admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-29T21:00:19.713996+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-29 21:03:20 +00:00
parent d3461e83b3
commit 4fe20b5371
134 changed files with 6038 additions and 614 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
CVE-2022/CVE-2022-303xx/CVE-2022-30356.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30356",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T17:15:03.387",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:35:01.120",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "OvalEdge 5.2.8.0 y versiones anteriores se ven afectadas por una vulnerabilidad de escalada de privilegios a trav\u00e9s de una solicitud POST a /user/assignuserrole mediante los par\u00e1metros userid y role. Se requiere autenticaci\u00f3n con el privilegio de rol OE_ADMIN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/privilege-escalation#cve-2022-30356",

41
CVE-2022/CVE-2022-303xx/CVE-2022-30358.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30358",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T17:15:03.507",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:35:03.073",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "OvalEdge 5.2.8.0 y versiones anteriores se ven afectadas por una vulnerabilidad de apropiaci\u00f3n de cuenta mediante una solicitud POST a /user/updatePassword mediante los par\u00e1metros userId y newPsw. Se requiere autenticaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30358",

41
CVE-2022/CVE-2022-303xx/CVE-2022-30359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30359",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T17:15:03.570",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:35:04.317",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "OvalEdge 5.2.8.0 y versiones anteriores se ven afectadas por una vulnerabilidad de exposici\u00f3n de datos confidenciales a trav\u00e9s de una solicitud GET a /user/getUserList. Se requiere autenticaci\u00f3n. La informaci\u00f3n divulgada est\u00e1 asociada con todos los usuarios registrados, incluidos el ID de usuario, el estado, la direcci\u00f3n de correo electr\u00f3nico, los roles, el tipo de usuario, el tipo de licencia y los detalles personales, como el nombre, el apellido, el g\u00e9nero y las preferencias del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30359",

41
CVE-2022/CVE-2022-303xx/CVE-2022-30360.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30360",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T17:15:03.630",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:35:05.583",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "OvalEdge 5.2.8.0 y versiones anteriores se ven afectadas por m\u00faltiples vulnerabilidades de XSS almacenado (tambi\u00e9n conocidas como persistentes o de tipo II) a trav\u00e9s de una solicitud POST a /profile/updateProfile mediante los par\u00e1metros slackid o phone. Se requiere autenticaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/stored-xss#cve-2022-30360",

41
CVE-2022/CVE-2022-303xx/CVE-2022-30361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-30361",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T17:15:03.700",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:35:06.847",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "OvalEdge 5.2.8.0 y versiones anteriores se ven afectadas por una vulnerabilidad de exposici\u00f3n de datos confidenciales a trav\u00e9s de una solicitud GET a /user/getUserType. No se requiere autenticaci\u00f3n. La informaci\u00f3n divulgada est\u00e1 asociada con el ID de usuario registrado, el estado, la direcci\u00f3n de correo electr\u00f3nico, los roles, el tipo de usuario, el tipo de licencia y los detalles personales, como el nombre, el apellido, el g\u00e9nero y las preferencias del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://cve.offsecguy.com/ovaledge/vulnerabilities/sensitive-data-exposure#cve-2022-30361",

27
CVE-2022/CVE-2022-487xx/CVE-2022-48731.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48731",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:11.517",
"lastModified": "2024-06-20T12:43:25.663",
"lastModified": "2024-10-29T19:35:01.210",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/kmemleak: evita escanear posibles agujeros enormes. Al usar devm_request_free_mem_region() y devm_memremap_pages() para agregar memoria ZONE_DEVICE, si se solicitaba, el pfn final de la regi\u00f3n de memoria libre era enorme (por ejemplo, 0x400000000), el node_end_pfn() tambi\u00e9n ser\u00e1 enorme (ver move_pfn_range_to_zone()). Por lo tanto, crea un enorme agujero entre node_start_pfn() y node_end_pfn(). Descubrimos que en algunas APU AMD, AMDKFD solicit\u00f3 una regi\u00f3n de memoria libre y cre\u00f3 un agujero enorme. En tal caso, el siguiente fragmento de c\u00f3digo simplemente estaba haciendo un bucle test_bit() ocupado en el enorme agujero. for (pfn = start_pfn; pfn < end_pfn; pfn++) { estructura p\u00e1gina *p\u00e1gina = pfn_to_online_page(pfn); si (!p\u00e1gina) contin\u00faa; ... } Entonces obtuvimos un bloqueo suave: perro guardi\u00e1n: ERROR: bloqueo suave - \u00a1CPU#6 bloqueada durante 26 segundos! [bash:1221] CPU: 6 PID: 1221 Comm: bash No contaminado 5.15.0-custom #1 RIP: 0010:pfn_to_online_page+0x5/0xd0 Seguimiento de llamadas:? kmemleak_scan+0x16a/0x440 kmemleak_write+0x306/0x3a0 ? common_file_perm+0x72/0x170 full_proxy_write+0x5c/0x90 vfs_write+0xb9/0x260 ksys_write+0x67/0xe0 __x64_sys_write+0x1a/0x20 do_syscall_64+0x3b/0xc0 Entry_SYSCALL_64_after_hwframe+0x4 4/0xae Hice algunas pruebas con el parche. (1) m\u00f3dulo amdgpu descargado antes del parche: usuario real 0m0.976s 0m0.000s sys 0m0.968s despu\u00e9s del parche: usuario real 0m0.981s 0m0.000s sys 0m0.973s (2) m\u00f3dulo amdgpu cargado antes del parche: real 0m35 .365s usuario 0m0.000s sys 0m35.354s despu\u00e9s del parche: real 0m1.049s usuario 0m0.000s sys 0m1.042s"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/352715593e81b917ce1b321e794549815b850134",

27
CVE-2022/CVE-2022-487xx/CVE-2022-48762.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48762",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-06-20T12:15:14.287",
"lastModified": "2024-06-20T12:43:25.663",
"lastModified": "2024-10-29T19:35:01.667",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: extable: corrige los \u00edndices de registro load_unaligned_zeropad() En ex_handler_load_unaligned_zeropad() extraemos err\u00f3neamente los datos y los \u00edndices de registro de direcciones de ex->type en lugar de ex->data. Como ex->type contendr\u00e1 EX_TYPE_LOAD_UNALIGNED_ZEROPAD (es decir, 4): * Siempre trataremos a X0 como el registro de direcci\u00f3n, ya que EX_DATA_REG_ADDR se extrae de los bits [9:5]. Por lo tanto, podemos intentar eliminar la referencia a una direcci\u00f3n arbitraria ya que X0 puede tener un valor arbitrario. * Siempre trataremos a X4 como el registro de datos, ya que EX_DATA_REG_DATA se extrae de los bits [4:0]. Por lo tanto, corromperemos X4 y provocaremos un comportamiento arbitrario dentro de load_unaligned_zeropad() y su llamador. Solucione este problema extrayendo ambos valores de ex->data como se pretend\u00eda originalmente. En una imagen QEMU habilitada para MTE, nos encontramos con el siguiente bloqueo: No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 Rastreo de llamadas: fixup_exception+0xc4/0x108 __do_kernel_fault+0x3c/0x268 do_tag_check_fault+0x3c/0x104 do_mem_abort+0x44/0 xf4 el1_abort+ 0x40/0x64 el1h_64_sync_handler+0x60/0xa0 el1h_64_sync+0x7c/0x80 link_path_walk+0x150/0x344 path_openat+0xa0/0x7dc do_filp_open+0xb8/0x168 do_sys_openat2+0x88/0x17c __arm64_s ys_openat+0x74/0xa0 invoke_syscall+0x48/0x148 el0_svc_common+0xb8/0xf8 do_el0_svc+ 0x28/0x88 el0_svc+0x24/0x84 el0t_64_sync_handler+0x88/0xec el0t_64_sync+0x1b4/0x1b8 C\u00f3digo: f8695a69 71007d1f 540000e0 927df12a (f940014a)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3758a6c74e08bdc15ccccd6872a6ad37d165239a",

