024-11-13T16:15:20.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account with an option to upload a profile image. An attacker can upload a malicious SVG file containing an embedded script. When the profile image is accessed, the embedded script executes, leading to the potential theft of session cookies. This vulnerability is fixed in 0.1.5." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 0.0, + "baseSeverity": "NONE" + }, + "exploitabilityScore": 2.2, + "impactScore": 0.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-616" + }, + { + "lang": "en", + "value": "CWE-692" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/unopim/unopim/commit/9a0da7a0892c60f58df2351b5a9498dcb4cb8b7a", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/unopim/unopim/security/advisories/GHSA-cgr4-c233-h733", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52306.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52306.json new file mode 100644 index 00000000000..7bbdf8ed55c --- /dev/null +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52306.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-52306", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-13T16:15:20.723", + "lastModified": "2024-11-13T16:15:20.723", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerability is fixed in 3.0.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.0, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Laravel-Backpack/FileManager/commit/2830498b85e05fb3c92179053b4d7c4a0fdb880b", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/Laravel-Backpack/FileManager/security/advisories/GHSA-8237-957h-h2c2", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6442.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6442.json index b30aa4dd2c0..9c786248004 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6442.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6442.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6442", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-10-04T06:15:04.370", - "lastModified": "2024-10-04T13:50:43.727", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T16:04:42.603", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "vulnerabilities@zephyrproject.org", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "vulnerabilities@zephyrproject.org", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.6.0", + "matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-m22j-ccg7-4v4h", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-64xx/CVE-2024-6444.json b/CVE-2024/CVE-2024-64xx/CVE-2024-6444.json index b8e0bd97490..37e10ae9066 100644 --- a/CVE-2024/CVE-2024-64xx/CVE-2024-6444.json +++ b/CVE-2024/CVE-2024-64xx/CVE-2024-6444.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6444", "sourceIdentifier": "vulnerabilities@zephyrproject.org", "published": "2024-10-04T07:15:02.877", - "lastModified": "2024-10-04T13:50:43.727", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-13T15:24:28.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "vulnerabilities@zephyrproject.org", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "vulnerabilities@zephyrproject.org", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:zephyrproject:zephyr:*:*:*:*:*:*:*:*", + "versionEndIncluding": "3.6.0", + "matchCriteriaId": "8BA5725B-1797-45C0-846C-FE2EC98D6440" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-qj4r-chj6-h7qp", - "source": "vulnerabilities@zephyrproject.org" + "source": "vulnerabilities@zephyrproject.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-72xx/CVE-2024-7295.json b/CVE-2024/CVE-2024-72xx/CVE-2024-7295.json new file mode 100644 index 00000000000..dd999dba43f --- /dev/null +++ b/CVE-2024/CVE-2024-72xx/CVE-2024-7295.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-7295", + "sourceIdentifier": "security@progress.com", + "published": "2024-11-13T16:15:20.960", + "lastModified": "2024-11-13T16:15:20.960", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Progress\u00ae Telerik\u00ae Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-798" + } + ] + } + ], + "references": [ + { + "url": "https://docs.telerik.com/report-server/knowledge-base/encryption-weakness-cve-2024-7295", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-75xx/CVE-2024-7516.json b/CVE-2024/CVE-2024-75xx/CVE-2024-7516.json index 133d4036fb3..bde87a4a7e9 100644 --- a/CVE-2024/CVE-2024-75xx/CVE-2024-7516.json +++ b/CVE-2024/CVE-2024-75xx/CVE-2024-7516.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7516", "sourceIdentifier": "sirt@brocade.com", "published": "2024-11-12T19:15:18.753", - "lastModified": "2024-11-12T19:15:18.753", + "lastModified": "2024-11-13T15:35:15.997", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in Brocade Fabric OS versions before 9.2.2 could allow man-in-the-middle attackers to conduct remote Service Session Hijacking that may arise from the attacker's ability to forge an SSH key while the Brocade Fabric OS Switch is performing various remote operations initiated by a switch admin." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en las versiones del sistema operativo Brocade Fabric anteriores a 9.2.2 podr\u00eda permitir a atacantes intermediarios realizar secuestros de sesiones de servicio remoto que pueden surgir de la capacidad del atacante de falsificar una clave SSH mientras el conmutador del sistema operativo Brocade Fabric realiza varias operaciones remotas iniciadas por un administrador del conmutador." } ], "metrics": { @@ -55,6 +59,28 @@ "baseSeverity": "HIGH" } } + ], + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } ] }, "weaknesses": [ diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8049.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8049.json new file mode 100644 index 00000000000..c8e49d059d0 --- /dev/null +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8049.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-8049", + "sourceIdentifier": "security@progress.com", + "published": "2024-11-13T16:15:21.237", + "lastModified": "2024-11-13T16:15:21.237", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@progress.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@progress.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-834" + } + ] + } + ], + "references": [ + { + "url": "https://docs.telerik.com/devtools/document-processing/knowledge-base/excessive-allocation-cve-2024-8049", + "source": "security@progress.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-80xx/CVE-2024-8069.json b/CVE-2024/CVE-2024-80xx/CVE-2024-8069.json index 337a22197ed..6de3e69bd12 100644 --- a/CVE-2024/CVE-2024-80xx/CVE-2024-8069.json +++ b/CVE-2024/CVE-2024-80xx/CVE-2024-8069.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8069", "sourceIdentifier": "secure@citrix.com", "published": "2024-11-12T18:15:47.603", - "lastModified": "2024-11-12T18:15:47.603", + "lastModified": "2024-11-13T16:35:26.703", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Limited remote code execution with privilege of a NetworkService Account access\u00a0in\u00a0Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server" + }, + { + "lang": "es", + "value": "Ejecuci\u00f3n remota limitada de c\u00f3digo con privilegio de acceso a una cuenta de servicio de red en la grabaci\u00f3n de sesiones de Citrix si el atacante es un usuario autenticado en la misma intranet que el servidor de grabaci\u00f3n de sesiones" } ], "metrics": { @@ -55,6 +59,28 @@ "baseSeverity": "MEDIUM" } } + ], + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } ] }, "weaknesses": [ @@ -67,6 +93,16 @@ "value": "CWE-502" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] } ], "references": [ diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9477.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9477.json new file mode 100644 index 00000000000..02bd01b9d14 --- /dev/null +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9477.json @@ -0,0 +1,85 @@ +{ + "id": "CVE-2024-9477", + "sourceIdentifier": "iletisim@usom.gov.tr", + "published": "2024-11-13T15:15:09.493", + "lastModified": "2024-11-13T15:15:09.493", + "vulnStatus": "Received", + "cveTags": [ + { + "sourceIdentifier": "iletisim@usom.gov.tr", + "tags": [ + "unsupported-when-assigned" + ] + } + ], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AirTies Air4443 Firmware allows Cross-Site Scripting (XSS).This issue affects Air4443 Firmware: through 14102024.\n\n\nNOTE: The vendor was contacted and it was learned that the product classified as End-of-Life and End-of-Support." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:L/SC:N/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "iletisim@usom.gov.tr", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://www.usom.gov.tr/bildirim/tr-24-1851", + "source": "iletisim@usom.gov.tr" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 818d9f36a03..e5cfeb50e4c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-13T15:00:50.399887+00:00 +2024-11-13T17:00:48.485112+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-13T14:58:48.243000+00:00 +2024-11-13T16:59:43.830000+00:00 ``` ### Last Data Feed Release @@ -33,41 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -269483 +269509 ``` ### CVEs added in the last Commit -Recently added CVEs: `3` +Recently added CVEs: `26` -- [CVE-2022-45157](CVE-2022/CVE-2022-451xx/CVE-2022-45157.json) (`2024-11-13T14:15:14.990`) -- [CVE-2024-11159](CVE-2024/CVE-2024-111xx/CVE-2024-11159.json) (`2024-11-13T14:15:15.330`) -- [CVE-2024-48989](CVE-2024/CVE-2024-489xx/CVE-2024-48989.json) (`2024-11-13T14:15:15.417`) +- [CVE-2024-10013](CVE-2024/CVE-2024-100xx/CVE-2024-10013.json) (`2024-11-13T16:15:17.387`) +- [CVE-2024-11165](CVE-2024/CVE-2024-111xx/CVE-2024-11165.json) (`2024-11-13T15:15:06.877`) +- [CVE-2024-11175](CVE-2024/CVE-2024-111xx/CVE-2024-11175.json) (`2024-11-13T16:15:17.740`) +- [CVE-2024-48510](CVE-2024/CVE-2024-485xx/CVE-2024-48510.json) (`2024-11-13T15:15:07.463`) +- [CVE-2024-48900](CVE-2024/CVE-2024-489xx/CVE-2024-48900.json) (`2024-11-13T15:15:07.577`) +- [CVE-2024-49504](CVE-2024/CVE-2024-495xx/CVE-2024-49504.json) (`2024-11-13T15:15:07.767`) +- [CVE-2024-49505](CVE-2024/CVE-2024-495xx/CVE-2024-49505.json) (`2024-11-13T15:15:07.860`) +- [CVE-2024-49506](CVE-2024/CVE-2024-495xx/CVE-2024-49506.json) (`2024-11-13T15:15:08.070`) +- [CVE-2024-50852](CVE-2024/CVE-2024-508xx/CVE-2024-50852.json) (`2024-11-13T15:15:08.897`) +- [CVE-2024-50853](CVE-2024/CVE-2024-508xx/CVE-2024-50853.json) (`2024-11-13T15:15:08.953`) +- [CVE-2024-50854](CVE-2024/CVE-2024-508xx/CVE-2024-50854.json) (`2024-11-13T15:15:09.010`) +- [CVE-2024-50969](CVE-2024/CVE-2024-509xx/CVE-2024-50969.json) (`2024-11-13T16:15:18.960`) +- [CVE-2024-50970](CVE-2024/CVE-2024-509xx/CVE-2024-50970.json) (`2024-11-13T16:15:19.043`) +- [CVE-2024-50971](CVE-2024/CVE-2024-509xx/CVE-2024-50971.json) (`2024-11-13T16:15:19.113`) +- [CVE-2024-50972](CVE-2024/CVE-2024-509xx/CVE-2024-50972.json) (`2024-11-13T16:15:19.180`) +- [CVE-2024-52293](CVE-2024/CVE-2024-522xx/CVE-2024-52293.json) (`2024-11-13T16:15:19.307`) +- [CVE-2024-52295](CVE-2024/CVE-2024-522xx/CVE-2024-52295.json) (`2024-11-13T16:15:19.550`) +- [CVE-2024-52298](CVE-2024/CVE-2024-522xx/CVE-2024-52298.json) (`2024-11-13T16:15:19.713`) +- [CVE-2024-52299](CVE-2024/CVE-2024-522xx/CVE-2024-52299.json) (`2024-11-13T16:15:19.990`) +- [CVE-2024-52300](CVE-2024/CVE-2024-523xx/CVE-2024-52300.json) (`2024-11-13T16:15:20.240`) +- [CVE-2024-52305](CVE-2024/CVE-2024-523xx/CVE-2024-52305.json) (`2024-11-13T16:15:20.473`) +- [CVE-2024-52306](CVE-2024/CVE-2024-523xx/CVE-2024-52306.json) (`2024-11-13T16:15:20.723`) +- [CVE-2024-7295](CVE-2024/CVE-2024-72xx/CVE-2024-7295.json) (`2024-11-13T16:15:20.960`) +- [CVE-2024-8049](CVE-2024/CVE-2024-80xx/CVE-2024-8049.json) (`2024-11-13T16:15:21.237`) +- [CVE-2024-9477](CVE-2024/CVE-2024-94xx/CVE-2024-9477.json) (`2024-11-13T15:15:09.493`) ### CVEs