27
CVE-2023/CVE-2023-202xx/CVE-2023-20248.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20248",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-04-24T21:15:46.510",
"lastModified": "2024-04-25T13:18:20.370",
"lastModified": "2024-10-29T20:35:08.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Una vulnerabilidad en la interfaz de administraci\u00f3n basada en web del software Cisco TelePresence Management Suite (TMS) podr\u00eda permitir que un atacante remoto autenticado lleve a cabo un ataque de cross-site scripting (XSS) contra un usuario de la interfaz. Esta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente por parte de la interfaz de administraci\u00f3n basada en web. Un atacante podr\u00eda aprovechar esta vulnerabilidad insertando datos maliciosos en un campo de datos espec\u00edfico de la interfaz. Un exploit exitoso podr\u00eda permitir al atacante ejecutar c\u00f3digo de script arbitrario en el contexto de la interfaz afectada o acceder a informaci\u00f3n confidencial basada en el navegador."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "ykramarz@cisco.com",

14
CVE-2023/CVE-2023-205xx/CVE-2023-20513.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-20513",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-08-13T17:15:19.150",
"lastModified": "2024-08-14T02:07:05.410",
"lastModified": "2024-10-29T19:35:02.140",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6005.html",

14
CVE-2023/CVE-2023-214xx/CVE-2023-21405.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21405",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-07-25T08:15:09.927",
"lastModified": "2023-08-02T18:43:09.213",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:03.677",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-214xx/CVE-2023-21406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21406",
"sourceIdentifier": "product-security@axis.com",
"published": "2023-07-25T08:15:10.003",
"lastModified": "2023-08-02T03:53:46.127",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:04.477",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-233xx/CVE-2023-23346.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23346",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-09T19:15:14.500",
"lastModified": "2023-08-15T19:58:44.960",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:05.173",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "CWE-327"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-233xx/CVE-2023-23347.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23347",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-08-09T20:15:09.903",
"lastModified": "2023-08-16T17:00:58.277",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:08.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "CWE-327"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-327"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-233xx/CVE-2023-23348.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23348",
"sourceIdentifier": "psirt@hcl.com",
"published": "2023-07-10T18:15:10.637",
"lastModified": "2023-07-19T15:48:28.893",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:09.140",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-234xx/CVE-2023-23437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23437",
"sourceIdentifier": "3836d913-7555-4dd0-a509-f5667fdf5fe4",
"published": "2023-12-29T03:15:10.020",
"lastModified": "2024-01-04T23:28:07.187",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:09.880",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-237xx/CVE-2023-23702.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23702",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:07.827",
"lastModified": "2023-11-14T15:27:43.113",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:10.747",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},

14
CVE-2023/CVE-2023-251xx/CVE-2023-25189.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25189",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-25T16:15:06.827",
"lastModified": "2024-09-26T13:32:02.803",
"lastModified": "2024-10-29T19:35:05.910",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-25189/",

14
CVE-2023/CVE-2023-321xx/CVE-2023-32189.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32189",
"sourceIdentifier": "meissner@suse.de",
"published": "2024-10-16T14:15:04.140",
"lastModified": "2024-10-16T16:38:14.557",
"lastModified": "2024-10-29T20:35:10.940",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -83,6 +83,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-32189",

14
CVE-2023/CVE-2023-322xx/CVE-2023-32261.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-32261",
"sourceIdentifier": "security@opentext.com",
"published": "2023-07-19T16:15:09.737",
"lastModified": "2023-07-28T14:23:01.077",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:11.680",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

1151
CVE-2023/CVE-2023-324xx/CVE-2023-32475.json
View File

File diff suppressed because it is too large Load Diff

14
CVE-2023/CVE-2023-340xx/CVE-2023-34056.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34056",
"sourceIdentifier": "security@vmware.com",
"published": "2023-10-25T18:17:27.953",
"lastModified": "2023-10-31T15:18:37.153",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:06.640",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-359xx/CVE-2023-35983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35983",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-07-27T00:15:15.133",
"lastModified": "2023-08-02T00:46:23.367",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:07.507",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-359xx/CVE-2023-35990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-35990",
"sourceIdentifier": "product-security@apple.com",
"published": "2023-09-27T15:18:52.980",
"lastModified": "2023-10-12T02:12:41.530",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:08.297",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-374xx/CVE-2023-37439.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37439",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:38.817",
"lastModified": "2023-08-29T15:12:00.960",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:12.410",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-374xx/CVE-2023-37440.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37440",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-08-22T19:16:38.907",
"lastModified": "2023-08-29T15:25:40.923",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:13.140",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-375xx/CVE-2023-37521.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-37521",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-01-16T16:15:10.893",
"lastModified": "2024-01-23T14:21:58.337",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:13.863",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-417xx/CVE-2023-41723.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41723",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-11-07T07:15:10.420",
"lastModified": "2023-11-14T20:30:54.470",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:10.820",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -71,6 +71,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-456xx/CVE-2023-45626.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45626",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2023-11-14T23:15:11.410",
"lastModified": "2023-11-21T19:58:43.770",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:11.560",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-457xx/CVE-2023-45746.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45746",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-10-30T05:15:09.993",
"lastModified": "2023-11-08T12:49:08.920",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:12.283",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

24
CVE-2023/CVE-2023-466xx/CVE-2023-46613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46613",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.367",
"lastModified": "2023-11-15T03:37:23.457",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:12.497",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

24
CVE-2023/CVE-2023-466xx/CVE-2023-46621.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46621",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.470",
"lastModified": "2023-11-15T14:35:21.467",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:12.687",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

24
CVE-2023/CVE-2023-466xx/CVE-2023-46640.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46640",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T16:15:10.763",
"lastModified": "2023-11-14T21:36:12.310",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:12.860",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

24
CVE-2023/CVE-2023-466xx/CVE-2023-46643.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46643",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-08T17:15:07.860",
"lastModified": "2023-11-15T17:37:46.157",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:13.037",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

12
CVE-2023/CVE-2023-467xx/CVE-2023-46753.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46753",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-26T05:15:26.127",
"lastModified": "2024-04-28T07:15:08.623",
"lastModified": "2024-10-29T20:35:14.587",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-467xx/CVE-2023-46782.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46782",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:07.987",
"lastModified": "2023-11-14T15:27:33.713",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:13.217",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

24
CVE-2023/CVE-2023-467xx/CVE-2023-46783.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46783",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.060",
"lastModified": "2023-11-14T15:27:27.733",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:13.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

24
CVE-2023/CVE-2023-468xx/CVE-2023-46802.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46802",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-11-06T02:15:07.333",
"lastModified": "2023-11-14T15:30:13.830",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:13.620",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

24
CVE-2023/CVE-2023-468xx/CVE-2023-46822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46822",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.200",
"lastModified": "2023-11-14T17:05:20.447",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:13.987",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

24
CVE-2023/CVE-2023-468xx/CVE-2023-46824.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-46824",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-11-06T10:15:08.330",
"lastModified": "2023-11-14T17:05:13.743",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T19:35:14.480",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},

69
CVE-2023/CVE-2023-68xx/CVE-2023-6876.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6876",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T02:15:08.933",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T19:50:53.943",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
},
{
"source": "security@wordfence.com",
"type": "Secondary",
@ -39,18 +59,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nayrathemes:clever_fox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "25.2.1",
"matchCriteriaId": "FF693F4C-5F67-481D-8E82-EE49F1FC8D20"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/clever-fox/trunk/clever-fox.php#L539",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e1f94d9-8be6-4174-90a5-820c0207a2fa?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-104xx/CVE-2024-10406.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10406",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-26T22:15:02.480",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:48:36.967",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A334E610-B489-4A7C-B31A-1132B26FFF0B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/K1nako0/tmp_vuln7/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.281936",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281936",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431335",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

70
CVE-2024/CVE-2024-104xx/CVE-2024-10407.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10407",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T00:15:12.703",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:47:53.667",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:mayurik:petrol_pump_management:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A334E610-B489-4A7C-B31A-1132B26FFF0B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/K1nako0/tmp_vuln8/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.281937",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281937",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431336",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

71
CVE-2024/CVE-2024-104xx/CVE-2024-10408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10408",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T03:15:02.947",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:44:07.630",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/higordiego/46090516ba1b13fe3d2607ab4c0114f1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281938",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281938",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431491",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

71
CVE-2024/CVE-2024-104xx/CVE-2024-10409.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10409",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T03:15:03.653",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:42:02.603",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/higordiego/5f927c5e0502b4ec31b3f7ef12556942",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281939",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281939",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431494",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

71
CVE-2024/CVE-2024-104xx/CVE-2024-10410.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10410",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T04:15:02.617",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:41:20.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBD2F8A-02C4-4E06-87E0-D71F51952B0F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/K1nako0/tmp_vuln9/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281953",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281953",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431502",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

70
CVE-2024/CVE-2024-104xx/CVE-2024-10411.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10411",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T05:15:02.903",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:28:25.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBD2F8A-02C4-4E06-87E0-D71F51952B0F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/K1nako0/tmp_vuln10/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.281940",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281940",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431586",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

66
CVE-2024/CVE-2024-104xx/CVE-2024-10412.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10412",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T08:15:02.540",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T20:40:13.753",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,22 +140,56 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:poco-z:guns-medial:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "45C434BF-8FFD-44DF-A336-72968B8EE15A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Poco-z/Guns-Medical/issues/15",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281941",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281941",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.427005",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

70
CVE-2024/CVE-2024-104xx/CVE-2024-10413.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10413",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T10:15:02.627",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T20:33:27.950",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:online_hotel_reservation_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1EBD2F8A-02C4-4E06-87E0-D71F51952B0F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/K1nako0/tmp_vuln11/blob/main/README.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://vuldb.com/?ctiid.281954",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281954",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431595",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://www.sourcecodester.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
}
]
}

71
CVE-2024/CVE-2024-104xx/CVE-2024-10414.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10414",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T11:15:02.407",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T20:46:10.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:vehicle_record_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4C526E65-D52A-44FC-9193-8544B55EB158"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jadu101/CVE/blob/main/phpgurukul_vehicle_record_system_edit_brand_xss.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.281955",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281955",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431623",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

71
CVE-2024/CVE-2024-104xx/CVE-2024-10415.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10415",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T12:15:02.600",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T20:26:06.347",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/higordiego/2aba05ef2277d85ea4148dc42189eae0",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281956",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281956",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431685",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

81
CVE-2024/CVE-2024-104xx/CVE-2024-10416.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10416",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T13:15:02.277",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T20:21:17.490",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -109,6 +129,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +150,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/higordiego/18cf04067697c8ceb2cba68980139dcc",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281957",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281957",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431686",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

71
CVE-2024/CVE-2024-104xx/CVE-2024-10417.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10417",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-27T13:15:02.590",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-29T20:19:03.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -120,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fabianros:blood_bank_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "074BD804-92B2-445A-9A77-DE019D9E8A13"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://gist.github.com/higordiego/bf0cf963ec56cfe0dcaba2956352bafd",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281958",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281958",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.431781",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

49
CVE-2024/CVE-2024-16xx/CVE-2024-1689.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1689",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T02:15:09.203",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T19:49:01.637",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -39,18 +39,57 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themefarmer:woocommerce_tools:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "1.2.10",
"matchCriteriaId": "F1DFEB74-3723-41C2-B879-1BF4B503768D"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/woo-tools/trunk/admin/admin-init.php#L61",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3098165%40woo-tools&new=3098165%40woo-tools&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3830c901-be36-4c4b-976b-d388b6af0c67?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-17xx/CVE-2024-1768.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1768",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T03:15:09.237",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T19:44:53.940",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -39,14 +59,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nayrathemes:clever_fox:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "25.2.1",
"matchCriteriaId": "FF693F4C-5F67-481D-8E82-EE49F1FC8D20"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3096085%40clever-fox&new=3096085%40clever-fox&sfp_email=&sfph_mail=#file1",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/16af8724-595c-4daa-80bd-8125a32cc502?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-19xx/CVE-2024-1988.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1988",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-06-07T04:15:25.850",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T19:54:30.767",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,8 +18,28 @@
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -39,14 +59,50 @@
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pickplugins:post_grid:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.2.81",
"matchCriteriaId": "E1454775-F754-4C6E-B469-F86E71AECE72"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3084503/post-grid/tags/2.2.81/includes/blocks/accordion-nested-item/index.php",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e49da9e7-26a1-442b-b5d0-1da3bcf0e8c9?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-217xx/CVE-2024-21727.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21727",
"sourceIdentifier": "security@joomla.org",
"published": "2024-02-15T07:15:11.167",
"lastModified": "2024-02-15T14:28:31.380",
"lastModified": "2024-10-29T19:35:15.020",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Vulnerabilidad XSS en el componente Calendario DP para Joomla."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@joomla.org",