modified in the last Commit -Recently modified CVEs: `19` +Recently modified CVEs: `61` -- [CVE-2024-31082](CVE-2024/CVE-2024-310xx/CVE-2024-31082.json) (`2024-11-13T13:15:03.550`) -- [CVE-2024-46869](CVE-2024/CVE-2024-468xx/CVE-2024-46869.json) (`2024-11-13T14:15:16.323`) -- [CVE-2024-47765](CVE-2024/CVE-2024-477xx/CVE-2024-47765.json) (`2024-11-13T14:48:37.050`) -- [CVE-2024-47768](CVE-2024/CVE-2024-477xx/CVE-2024-47768.json) (`2024-11-13T14:55:39.690`) -- [CVE-2024-49864](CVE-2024/CVE-2024-498xx/CVE-2024-49864.json) (`2024-11-13T14:23:48.437`) -- [CVE-2024-49872](CVE-2024/CVE-2024-498xx/CVE-2024-49872.json) (`2024-11-13T14:26:11.547`) -- [CVE-2024-49878](CVE-2024/CVE-2024-498xx/CVE-2024-49878.json) (`2024-11-13T14:32:13.227`) -- [CVE-2024-49885](CVE-2024/CVE-2024-498xx/CVE-2024-49885.json) (`2024-11-13T14:36:33.207`) -- [CVE-2024-49886](CVE-2024/CVE-2024-498xx/CVE-2024-49886.json) (`2024-11-13T14:39:36.240`) -- [CVE-2024-49887](CVE-2024/CVE-2024-498xx/CVE-2024-49887.json) (`2024-11-13T14:50:09.193`) -- [CVE-2024-49888](CVE-2024/CVE-2024-498xx/CVE-2024-49888.json) (`2024-11-13T14:54:25.787`) -- [CVE-2024-49902](CVE-2024/CVE-2024-499xx/CVE-2024-49902.json) (`2024-11-13T13:47:16.923`) -- [CVE-2024-49926](CVE-2024/CVE-2024-499xx/CVE-2024-49926.json) (`2024-11-13T14:57:30.260`) -- [CVE-2024-49927](CVE-2024/CVE-2024-499xx/CVE-2024-49927.json) (`2024-11-13T14:58:48.243`) -- [CVE-2024-49940](CVE-2024/CVE-2024-499xx/CVE-2024-49940.json) (`2024-11-13T13:26:01.343`) -- [CVE-2024-49944](CVE-2024/CVE-2024-499xx/CVE-2024-49944.json) (`2024-11-13T13:30:25.217`) -- [CVE-2024-50491](CVE-2024/CVE-2024-504xx/CVE-2024-50491.json) (`2024-11-13T14:00:03.247`) -- [CVE-2024-6868](CVE-2024/CVE-2024-68xx/CVE-2024-6868.json) (`2024-11-13T14:43:33.037`) -- [CVE-2024-7010](CVE-2024/CVE-2024-70xx/CVE-2024-7010.json) (`2024-11-13T14:54:33.897`) +- [CVE-2024-49935](CVE-2024/CVE-2024-499xx/CVE-2024-49935.json) (`2024-11-13T15:21:55.297`) +- [CVE-2024-49938](CVE-2024/CVE-2024-499xx/CVE-2024-49938.json) (`2024-11-13T15:25:11.290`) +- [CVE-2024-50089](CVE-2024/CVE-2024-500xx/CVE-2024-50089.json) (`2024-11-13T16:59:43.830`) +- [CVE-2024-50152](CVE-2024/CVE-2024-501xx/CVE-2024-50152.json) (`2024-11-13T15:15:56.840`) +- [CVE-2024-50153](CVE-2024/CVE-2024-501xx/CVE-2024-50153.json) (`2024-11-13T15:23:49.717`) +- [CVE-2024-50154](CVE-2024/CVE-2024-501xx/CVE-2024-50154.json) (`2024-11-13T16:17:12.473`) +- [CVE-2024-50159](CVE-2024/CVE-2024-501xx/CVE-2024-50159.json) (`2024-11-13T16:19:28.807`) +- [CVE-2024-50160](CVE-2024/CVE-2024-501xx/CVE-2024-50160.json) (`2024-11-13T16:13:39.750`) +- [CVE-2024-50161](CVE-2024/CVE-2024-501xx/CVE-2024-50161.json) (`2024-11-13T16:36:57.413`) +- [CVE-2024-50167](CVE-2024/CVE-2024-501xx/CVE-2024-50167.json) (`2024-11-13T15:29:54.590`) +- [CVE-2024-50168](CVE-2024/CVE-2024-501xx/CVE-2024-50168.json) (`2024-11-13T16:16:31.747`) +- [CVE-2024-50170](CVE-2024/CVE-2024-501xx/CVE-2024-50170.json) (`2024-11-13T16:44:31.073`) +- [CVE-2024-50172](CVE-2024/CVE-2024-501xx/CVE-2024-50172.json) (`2024-11-13T15:55:27.260`) +- [CVE-2024-50206](CVE-2024/CVE-2024-502xx/CVE-2024-50206.json) (`2024-11-13T16:56:25.937`) +- [CVE-2024-50330](CVE-2024/CVE-2024-503xx/CVE-2024-50330.json) (`2024-11-13T16:35:25.000`) +- [CVE-2024-50353](CVE-2024/CVE-2024-503xx/CVE-2024-50353.json) (`2024-11-13T15:15:19.900`) +- [CVE-2024-50634](CVE-2024/CVE-2024-506xx/CVE-2024-50634.json) (`2024-11-13T15:35:12.950`) +- [CVE-2024-51030](CVE-2024/CVE-2024-510xx/CVE-2024-51030.json) (`2024-11-13T16:47:16.060`) +- [CVE-2024-51055](CVE-2024/CVE-2024-510xx/CVE-2024-51055.json) (`2024-11-13T16:35:25.810`) +- [CVE-2024-51152](CVE-2024/CVE-2024-511xx/CVE-2024-51152.json) (`2024-11-13T15:35:14.280`) +- [CVE-2024-52301](CVE-2024/CVE-2024-523xx/CVE-2024-52301.json) (`2024-11-13T15:35:15.693`) +- [CVE-2024-6442](CVE-2024/CVE-2024-64xx/CVE-2024-6442.json) (`2024-11-13T16:04:42.603`) +- [CVE-2024-6444](CVE-2024/CVE-2024-64xx/CVE-2024-6444.json) (`2024-11-13T15:24:28.657`) +- [CVE-2024-7516](CVE-2024/CVE-2024-75xx/CVE-2024-7516.json) (`2024-11-13T15:35:15.997`) +- [CVE-2024-8069](CVE-2024/CVE-2024-80xx/CVE-2024-8069.json) (`2024-11-13T16:35:26.703`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 402cf6edf79..6b2f7a4dc22 100644 --- a/_state.csv +++ b/_state.csv @@ -66488,7 +66488,7 @@ CVE-2014-2116,0,0,7f4c0a5a9ba818702fecf4ad94d6b79c56fa970de259bad7e52d57e6601d8d CVE-2014-2117,0,0,744be558787fc734743db5fb08a2f104e326248eca1df2541936e657776f0211,2015-09-16T19:14:51.373000 CVE-2014-2118,0,0,d9c523cd8458c23ad4f67136e8abd038df8311fabdee2ee882e82595957c6524,2015-09-16T19:15:13.013000 CVE-2014-2119,0,0,dc59e4b20e1cb6a86521df22d9afd3d7bf9a254360551160345301637ac028ed,2018-10-30T16:27:22.513000 -CVE-2014-2120,0,0,1fca1f0e822c5ca1caaba4ff4ed7c399fc91dd4626e8ff3a777ff058ec4cc5f7,2024-11-13T02:00:01.313000 +CVE-2014-2120,0,1,ce1677e694d6686cadce37384537bbc99d0e017b1045af9565a3bb98f4ea42b3,2024-11-13T15:35:00.870000 CVE-2014-2121,0,0,4afd2d28e42c18f0900f208743e465831fa3c8ab3ebc9ca414773139091c6201,2016-09-07T18:12:06.607000 CVE-2014-2122,0,0,dbb6dbf5774baace51218f4cf4f2a00e09f23a90b7e8640df5ad1439a89ab10a,2017-08-29T01:34:29.327000 CVE-2014-2124,0,0,3586bbe7c97b507b4cf47d1d50fb4baf8f4a4def2f13cc87faaf14b676b4a63c,2017-08-29T01:34:29.390000 @@ -182992,7 +182992,7 @@ CVE-2021-41273,0,0,22e981aee79a348369e6e5b3f2497890c0a09379e3ccaa557c238e411f479 CVE-2021-41274,0,0,4801618226ef6fbd844f77722a17f1e42970ce0c91d00a645240ebe68d63b64c,2021-11-24T04:48:51.327000 CVE-2021-41275,0,0,72eb6df0fbcd7b4b48e3b6b2df9cb79483c7c6eff6a80d8a317843eef2fb750e,2023-11-07T03:38:54.657000 CVE-2021-41276,0,0,43f81f5c7bb44a3c557f7a7bb580e9098875eaf18fdc9e9065580d13a87b3821,2022-08-09T13:23:00.167000 -CVE-2021-41277,0,0,c903edff6a2dfa148b7d6a581e1a45324874f1b66cf91cff6405459f4556bf40,2024-11-13T02:00:01.323000 +CVE-2021-41277,0,1,8f85c16165f421bbe8959738969c7a5285b426f29a3cc665f32f93e9337df41e,2024-11-13T15:35:02.370000 CVE-2021-41278,0,0,289b80fe51b1c67efe7b1583a091c1f915296c53ddca752bce8dbe149f38e5f0,2021-11-23T01:47:31.917000 CVE-2021-41279,0,0,1f37e7cb41cf65453652600ba5a1a3695ff0082e2d6673cbad05397db69478b0,2021-11-30T17:05:29.827000 CVE-2021-4128,0,0,f5d2c0e7f9c9c0649cd1484b0b14d626395ccd5d19597f1376cbec60506c7e74,2023-01-03T20:07:34.583000 @@ -209917,7 +209917,7 @@ CVE-2022-45152,0,0,904a6ae327ce4f105ae39e838aaa8e168626ff8f525e7cfb80729e3337c68 CVE-2022-45153,0,0,af26264d76ca730a50f330b3c7c0c6967ba5cc426e6b98a2c595b256aab77b42,2023-02-24T18:57:30.060000 CVE-2022-45154,0,0,8e6661d5b1d6d1f8808d6d7c5a9f406854c673f49b3f9951c5a534bc355e3106,2023-02-24T18:58:26.687000 CVE-2022-45155,0,0,00c15542980f3d817a6fca7c4916fc87db744879eb05e19e7fdb3d2a345e47ae,2023-03-21T20:30:39.870000 -CVE-2022-45157,1,1,fca906007f4952b3e23b976e3b31f9f767d4eb45fb87cf6b8cc6d949f9d00186,2024-11-13T14:15:14.990000 +CVE-2022-45157,0,0,fca906007f4952b3e23b976e3b31f9f767d4eb45fb87cf6b8cc6d949f9d00186,2024-11-13T14:15:14.990000 CVE-2022-4516,0,0,e91ea5be617d8d1653712140a020bcacbe9abef83b454eaba5e38eccb26bf96b,2023-11-07T03:58:02.840000 CVE-2022-45163,0,0,60d5a7c4dae3a8603c39173362ed56d61dea963d2d8edc4c421aed61355472e1,2022-11-28T15:21:56.177000 CVE-2022-45164,0,0,432eaac455b12dd7419a1007a38d27c0a77d78148eed3a1afd4c2b23eb10f0d2,2023-01-14T04:32:32.957000 @@ -242416,6 +242416,8 @@ CVE-2024-10007,0,0,7cb5df60ac40f8c66f2744f5b05d99f456b4251857e903ea22b41edfa55cf CVE-2024-10008,0,0,93a7056d3eedb0f45bdd1f80f18e9d31f27172cc24baaadb6be41dc083092214,2024-10-29T14:34:04.427000 CVE-2024-1001,0,0,481a263280d7671352a0e81cdb22876e1831937aba78d275dcb085f339a7c9b0,2024-05-17T02:35:08.903000 CVE-2024-10011,0,0,c65457aada34faaf1e6c0516da2186c923ac9223c52e8a5eff532b04914394dd,2024-11-06T16:01:39.573000 +CVE-2024-10012,1,1,a07168f862e6ae2882a1ac9cd477d74a8ca35c7e2ce2841383fe383130cb30dc,2024-11-13T16:15:17.143000 +CVE-2024-10013,1,1,b6d510e3dcb18bae2d18075ec8e7bd80eb36e5db03abfff66f33f25a5f910b84,2024-11-13T16:15:17.387000 CVE-2024-10014,0,0,e8d1f2b2bcba8c55790a5ab025cb991579911523f1b20331581610c1fd5c2ad1,2024-10-29T16:58:48.127000 CVE-2024-10016,0,0,21d0091eaff7fe7567d1651c36c431401391330eaae7a5e6c3e21a28cc10ea9f,2024-10-25T12:56:07.750000 CVE-2024-10018,0,0,2aa14605c63d984e9b2fdfd4b3872cd3e6ce36a0ab239799435cd07454bf385f,2024-10-16T18:35:03.460000 @@ -243059,14 +243061,14 @@ CVE-2024-11100,0,0,c492dc436c5e7b0bafe38365cc0f5202d40cfdc5e0c2327c30b822de79afc CVE-2024-11101,0,0,a2b85a410a212ab95b03a0a6c633679b89052f56b8c74d4fa60b641fe5c20a93,2024-11-12T13:55:21.227000 CVE-2024-11102,0,0,460c291b099a678065bd11e1bbf8bd3fff3f3d6e3ee0d55ca5f7bdf40e5eda3d,2024-11-12T13:55:21.227000 CVE-2024-1111,0,0,f15445887f26214e7eb2759298bdfed96c32a982bdf7c3d908e39f1fc291a984,2024-05-17T02:35:14.527000 -CVE-2024-11110,0,0,8b548184e4a0f5c225becac7951df5f3f8fb1322324e204c4a9327114309c555,2024-11-12T21:15:10.920000 -CVE-2024-11111,0,0,7ba2fb932a8527d0852a952e72c2ffc379602890c1e9922645a4e98ac2f997db,2024-11-12T21:15:11 +CVE-2024-11110,0,1,05562a123e53ec44be346d76401b6409e6879fecc8ee3e8ffd75e52224f1b329,2024-11-13T16:35:04.523000 +CVE-2024-11111,0,1,130308d4f6d5b4eeec816b9744b89a3a2b53a71c9b28f3b5f8ea589f7f24468b,2024-11-13T16:35:05.837000 CVE-2024-11112,0,0,ba1112b02a57bf4962397be0e681f4fc7f0e4db7f34a6969c99f58e8279ae046,2024-11-12T21:35:15.850000 CVE-2024-11113,0,0,003bb2ec998236a1bca5839bc0d7aef08ed4785e098452322655bc0f805f92e5,2024-11-12T21:35:16.623000 CVE-2024-11114,0,0,601aec6b43286a363edbb063b1122064b1309be2a41688938190595699990577,2024-11-12T21:35:17.413000 -CVE-2024-11115,0,0,42fac239a834f5d90742618794b31e3989df203441025e2d241e7b84b30dd53c,2024-11-12T21:15:11.280000 -CVE-2024-11116,0,0,02ae6dc4dd3974b6448ebe51f4db5e20b361eed345b711c4c5eec9f4a7dd63f5,2024-11-12T21:15:11.340000 -CVE-2024-11117,0,0,eef0ffca6c47937890fbf0a92b30f1f82cd525a1f04eb40a90483aef498b4b88,2024-11-12T21:15:11.393000 +CVE-2024-11115,0,1,6ad4460cf59877a9cdab302560153def89cb30f176ec61ec9be54149e70d3677,2024-11-13T16:35:06.630000 +CVE-2024-11116,0,1,4b79dbd96797d3df13fd5b5784c25ceff314c6f7f91f2db52db294a84498b70e,2024-11-13T16:35:07.427000 +CVE-2024-11117,0,1,052ee75601cb5367ac893260349572e03e8cf209fe681b49d84cf1576e4b8522,2024-11-13T16:35:08.220000 CVE-2024-1112,0,0,a074043c8f95f29514c3f59ea2279c09f17d99731ab21d34b196cbe82c1cf23d,2024-02-09T14:34:41.827000 CVE-2024-11121,0,0,78c7f01d1528f5af7c7c0921f9908f534edd8a79fcf13b8e8ba56ec04209ef7f,2024-11-12T16:15:20.770000 CVE-2024-11122,0,0,8b39eb171f905156949631c8c8e8a5af8e744e4719ba7b47f1a185280518c4e7,2024-11-12T16:15:20.873000 @@ -243082,10 +243084,12 @@ CVE-2024-1114,0,0,4ba1cd03fbc35862ac6b2ce79da50122dd303ea22f4f4a45a352ffb5be12a8 CVE-2024-11143,0,0,d9bd3e061a34fe222acf87765c7b6d97ccebfd919c962519007b92b102043708,2024-11-13T03:15:05.110000 CVE-2024-1115,0,0,4dae9d3d8bef65fab3d547368288cc3126446be18b7fc740123f9a96bd6241e2,2024-05-17T02:35:14.880000 CVE-2024-11150,0,0,86fc66192a52a6296cf48980b5695c12bef281442ceb3b66b96ac835f3481d04,2024-11-13T05:15:12.337000 -CVE-2024-11159,1,1,965975734c990456ff9d219d1af1b23db5f63b74f1b6771ce9a6faa2346a6111,2024-11-13T14:15:15.330000 +CVE-2024-11159,0,0,965975734c990456ff9d219d1af1b23db5f63b74f1b6771ce9a6faa2346a6111,2024-11-13T14:15:15.330000 CVE-2024-1116,0,0,4196b5c71a0d802f4c1e9b3a43ac71c958f929e96b26e1ebb01241c6bd176fa3,2024-05-17T02:35:14.983000 -CVE-2024-11168,0,0,6bafd96897b3226ed611ffe9fe0aef0ffd1fe7c02cbdbf638c6784e11ae3129b,2024-11-12T22:15:14.920000 +CVE-2024-11165,1,1,372e27d75721393224317ab8e59b2c30b3a15a2349f2f8e6d35d61b3ad09d726,2024-11-13T15:15:06.877000 +CVE-2024-11168,0,1,b70f7e1e22f1c133430beffae635b536ceebc0cf2c6bfeb8c2bc30ef951335da,2024-11-13T16:35:09.027000 CVE-2024-1117,0,0,0eff4d8f06fdd3645727772834638be79e19128758cbe94b2a8e7a297167b8d0,2024-05-17T02:35:15.090000 +CVE-2024-11175,1,1,03d85428ac3ab9c0868691dd30db144769358c4872e72ce780f79c5b9f265fb2,2024-11-13T16:15:17.740000 CVE-2024-1118,0,0,6c399aaded9e96cfac900ecbd30e202d5a6a42d5625667c3de9725b65dc62fc3,2024-02-10T04:13:01.030000 CVE-2024-1119,0,0,5426bc48e63724893c52e881a8535fb7954cf4e6383fc287bdb9896410f7d3a0,2024-03-20T13:00:16.367000 CVE-2024-1120,0,0,4ae965ad3da5f8a3235e6e58dd82dd504b21e474d229ae465351f9f2ed6318d2,2024-03-01T14:04:04.827000 @@ -244626,7 +244630,7 @@ CVE-2024-20900,0,0,dd950b876d70624a07b7af1c0b796b44690939cd5e1be274d843ac0163ab8 CVE-2024-20901,0,0,5f9dc6d7e5ec003b4ebac42377482eb7121a0918aab2f40a5dfa15c434211c61,2024-07-05T17:12:08.827000 CVE-2024-20903,0,0,c9ef8d846e3822bbe70c984e58a2c7d206219c2d005aefebbfe48d3291a64941,2024-02-20T19:51:05.510000 CVE-2024-20904,0,0,2825f92c3d915e6e0f0061d68d884ba2126601eadca29a19874902f94d6a74f0,2024-01-20T18:42:09.760000 -CVE-2024-20905,0,0,5121ec0c812348f8d843af463fd43e610b8352f502dde4e8af194df71bffe846,2024-02-20T19:51:05.510000 +CVE-2024-20905,0,1,5cd75db3ce8e0b4ca7eaa1e088847333bbe8ccce7b8db3715e7ea413af7cfaa2,2024-11-13T16:35:09.767000 CVE-2024-20906,0,0,bd717d71015dc5a5435b2e0a0577a3000709ef823cb8b0c048c75367a9de0fe0,2024-01-20T18:41:53.127000 CVE-2024-20907,0,0,ba5ab9406cdff0af126fe03268c8d357c080227c8a6c36259ed6e0cfdb4ecf7f,2024-02-20T19:51:05.510000 CVE-2024-20908,0,0,f48ebbb13e10a919d3724d0ac546c6a4149d41b2169d483ec898b46dd4b06c2b,2024-01-20T18:41:36.717000 @@ -247913,7 +247917,7 @@ CVE-2024-25422,0,0,183c4ec0faabad98f4264a6cd25b9f8acfe9ee005e0931f44bde0815e323c CVE-2024-25423,0,0,9c38591521533b12d0d8640f97867e59ae0ba009f0e2d3612c6f7b4eda265498,2024-07-03T01:48:50.347000 CVE-2024-25428,0,0,a1baa90ebade4117b4da7a9052f9f7b7385230216b8f9a62456cca560644c28a,2024-08-01T13:47:44.563000 CVE-2024-2543,0,0,90e05f36a3d2dfc0c0cb0570a48a9a80b8042b66097a9bbd3537fdf34c177bc6,2024-04-10T13:23:38.787000 -CVE-2024-25431,0,0,804021cea2f63b10c8f600172f26f14cf90cf4e264f0fa67d975448227ff0c7a,2024-11-08T19:01:03.880000 +CVE-2024-25431,0,1,f7a29023d8c25d655bb74a17238710ea0f203fcbcb981c8e00225473e26857c3,2024-11-13T15:35:07.420000 CVE-2024-25434,0,0,26bac245bd5b6380c1089f8063086eb0c8545596793c0265b0d4261729bfcdb4,2024-03-04T13:58:23.447000 CVE-2024-25435,0,0,b518f964ef14d92ab1a5ca1db15bba6ee80949a3cea6fd366efd019d37dc656f,2024-02-29T13:49:47.277000 CVE-2024-25436,0,0,16fb2e1f886d8db1c20751b88d1af87dc346511e3a7b7468111bb026aa3d1366,2024-03-04T13:58:23.447000 @@ -250385,7 +250389,7 @@ CVE-2024-2864,0,0,0b7092f6657eda771a1a9211b6ecdc80d9c4229cfeb8d1413066da331f243b CVE-2024-28640,0,0,ceef5b99cd0ed7e56aaf1b4b7933db486d6e0353ef996964fb7bac8c3537b091,2024-10-28T19:35:23.820000 CVE-2024-2865,0,0,55e62f341bb00366e8e43c3aae92bec34f13cdc149d9c58605d949f8282b8ec7,2024-03-25T16:43:06.137000 CVE-2024-2866,0,0,0b9e7e6b190edc1fb6f92975c3f997f504dfccfc4fc2eb0b51cfe7935d053241,2024-04-11T16:15:24.870000 -CVE-2024-28662,0,0,dab9197cc819aeac0bf0ea06401058d5cc75e9a0ba3a4ce1ecd76d7bcd7e31f2,2024-03-14T12:52:16.723000 +CVE-2024-28662,0,1,b51192e425b7681b0efe6860cfd97bda2ae2f78f61cd265e3e211887b2f09342,2024-11-13T16:35:11.107000 CVE-2024-28665,0,0,1bcb843df69123849882283a8f9fca9c4abb51adf88a0a7fc25bcd7f8392f718,2024-08-02T21:35:22.720000 CVE-2024-28666,0,0,9909b1d8b42ce81db5680c2cff308836e3dc86a07602ebc3692c51a5608b0d49,2024-08-02T21:35:23.507000 CVE-2024-28667,0,0,a722c74094b46413cd2f0e1e6663b7ae2104332e1b5c605e7cc511a2a8371374,2024-08-05T19:35:10.487000 @@ -250422,8 +250426,8 @@ CVE-2024-28718,0,0,4be24d2522720079b588ee8fc9971b2e135ab721e46930d077db5b43cb627 CVE-2024-2872,0,0,e60d6692ffdbbc7dca47dd221e29fe124966b59c3165de45eca31ca595a9df4d,2024-08-02T19:35:35.923000 CVE-2024-28722,0,0,4d114a5bb3de475df05c084fbb00bf1fb6503998847c685d4d1672b2617054ce,2024-07-03T01:51:47.757000 CVE-2024-28725,0,0,76f38f123d93dc5a87b1081a9a46cc5a546425e009751f0bb38d077b83255a95,2024-08-01T13:49:14.173000 -CVE-2024-28726,0,0,4a4b1bc5513e2cd63435198300cbdcedb90d65afdeccd2341f23b31c7f4327ac,2024-11-12T23:15:04.137000 -CVE-2024-28728,0,0,d7146d04e3adb6c521f29bff2b4990307ebc5b4b1275cce8264bd330e803bb6f,2024-11-12T23:15:04.230000 +CVE-2024-28726,0,1,86c4a563933ea2b732b0c6938558ff5b97eb97fe894111b0a4632c1d5b37162f,2024-11-13T16:35:11.950000 +CVE-2024-28728,0,1,ffb50e751f7830305fa2c389c92ed87dabd6444873d8a9ff2db4858d69751f93,2024-11-13T16:35:12.757000 CVE-2024-28729,0,0,d81d7ccba64bd1e25c56e551f3a9c5c796ebe4c38c9b9ffe82bc5ddae656220b,2024-11-12T23:15:04.320000 CVE-2024-2873,0,0,ed9040959ed5f40d916defffcff03f64da72505082c3b91fe33a6506c19636e1,2024-03-26T12:55:05.010000 CVE-2024-28730,0,0,59e70749b36ecf37aaeba6cebd9ee081fbad5040ac7357ae81b99ed778a251ef,2024-11-12T23:15:04.410000 @@ -250724,7 +250728,7 @@ CVE-2024-29074,0,0,dae045c5f696de776b77da3987f8405651ce1bf4fa99e4d5313acc43e5165 CVE-2024-29075,0,0,5f4ceb8e1519bbaa6bc09ea81eba95b9d8df6e5520fb957f27607d429d5b6e04,2024-11-12T13:55:21.227000 CVE-2024-29078,0,0,a4fab3b35091f8fd08881f2bf49d899dc5478faeb8df15472b3560684c1a5420,2024-05-28T12:39:28.377000 CVE-2024-2908,0,0,3845fc124bc9f710736d5363f9b086190df4e2925cb4e5b4a7eb9455fd55b3c6,2024-07-03T01:53:38.703000 -CVE-2024-29080,0,0,122d2248f2a74104ef56e4b4f36a007e3f0c20d936565d94fb482f471e756277,2024-07-22T13:00:53.287000 +CVE-2024-29080,0,1,d70af9cf8ca134f2fc32b6a3edafa05fe0b9ef4b57ba184ff012b1c5ad246169,2024-11-13T16:35:13.577000 CVE-2024-29082,0,0,f3bffdf8f114e3bc255f264ae5fa99c37ecaaf471e91670eb2b8e47c9b14fc4a,2024-08-20T17:11:31.787000 CVE-2024-29086,0,0,a506e441c3bf25764a8b903d5765d986b768db67b23cfb3ff53fe13b9a27e4ba,2024-04-02T12:50:42.233000 CVE-2024-29089,0,0,0e8f97a635f9f0c1a64450754b2a18a9e0c4596034f0fadf2dfda26a23dacbbd,2024-03-20T13:00:16.367000 @@ -252143,7 +252147,7 @@ CVE-2024-31079,0,0,7b022d1b68d2e4d6083918cd5bedebc752ca3a191d73bb4a1d52466186b51 CVE-2024-3108,0,0,da90f8f46c09bcb2198c43fdf0f557ced476d6d11a9810f11a2eca18dace7b1f,2024-05-03T14:17:53.690000 CVE-2024-31080,0,0,3b9d2494033fb387c3c295eb2de7b3d391834f87e7478f31592089c17b045145,2024-11-12T15:15:07.940000 CVE-2024-31081,0,0,25382389172b3c9784b69fb4b12eb1ccebb3959688c6518df06f4bb777c7baeb,2024-11-12T15:15:08.220000 -CVE-2024-31082,0,1,381720a41f2636e449f6fbb97ac750bd3aac8caac1fc974b24e35e73093b0b45,2024-11-13T13:15:03.550000 +CVE-2024-31082,0,0,381720a41f2636e449f6fbb97ac750bd3aac8caac1fc974b24e35e73093b0b45,2024-11-13T13:15:03.550000 CVE-2024-31083,0,0,690a27f3dd2345803e961ebbf97659386725d113a2a1b6666464350f6c1bdae8,2024-11-12T15:15:08.420000 CVE-2024-31084,0,0,41d634f6947380fbd38163b98d20d79eadd7ac98ab45077f59de33db1d3e4818,2024-04-01T01:12:59.077000 CVE-2024-31085,0,0,590e50ba650eba0770b80fe595ca66df49dffc2ecf0c3c269ceba9c6316e22c6,2024-04-01T01:12:59.077000 @@ -253494,13 +253498,13 @@ CVE-2024-32835,0,0,fc292842100527900bf0d1c703a8349fdd7fc48d6ac327e0d92cfb86815d7 CVE-2024-32836,0,0,c5fcecde1d31672603e6b98cee8f2b00770cad10996bf26cae90650302e2a97a,2024-04-24T13:39:42.883000 CVE-2024-32839,0,0,8b1ebd5c622d710f196b46dfc836aef986180a82ddf78de14edb950144ec239b,2024-11-13T02:15:16.380000 CVE-2024-32840,0,0,eb1cb5bdef91a06948a0079a32b9f011b54621eea9c3c109934852c6d6ab5100,2024-09-12T22:35:01.747000 -CVE-2024-32841,0,0,59a5f1fc85076472704a9dd70c092872a8946d76c4a36962f9871454f77a2ba0,2024-11-13T02:15:16.567000 +CVE-2024-32841,0,1,8cd1961348729209b7533b5b5bc38ac5b43baa05c53afd87ed52b03f6734d639,2024-11-13T16:35:14.523000 CVE-2024-32842,0,0,e2bf6f1d85652bf244fee9887cdca6c5cbf7305ac99f2a16758ec8aaefdd6ad9,2024-09-12T22:35:02.527000 CVE-2024-32843,0,0,6f4ea6e06ccef21595e961665854f0ab53277f4d5d037839ce9d6a5a11f4a382,2024-09-12T22:35:03.333000 CVE-2024-32844,0,0,1f73b00ddb06d58e070abc0b71232ed5e4dc911553bd3d668d12f221a92ab442,2024-11-13T02:15:16.733000 CVE-2024-32845,0,0,76ca372c6bdaa2a56f8e052d99168f11baf61d9fbc3f0f778a3615e8dd8aae22,2024-09-12T22:35:04.037000 CVE-2024-32846,0,0,9dec1a2ab8dd3bd3abe2879738f59e0fe2ad565f7847d781df8e65635f276d45,2024-09-12T22:35:04.737000 -CVE-2024-32847,0,0,60dfbc0047a10642d95aa05470d8eb8e81a0fb237dac29fe08f258d524a1c7b0,2024-11-13T02:15:16.890000 +CVE-2024-32847,0,1,8f3a3548387f5bdbb465b36f68654f99e9798983ea8569d4bf8cce08efd5f4bf,2024-11-13T16:35:15.243000 CVE-2024-32848,0,0,9ef3b117d0043f546b1d5d06f5102b31e14873c57fb58430ccae17a9afbbba15,2024-09-12T22:35:05.437000 CVE-2024-32849,0,0,2dff3f0f8458f9bc03b8b89ff3ed496d4d9a414f0ec65647eae66f330eefae8c,2024-07-03T01:57:09.160000 