63
CVE-2024/CVE-2024-241xx/CVE-2024-24199.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24199",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.567",
"lastModified": "2024-06-07T14:56:05.647",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T19:26:03.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,66 @@
"value": "Se descubri\u00f3 que el commit 54b4dc de smartdns conten\u00eda una direcci\u00f3n desalineada en smartdns/src/dns.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pymumu:smartdns:45:*:*:*:*:*:*:*",
"matchCriteriaId": "F7567279-7406-4D75-A9BA-4723E6C33110"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pymumu/smartdns/issues/1628",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
]
}
]
}

39
CVE-2024/CVE-2024-251xx/CVE-2024-25197.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25197",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-20T14:15:09.213",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-10-29T20:35:16.730",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que las versiones humildes de Open Robotics Robotic Operating Sytstem 2 (ROS2) y Nav2 conten\u00edan una desreferencia de puntero NULL a trav\u00e9s de la funci\u00f3n isCurrent() en /src/layered_costmap.cpp."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/ros-planning/navigation2/issues/3940",

39
CVE-2024/CVE-2024-255xx/CVE-2024-25580.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25580",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T03:15:12.007",
"lastModified": "2024-03-27T12:29:30.307",
"lastModified": "2024-10-29T20:35:17.633",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en gui/util/qktxhandler.cpp en Qt antes de 5.15.17, 6.x antes de 6.2.12, 6.3.x hasta 6.5.x antes de 6.5.5 y 6.6.x antes de 6.6.2. Se puede producir un desbordamiento del b\u00fafer y un bloqueo de la aplicaci\u00f3n a trav\u00e9s de un archivo de imagen KTX manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.qt.io/blog/security-advisory-potential-buffer-overflow-when-reading-ktx-images",

39
CVE-2024/CVE-2024-256xx/CVE-2024-25662.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25662",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:05:59.287",
"lastModified": "2024-05-14T16:13:02.773",
"lastModified": "2024-10-29T20:35:18.547",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Oxygen XML Web Author v26.0.0 y anteriores y Oxygen Content Fusion v6.1 y anteriores son vulnerables a Cross-Site Scripting (XSS) para URL maliciosas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.oxygenxml.com/security/advisory/SYNC-2024-020601.html",

39
CVE-2024/CVE-2024-301xx/CVE-2024-30176.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30176",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-01T18:15:19.500",
"lastModified": "2024-05-01T19:50:25.633",
"lastModified": "2024-10-29T20:35:19.470",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En Logpoint anterior a 7.4.0, un atacante puede enumerar una lista v\u00e1lida de nombres de usuario utilizando URL de widgets compartidos expuestas p\u00fablicamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://logpoint.com",

39
CVE-2024/CVE-2024-355xx/CVE-2024-35563.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35563",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T17:15:11.130",
"lastModified": "2024-05-29T13:02:09.280",
"lastModified": "2024-10-29T20:35:20.270",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que CDG-Server-V5.6.2.126.139 y anteriores contienen una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro permisoId en CDGTempPermissions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "http://cdg.com",

27
CVE-2024/CVE-2024-357xx/CVE-2024-35796.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35796",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:11.673",
"lastModified": "2024-06-25T22:15:30.627",
"lastModified": "2024-10-29T20:35:21.073",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: net:ll_temac: platform_get_resource reemplazada por una funci\u00f3n incorrecta La funci\u00f3n platform_get_resource fue reemplazada por devm_platform_ioremap_resource_byname y se llama usando 0 como nombre. Esto eventualmente termina en platform_get_resource_byname en la pila de llamadas, donde genera un puntero null en strcmp. if (type == Resource_type(r) && !strcmp(r->name, name)) Deber\u00eda haber sido reemplazado por devm_platform_ioremap_resource."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3a38a829c8bc27d78552c28e582eb1d885d07d11",

27
CVE-2024/CVE-2024-358xx/CVE-2024-35809.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35809",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:14.730",
"lastModified": "2024-06-27T13:15:58.890",
"lastModified": "2024-10-29T20:35:21.370",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI/PM: drena las devoluciones de llamada inactivas en tiempo de ejecuci\u00f3n antes de eliminar el controlador. Una condici\u00f3n de ejecuci\u00f3n entre la devoluci\u00f3n de llamada .runtime_idle() y la devoluci\u00f3n de llamada .remove() en el controlador PCI rtsx_pcr conduce a un crash de kernel debido a un error de p\u00e1gina no controlado [1]. El problema es que no se espera que rtsx_pci_runtime_idle() se ejecute despu\u00e9s de llamar a pm_runtime_get_sync(), pero esto \u00faltimo realmente no garantiza eso. Solo garantiza que las devoluciones de llamada de suspensi\u00f3n y reanudaci\u00f3n no se ejecutar\u00e1n cuando regrese. Sin embargo, si ya se est\u00e1 ejecutando una devoluci\u00f3n de llamada .runtime_idle() cuando se llama a pm_runtime_get_sync(), este \u00faltimo notar\u00e1 que el estado de PM en tiempo de ejecuci\u00f3n del dispositivo es RPM_ACTIVE y regresar\u00e1 de inmediato sin esperar a que se complete el primero. De hecho, no puede esperar a que se complete .runtime_idle() porque puede ser llamado desde esa devoluci\u00f3n de llamada (podr\u00eda decirse que no tiene mucho sentido hacerlo, pero no est\u00e1 estrictamente prohibido). Por lo tanto, en general, quien proporciona una devoluci\u00f3n de llamada .runtime_idle() debe protegerla para que no se ejecute en paralelo con cualquier c\u00f3digo que se ejecute despu\u00e9s de pm_runtime_get_sync(). [Tenga en cuenta que .runtime_idle() no se iniciar\u00e1 despu\u00e9s de que pm_runtime_get_sync() haya regresado, pero puede continuar ejecut\u00e1ndose si comenz\u00f3 antes.] Una forma de abordar esa condici\u00f3n de ejecuci\u00f3n es llamar a pm_runtime_barrier() despu\u00e9s de pm_runtime_get_sync() (no antes porque es necesario un valor distinto de cero del contador de uso de PM en tiempo de ejecuci\u00f3n para evitar que se invoquen devoluciones de llamada de PM en tiempo de ejecuci\u00f3n) para esperar a que se complete la devoluci\u00f3n de llamada .runtime_idle() en caso de que se est\u00e9 ejecutando en ese punto. Un lugar adecuado para hacerlo es pci_device_remove() que llama a pm_runtime_get_sync() antes de eliminar el controlador, por lo que tambi\u00e9n puede llamar a pm_runtime_barrier() posteriormente, lo que evitar\u00e1 que se produzca la ejecuci\u00f3n en cuesti\u00f3n, no s\u00f3lo en el controlador rtsx_pcr, sino en cualquier controlador PCI que proporcione devoluciones de llamada .runtime_idle()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/47d8aafcfe313511a98f165a54d0adceb34e54b1",

27
CVE-2024/CVE-2024-358xx/CVE-2024-35833.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35833",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:19.930",
"lastModified": "2024-06-25T23:15:30.767",
"lastModified": "2024-10-29T20:35:21.597",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dmaengine: fsl-qdma: corregida una p\u00e9rdida de memoria relacionada con el comando de cola DMA. Este dma_alloc_coherent() no se deshace ni en la funci\u00f3n de eliminaci\u00f3n ni en la ruta de manejo de errores de fsl_qdma_probe() . Cambie a la versi\u00f3n administrada para solucionar ambos problemas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/15eb996d7d13cb72a16389231945ada8f0fef2c3",

27
CVE-2024/CVE-2024-358xx/CVE-2024-35859.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35859",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T15:15:23.530",
"lastModified": "2024-05-17T18:35:35.070",
"lastModified": "2024-10-29T20:35:21.800",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bloquear: reparar la fuga de referencia del m\u00f3dulo de la ruta de error bdev_open_by_dev. En el momento en que se llama a bdev_may_open(), la referencia del m\u00f3dulo ya est\u00e1 tomada, por lo tanto, la referencia del m\u00f3dulo debe liberarse si bdev_may_open() fallo. Este problema se encuentra mediante la revisi\u00f3n del c\u00f3digo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0e9327c67410b129bf85e5c3a5aaea518328636f",

27
CVE-2024/CVE-2024-358xx/CVE-2024-35898.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35898",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-19T09:15:10.723",
"lastModified": "2024-06-27T12:15:26.020",
"lastModified": "2024-10-29T20:35:21.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: netfilter: nf_tables: corrige una posible ejecuci\u00f3n de datos en __nft_flowtable_type_get() nft_unregister_flowtable_type() dentro de nf_flow_inet_module_exit() puede coincidir con __nft_flowtable_type_get() dentro de nf_tables_newflowtable(). Y no hay ninguna protecci\u00f3n cuando se itera sobre la lista nf_tables_flowtables en __nft_flowtable_type_get(). Por lo tanto, existe una posible ejecuci\u00f3n de datos de la entrada de la lista nf_tables_flowtables. Utilice list_for_each_entry_rcu() para iterar sobre la lista nf_tables_flowtables en __nft_flowtable_type_get() y utilice rcu_read_lock() en el llamador nft_flowtable_type_get() para proteger todo el proceso de consulta de tipos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/24225011d81b471acc0e1e315b7d9905459a6304",

27
CVE-2024/CVE-2024-359xx/CVE-2024-35903.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35903",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-19T09:15:11.117",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-10-29T20:35:22.193",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86/bpf: corrige la IP despu\u00e9s de emitir la contabilidad de profundidad de llamadas. Ajuste la IP pasada a `emit_patch` para que calcule el desplazamiento correcto para la instrucci\u00f3n CALL si `x86_call_ Depth_emit_accounting` emite c\u00f3digo. De lo contrario, nos saltaremos algunas instrucciones y lo m\u00e1s probable es que fallemos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/3f9d57c771656bfd651e22edcfdb5f60e62542d4",

27
CVE-2024/CVE-2024-359xx/CVE-2024-35910.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35910",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-19T09:15:11.617",
"lastModified": "2024-06-27T12:15:26.153",
"lastModified": "2024-10-29T20:35:22.403",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: tcp: termina correctamente los temporizadores para los sockets del kernel. Recibimos varios informes de syzbot sobre los temporizadores tcp que se activan despu\u00e9s de que se han desmantelado las redes correspondientes. Afortunadamente, Josef Bacik pudo provocar el problema con m\u00e1s frecuencia y pudo probar un parche que escrib\u00ed hace dos a\u00f1os. Cuando los sockets TCP est\u00e1n cerrados, llamamos a inet_csk_clear_xmit_timers() para \"detener\" los temporizadores. Se puede llamar a inet_csk_clear_xmit_timers() desde cualquier contexto, incluso cuando se mantiene el bloqueo del socket. Esta es la raz\u00f3n por la que usa sk_stop_timer(), tambi\u00e9n conocido como del_timer(). Esto significa que los cron\u00f3metros en curso podr\u00edan finalizar mucho m\u00e1s tarde. Para los sockets de usuario, esto est\u00e1 bien porque cada temporizador en ejecuci\u00f3n tiene una referencia en el socket, y el socket de usuario tiene una referencia en las redes. Para los sockets del kernel, corremos el riesgo de que la red se libere antes de que se complete el temporizador, porque los sockets del kernel no mantienen referencias en las redes. Este parche agrega la funci\u00f3n inet_csk_clear_xmit_timers_sync() que usa sk_stop_timer_sync() para garantizar que todos los temporizadores finalicen antes de que se libere el socket del kernel. Los m\u00f3dulos que utilizan sockets del kernel los cierran en su controlador netns exit(). Tambi\u00e9n agregue el asistente sock_not_owned_by_me() para obtener soporte LOCKDEP: no se debe llamar a inet_csk_clear_xmit_timers_sync() mientras se mantiene el bloqueo del socket. Es muy posible que podamos revertir en el futuro la confirmaci\u00f3n 3a58f13a881e (\"net: rds: adquirir refcount en sockets TCP\") que intent\u00f3 resolver el problema solo en rds. (net/smc/af_smc.c y net/mptcp/subflow.c tienen c\u00f3digo similar) Probablemente podamos eliminar las pruebas check_net() de tcp_out_of_resources() y __tcp_close() en el futuro."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/151c9c724d05d5b0dd8acd3e11cb69ef1f2dbada",

27
CVE-2024/CVE-2024-359xx/CVE-2024-35913.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35913",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-19T09:15:11.837",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-10-29T20:35:22.610",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: mvm: elige la versi\u00f3n de SESSION_PROTECTION_NOTIF Cuando queremos saber si debemos buscar el mac_id o el link_id en la estructura iwl_mvm_session_prot_notif, debemos mirar la versi\u00f3n de SESSION_PROTECTION_NOTIF . Esto provoca ADVERTENCIAS: ADVERTENCIA: CPU: 0 PID: 11403 en drivers/net/wireless/intel/iwlwifi/mvm/time-event.c:959 iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] RIP:iwl_mvm_rx_session_protect_notif+0x 333/0x340 [ iwlmvm] C\u00f3digo: 00 49 c7 84 24 48 07 00 00 00 00 00 00 41 c6 84 24 78 07 00 00 ff 4c 89 f7 e8 e9 71 54 d9 e9 7d fd ff ff 0f 0b e9 23 fe ff ff <0f> 0b e9 1c fe ff ff 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffb4bb00003d40 EFLAGS: 00010202 RAX: 0000000000000000 RBX: ffff9ae63a 361000 RCX: ffff9ae4a98b60d4 RDX: ffff9ae4588499c0 RSI: 0000000000000305 RDI: ffff9ae4a98b6358 RBP: ffffb4bb00003d68 R08 : 0000000000000003 R09: 0000000000000010 R10: ffffb4bb00003d00 R11: 000000000000000f R12: ffff9ae441399050 R13: ffff9ae4761329e8 R14: 000000000001 R15: 0000000000000000 FS: 0000000000000000(0000) GS:ffff9ae7af400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 0000000080050033 CR2: 000055fb75680018 CR3: 00000003dae32006 CR4: 0000000000f70ef0 PKRU: 55555554 Seguimiento de llamadas: ? show_regs+0x69/0x80? __advertir+0x8d/0x150 ? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] ? report_bug+0x196/0x1c0? handle_bug+0x45/0x80? exc_invalid_op+0x1c/0xb0? asm_exc_invalid_op+0x1f/0x30? iwl_mvm_rx_session_protect_notif+0x333/0x340 [iwlmvm] iwl_mvm_rx_common+0x115/0x340 [iwlmvm] iwl_mvm_rx_mq+0xa6/0x100 [iwlmvm] iwl_pcie_rx_handle+0x263/0xa10 wifi] iwl_pcie_napi_poll_msix+0x32/0xd0 [iwlwifi]"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/222abd95f503e28c0404e596291fe472fe90929c",