CVE-2024-3285,0,0,1ef5c367ccecf316e1895071bcc508779dcf2b19a0822ab0b89afcd5bbef04ef,2024-04-11T12:47:44.137000 @@ -254938,14 +254942,14 @@ CVE-2024-34773,0,0,100b1cb449b7ae251f86bd995ac4446f704b2d5bcbff0a59ab0bc97995491 CVE-2024-34777,0,0,47369db5c522c34e9489779523e2c10406821ae54d821b2c269278d042fde193,2024-06-21T15:58:51.410000 CVE-2024-34779,0,0,61552efe08011b21d4ca3c0787e9337089cecf0917e51cf3275efb7daf3d34a0,2024-09-12T22:35:06.133000 CVE-2024-3478,0,0,d6058a0e6db67f9fedb470e62fc4a04776cf84b327b4bd61639e707b408d963f,2024-05-02T13:27:25.103000 -CVE-2024-34780,0,0,d0edcf2e4c58e13a14453475ee16f1ec7db4d5e6a4298b280a3a8f2d4f28eca4,2024-11-13T02:15:17.047000 -CVE-2024-34781,0,0,aaf6e10ae48b7f693532834e858d166f3e7578c579c108a89da8b60f3d842e67,2024-11-13T02:15:17.210000 -CVE-2024-34782,0,0,036aa472d2fa62c78483641935ccaaa48d29ff4a0084e8c62ef35d3b829eeed5,2024-11-13T02:15:17.367000 +CVE-2024-34780,0,1,166adae73560489637fdaa4e7b00548b38f51b1e8a7e6e166f9619d7efc98ae1,2024-11-13T16:35:15.963000 +CVE-2024-34781,0,1,e0ee3530b015820999af1541838b18e1b415b7f7cf02e3637b2533fba31fb9e4,2024-11-13T16:35:16.703000 +CVE-2024-34782,0,1,68ffad9f9a8617bfb8b56851d4138ff75a8aa5d4aad95eea579c41a5aa6f60c7,2024-11-13T16:35:17.423000 CVE-2024-34783,0,0,8e797f6029d617a56e1c6f1f1918a1e4455d0290f25703ce46a4f7b85500efbb,2024-09-12T22:35:06.833000 -CVE-2024-34784,0,0,d3f160ae483fab7927ff4eea52b860a05632347f0bcd746db0bed872cea5e167,2024-11-13T02:15:17.527000 +CVE-2024-34784,0,1,ff9ebdcbba2082e304190d5f07d3d6a302743f2639a9d59d63090ecc8e89a210,2024-11-13T16:35:18.153000 CVE-2024-34785,0,0,dcae8597d9f4b510b7061d4ca939a94b110916d8e3408a1a1d169ddc89ed2b96,2024-09-12T22:35:07.533000 CVE-2024-34786,0,0,7e8cb80185704202113f9da64eeb79cd413e4b998d966b2b2f4137b8800de467,2024-07-09T18:19:14.047000 -CVE-2024-34787,0,0,862a19cf306fa8413246bc08b5820855828248b9f5c865c82cf998dffee59ae1,2024-11-13T02:15:17.687000 +CVE-2024-34787,0,1,d219d21560c9925659a9ef01a36832a00cf3f6554b8bfcbbaf810fd961e338fb,2024-11-13T16:35:18.883000 CVE-2024-34788,0,0,d3400f02a32ab882f9673e171c113d7d87e605c008eb11cc936f5027941a3e18,2024-08-12T18:52:25.127000 CVE-2024-34789,0,0,4f72636ebbc4b0b39015d14b70eb26533195de09d45d80202a2d9d74dbf95795,2024-06-03T14:46:24.250000 CVE-2024-3479,0,0,2087dca9a48cf75ca53b3d034f436013bdbf676fd8cbe9ff75bcea8a2c85c808,2024-05-03T15:32:19.637000 @@ -256811,7 +256815,7 @@ CVE-2024-3737,0,0,26f370727648bebdbdb4484feb8794c0f4f6f501db44738bd488af3fc5030b CVE-2024-37370,0,0,5ef18b52731aa6f5eafd2b79804cbfc14d163aeb3b01f2fe5bcb0ee8a51881e9,2024-08-27T17:48:12.297000 CVE-2024-37371,0,0,4cdd749ff266141800fa6b979153fdf9a5acf4b51a71786349ea587f3d8acccd,2024-09-18T12:39:04.477000 CVE-2024-37373,0,0,26dc5e4538b7cd09464c61fb65e8031c578a3247488f84f82c407880c1c7486b,2024-08-15T17:31:32.407000 -CVE-2024-37376,0,0,58cd14031a42936b75d9fc497d906c6a7a4bd6aefead9a497111e3a2682a1709,2024-11-13T02:15:17.850000 +CVE-2024-37376,0,1,d3dba89cccbcee83095403218a170c2b7748c767ac24026a51299044f1bf1411,2024-11-13T16:35:19.627000 CVE-2024-3738,0,0,cebdf6c67207ccd8240919e9596b8485c51e6607a12a8dcdfff13f6ddbdbfe32,2024-05-17T02:40:05.977000 CVE-2024-37380,0,0,4ce1330fb679655262ab3b818cd133f9eef1b7c4341268f445fa1434d34f9951,2024-07-24T12:55:13.223000 CVE-2024-37381,0,0,9fe6fde53d8260503255e878e5a3cad14d0e0ad42f178326952eb9a7c509519f,2024-08-01T13:53:31.757000 @@ -257826,7 +257830,7 @@ CVE-2024-38651,0,0,47715d6cb9c5ed15acd60ba1960b4a6147a111543bd71aaba5ad096adf7a3 CVE-2024-38652,0,0,c09b7df399ce36bfa6f99e496912789d409fa436d96980e8d3bf3eedfe5b5878,2024-08-15T17:32:39.067000 CVE-2024-38653,0,0,c8ed77058a52701b560001b5f44bd7270c8687b6c4890948d6b9eaf03edfd74d,2024-08-15T17:32:57.587000 CVE-2024-38654,0,0,d35cd6ede81f2eca26a257b51e16c69269752327f1258e41d2e25d32142b439b,2024-11-13T02:15:18.490000 -CVE-2024-38655,0,0,01074d7445cff7f6fb2c117de5b9ea259956e50c40d52617253fde2fc8eab47f,2024-11-13T02:15:18.650000 +CVE-2024-38655,0,1,a416d234cca85c79b17f8dbaf459751d5dd1c14dd1a8fe2b66cffe3d5f5084b2,2024-11-13T16:35:20.357000 CVE-2024-38656,0,0,0d5cc02f2270888719ace688aee0c469a2a987dd306d1f17056d07d57cb2a83c,2024-11-13T02:15:18.830000 CVE-2024-38659,0,0,7f018343721f0a1816fbc1d0de6ee38bcc05d21743970bb8a1218031b26bafff,2024-07-15T07:15:14.163000 CVE-2024-3866,0,0,7a39485bd1345ca492dd2d645f7c31281d1cbae5daa389ff1a3811c5ea0b474f,2024-10-02T18:26:59.520000 @@ -258570,7 +258574,7 @@ CVE-2024-39709,0,0,75a505fee8a5b25544041d34621267093e9bf690e3e83e5fde669be525889 CVE-2024-3971,0,0,232de18e9e74ddfe0c81af44fc47161b6db81bcc698685ef24ea3f7084d9ef87,2024-07-29T16:51:34.570000 CVE-2024-39710,0,0,782aa75e505d6ce166dc40d71e99c4773f76a0579a901e152a2e1973dc9c5c3e,2024-11-13T02:15:19.150000 CVE-2024-39711,0,0,673c0cea545e57f22d930dd1b2afd85ad609612085ca0553e213d464272a0a5d,2024-11-13T02:15:19.317000 -CVE-2024-39712,0,0,e8c0439a49b1051254bf5c1cb1721313c53c8e0af01bae14e3593cd0b637e078,2024-11-13T02:15:19.480000 +CVE-2024-39712,0,1,569f037d128d0d53b5c254f3627c0b48888d688d30d3649a1fe820810194561f,2024-11-13T16:35:21.090000 CVE-2024-39713,0,0,8b5ceb8324ff1f59d883393f3c2fa903aaaabc7a64330bd1fe2b73aa3534e83b,2024-09-06T17:35:12.380000 CVE-2024-39714,0,0,4056f55d0df430f8323fee2d9091569bd1a5c6627633d4c031ced4b04745987c,2024-09-09T17:35:03.387000 CVE-2024-39715,0,0,15f33b0904bec8d29ab0aa789fb7bca5f17b446aa8a06884e3c4dec4fda56438,2024-09-09T16:35:04.780000 @@ -258794,9 +258798,9 @@ CVE-2024-4019,0,0,efc7a89c1009d77468f30cac2ce48d611400f7133149734795d6662fb155ff CVE-2024-4020,0,0,1c22b5364a88b16b0848cc41c393cb34e5c8f89e406919847d3bb3cd08a0034f,2024-06-04T19:20:28.390000 CVE-2024-4021,0,0,dd2bc601eca69892097c83b39a1492ca9523a7d157d2f946a0dd030b7888e07a,2024-05-17T02:40:13.133000 CVE-2024-4022,0,0,9e369b5b5ea8df7d6bd27a7262a9ade1fde2246b7a1d942564d51d8d0f92edd2,2024-05-17T02:40:13.413000 -CVE-2024-40239,0,0,38786c18b5e804369c055fcc0897e46206f076813766bb34f8ce5b4cf6c1c1eb,2024-11-08T19:01:03.880000 +CVE-2024-40239,0,1,c8f61d6dfa9ea9bc57ee43c1af9f076b72e2e1e54a89a42a25d73b7fb873ccb6,2024-11-13T15:35:08.997000 CVE-2024-4024,0,0,cc98f9c4ade6346ddf60b956b23ffc3086de856365a82e459e99fddb48dab750,2024-10-03T07:15:31.163000 -CVE-2024-40240,0,0,18d191112d1c716b1b655c84ea099217bd71a74a56085f236e229d3b2fae9132,2024-11-08T19:01:03.880000 +CVE-2024-40240,0,1,79ab8d353b2f7fbd929d658ca13d35527bcb905cd4ab1d73b086c6096af13c75,2024-11-13T16:35:22.010000 CVE-2024-4026,0,0,52171498c993bd60e060ecb310b6ba3adb61d51839677cb6159cb2398bf728c1,2024-04-22T13:28:34.007000 CVE-2024-4029,0,0,4a6d404ba9d5db268d8a80067fe7c2db8343609b35b13d0f9ab4a2dc351034d5,2024-11-05T02:15:04.543000 CVE-2024-4030,0,0,19f825236112c2d38d9364772b7c94395cd52376c790d25417954ee2205eccd6,2024-09-07T03:15:09.917000 @@ -261312,7 +261316,7 @@ CVE-2024-43915,0,0,d179827f4a2239697e62ac501a97b8b3109220e3bde2278c20f3a196442ad CVE-2024-43916,0,0,31042afa408fe94b440478a73ae72a8d0da3ebc3aa7dccb541b916eb98fd8b0e,2024-09-12T16:21:19.030000 CVE-2024-43917,0,0,acabaf456c8dfd741a78efbcd42603884b1ece437ab7a578f9853b1f227cbc3a,2024-09-19T21:46:19.713000 CVE-2024-43918,0,0,c621e202cc81a6d6dbad623e8f3084e3f87e287c74f6e6ceb67128fdca645998,2024-10-10T13:01:57.573000 -CVE-2024-43919,0,0,3c4c5b2fb75cac96df722b566fb81bd09fdc4bd8ba1619b42099e87f34763186,2024-11-01T20:24:53.730000 +CVE-2024-43919,0,1,df9a12de24c8d903bfb4e63ab9bfa90e60b5d7533e032d638e5ce69cb3edb3d5,2024-11-13T15:02:22.520000 CVE-2024-4392,0,0,5c82c123a66d3444e81adbb958bd6b8cf11e432e36668571a78dbfc8c82c1c37,2024-05-14T19:17:55.627000 CVE-2024-43920,0,0,4fe0b9b4bdc3c773cef62ba0a55678a848520d2f26b7c394fdfed7064f320ada,2024-09-04T14:06:43.780000 CVE-2024-43921,0,0,8cb3a8317d91fe8c86f2a088d9aae7d066ad8cdfd297a2cc1e6c90830f46e738,2024-09-04T14:12:12.957000 @@ -262161,7 +262165,7 @@ CVE-2024-45285,0,0,432443f16f3bc2cd7fd6662743de8a85c2d23de3c5e8c63d8a475d82e46b6 CVE-2024-45286,0,0,8f2e1da507766dacf9e0cae8531253d3a4901ee6705aefce0b8c842c2e03783f,2024-09-10T12:09:50.377000 CVE-2024-45287,0,0,045bfb0d53167c55abd32c57163028c51920368f50e2cf76774839485016e81f,2024-09-06T16:26:26.303000 CVE-2024-45288,0,0,955296d26f6688a711bb67949962e8bc8a5c80938f39e5cdb2e043fe3c66ded8,2024-09-05T14:35:25.337000 -CVE-2024-45289,0,0,5e95c0d4464ba6185c0cab13d978288aa2ff5c53e6063898a90eb8848c488ff0,2024-11-12T15:48:59.103000 +CVE-2024-45289,0,1,274763e42c401a0b346d3252afa1077c4ada40141fcf54aa519ce609fac9d77e,2024-11-13T15:35:09.787000 CVE-2024-4529,0,0,5fbb4c14219ef7d51954458b7780a68dbee769876e9489db6e9ba34bd68834fa,2024-07-03T02:07:42.220000 CVE-2024-45290,0,0,47b2969bc1a747d3ad8c94a2a1403ba705f7312da0ef51083401cc2cbbe8b318,2024-10-16T19:54:53.397000 CVE-2024-45291,0,0,d43c3b21f765f29ad064a7621a2d1e18446d51e2e184bc6e561edf1a1c4d2c29,2024-10-16T19:09:52.697000 @@ -262411,7 +262415,7 @@ CVE-2024-45754,0,0,27881b9f8c3e60f9d5e35efd217ea03a3a53beb79b5679c0a5048b58d7f60 CVE-2024-45758,0,0,e058696ef4ee1e11dde5d7f4a1626a6964f9190aeabab6642796a352a4a3c2cd,2024-09-06T18:35:13.043000 CVE-2024-45759,0,0,f59b470dfad0907ca734d4ff5b2320a0c753f38413ab3a3988ccb60d03e5f11c,2024-11-08T19:01:03.880000 CVE-2024-4576,0,0,d47b5037987d3332638a14c0dba5a2bae073fe818289e35d14fa9c3b2b647939,2024-10-27T22:35:08.450000 -CVE-2024-45763,0,0,2268d41d5a2730dbc0d8eaf16bd14b16e86c2f2325af5003677da07a0e94d938,2024-11-08T19:01:03.880000 +CVE-2024-45763,0,1,5f7d7ac3b08fad38dc089defb7985eaf73e97a507d7a6c2cb5624891053958df,2024-11-13T16:52:22.340000 CVE-2024-45764,0,0,e55812b3262ad9c7b90a9a57055a85b654c45e8378b7440ff062b836e6265998,2024-11-08T19:01:03.880000 CVE-2024-45765,0,0,324589effb5b27643e9f79a9ce88d0d046eea5e6cb4756946ff245c0d7153827,2024-11-08T19:01:03.880000 CVE-2024-45766,0,0,1ac6d864cfa84a9455e326aaa02a3b21331a9d91fce801a33cf0dbf2664ff28d,2024-10-18T12:53:04.627000 @@ -262985,7 +262989,7 @@ CVE-2024-46865,0,0,536285f1c7180b71d64a2fc68c8b12f54f60ce61f1cbf15339b704b0c92bc CVE-2024-46866,0,0,7cef57a183dfaf103a48ea5a6b9019d1b498c14fc94b38d115a386f51427cfd4,2024-10-01T17:09:30 CVE-2024-46867,0,0,8316d7997f273d3e067642701a8234592f3f2c26a3648af1f12dc5cbdd0c27be,2024-10-01T17:09:58.147000 CVE-2024-46868,0,0,f9213706fab3b425fd6d7b9c70ceaf5cede666ff7057d8fa56ee82d754aa07ed,2024-10-01T17:09:12.247000 -CVE-2024-46869,0,1,ab7c2abf6b2bc37863efc641d1699422dfaff7a1949ca213fc0cdb51f0c1d40c,2024-11-13T14:15:16.323000 +CVE-2024-46869,0,0,ab7c2abf6b2bc37863efc641d1699422dfaff7a1949ca213fc0cdb51f0c1d40c,2024-11-13T14:15:16.323000 CVE-2024-4687,0,0,5435981fd840e586246d5a6c7c954862d5332569f9e647b4965c896a6669b062,2024-06-04T19:20:46.547000 CVE-2024-46870,0,0,652ca601a7652d849ccf9f3fa227a6384ea9072535f4139d45e923bcd7c9f15f,2024-10-23T14:26:28.690000 CVE-2024-46871,0,0,4bbafc222a5b983e7eee48edc0ec35209cfa7a3a04fb16a3dfef1b1e5b5df95d,2024-10-23T16:10:48.077000 @@ -263352,7 +263356,7 @@ CVE-2024-47401,0,0,31b67194c0f423565ffde74a81facf6073de0389fd9b73eaa3e0f5427ff3b CVE-2024-47402,0,0,7317d7851c48d928403b85ae519b306bf5cf2471e643c5955156c069ced0d83a,2024-11-06T15:26:23.290000 CVE-2024-47404,0,0,803edf639eed2c823e89b500bd8828e4b5948de9457114b2a2c12c0006396574,2024-11-06T15:25:24.887000 CVE-2024-47406,0,0,84061db2b724de731237f8782f9c677d123be7cab95d085f5d8375f0a77ff4a6,2024-11-05T19:36:13.840000 -CVE-2024-4741,0,0,bb5ff8788198de840f86b04d6af0b3d24a4af17f8ba3d51a66b40733f7f6f86a,2024-11-13T11:15:04.480000 +CVE-2024-4741,0,1,e0f38cb2899fa1ebf15c18230d0df8e82bc274cd78f8f9dc12752ecda978a4c7,2024-11-13T15:35:12.740000 CVE-2024-47410,0,0,42b59896d371aa29c83e01a1ce08752b8288a889a8db3630a5c6ba7966f3731c,2024-10-10T18:26:44.857000 CVE-2024-47411,0,0,5875ac529772763bf76adfec6337ced119d16dc7bedac06df0488c853721b19e,2024-10-10T18:26:54.153000 CVE-2024-47412,0,0,391d79d5da558802eae8e86cf3dd3b740642f9484cd58363cf9ca936b2f15d9d,2024-10-10T18:27:02.867000 @@ -263651,11 +263655,11 @@ CVE-2024-4776,0,0,8d62a3fb449cd595ed01f29a43c4395459263028a3240838c3f471dfed40e0 CVE-2024-47762,0,0,faf4eb81ce6d805e421dff7a7d50a27f6affd6a56e4bb98171a2180279fc1ecf,2024-10-04T13:50:43.727000 CVE-2024-47763,0,0,0009d92633a66a995666b904976a3f571897c7b107ff706ed2173ff97f66c3ef,2024-10-10T12:51:56.987000 CVE-2024-47764,0,0,b7aba4870e1203663c4fa6abc120a30e41523fde8e72997d929896b167fbbd57,2024-10-07T17:48:28.117000 -CVE-2024-47765,0,1,1f004529c8e22ec9eca296006281b6c8a0a4bb627f14f74aa282122f344927d4,2024-11-13T14:48:37.050000 +CVE-2024-47765,0,0,1f004529c8e22ec9eca296006281b6c8a0a4bb627f14f74aa282122f344927d4,2024-11-13T14:48:37.050000 CVE-2024-47766,0,0,59d1cafa97bbe3c507ee281e2420a2565da94f1f4cb02db911bf7e696c9937ad,2024-10-17T13:48:40.240000 CVE-2024-47767,0,0,f76f72b4bf5318a9be9574bffe5372ec8ef5f4dad0f6382ddd16a807c2769b9e,2024-10-17T13:50:45.307000 -CVE-2024-47768,0,1,9091e0a2f8eab039a41cc1a2ae7d0169e698e6c575534e4ed9d312d7f992cffc,2024-11-13T14:55:39.690000 -CVE-2024-47769,0,0,cfa0073cc2ec1df641a5e5cb7f159c15ecd616d56fd3bbf44e689739a8387e83,2024-10-07T17:48:28.117000 +CVE-2024-47768,0,0,9091e0a2f8eab039a41cc1a2ae7d0169e698e6c575534e4ed9d312d7f992cffc,2024-11-13T14:55:39.690000 +CVE-2024-47769,0,1,70261180467c5644240fea9efc11943f5d5b8a2134e8cfa959d13b261876b51a,2024-11-13T15:12:54.033000 CVE-2024-4777,0,0,96d0d896ebb105a32ed437e794c8fc4ba926ad921436ba17bdb49a1a49737be4,2024-06-10T17:16:34.070000 CVE-2024-47771,0,0,c2cc2e4162d5c6e4f811bab9afb437dc72be4e038984be37caa0528862aa918c,2024-10-16T16:38:43.170000 CVE-2024-47772,0,0,93ca3579d4342831fe2d471a4caadcb35a70b0d6469fc266411c3792b3d90e0a,2024-10-19T00:58:21.947000 @@ -263714,7 +263718,7 @@ CVE-2024-47848,0,0,e467c746656c205712610e09c41e44af0db3330d8c12283483797c5a60ee7 CVE-2024-47849,0,0,de2bc9d37c4c436919cea14cdc9e234750104bad56196fb793061fe483bbccd8,2024-10-16T16:34:40.490000 CVE-2024-4785,0,0,86459565331431d4effe5c5baf904159b952a2a7d490db9da0fcd3795764e799,2024-08-20T15:44:20.567000 CVE-2024-47850,0,0,9d437471ee4f1be7fe8d8f91eb2162f8d4a45526c516c7abe8fcc5930f99b89e,2024-10-07T16:15:05.753000 -CVE-2024-47854,0,0,a8f80b8e1dae30b2f133aaa097092fad2189dc64e1ccb9c31cf18cd76dbc63b7,2024-10-06T21:15:12.920000 +CVE-2024-47854,0,1,cef81393ed48661f146b05190eb5cd22e800b4711975bd0fc685986ac16438cf,2024-11-13T15:25:13.953000 CVE-2024-47855,0,0,55506bc59fb300d34c632b3a5f880b3df3b3b2206fd15f460c6853ba7eb245ef,2024-11-07T20:35:11.733000 CVE-2024-4786,0,0,bbc8c5b9b549878acd4ee1e5896d7add0ba995b55e84e619083dd37cca26f8f1,2024-07-29T14:12:08.783000 CVE-2024-47867,0,0,ab930a5134ec2749c4c7aeddae39ca362d9631d50a282f941fbaca32a5ca7733,2024-10-15T12:58:51.050000 @@ -263979,6 +263983,7 @@ CVE-2024-4848,0,0,e9a992014a82f7f25ea8b020a59a54821debcc21ba29ea30b909eb2d249ee2 CVE-2024-4849,0,0,ea1119b37dea5602dfce7972c7449fed4caaba21295f1145a8612489a3c2fd07,2024-05-20T13:00:34.807000 CVE-2024-48509,0,0,284c4916946b05559ac72d79c6f8c0c88af2de3a287de63c88a681a518cf7360,2024-10-29T13:38:16.893000 CVE-2024-4851,0,0,444f4e959fbd50fab42bb9cd6f5b1019a6d50ea56a5371bcf4f4fa6566e3e360,2024-10-17T18:45:13.093000 +CVE-2024-48510,1,1,abf720b515275c233fdabda44f8b435283bc0b1d6fc12b79a9a900c66e3ec0ef,2024-11-13T15:15:07.463000 CVE-2024-48514,0,0,772c22a7c82f7a2ba09c35b523755c3d2e15343c5a23d7fb25f81b1d3b219920,2024-10-25T12:56:07.750000 CVE-2024-4853,0,0,7e943be0a2434f6362f67f453fe22910f05fecde26076344b21d97f20b2d6efa,2024-08-29T15:15:31.687000 CVE-2024-48538,0,0,d00c6ae109958170edcc3a2c583c2ac0637abae567969e57f7b9a648e6c8cb40,2024-10-25T12:56:07.750000 @@ -264115,6 +264120,7 @@ CVE-2024-48878,0,0,2b15f82c5be65c88d261c3882a75397babc580305d6a252ad1dbf2de5b500 CVE-2024-4888,0,0,ad5e456877e6c4225b3f983ebfcea1f0af64a03667e43f1cd6a0842bed4216c0,2024-11-03T17:15:14.137000 CVE-2024-4889,0,0,98c988bc305180dfde4233cdb25b83940a2a23ecd5fc7825e58f1cc0fbfe5628,2024-10-15T19:00:09.633000 CVE-2024-4890,0,0,ee7720239380ab5c638f0803999a779457a74687c16e858d2acf0798605f57a2,2024-10-10T20:11:44.610000 +CVE-2024-48900,1,1,b86b4b4e2ec4bdb1eb088ff6982d40e38ab73a24ceface7fec2620760f67a1f5,2024-11-13T15:15:07.577000 CVE-2024-48902,0,0,fed2bf5b719b321f64381a649376d7e0618bda5baab6f732c38dcd1211106c26,2024-10-16T16:57:23.463000 CVE-2024-48903,0,0,af1ee698040ee7f8c19b83dd0eb3404cde07c42231b0e3832a1aa5561c10194f,2024-10-23T15:12:34.673000 CVE-2024-48904,0,0,56bc56ed1722c08287266703a07bddbd88211e3eebee5fa1d299ad65c198bf37,2024-10-23T15:12:34.673000 @@ -264164,7 +264170,7 @@ CVE-2024-48964,0,0,7d209543eb23e2e6809a7e4f01bdb09a7ba8fb1b32d439bae945ab7d5b6dd CVE-2024-4897,0,0,b80483aa02f533d1f5c4695afa1f7ec5dae4ecfa8b472cf561efa5d05f8ff11d,2024-07-02T17:44:45.700000 CVE-2024-4898,0,0,a64ada88476e7dbd5dca1f8ed9406bed15a3acb87fadbe7d9a4f3102502b7a67,2024-07-23T17:50:44.033000 CVE-2024-48987,0,0,bb1285db59c3075341f96aec62f9b4ce4709041d90082c7f3534792a4d32fb84,2024-10-15T12:58:51.050000 -CVE-2024-48989,1,1,e4ff68a37ef58a722979c60c1970170ad4e9fa348b35f45a91e33c36c5f4ca4d,2024-11-13T14:15:15.417000 +CVE-2024-48989,0,1,501d12c0f598cbb8bd9277cd57c2a2911cc0d508d2a8f25462ad866849588df1,2024-11-13T15:35:10.510000 CVE-2024-4899,0,0,7d0ca1543842829897b22c32fd7c3ea389ea1c85b28761d045bc30da0b354462,2024-07-03T02:08:16.280000 CVE-2024-48993,0,0,4aa3474fb9be5265fd715e9087c0fb8d42da2cadb7c5e0de118eac24d9462c1b,2024-11-12T18:15:35.840000 CVE-2024-48994,0,0,552421b92673fa07495920552477c16d668d05f05bf83bc63d1f3ef090be75c8,2024-11-12T18:15:36.117000 @@ -264427,6 +264433,9 @@ CVE-2024-4948,0,0,b89edbe3d3547ee2159af9ec22fd67b98f6c6885f88dc0c929a5ea68a98b8f CVE-2024-4949,0,0,5c7ef1902f4beea866d1c7d9373440674707dc0a06c9e278c0f4652ccc170adc,2024-07-03T02:08:21.370000 CVE-2024-4950,0,0,e5fcb740f07c681c8eb3b4901aae32c365007c0ebdd7c7b0ee473dbffae68af1,2024-07-03T02:08:22.150000 CVE-2024-49501,0,0,b68f4d3131dd45c8240c685b13eebbf7042a3a95ee975ccc7d0b4e65e2269371,2024-11-01T12:57:03.417000 +CVE-2024-49504,1,1,f34ef3e1dcb51e624b9ee27542e122b0fe3eb3b54092e224f0ac506a2e1bd855,2024-11-13T15:15:07.767000 +CVE-2024-49505,1,1,20e247af0f7035f933416ae5b75b3101f566edd0d36d1d33e38189dc22904137,2024-11-13T15:15:07.860000 +CVE-2024-49506,1,1,b49ffd78e466f755358a62a464b06ffa2ddcc7d822e1cc2be1010f582b783cfa,2024-11-13T15:35:11.613000 CVE-2024-49507,0,0,a067c2207adc4588c4f5319b23feaa9c3d3221b65ce179c8c773c37b9b09e1f9,2024-11-12T21:15:12.617000 CVE-2024-49508,0,0,8721622ff6878e8d29f2a53a1d49ff14c92380b3ed5c9c46a2e4df3c2f485b17,2024-11-12T21:15:12.830000 CVE-2024-49509,0,0,171c4fdf752d22ea3810c736f34539ce67199a5736a9e5ef9a2f0f6f15a45271,2024-11-12T21:15:13.057000 @@ -264597,7 +264606,7 @@ CVE-2024-49860,0,0,17fe611effe450c501a6e79c52b617bb3e9dfa115b03751b67c402dcff4af CVE-2024-49861,0,0,1653e7df85a45b515fcdc441f9cb9f122cb6f11d500f6cbca9f4d9d62723f07c,2024-10-23T16:48:47.573000 CVE-2024-49862,0,0,e0b25be7c75d96f390f553fe793605e2691bfb34c1e389879a3cd9200ce6c511,2024-10-23T16:53:51.050000 CVE-2024-49863,0,0,41eb15cefa65add4e21060b9ff62fd64839f2e02cd81a7af8fe6b7da8453fc42,2024-10-24T19:43:56.103000 -CVE-2024-49864,0,1,96541b20ea77eed56578d15c758ad186bec1b76c78e0506944db187153986d6b,2024-11-13T14:23:48.437000 +CVE-2024-49864,0,0,96541b20ea77eed56578d15c758ad186bec1b76c78e0506944db187153986d6b,2024-11-13T14:23:48.437000 CVE-2024-49865,0,0,c4cae66eab62f15595d2364d0fa9447b0b6ab33d31dbe60340c7ef0ef852d1c8,2024-10-24T03:44:33.947000 CVE-2024-49866,0,0,71c9e7f7b56f787e6cb934db96522f008f6ebfb1bdfc706451c3ae5064e0d3bf,2024-10-23T15:13:58.783000 CVE-2024-49867,0,0,8cf0edae8c53a5633dfdab99e974869bd44d9ce40d8ab9b187966727a0a7f801,2024-11-08T16:15:29.037000 @@ -264605,13 +264614,13 @@ CVE-2024-49868,0,0,37c62afa96c12b59911ddae25d514351b0179ee480e85deb28aec35b35f69 CVE-2024-49869,0,0,1ef7e6775f5061caa7e4dead4df8426a79419a75af385b7d702a23087606b23b,2024-10-24T20:28:21.597000 CVE-2024-49870,0,0,e81833aefea057b5823d9cca085dcd9c92f3e703d9544affbcd6126d5d085f70,2024-10-25T12:55:03.577000 CVE-2024-49871,0,0,c02508465ea9d0c1ce0cc95a6cd2e44aadfbb3634ea87e7cb860d1d87e5795b7,2024-10-24T20:22:19.530000 -CVE-2024-49872,0,1,f656ab37f8732914b4fb2725eacb0d7885336b02330d6f2a542500f48096a9a2,2024-11-13T14:26:11.547000 +CVE-2024-49872,0,0,f656ab37f8732914b4fb2725eacb0d7885336b02330d6f2a542500f48096a9a2,2024-11-13T14:26:11.547000 CVE-2024-49873,0,0,9dd0affda433e9ea1287a2619ec66001c95cda8669905ec1e1e5816fb33b6e00,2024-10-24T20:22:42.387000 CVE-2024-49874,0,0,bb64364be843ef37eaa2e7e28e1c1f68871769861f3b1beeca2cf5035cca4de4,2024-10-24T20:27:51.700000 CVE-2024-49875,0,0,752d21cda2ec448a67a51c1316311354be9fdd8594fd8f17251472d1e3b8d00b,2024-10-24T20:13:50.927000 CVE-2024-49876,0,0,0c2ec3870c02d4651dcfea621e276acb9d0ae36a4e21afff13d7735e3b487729,2024-10-24T19:57:06.843000 CVE-2024-49877,0,0,af250f7d05701606e8458b6d0e4566608ad1c939aa29f43569f2662a2fabe0e6,2024-11-08T16:15:29.500000 -CVE-2024-49878,0,1,7e3a8f32ebb3b5c960ca51b5b94c0d5a8cca6eca32980176480d7e2518ada813,2024-11-13T14:32:13.227000 +CVE-2024-49878,0,0,7e3a8f32ebb3b5c960ca51b5b94c0d5a8cca6eca32980176480d7e2518ada813,2024-11-13T14:32:13.227000 CVE-2024-49879,0,0,ac1148dbc27da665757d769de38b23dfb561933c6d2b1e611eee990b9fe40abd,2024-11-08T16:15:29.797000 CVE-2024-4988,0,0,ff557f66f633c813e65ed42f6b56820b4233d3efc23d00548e6797ba166f3d35,2024-08-21T03:15:05.460000 CVE-2024-49880,0,0,09fe78431a330c18b67c01afff178e830e795e339c621997697590ac350f25d2,2024-10-25T14:42:58.203000 @@ -264619,10 +264628,10 @@ CVE-2024-49881,0,0,41bfec3db47cc7ee33c25f1fd4197d6bd3c02983ee19fdf43f55930238a4d CVE-2024-49882,0,0,3dcd0b215e26c09aad074a08de7a7f1c715786114c06c918026bea9f1be4a757,2024-11-08T16:15:30.123000 CVE-2024-49883,0,0,2c66ff49435c643d701d54b779db4b72f2d86174ffd0e6b20242c6bd37032340,2024-11-08T16:15:30.293000 CVE-2024-49884,0,0,672dc800dd919ccc283f73a865977706d4443e02c2105d5c38e649f3ced202d9,2024-11-08T16:15:30.453000 -CVE-2024-49885,0,1,5599876e84c76c5d760ceabc9a8d04464489567672dde1b8222adfe6d36f4f66,2024-11-13T14:36:33.207000 -CVE-2024-49886,0,1,2b3cca4b61f1bde2a2ae9688b351ac02edd931b541a24a77b5221633d55cc36f,2024-11-13T14:39:36.240000 -CVE-2024-49887,0,1,1d990296a5bfdb15610c01b4627f7fbd6408b91029bba18855b6d0ba6cae72b0,2024-11-13T14:50:09.193000 -CVE-2024-49888,0,1,4c63e2f8987486c52b1c84834f6f85fac770cfd5a9693fc289dac412b3ba44a0,2024-11-13T14:54:25.787000 +CVE-2024-49885,0,0,5599876e84c76c5d760ceabc9a8d04464489567672dde1b8222adfe6d36f4f66,2024-11-13T14:36:33.207000 +CVE-2024-49886,0,0,2b3cca4b61f1bde2a2ae9688b351ac02edd931b541a24a77b5221633d55cc36f,2024-11-13T14:39:36.240000 +CVE-2024-49887,0,0,1d990296a5bfdb15610c01b4627f7fbd6408b91029bba18855b6d0ba6cae72b0,2024-11-13T14:50:09.193000 +CVE-2024-49888,0,0,4c63e2f8987486c52b1c84834f6f85fac770cfd5a9693fc289dac412b3ba44a0,2024-11-13T14:54:25.787000 CVE-2024-49889,0,0,3c863e63fd48c3db3419430a21a4d8c911f6ac7efa3158f64cf41f494445bbca,2024-10-25T14:37:34.400000 CVE-2024-49890,0,0,585d995237d21981fb3b6b01c85816c0030dcc831f475278287062aff66de7b2,2024-10-25T14:41:41.680000 CVE-2024-49891,0,0,d4a8cbcb6210dfe0148e3c78f189f223e8712de66bdeaea637d3f10c8e45cc0d,2024-10-25T14:42:27.193000 @@ -264636,7 +264645,7 @@ CVE-2024-49898,0,0,b092955f008db9bd659627d8317ec57437e56c320204da394d02abc43f25a CVE-2024-49899,0,0,93ca62dc4cb1f1b306f0d3b08db6fe171ff8e5656153ada772fdf9658d13299c,2024-10-25T14:35:52.620000 CVE-2024-49900,0,0,180224ea8f480eea1174291f9e8cd8e8fcbff965e3b4b82753fd1201a2b66b77,2024-11-08T16:15:31.090000 CVE-2024-49901,0,0,4f68e53c02004eff12bd733174d930c7b48002facfffbf9a6968982a8338152e,2024-10-25T14:05:16.967000 -CVE-2024-49902,0,1,dc822e33f617bea68a4d61c3e7c0615cae5bc2d53ed296bf97f63c57e51de5c7,2024-11-13T13:47:16.923000 +CVE-2024-49902,0,0,dc822e33f617bea68a4d61c3e7c0615cae5bc2d53ed296bf97f63c57e51de5c7,2024-11-13T13:47:16.923000 CVE-2024-49903,0,0,8fdd3f671ef2061f9fe672fa2873bd9a338f774b440b8872eb06128ce8569bd6,2024-11-08T16:15:31.467000 CVE-2024-49904,0,0,97945585b118f8c6be2209a6e9d3878cf1ef61a3baa5c195d66ae59f1158b386,2024-10-25T15:54:47.737000 CVE-2024-49905,0,0,f4631ee47058363e32e11b4aea202efa20a8c8c9448ca3ac5797ac4437398718,2024-10-24T03:43:35.477000 @@ -264662,26 +264671,26 @@ CVE-2024-49922,0,0,f7dbe3bddb75bb3ea2b5380d42f021bcf9f8034ec34fcdbbeecea2d0b58e7 CVE-2024-49923,0,0,09ac36e1842b66b81133b68e0fa1454145946558f64c3262440b063666a332ca,2024-10-24T19:43:27.327000 CVE-2024-49924,0,0,17d9abaaf5ff60bcbedf9c94f1debba174e9547890147781369e3335305a4c01,2024-11-08T16:15:31.683000 CVE-2024-49925,0,0,2ca64f6d4798cdb2d8009d030db641481f821fbde2eefcd416526239180575c5,2024-10-23T15:13:25.583000 -CVE-2024-49926,0,1,db8bba7a6dc5d07d88aff2ea8ef6386a19eedfe64e552b94ed34e2926f9d7b44,2024-11-13T14:57:30.260000 -CVE-2024-49927,0,1,472355100a6685fc292a04c610ed5d23ad2ec497a797f76dd7188b29ab06bada,2024-11-13T14:58:48.243000 +CVE-2024-49926,0,0,db8bba7a6dc5d07d88aff2ea8ef6386a19eedfe64e552b94ed34e2926f9d7b44,2024-11-13T14:57:30.260000 +CVE-2024-49927,0,0,472355100a6685fc292a04c610ed5d23ad2ec497a797f76dd7188b29ab06bada,2024-11-13T14:58:48.243000 CVE-2024-49928,0,0,8e84a2aa26c14268cca8858510196348b8604528002bd2f6ac4bef54b852d76f,2024-10-25T15:22:31.013000 CVE-2024-49929,0,0,409fff6f1c13ae1c406792ee7f9444fe8bf4ea113f439e03b8d1297690597cfc,2024-10-25T15:22:53.763000 CVE-2024-4993,0,0,e0839a9575413089a3f10a1147258f2a987a3e24cb291a41fcab67561670893d,2024-05-16T13:03:05.353000 CVE-2024-49930,0,0,4f6d566d38e98cfef81aa3c468e55508e5ddacca4ab92a3aa3e190b5b39ab22e,2024-10-25T15:23:14.283000 CVE-2024-49931,0,0,c64e6a507a81e93e0a0fbd52f6d868b83dce69bbf375c0c8265267d61314b728,2024-10-25T15:16:07.980000 -CVE-2024-49932,0,0,9ad306c9b6999a1d9bd8e334c022a9167b549c6e355bb68659fd9917b2f7d129,2024-10-23T15:13:25.583000 -CVE-2024-49933,0,0,ef9c6d48b62588ec991b1347b1a9b2e0b50b5a319851efb06433034b15dafee3,2024-10-23T15:13:25.583000 -CVE-2024-49934,0,0,892a4908e6d4bdab57ef889f57d9f97c871828bf58c1bd51a5b8528eb1697580,2024-10-23T15:13:25.583000 -CVE-2024-49935,0,0,6f6f7eb0ffe3c2c9944cd7aeecc7564a3baef5c8a400fc6fe25bd1ded2cd8719,2024-10-23T15:13:25.583000 +CVE-2024-49932,0,1,31964f3d67ead4b7d4b3f3605e21108eb1a8ab7a2528d8291f3a8ab8697479d0,2024-11-13T15:01:49.790000 +CVE-2024-49933,0,1,154a68279973805c62d70cd3878faf9932439e560f036a358e5e4fdc1495752e,2024-11-13T15:09:09.597000 +CVE-2024-49934,0,1,39acc6504cf2386e4f295f2ad4e70f489c2b48602861ff10ebe3e76f137d93b7,2024-11-13T15:18:14.487000 +CVE-2024-49935,0,1,f74739debc03eea7dbedc12a4e3a82436597d8004b8f287113f25501dc26bdf0,2024-11-13T15:21:55.297000 CVE-2024-49936,0,0,53b60eee50934e6330711ceaf5c84de680cbe1bc85ba946b907431818ed4e720,2024-10-25T15:16:22.713000 CVE-2024-49937,0,0,1a0040bc48552b7133c2e4ffaca4b44b158ed31499780bc9bf8c84e62d68eac8,2024-10-23T15:13:25.583000 -CVE-2024-49938,0,0,9c303f1020130b3b132ffe4f4bfa15af521193c2ea7539bad83adb435dbb8a0b,2024-11-08T16:15:32.180000 +CVE-2024-49938,0,1,92bbe34c9884de69005db5fd557bb8b0d110127b5339a0a98b05167325b8264b,2024-11-13T15:25:11.290000 CVE-2024-49939,0,0,21d57d98623c68bbef39b3f489d950d89fedd53e80836af32f90f06d36ce1873,2024-10-23T15:13:25.583000 -CVE-2024-49940,0,1,e333c90676e67acae8b255cbc88ec1a4118da167be4e7afaa2c7a6049c4b657b,2024-11-13T13:26:01.343000 +CVE-2024-49940,0,0,e333c90676e67acae8b255cbc88ec1a4118da167be4e7afaa2c7a6049c4b657b,2024-11-13T13:26:01.343000 CVE-2024-49941,0,0,b3da1a021545935ffaca2b9847684775ba3cc9b8435719cbf248706bcb1aa694,2024-10-25T15:17:30.543000 CVE-2024-49942,0,0,29368c54b2560ed8564591b764785ef1f8b272b1a5154512293cafb7aaf5bb26,2024-10-25T14:56:59.397000 CVE-2024-49943,0,0,5c5d21fde5bb87f93303742087e99f64eef62ec323a6c541d2b8b56acbaacf7a,2024-11-01T14:54:07.897000 -CVE-2024-49944,0,1,9431e0f6c81d695368890d8e3d1ac977cb0f72d3682cf5502fbc1fc86679abad,2024-11-13T13:30:25.217000 +CVE-2024-49944,0,0,9431e0f6c81d695368890d8e3d1ac977cb0f72d3682cf5502fbc1fc86679abad,2024-11-13T13:30:25.217000 CVE-2024-49945,0,0,370e1b90eb36e7c52066b46d04a3bd2521828574dc9ada50c02ab529ecffcdfa,2024-11-01T14:52:59.240000 CVE-2024-49946,0,0,6f34607ed110131a5228bb8338e1c3bc5ed825ca1076fa33df13b33d544f1cab,2024-11-12T21:37:03.203000 CVE-2024-49947,0,0,527e90eca335017c144242ea46941f3fa1e60b29b1bd44c2687bd96e355231fb,2024-11-12T21:25:21.870000 @@ -264834,7 +264843,7 @@ CVE-2024-50085,0,0,a57d9cdadbbc5cf4e1ca2a641bfe5ff538d06a7e75b6cba1f85d47ffcf3a2 CVE-2024-50086,0,0,206db9d7d18012b624f99c8b416d113d2b1c02881dcac19ecb024a915eadabcf,2024-11-08T16:15:46.247000 CVE-2024-50087,0,0,d932d9a6f4bd94c5995e2295fafce534f1c32d33268701370882a6d9c7fefc9a,2024-10-30T14:40:16.377000 CVE-2024-50088,0,0,ea08007d0f6bf2f5d06a9203c599c43ba3b7b13f77698553a8827e36297f21dd,2024-11-01T16:05:44.403000 -CVE-2024-50089,0,0,3b58daedc5b4f60456cb3b13ba375c68351ad07eea1153d2d27bc6dd4d43fa4a,2024-11-08T16:15:46.337000 +CVE-2024-50089,0,1,9f8a3633fdbc98cc428b950fcb5d2d79cb1315a7674c741c6324b8f000351cb0,2024-11-13T16:59:43.830000 CVE-2024-5009,0,0,4fd7bfd86519955de695550b550ff6287bae2637bb330aab0edb8e0b318761f0,2024-09-06T22:43:04.747000 CVE-2024-50090,0,0,d16465742fb25523eb0d3de743cc641d48da4d74b14afa6d9bc8843dba2dc19b,2024-11-12T21:41:16.620000 CVE-2024-50091,0,0,13d5fcb7d7d05ca20fae1515a656816c2de1e558a10c2498c7a9b74e349d1a2a,2024-11-12T21:44:39.210000 @@ -264904,29 +264913,29 @@ CVE-2024-50149,0,0,d7c6740c56276f915bd62b11e0e57a6dcbeeb44de647591594fe9c7c101a2 CVE-2024-5015,0,0,57e7561ea7b4a22dc47e95fb948c2e633eea845a4a10c36b8de173108bb8285f,2024-08-21T13:37:02.370000 CVE-2024-50150,0,0,4196baec43f7736780778c168a778671c8558d06a0e2cf6ab733073a0abb416a,2024-11-08T19:01:03.880000 CVE-2024-50151,0,0,d9ce0dc9cc067e6fa22cf39a277f3e88a2611e6930bd9b5641d4f23f2714aae3,2024-11-08T19:01:03.880000 -CVE-2024-50152,0,0,5cb9a9daf9006470c93bc37b9df8d46054672b8deb5767cfe3c30af595242c3f,2024-11-08T19:01:03.880000 -CVE-2024-50153,0,0,ca36e6203194a2cd8539b801d5956d1f638695e1b357e9c14e59807ff5f32919,2024-11-08T19:01:03.880000 -CVE-2024-50154,0,0,ffdb226c8220f1620eb81b2c5b72b35fd57877cd678436e4a556d0089c0a2f92,2024-11-08T19:01:03.880000 +CVE-2024-50152,0,1,af4a36f373f5bd284bbc0e7f8a0ae078bbf143827fdfc00292fdfee23cabe156,2024-11-13T15:15:56.840000 +CVE-2024-50153,0,1,5f6d0a7fb1773f81b91ac445e6aae318d6060320ea428ea0efdab2d109fa9dd3,2024-11-13T15:23:49.717000 +CVE-2024-50154,0,1,dd1e5f68aa038faa5d37972a828cf787243b5c34b51d1496a78801ba4944c9ea,2024-11-13T16:17:12.473000 CVE-2024-50155,0,0,5747f9cf1aa53c1e6a78fde055a5d938a23ef7a9d8e0d83af3e149b9b3f45e42,2024-11-08T19:01:03.880000 CVE-2024-50156,0,0,ed997ebe9a2b402a27fae0483970aab9a25073ff36ff717ae62fdc40d861b7ba,2024-11-08T19:01:03.880000 CVE-2024-50157,0,0,831c798ea992786f323335d193dc3ef349a34b53fcca1479c8f7474757c08c4f,2024-11-08T19:01:03.880000 CVE-2024-50158,0,0,9a6dda59860d55e42f9cf894dffd100a5d82221731fe812097f3aaee313e0486,2024-11-08T19:01:03.880000 -CVE-2024-50159,0,0,d8015f040766e5f8a45be47b2d395632d0d7ab0054fde218f59f31e1ca52cc73,2024-11-08T19:01:03.880000 +CVE-2024-50159,0,1,28340fad2c185d2f812714ff6b1892c76ce4e6d5152917c1e3545f50c1cf57e9,2024-11-13T16:19:28.807000 CVE-2024-5016,0,0,99504ccb587052e75d99d9fcbf07f0a52b025e8122dba2c854727d3b50b1c62e,2024-08-21T13:38:32.480000 -CVE-2024-50160,0,0,17a40e0306b9df216e0e6f03af4d9e0b807e011f89ea8281a97806273dc8946f,2024-11-08T19:01:03.880000 -CVE-2024-50161,0,0,a21f2bd416c04bddfdd4c0110905ca95f60d06b9db5cb19fa6ca35583034576e,2024-11-08T19:01:03.880000 +CVE-2024-50160,0,1,b2ff0e8b751c5febb607cc641fca660afb8ad0479ce2783468870ddf4e85c794,2024-11-13T16:13:39.750000 +CVE-2024-50161,0,1,ad66b572cb441dad4e6ee48902eb2b158e06976f825be3871ef9c4e925a3bb8a,2024-11-13T16:36:57.413000 CVE-2024-50162,0,0,4d9dd15197774f489e9675bd267efb5b7e91f0415fd39f1a663770cf6f148fd2,2024-11-08T19:01:03.880000 CVE-2024-50163,0,0,562c5969b9730284f8bc6b2e5c8a8ed9f48638aa96e75e1456e73ba5df058365,2024-11-08T19:01:03.880000 CVE-2024-50164,0,0,98153fff4a296b20fa93165bce652e5fa8bd7d0919d058627d479c9b9aa62b93,2024-11-08T19:01:03.880000 CVE-2024-50165,0,0,d66f1a8a78fd7bee0c737f5810df1bd636f57bae2483e39bcbb9543128d709fe,2024-11-08T19:01:03.880000 CVE-2024-50166,0,0,5d415e5148ceb4bd02933fda8bd3542d6ef94233d11b7d0407e223e89b4a218c,2024-11-08T19:01:03.880000 -CVE-2024-50167,0,0,89e9c4c139c4206e925d3367587a0906ddc76664e61bbec4657b0b4a56482ac2,2024-11-08T19:01:03.880000 -CVE-2024-50168,0,0,8a85aa195ce641afddc0b8f64cf012a4af52082ba2f9ee507c05e1ae08cdb36f,2024-11-08T19:01:03.880000 +CVE-2024-50167,0,1,64f0b094e33c29537158e841e9f3802fd5ed129308b1beca6946c39de740e209,2024-11-13T15:29:54.590000 +CVE-2024-50168,0,1,77f0b60506aba9b5d4382735f5368818aab9bbded6bedfa6fd5c19a22380d800,2024-11-13T16:16:31.747000 