27
CVE-2024/CVE-2024-359xx/CVE-2024-35927.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35927",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-19T11:15:48.860",
"lastModified": "2024-06-16T13:15:52.210",
"lastModified": "2024-10-29T20:35:22.800",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: Verifique el sondeo de salida inicializado antes de deshabilitarlo. En drm_kms_helper_poll_disable() verifique si el soporte de sondeo de salida est\u00e1 inicializado antes de deshabilitar el sondeo. Si no, marca esto como una advertencia. Adem\u00e1s, en las llamadas drm_mode_config_helper_suspend() y drm_mode_config_helper_resume(), que son los llamadores de estas funciones, evite invocarlas si el sondeo no est\u00e1 inicializado. Para controladores como hyperv-drm, que no inicializan el sondeo del conector, si se llama a suspender sin esta verificaci\u00f3n, se produce una falla de suspensi\u00f3n con la siguiente pila [770.719392] Congelando las tareas restantes que se pueden congelar... (transcurridos 0,001 segundos) realizadas. [770.720592] printk: Suspensi\u00f3n de consola(s) (use no_console_suspend para depurar) [770.948823] ------------[ cortar aqu\u00ed ]------------ [ 770.948824] ADVERTENCIA: CPU: 1 PID: 17197 en kernel/workqueue.c:3162 __flush_work.isra.0+0x212/0x230 [770.948831] M\u00f3dulos vinculados en: rfkill nft_counter xt_conntrack xt_owner udf nft_compat crc_itu_t nft_fib_inet v4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables nfnetlink vfat fat mlx5_ib ib_uverbs ib_core mlx5_core intel_rapl_msr intel_rapl_common kvm_amd ccp mlxfw kvm psample hyperv_drm tls drm_shmem_helper drm_kms _helper irqbypass pcspkr syscopyarea sysfillrect sysimgblt hv_balloon hv_utils joydev drm fuse xfs libcrc32c pci_hyperv pci_hyperv_intf sr_mod sd_mod cdrom t10_pi sg hv_storvsc scsi_transport_fc hv_netvsc serio_raw hyperv_keyboard hid_hyperv crct1 0dif_pclmul crc32_pclmul crc32c_intel hv_vmbus ghash_clmulni_intel dm_mirror dm_region_hash dm_log dm_mod [ 770.948863] CPU: 1 PID: 17197 Comm: systemd-sleep No contaminado 5.14.0-362.2.1.el9_3.x86_64 #1 [ 770.9488 65] Nombre del hardware: M\u00e1quina virtual/M\u00e1quina virtual de Microsoft Corporation, BIOS Hyper-V UEFI Versi\u00f3n v4.1 09/05/2022 [ 770.948866] RIP: 0010:__flush_work.isra.0+0x212/0x230 [ 770.948869] C\u00f3digo: 8b 4d 00 4c 8b 45 08 89 ca 48 c1 e9 04 83 e2 08 83 e1 0f 83 ca 02 89 c8 48 0f ba 6d 00 03 e9 25 ff ff ff 0f 0b e9 4e ff ff ff <0f> 0b 45 31 ed e9 44 ff ff ff e8 8f 89 b2 00 66 66 2e 0f 1f 4 00 [ 770.948870] RSP: 0018:ffffaf4ac213fb10 EFLAGS: 00010246 [ 770.948871] RAX: 00000000000000000 RBX: 0000000000000000 RCX: ffffffff8c992857 [ 770.948872] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff9aad82b00330 [ 770.948873] RBP: ffff9aad82b00330 R08: 0000000000000000 R09: ffff9aad87ee3d10 [ 770.948874 ] R10: 0000000000000200 R11: 00000000000000000 R12: ffff9aad82b00330 [ 770.948874] R13: 00000000000000001 R14: 0000000000000000 R15: 000000000000001 [ 770.948875] FS: 00007ff1b2f6bb40(0000) GS:ffff9aaf37d00000(0000) knlGS:00000000000000000 [ 770.948878] CS: 0010 DS: 0000 : 0000 CR0: 0000000080050033 [ 770.948878] CR2: 0000555f345cb666 CR3: 00000001462dc005 CR4: 0000000000370ee0 [ 770.948879] Seguimiento de llamadas: [ 770.9488 80] [770.948881] ? show_trace_log_lvl+0x1c4/0x2df [770.948884]? show_trace_log_lvl+0x1c4/0x2df [770.948886]? __cancel_work_timer+0x103/0x190 [770.948887]? __flush_work.isra.0+0x212/0x230 [770.948889]? __advertir+0x81/0x110 [ 770.948891] ? __flush_work.isra.0+0x212/0x230 [770.948892]? report_bug+0x10a/0x140 [770.948895]? handle_bug+0x3c/0x70 [770.948898]? exc_invalid_op+0x14/0x70 [770.948899]? asm_exc_invalid_op+0x16/0x20 [770.948903]? __flush_work.isra.0+0x212/0x230 [ 770.948905] __cancel_work_timer+0x103/0x190 [ 770.948907] ? _raw_spin_unlock_irqrestore+0xa/0x30 [ 770.948910] drm_kms_helper_poll_disable+0x1e/0x40 [drm_kms_helper] [ 770.948923] drm_mode_config_helper_suspend+0x1c/0x80 [drm_kms_helper] [ 770.94 8933] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [ 770.948942] hyperv_vmbus_suspend+0x17/0x40 [hyperv_drm] [ 770.948944] ? __pfx_vmbus_suspend+0x10/0x10 [hv_vmbus] [ 770.948951] dpm_run_callback+0x4c/0x140 [ 770.948954] __device_suspend_noir ---truncated---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/18451798f4a4e7418b9fad7e7dd313fe84b1f545",

27
CVE-2024/CVE-2024-359xx/CVE-2024-35973.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35973",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:12.077",
"lastModified": "2024-06-27T12:15:26.977",
"lastModified": "2024-10-29T20:35:23.003",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: geneve: corrige la validaci\u00f3n del encabezado en geneve[6]_xmit_skb syzbot puede activar un valor uninit en geneve_xmit() [1] Problema: mientras que la mayor\u00eda de los asistentes de t\u00fanel IP (como ip_tunnel_get_dsfield( )) usa skb_protocol(skb, true), pskb_inet_may_pull() solo usa skb->protocol. Si se encuentra algo m\u00e1s que ETH_P_IPV6 o ETH_P_IP en skb->protocol, pskb_inet_may_pull() no hace nada en absoluto. Si la persona que llama proporcion\u00f3 una etiqueta vlan (af_packet en el caso de syzbot), es posible que el encabezado de la red no apunte a la ubicaci\u00f3n correcta y que la parte lineal de skb sea m\u00e1s peque\u00f1a de lo esperado. Agregue skb_vlan_inet_prepare() para realizar una validaci\u00f3n completa de Mac. Utilice esto en Ginebra por el momento. Sospecho que debemos adoptarlo de manera m\u00e1s amplia. v4: Jakub inform\u00f3 que v3 rompi\u00f3 la autoprueba de l2_tos_ttl_inherit.sh: solo llame a __vlan_get_protocol() para tipos de VLAN. v2,v3: se abordaron los comentarios de Sabrina sobre v1 y v2 [1] ERROR: KMSAN: valor uninit en geneve_xmit_skb drivers/net/geneve.c:910 [en l\u00ednea] ERROR: KMSAN: valor uninit en geneve_xmit+0x302d/0x5420 drivers/ net/geneve.c:1030 geneve_xmit_skb drivers/net/geneve.c:910 [en l\u00ednea] geneve_xmit+0x302d/0x5420 drivers/net/geneve.c:1030 __netdev_start_xmit include/linux/netdevice.h:4903 [en l\u00ednea] netdev_start_xmit include/ linux/netdevice.h:4917 [en l\u00ednea] xmit_one net/core/dev.c:3531 [en l\u00ednea] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3547 __dev_queue_xmit+0x348d/0x52c0 net/core/dev.c: 4335 dev_queue_xmit include/linux/netdevice.h:3091 [en l\u00ednea] paquete_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 paquete_snd net/packet/af_packet.c:3081 [en l\u00ednea] packet_sendmsg+0x8bb0/0x9ef0 net/packet/ af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 net/socket.c:745 __sys_sendto+0x685/0x830 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea ] __se_sys_sendto net/socket.c:2199 [en l\u00ednea] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2199 do_syscall_64+0xd5/0x1f0 Entry_SYSCALL_64_after_hwframe+0x6d/0x75 Uninit se cre\u00f3 en slab_post_alloc _hook mm/slub.c:3804 [en l\u00ednea] slab_alloc_node mm/slub.c:3845 [en l\u00ednea] kmem_cache_alloc_node+0x613/0xc50 mm/slub.c:3888 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:577 __alloc_skb+0x35b/0x7a0 net/core/skbuff.c: 668 alloc_skb include/linux/skbuff.h:1318 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6504 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2795 paquete_alloc_skb net/packet/af_packet.c :2930 [en l\u00ednea] paquete_snd net/packet/af_packet.c:3024 [en l\u00ednea] paquete_sendmsg+0x722d/0x9ef0 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg+0x30f/0x380 net/ Socket.c: 745 __sys_sendto+0x685/0x830 net/Socket.c: 2191 __do_sys_sendto net/Socket.c: 2203 [en l\u00ednea] __se_sys_sendto net/Socket.c: 2199 [Inline] __X64_SYS_SENDTO+0x125/0x1d0 net/Socket/Socket. 2199 do_syscall_64+0xd5/0x1f0 Entry_SYSCALL_64_after_hwframe+0x6d/0x75 CPU: 0 PID: 5033 Comm: syz-executor346 No contaminado 6.9.0-rc1-syzkaller-00005-g928a87efa423 #0 Nombre de hardware: Google Google Compute Engine/Google Motor de c\u00f3mputo, BIOS Google 29/02/2024"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/10204df9beda4978bd1d0c2db0d8375bfb03b915",

27
CVE-2024/CVE-2024-359xx/CVE-2024-35986.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35986",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:12.990",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-10-29T20:35:23.230",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: ti: tusb1210: resolver el bloqueo del cargador-det si el cargador psy no est\u00e1 registrado. El marco power_supply no est\u00e1 realmente manipulado para que haya referencias duraderas en el kernel a los dispositivos power_supply. Espec\u00edficamente, cancelar el registro de un power_supply mientras alg\u00fan otro c\u00f3digo tiene una referencia a \u00e9l activa una ADVERTENCIA en power_supply_unregister(): WARN_ON(atomic_dec_return(&psy->use_cnt)); Seguido por power_supply a\u00fan se elimina y los datos de respaldo se liberan de todos modos, dejando el c\u00f3digo de detecci\u00f3n del cargador tusb1210 con una referencia colgante, lo que resulta en un bloqueo la pr\u00f3xima vez que se llama a tusb1210_get_online(). Solucione este problema manteniendo \u00fanicamente la referencia en tusb1210_get_online() liber\u00e1ndola al final de la funci\u00f3n. Tenga en cuenta que esto a\u00fan deja una ventana de ejecuci\u00f3n te\u00f3rica, pero evita el problema al modificar manualmente el controlador del chip del cargador durante el desarrollo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/25b3498485ac281e5851700e33b97f12c9533fd8",

27
CVE-2024/CVE-2024-359xx/CVE-2024-35999.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35999",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-20T10:15:14.100",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-10-29T20:35:23.460",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: smb3: falta el bloqueo al seleccionar el canal. Coverity detect\u00f3 un lugar donde deber\u00edamos haber mantenido el bloqueo del canal al acceder al \u00edndice del canal ses. Direcciones-Cobertura: 1582039 (\"Condici\u00f3n de ejecuci\u00f3n de datos (MISSING_LOCK)\")"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0fcf7e219448e937681216353c9a58abae6d3c2e",

34
CVE-2024/CVE-2024-406xx/CVE-2024-40617.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40617",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-17T09:15:03.163",
"lastModified": "2024-09-10T13:45:37.100",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:23.730",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-407xx/CVE-2024-40799.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40799",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:12.667",
"lastModified": "2024-08-23T15:08:08.647",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:24.660",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

27
CVE-2024/CVE-2024-408xx/CVE-2024-40853.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-40853",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.810",
"lastModified": "2024-10-29T14:34:50.257",
"lastModified": "2024-10-29T20:35:25.610",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Este problema se solucion\u00f3 restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18. Un atacante podr\u00eda usar Siri para habilitar la funci\u00f3n de respuesta autom\u00e1tica a llamadas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/121250",

24
CVE-2024/CVE-2024-408xx/CVE-2024-40867.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40867",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:04.937",
"lastModified": "2024-10-29T17:41:59.300",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-29T20:35:26.040",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