CVE-2024-50169,0,0,71ebc371e37f5115cefa0d50394251542c39c050ba2e08435dde4a10f5e5462b,2024-11-08T19:01:03.880000 CVE-2024-5017,0,0,4bf66f9149c1825eb6053785aae4f79372d6014d70aef068fefc59f9d5142f99,2024-08-21T13:40:49.903000 -CVE-2024-50170,0,0,1d7786b1696d8e7fda3eaca44084eb44ed043685449d90cf7585d7dc4b7c9b31,2024-11-08T19:01:03.880000 +CVE-2024-50170,0,1,b19279938a507f4d9f29079eb798e8cf3be2433f212a1397ec7eb171b1b9e638,2024-11-13T16:44:31.073000 CVE-2024-50171,0,0,68485bc3416b9e19b07df2ea3f0808a0ef21c1ec9e029729c02ad46cf6bc04c8,2024-11-08T19:01:03.880000 -CVE-2024-50172,0,0,96fe67f6a7121a839db877b4d954aa1de14121fb47b7e41ca5c3b5a13f86b876,2024-11-08T19:01:03.880000 +CVE-2024-50172,0,1,1a611699b6c8fa8db8d175aa3c65b3ad06e65f6fbd0bfdb1d3b215d9e02535c0,2024-11-13T15:55:27.260000 CVE-2024-50173,0,0,4c970d12dd754ccb8104b90e1d492ededf628513a4a2ae610793a1225bf473a7,2024-11-08T19:01:03.880000 CVE-2024-50174,0,0,2c26938b83def25026558593a8de95056553d3b183731913b33322f9bdb4a9f2,2024-11-08T19:01:03.880000 CVE-2024-50175,0,0,c267b836a166805894a4c37ebf72dd55d9843a0ad632ba7edf4fdc2d3e0169a2,2024-11-08T19:01:03.880000 @@ -264962,7 +264971,7 @@ CVE-2024-50202,0,0,9863501b8e60c89f9e518dfb37b2552d9f633d49e18370e84bed41b8fa592 CVE-2024-50203,0,0,52211f6071bc7ee288aab747a5bcaa2f527ab614a7fb3f0fe187df05a3dd2b50,2024-11-08T19:01:03.880000 CVE-2024-50204,0,0,c529ce789a0771f96591e0ea930cf6052e71344c09f039ebcb1211b2c5f378bf,2024-11-08T19:01:03.880000 CVE-2024-50205,0,0,7ba13135156d7e20b690d426de3fc1cbafb30d7e3437aa970422228bbef885a3,2024-11-08T19:01:03.880000 -CVE-2024-50206,0,0,efdeaaa79f1fb8ebb4bdf08abddd81dc63f4568149d4e8a117965e92f12613ef,2024-11-08T19:01:03.880000 +CVE-2024-50206,0,1,fcc19a4fffbe5034be4ad713517887336a2e1957714f25908ee29435848d166c,2024-11-13T16:56:25.937000 CVE-2024-50207,0,0,3c3e6ca8261c6eb83cd0d29d9779bc64f3b6ae421320bc0cfc99e465cee05407,2024-11-08T19:01:03.880000 CVE-2024-50208,0,0,612fd195452dc05bcf220d3cc702a866814c53df6bbbfb573a7f40b3965646c1,2024-11-08T19:01:03.880000 CVE-2024-50209,0,0,8a8805a93a7ad4720dce18e0fc6a19c9829749a589bcab3a3e272b745ce158cb,2024-11-08T19:01:03.880000 @@ -265047,7 +265056,7 @@ CVE-2024-50327,0,0,2b40bb502f836073dced40ac05a4840c07f121493c2492038809eb643c37f CVE-2024-50328,0,0,f2c640c32afe1abb6d3c73e1c9541aa2fc816b737be721e25682ab5e4cb57100,2024-11-12T16:15:25.207000 CVE-2024-50329,0,0,4bf1f20748f3ad00581bd86caa8ed3a4ad0897ba32eaad21ef9f2a375f6fc12e,2024-11-12T16:15:25.383000 CVE-2024-5033,0,0,34cd1f889798bbfeb338d8d711a920994993596df17d9daf9b428477bffed7c1,2024-08-01T13:59:38.730000 -CVE-2024-50330,0,0,771ff2d5e100ab9210de0d27d4a40526cf5c5c2f269f70c5fa45a099f7bd6f72,2024-11-12T16:15:25.573000 +CVE-2024-50330,0,1,091a1b851de9ed60e4815c460f5d4634a6576d273a1f24bcc1dce9c232b783a0,2024-11-13T16:35:25 CVE-2024-50331,0,0,d5c844d0542128f3375f6be6d4c7604f8ac2699563b6027e946f5a0f510c54b7,2024-11-12T16:15:25.773000 CVE-2024-50332,0,0,9656d38bcfb11514c440d951a58b16e4a5fcba542ce41e8a3824831aeb409389,2024-11-06T18:17:17.287000 CVE-2024-50333,0,0,4401ab12299711f5c870abfc6cd15c77232e2aa5f01bc8c09f095498f866c9c7,2024-11-06T18:17:17.287000 @@ -265065,7 +265074,7 @@ CVE-2024-50346,0,0,fb25cbb7b8a23f8bc4a8f048afe511d7d942fe5a9bb027a602dbfa956ec82 CVE-2024-50347,0,0,27f16939f93088b46ca4735812513cca765a91a390b88a1aa60491d8fb6217f3,2024-11-01T12:57:03.417000 CVE-2024-50348,0,0,fa8a8e9e48d227df1afdc378e4ee00ffda2dd051bb15c8b477e290549096cb45,2024-11-06T14:49:46.073000 CVE-2024-5035,0,0,592ce94ebba91d65c9cac29085dbc465d14be23d13ac08f1e0101f9ce552a856,2024-05-29T05:16:08.793000 -CVE-2024-50353,0,0,c9a50181bc0403c3a3fc6ea2769936cf1180aab72223cab0848a096e189ab860,2024-11-01T12:57:03.417000 +CVE-2024-50353,0,1,ccbaa89f0150ad038f7930bf7da95bdebd48b8dd8438583bd87ed80c0a277898,2024-11-13T15:15:19.900000 CVE-2024-50354,0,0,5fe2cfed42eb75a8865a8b156fa958f7af02063c60312ccd6714684eb18cee96,2024-11-01T12:57:03.417000 CVE-2024-50356,0,0,1007ed397ecbfac0c7e4779187113696b4d36207eb77ee96ff22c8fde6a29757,2024-11-01T14:35:08.330000 CVE-2024-5036,0,0,e97b40bd40cf208c311323e6564cb1ded96d8cc433059436a8705289f1e02a66,2024-06-20T12:43:25.663000 @@ -265165,7 +265174,7 @@ CVE-2024-50488,0,0,92b5881a6f09aa9100cab7be6bd104b49f594c60708054bde44c913395051 CVE-2024-50489,0,0,052390e832091de8b4e86a61a6aab7bbd00e0054fa2778c6e9529e093b8eee4d,2024-10-31T00:16:07.977000 CVE-2024-5049,0,0,5a3f3841afc31b2308320d9a79229ff3b2e78886b62ff0b6a021008032b5bd1d,2024-05-17T18:35:35.070000 CVE-2024-50490,0,0,df5308d43aea0811e64f7f34c1741602a9a3be24440d41ba19ac9b091f537e4b,2024-10-29T14:34:04.427000 -CVE-2024-50491,0,1,7ab5671e156ab2e93dad9f340dcacd7650b9ee4249b49bbeddb386faf69d371f,2024-11-13T14:00:03.247000 +CVE-2024-50491,0,0,7ab5671e156ab2e93dad9f340dcacd7650b9ee4249b49bbeddb386faf69d371f,2024-11-13T14:00:03.247000 CVE-2024-50492,0,0,f159cac56066cb0613fe7474254cab2a396f1953a0559edf2bfc816cec9b09e6,2024-10-31T01:12:02.283000 CVE-2024-50493,0,0,1b86e41beced3d67b90f334d27db11237a706dc3447bbfcf4216e988a60b9a9c,2024-10-29T14:34:04.427000 CVE-2024-50494,0,0,9569aa1d34f7229fbd2091c58d08802086f733f20697c3538e6874d12444dba9,2024-10-29T14:34:04.427000 @@ -265244,7 +265253,7 @@ CVE-2024-5062,0,0,1dce1f93ce1b9242e76ae9cf090eb76ee6afadb656622c6eb5a578a5eb7601 CVE-2024-50623,0,0,71c6fad96d3194eba7d5d7edd081f9ad30cc6decd08744ac71e97f086f12f546,2024-10-30T21:35:11.373000 CVE-2024-50624,0,0,2f6d7cbc06ddd09de063e5bd0feef072f438fbd478c20a099bcf6256ed039f90,2024-10-30T21:35:12.223000 CVE-2024-5063,0,0,3ea00cb3f53084b2393e5a818811e5957f116b348338ce87a59f64292b187a9f,2024-06-04T19:20:57.760000 -CVE-2024-50634,0,0,1259534018b84fc966c6bbf71883176c6258839dafca0d12474268de67eb80a9,2024-11-08T19:01:03.880000 +CVE-2024-50634,0,1,b51bed2cbdafb47e43997329f84c20416d967781120359bc1bc6075ffd759ad7,2024-11-13T15:35:12.950000 CVE-2024-50636,0,0,2fc9138fa183119876b777928207f426f13352402fa782392dc2b828754f0184,2024-11-12T13:55:21.227000 CVE-2024-50637,0,0,7cb3fd4c2566fc1d1593156e77d24b90af6dfd042618185e839399543b673bed,2024-11-07T14:15:16.780000 CVE-2024-5064,0,0,d857d2e0ee5316e135c4045ce3a7ab1579933a9b029d66480995681ffcc21c71,2024-06-04T19:20:57.870000 @@ -265272,6 +265281,9 @@ CVE-2024-50810,0,0,7da23b2ab88a2657cb76543548549613aa1f561df30582c648f7520bf514f CVE-2024-50811,0,0,d8ef1ac40dcb898d28bb949cb8cb9a8ce73f83d8e224524d33d6a2ba92df335a,2024-11-12T13:56:54.483000 CVE-2024-5084,0,0,79705ce3d53f6e7c72da00fccc935c6da44be9bf4354c31cd8528afb5e0a643e,2024-05-24T01:15:30.977000 CVE-2024-5085,0,0,6942e3068671e85a9578eddbb7240c8706dd53cd6ec5670c5d4ddd91c950a30a,2024-05-24T01:15:30.977000 +CVE-2024-50852,1,1,77f2537990d2887c8954fe773dc836ecce5a1d8eec0488e7c0629c1b3146b16a,2024-11-13T15:15:08.897000 +CVE-2024-50853,1,1,9cbfc308606517d085a37da5aa04ecc5d12a6a15d8ad51f76884a5bfba7d9345,2024-11-13T15:15:08.953000 +CVE-2024-50854,1,1,cc2048da69cd7fdfc2007ef50c3ee5bbe8fb427d37f605ec1e121546e68a0ae3,2024-11-13T15:15:09.010000 CVE-2024-5086,0,0,cace1182cf9be3136b0c613ecdabc086a9a0b40661f04ebd6e230acc3565cbb0,2024-05-29T13:02:09.280000 CVE-2024-5087,0,0,1746857b68833d8900979ac8a67f81e6079dce1463e5a3122487cb2b7b074692,2024-10-31T18:26:54.500000 CVE-2024-5088,0,0,cba5e9039c2295e22c8cb155a75af3aef347c6e9813c2bf0c73f71f25ef00106,2024-05-20T13:00:34.807000 @@ -265284,7 +265296,11 @@ CVE-2024-5094,0,0,a6da916325cb7c5c0cbf108ef5f048d7004d52e417cf8850e363484a9b36d5 CVE-2024-5095,0,0,1588c0abfc34bbd50f97e7721e8e7ba42bb279c7cb42725ee04b715e36b1b7b7,2024-06-04T19:20:58.577000 CVE-2024-5096,0,0,5ed717834c38883681c6d180e391a0fccee5714f6ff3215bd896b6366e61be87,2024-06-04T19:20:58.687000 CVE-2024-50966,0,0,17999db3c119b65097d64bae028974d0e6d4cf5d6910c7a7a211536c5ff5b48a,2024-11-08T19:01:03.880000 +CVE-2024-50969,1,1,5d25e5ba28c79d5f1d6e498ac9e36c29ef4e3c2f8ae7339bb81724a37a47c512,2024-11-13T16:15:18.960000 CVE-2024-5097,0,0,f8c17c92eeab06c631c7e3bccbcd56a5be798bb0ae3554a5ecf4b2a49f948336,2024-06-04T19:20:58.787000 +CVE-2024-50970,1,1,725855e7276ba5c3469541ac44cc7a6d5992a1b627c3bc5e603351019037fdca,2024-11-13T16:15:19.043000 +CVE-2024-50971,1,1,5c7662004e632b161c76eb4661b688d4e9e2d6c7bf3cfd11e44722d474e6fcd6,2024-11-13T16:15:19.113000 +CVE-2024-50972,1,1,c2d4d1c1b46f7630efdfc47e78410a06598c715a5a4d25e7a4d9edae65e9f3c0,2024-11-13T16:15:19.180000 CVE-2024-5098,0,0,51bb68a404444dbad57c4444d3880f6dd34c8b10fc09ab7783a9da02fb8f5608,2024-06-04T19:20:58.887000 CVE-2024-50989,0,0,539ed9c0a64887e69fa9cae96035a115db3a8a96afe0045140278b0fb7737495,2024-11-12T18:35:31.437000 CVE-2024-5099,0,0,c449033239abbf7fd2bba4f64694ff77374623f364f0fa141d0a92a151a3ab2c,2024-06-04T19:20:58.993000 @@ -265327,13 +265343,13 @@ CVE-2024-51023,0,0,b12f806c39027dd585f6605b170e48144a3513f557c323acb9850f669a22c CVE-2024-51024,0,0,2602616b46cde149e40ad1ec2305c8463ebfa9f137264738865d2534ea931b9c,2024-11-05T20:35:25.253000 CVE-2024-51026,0,0,62fad2f07d50146e8433d063d38894194ce538e71bf191ac14b4c471f5cbc87a,2024-11-12T18:35:32.357000 CVE-2024-5103,0,0,aef0baf1fd7c527670ecf099c59b541b0a60e91a3e6b8de1c582546f74d7df46,2024-06-04T19:20:59.297000 -CVE-2024-51030,0,0,8864f5f848b4bd116cf6c117fc9413494345870c652480a21b492e7685b9b04b,2024-11-08T19:01:03.880000 +CVE-2024-51030,0,1,f2e747039aa1c94bb05e787f4d207222d754db12ded9f6bb6df83cbdf74d7a25,2024-11-13T16:47:16.060000 CVE-2024-51031,0,0,1e5ab5cf9c7a25d9afff4cfa33f3918bc3dcf7d5460284d217623f0076ca881a,2024-11-08T19:01:03.880000 CVE-2024-51032,0,0,ec7a3f58b1b13bff81847fdcad7b6dc259b873fcbfe047be514b3d445ebe4aca,2024-11-08T19:01:03.880000 CVE-2024-5104,0,0,8d4ff1d965ca43b16b77c8055dc82631e6e8123b480d913038100bbc16c5fc14,2024-06-04T19:20:59.397000 CVE-2024-5105,0,0,c1afcbdfab9cbf8b7401c36e665ea5449fdb0423f5baf719d1747abc02484d12,2024-06-04T19:20:59.500000 CVE-2024-51054,0,0,5f7e39a7aaba6174905b6372920760418cc96f41e26463faa8167a7c26d82367,2024-11-12T20:35:17.823000 -CVE-2024-51055,0,0,bc6e923abc09fb516723039d0c80e2e1c973506d67c4fd7e8b98b13ae600002a,2024-11-12T13:56:54.483000 +CVE-2024-51055,0,1,01ccd52478b3519c5dabbf4568ac988a576ee058f14d536ab175a95478255e40,2024-11-13T16:35:25.810000 CVE-2024-5106,0,0,0c609f41f655027086ae34a799c5dba7518161802bc29d490607b24bb6cca58b,2024-05-20T13:00:04.957000 CVE-2024-51060,0,0,402a659a58502cf6652d1569d08a8e1bb7141b9ef84b5e613167d10864e0cd4d,2024-11-01T17:35:08.443000 CVE-2024-51063,0,0,9e69a8a911d8071b54e4574d5d702b1952770d32179ac558a313a9f533d2704b,2024-11-01T17:35:09.657000 @@ -265359,7 +265375,7 @@ CVE-2024-51135,0,0,14e718ab6bbce05ef8372500586cdca65e1edc88403906fd3621efeb1c3a8 CVE-2024-51136,0,0,b7028b746c76b0b8db7064a5c94d8b9b8b4865b267652b712081099f88f87998,2024-11-06T19:31:15.230000 CVE-2024-5114,0,0,51655375bf74d88d0b44bf3106775b49d83b04b179d3446b4a92ffe727b17b66,2024-06-04T19:21:00.217000 CVE-2024-5115,0,0,566281473e2daa2487dd251e202869dc3059aeec07f7c63daa38b65c3bae3de7,2024-06-04T19:21:00.323000 -CVE-2024-51152,0,0,61a76bcbf6bd75d4afc028e09aa200a0b1945b75db18b8f83b3142e2484dc5e3,2024-11-08T19:01:03.880000 +CVE-2024-51152,0,1,186f2c98db7165a1eac5c8bb801ead284e924a32b6337f5253db5e1f9a0b7138,2024-11-13T15:35:14.280000 CVE-2024-51157,0,0,15c268449f10cd3f5e2b0f898333f8df5f6a7a275257a0f4491ba5cb90f1b17e,2024-11-12T13:56:54.483000 CVE-2024-5116,0,0,8edab88198021b2d3b9901d621d1dabac4b2933945eb225d0257a88c98ac3f15,2024-06-04T19:21:00.430000 CVE-2024-5117,0,0,8f71e5dda3348556d6b06143dcd47b79229dad0468d30aa7c38f8c5c1ecb8524,2024-06-04T19:21:00.547000 @@ -265778,10 +265794,17 @@ CVE-2024-5228,0,0,d7fb18ef663e7fbb963ee04e575f2bc258b900955c0912600676521519fad8 CVE-2024-52286,0,0,a006a0be971b0e96964504e5809b0d7c6410ed1592b8c4976d82ae2953104dc3,2024-11-12T13:55:21.227000 CVE-2024-52288,0,0,8f949332b60260488906ff1b8c70f9a1209d9b10278c3c334faa6ae7259272ba,2024-11-12T13:55:21.227000 CVE-2024-5229,0,0,787c92e076dbd9dca682f832ee22f0e31b439c91ed2d6b58a8c544f86d4189c3,2024-07-03T02:08:42.827000 +CVE-2024-52293,1,1,2c7453eaf4f326fa045fe624233b5d45c9ae6bdcc91b1a3f4215c7cea6693998,2024-11-13T16:15:19.307000 +CVE-2024-52295,1,1,b6cedfa174487fc74f60472a2f6f2d57122daf4d894a9873c22c5a0d2a873ab3,2024-11-13T16:15:19.550000 CVE-2024-52296,0,0,e1d3676ac45354462ec68621ba5d0e3065cda95d7796d7a3da6af17f09b9d248,2024-11-12T16:15:26.030000 CVE-2024-52297,0,0,476242ed3a5f6d85484bec0586307ad55a8c506bda5fa6246f3822c9b0f980d0,2024-11-12T16:15:26.230000 +CVE-2024-52298,1,1,4db3ec2539d3a81961fcab1afdf8c1d06bae7ffcf6103b8d87380368fd6b72ef,2024-11-13T16:15:19.713000 +CVE-2024-52299,1,1,17bf77c3daf29f55026c3bdec51993692866b3ecba8a9b9a23546e6ec69d860f,2024-11-13T16:15:19.990000 CVE-2024-5230,0,0,f45c8274ba28e0dc58bed98870ed092580a9c18662584e7c3debbd7f7cd359f4,2024-06-04T19:21:02.540000 -CVE-2024-52301,0,0,a5dc5b1e8b92237294807a0610767f88f65e07230cbfcc159531183490ed7794,2024-11-12T20:15:14.087000 +CVE-2024-52300,1,1,a05d79f9a0ae475e8d68f75c95e7e585ba8876a89930139f53d632f5d2e9ba7d,2024-11-13T16:15:20.240000 +CVE-2024-52301,0,1,b992071d6e9ee9de743eca95bc278f6f817fcb793efbf6a31746d95fe0d2614f,2024-11-13T15:35:15.693000 +CVE-2024-52305,1,1,1648801890d5fe4ec173ca5c5bef29df95b20224e6b0a382a9bf68825afe9f54,2024-11-13T16:15:20.473000 +CVE-2024-52306,1,1,18da2087e368f024044e62904b6414a7c2e4feac4917558c5143425e4c1f6a87,2024-11-13T16:15:20.723000 CVE-2024-5231,0,0,255bed42ab2a064a39e6f8c88880296d2f7a7d154f3db6dc7f4df2fa244d299f,2024-06-04T19:21:02.640000 CVE-2024-52311,0,0,440cc6f6193f2a4b57d7c7c4a4f4b3f01242ca6df6bc89770050e09d3b499acf,2024-11-12T13:56:54.483000 CVE-2024-52312,0,0,e095caa38b1d55aa1661d9e6b591e2f5164609c3e5c2884b5f60aa22d851bdcc,2024-11-12T13:56:54.483000 @@ -266870,9 +266893,9 @@ CVE-2024-6438,0,0,dda5c3ef0b29175f6296e0b89d7c12c3e07fe51c2f0cc30ea59ffede8f2663 CVE-2024-6439,0,0,17c8c0dedf84f798cc0f5ae1eb12bcfee8d03a9530b75eee07a6ecb983f8a09a,2024-07-02T17:58:39.773000 CVE-2024-6440,0,0,2c5be04f311531a7679fd469afc24458b735968d4c5b698cdcf03804f39d3eef,2024-07-02T17:58:15.410000 CVE-2024-6441,0,0,15383e1684ea64dc1d374e71fe60467b8bfc18bde94b0e73415ebe68688c2118,2024-07-02T17:44:45.700000 -CVE-2024-6442,0,0,d58033de190f84c06f1911337c55c18136c198fda1c9e49c55dd45b4e125c45f,2024-10-04T13:50:43.727000 +CVE-2024-6442,0,1,6d643420b91053bdc33be15a838bf050ad1b9a66e96593b14ec722c4860acf28,2024-11-13T16:04:42.603000 CVE-2024-6443,0,0,f94991d4bf2e119628e1914b252c0e9b52e3eda9423a8c9268bde20f09ae1f68,2024-11-12T19:29:43.793000 -CVE-2024-6444,0,0,ba0e95ea1c09a59af91663628d86e511ed5245425b381e9bbc862266cbfae283,2024-10-04T13:50:43.727000 +CVE-2024-6444,0,1,0595f9c6f4d5cbd95d88ae9ce202995d858453565bf2e417c334dbded88f2942,2024-11-13T15:24:28.657000 CVE-2024-6445,0,0,d4bd07ae9eba462d90eb79dcc7204c56bd4679ce8063eb2ebe32db5f30ce9fc7,2024-09-12T16:14:51.480000 CVE-2024-6446,0,0,40ba33596a31d7c54c56d318bcab067473a99b16234df2e24accf4e6227c9e31,2024-09-14T15:17:11.720000 CVE-2024-6447,0,0,45fe1e3b45bb9052a54143ac6931092e1b37ff897cd56aa11e3df59780bc06cb,2024-07-11T13:05:54.930000 @@ -267216,7 +267239,7 @@ CVE-2024-6862,0,0,073f5a8c1f8e2bec8087db878aed60d70af4b3c11209547716a8f3a82485e7 CVE-2024-6864,0,0,469a0ad039e39ca71e90d0d65b529134e06346783388106a10d2fa7d0b356379,2024-09-03T20:22:16.433000 CVE-2024-6865,0,0,cb8e3c3258edaecfb2408f04adfa69a3419179f287cf4fd0248689bfb8e952c7,2024-08-05T14:15:34.847000 CVE-2024-6867,0,0,97784f08d4711dc358ee536a5af5e617f34cad9ff3713963d54758397f7f7f62,2024-09-19T18:28:05.477000 -CVE-2024-6868,0,1,0999d19f10b52e012062841f0768307a3ef9150e06abd0b6318a66c0be34f29a,2024-11-13T14:43:33.037000 +CVE-2024-6868,0,0,0999d19f10b52e012062841f0768307a3ef9150e06abd0b6318a66c0be34f29a,2024-11-13T14:43:33.037000 CVE-2024-6869,0,0,cc765e0741eb808a23e90ee3171ba570febcbdba6db7038c79938ac8aebc9baa,2024-08-08T13:04:18.753000 CVE-2024-6870,0,0,b8787438d65804a2db5bbc8c04084c34ae58bc1819956a7afefdca8ed2b91985,2024-09-27T00:52:03.737000 CVE-2024-6872,0,0,9eb628e3a6d1ea0380e94dd099512f5a2f74ddb0ba75bf9a102e83ab13e260f5,2024-08-05T12:41:45.957000 @@ -267346,7 +267369,7 @@ CVE-2024-7006,0,0,e9b22d94c1d987f14202223e075626537518a066054d4c98d0331f98649e69 CVE-2024-7007,0,0,6c2603aae32d52f56620cb62e82bb337e026d3d4a4716b72dab9674c5cf4b216,2024-08-26T16:40:44.500000 CVE-2024-7008,0,0,e9008eac80639f6b75fc8244a6b0baab3d6a7fa095b7e9aa58d7626a117a490a,2024-08-19T17:19:25.390000 CVE-2024-7009,0,0,63b067a161bbf9c0630f63b1d51ac801565652e58cd58fdd4516392106a400e2,2024-08-19T17:18:50.290000 -CVE-2024-7010,0,1,b9030e6105f2ffc869b708ed513d4ddc4eedcb81d5f5bd0e8ee81645f2e9375e,2024-11-13T14:54:33.897000 +CVE-2024-7010,0,0,b9030e6105f2ffc869b708ed513d4ddc4eedcb81d5f5bd0e8ee81645f2e9375e,2024-11-13T14:54:33.897000 CVE-2024-7011,0,0,99ce7f2b3659c5d531a27a1468b259c3a2cc0e8369192e731629993addf70828,2024-11-05T20:35:26.370000 CVE-2024-7012,0,0,a44bf28aa4086113e2305dbe5b19c7911be8e5988385565b873f36daf3fb0872,2024-11-06T09:15:04.187000 CVE-2024-7013,0,0,b2d18f592f803beaaf02ae1066b68bd9f1fd65046672577949ac6ff9d71880f4,2024-08-21T12:30:33.697000 @@ -267558,6 +267581,7 @@ CVE-2024-7291,0,0,298cd3a818c66e9bf797d2d090f42649293656283b8daab213f19385b28931 CVE-2024-7292,0,0,c6586574d98723bfce9aab0ffb40a50c370ca310a8ecc5a7b60264326c1df59b,2024-10-15T14:50:16.800000 CVE-2024-7293,0,0,e3ddc51bf5c7a1090ebf7697ea2720e97cf5f8207cd9cda56863cc600f8dd924,2024-10-15T14:51:15.487000 CVE-2024-7294,0,0,ec28702a0e9b4b566c7b9b572f59dec918495878d4f805ed6b5c7868b0908e22,2024-10-15T14:51:43.663000 +CVE-2024-7295,1,1,8e29ba113091aa5c0a1bccd3ac9529ed05cdd80a36d96cf9fd8d9a0f615b04de,2024-11-13T16:15:20.960000 CVE-2024-7297,0,0,cb4ca8684118dc46d1f9724d628f899c3458badae695854f058e1eba8efe7ce6,2024-07-31T12:57:02.300000 CVE-2024-7299,0,0,18b86413af481c73d022a0c4ed8ac3628863652a0dcfb13bf199bbb5e4db4366,2024-07-31T16:15:05.217000 CVE-2024-7300,0,0,ec5bc420e71b7c17438e33b04329f442535c8be80d5b4025cfe5a0c36aea8bb7,2024-08-19T14:15:23.360000 @@ -267746,7 +267770,7 @@ CVE-2024-7512,0,0,64969c8356c27f20386cdfa0c38d50ded85817d5026c9d96e7d342b04fbd9f CVE-2024-7513,0,0,9e0dea33b007eccb273e626ffa6cce86e938d130dbfcfa937121ca05aa4099ce,2024-08-15T13:01:10.150000 CVE-2024-7514,0,0,655c87ffa4ff4008320c4821d9c63bb232bfab91cd0bfa739db07a9e11bd1757,2024-10-15T12:58:51.050000 CVE-2024-7515,0,0,3a174c853c7ff7ac11f06a078625d3fec604b25f74f3c9dd6a512b7295373686,2024-08-15T13:01:10.150000 -CVE-2024-7516,0,0,b8a9828413c70858a95301990cfaf7f068a5658466826d258c7cb604ce02b278,2024-11-12T19:15:18.753000 +CVE-2024-7516,0,1,16c639b09e0df049da8483ed601314d4b9a3858c78ae9a61cb23043e2562e4f8,2024-11-13T15:35:15.997000 CVE-2024-7518,0,0,9415ffd03a6bd0db1eeec3e299c6a6e287c86d70550126d9de8ce19171619aab,2024-10-29T20:35:43.097000 CVE-2024-7519,0,0,d6b76960785055c5e3c2658ffad1f8ba4c01f9383c9459dab1efa4da32737657,2024-08-12T16:04:20 CVE-2024-7520,0,0,f9e9090d09f3e3bdf7bb5b1e415fd5962f71ad30fc0e4e64eb0eb80aba152203,2024-08-12T16:04:46.790000 @@ -268185,6 +268209,7 @@ CVE-2024-8045,0,0,4f33bec2129e516f0590350db62def0ffeb2e64cb03de1e46d8b3d52953002 CVE-2024-8046,0,0,b737fce0801d82db74076beb4b2a2085f8323b47e71780060f37f6f5c3050f1a,2024-08-27T13:01:37.913000 CVE-2024-8047,0,0,b09ff33da28d13c746e9dd8622cb16da9ea9a8911cc13c3fef8877b81efca550,2024-09-27T21:25:08.523000 CVE-2024-8048,0,0,4c0a6b693b29ae89ab3279e89f5b6eea8d85c44e953e0e26d6d401732564a9f3,2024-10-15T14:56:24.687000 +CVE-2024-8049,1,1,426a23eaddd8d6cf274bc0213aacb211f9d18d8ac71867e6ff9660928931e033,2024-11-13T16:15:21.237000 CVE-2024-8051,0,0,b71bf2ca4f8ce5e1c295954092599db477d1b1f3bcba16081ac3f611e48934c5,2024-09-27T18:19:41.863000 CVE-2024-8052,0,0,d36ff2157e56024767ea82c9c1b8c76ab39601d237dbfd50c7fb1e6eeba7daeb,2024-09-27T16:55:57.383000 CVE-2024-8054,0,0,f7372d07d80e2782b99a1ec78381d10ed3eddb2361d69efd0f5544951feb686d,2024-09-27T21:29:57.607000 @@ -268193,7 +268218,7 @@ CVE-2024-8059,0,0,bdae740e9708e98c12d1deb7f7b4958a4e9e21cc3d70a47ecc6f19d9246061 CVE-2024-8064,0,0,9afbec42e91ccdf5ae5f9527bb691367cd47bbf3ee2caa0cb5423b43e5fdd860,2024-08-30T16:15:11.120000 CVE-2024-8067,0,0,21c0729ad9dc772677b9fbf75bb24db3bcf4512001a88b1eef9d39bf31f69153,2024-09-26T13:32:02.803000 CVE-2024-8068,0,0,df5bb5cbd57ee571f3a69df64a9005315a4220113d4ece4ae527c7a4c22e2236,2024-11-12T18:15:47.450000 -CVE-2024-8069,0,0,f54e8a7820a67cb4ee6825af332233688e897633a7f16db4082a6a76ee2050cc,2024-11-12T18:15:47.603000 +CVE-2024-8069,0,1,d7cf672417d4f271b53aeb6b6cefc5690c7b493ac88bd5e777c7811db6116d13,2024-11-13T16:35:26.703000 CVE-2024-8070,0,0,fe9b454067f74b13c9d22e1bfea14cc77320169fffe5e56dce182517c870c1a6,2024-10-15T12:57:46.880000 CVE-2024-8071,0,0,ac7c2c7e7df896f6bfe7f17a6e74f8de236e5ec843865384cdf53fde1e533098,2024-08-23T15:34:53.913000 CVE-2024-8072,0,0,08fafb0bed7b0568fefcb8938e0e01cf4acf3cb153d4b847bc3e1d9427344a62,2024-08-22T14:35:18.797000 @@ -269177,6 +269202,7 @@ CVE-2024-9470,0,0,13c3a583553fbf2e90723a5a0ed6f2354808c5a1753993b658aba04d0ed9b2 CVE-2024-9471,0,0,2517c360d1e41d9c7ea79e15df7f34465e8f98b985f9011876ffa34a1656df21,2024-10-15T16:55:45.090000 CVE-2024-9473,0,0,2610a860a1ec132e11b499793a273ee08374ba46887944874ff47b7b5fdd4588,2024-10-17T06:15:04.983000 CVE-2024-9475,0,0,273622ecfea8dd0cb8d3a034084a5946e50b2bee83443e844bae24857067e968,2024-10-28T13:58:09.230000 +CVE-2024-9477,1,1,d11a6c3a13b53cd45cda94a62ebe84774b80386a50818111b6936fce57315337,2024-11-13T15:15:09.493000 CVE-2024-9481,0,0,00fc2967ba19d907f5a39395cc30079db3ef641b613179e4b9951bd38c8d6817,2024-11-08T20:49:03.597000 CVE-2024-9482,0,0,761865a3338cb95ad6952db46fced2e0b200e6722c7208c63ea4447e2930458e,2024-11-08T20:49:58.077000 CVE-2024-9483,0,0,ad5fedd0cd72fbc18365b7b114267513d576cf1b98379267d7018d384a26ba96,2024-11-08T20:54:30.980000