27
CVE-2024/CVE-2024-441xx/CVE-2024-44145.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44145",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:02.820",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T20:35:26.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en macOS Sequoia 15, iOS 18 y iPadOS 18. Un atacante con acceso f\u00edsico a un dispositivo macOS con Sidecar habilitado podr\u00eda ser capaz de eludir la pantalla de bloqueo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/121238",

65
CVE-2024/CVE-2024-442xx/CVE-2024-44208.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44208",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:06.043",
"lastModified": "2024-10-29T14:34:50.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:47:09.883",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en macOS Sequoia 15. Es posible que una aplicaci\u00f3n pueda omitir ciertas preferencias de privacidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "15.0",
"matchCriteriaId": "E8017C16-A17E-4AE7-9A0B-1295200A3A45"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121238",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-442xx/CVE-2024-44216.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44216",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:02.893",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T20:35:26.520",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se solucion\u00f3 un problema de acceso con restricciones adicionales en el entorno aislado. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",

27
CVE-2024/CVE-2024-442xx/CVE-2024-44217.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44217",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:02.960",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T20:35:27.313",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se solucion\u00f3 un problema de permisos eliminando el c\u00f3digo vulnerable y agregando comprobaciones adicionales. Este problema se solucion\u00f3 en iOS 18 y iPadOS 18. El autocompletado de contrase\u00f1as puede completar las contrase\u00f1as despu\u00e9s de una autenticaci\u00f3n fallida."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/121250",

41
CVE-2024/CVE-2024-442xx/CVE-2024-44218.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44218",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:06.237",
"lastModified": "2024-10-29T14:34:50.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:35:27.533",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Este problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en iOS 17.7.1 y iPadOS 17.7.1, macOS Sonoma 14.7.1, iOS 18.1 y iPadOS 18.1. El procesamiento de un archivo manipulado con fines malintencionados puede provocar da\u00f1os en el mont\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121563",

41
CVE-2024/CVE-2024-442xx/CVE-2024-44222.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44222",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:06.297",
"lastModified": "2024-10-29T14:34:50.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T19:35:15.710",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Este problema se solucion\u00f3 con una redacci\u00f3n mejorada de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial de ubicaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",

64
CVE-2024/CVE-2024-442xx/CVE-2024-44228.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44228",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:06.357",
"lastModified": "2024-10-29T14:34:50.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:42:04.980",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,67 @@
"value": "Este problema se solucion\u00f3 mejorando la verificaci\u00f3n de permisos. Este problema se solucion\u00f3 en Xcode 16. Una aplicaci\u00f3n puede heredar permisos de Xcode y acceder a datos de usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.0",
"matchCriteriaId": "6894DFF1-7930-4DF7-88CF-EB6C7E36336F"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121239",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

83
CVE-2024/CVE-2024-442xx/CVE-2024-44229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44229",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:06.417",
"lastModified": "2024-10-29T14:34:50.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:38:30.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,88 @@
"value": "Se solucion\u00f3 una fuga de informaci\u00f3n con una validaci\u00f3n adicional. Este problema se solucion\u00f3 en visionOS 2.1, iOS 18.1 y iPadOS 18.1. La navegaci\u00f3n privada puede filtrar parte del historial de navegaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "1F64554D-9F90-4871-9A0B-FB28BD52F4B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "B9A26654-0DDB-4D4D-BB1E-C65C3339148E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1",
"matchCriteriaId": "15E4723D-CD2B-4486-A69C-27F843844A80"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121566",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

71
CVE-2024/CVE-2024-442xx/CVE-2024-44235.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44235",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:06.470",
"lastModified": "2024-10-29T14:34:50.257",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:32:46.747",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,74 @@
"value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1. Un atacante podr\u00eda ver contenido restringido desde la pantalla de bloqueo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "1F64554D-9F90-4871-9A0B-FB28BD52F4B3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "B9A26654-0DDB-4D4D-BB1E-C65C3339148E"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-442xx/CVE-2024-44240.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44240",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.107",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T20:35:28.870",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. El procesamiento de una fuente manipulada con fines malintencionados puede provocar la divulgaci\u00f3n de la memoria del proceso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/121563",

27
CVE-2024/CVE-2024-442xx/CVE-2024-44256.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44256",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.177",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T20:35:29.053",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El problema se solucion\u00f3 con una mejora en la desinfecci\u00f3n de entradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda salir de su zona protegida."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.5,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/121568",

39
CVE-2024/CVE-2024-442xx/CVE-2024-44257.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-44257",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.243",
"lastModified": "2024-10-29T14:34:04.427",
"lastModified": "2024-10-29T20:35:29.240",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Este problema se solucion\u00f3 con una redacci\u00f3n mejorada de informaci\u00f3n confidencial. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",

29
CVE-2024/CVE-2024-442xx/CVE-2024-44259.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44259",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:07.160",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:35:30.023",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,30 @@
"value": "Este problema se solucion\u00f3 mediante una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en iOS 17.7.1 y iPadOS 17.7.1, visionOS 2.1, iOS 18.1 y iPadOS 18.1. Un atacante podr\u00eda hacer un uso indebido de una relaci\u00f3n de confianza para descargar contenido malicioso."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/121563",

41
CVE-2024/CVE-2024-442xx/CVE-2024-44263.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44263",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:07.333",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:35:30.263",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Se solucion\u00f3 un problema l\u00f3gico con una mejor gesti\u00f3n del estado. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121563",

41
CVE-2024/CVE-2024-442xx/CVE-2024-44275.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44275",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:07.877",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T19:35:17.777",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Una aplicaci\u00f3n malintencionada podr\u00eda modificar partes protegidas del sistema de archivos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",

76
CVE-2024/CVE-2024-442xx/CVE-2024-44289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44289",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:08.680",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:25:47.537",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,81 @@
"value": "Se solucion\u00f3 un problema de privacidad mejorando la redacci\u00f3n de datos privados en las entradas de registro. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Es posible que una aplicaci\u00f3n pueda leer informaci\u00f3n confidencial sobre la ubicaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-442xx/CVE-2024-44294.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44294",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:08.757",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:24:24.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,81 @@
"value": "Se solucion\u00f3 una vulnerabilidad de eliminaci\u00f3n de rutas al evitar que el c\u00f3digo vulnerable se ejecutara con privilegios. Este problema se solucion\u00f3 en macOS Ventura 13.7.1 y macOS Sonoma 14.7.1. Un atacante con privilegios de superusuario podr\u00eda eliminar archivos de sistema protegidos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

145
CVE-2024/CVE-2024-442xx/CVE-2024-44297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44297",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:08.910",
"lastModified": "2024-10-29T14:34:04.427",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:23:37.967",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,35 +15,160 @@
"value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en tvOS 18.1, iOS 18.1 y iPadOS 18.1, iOS 17.7.1 y iPadOS 17.7.1, macOS Ventura 13.7.1, macOS Sonoma 14.7.1, watchOS 11.1 y visionOS 2.1. El procesamiento de un mensaje manipulado con fines malintencionados puede provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.1",
"matchCriteriaId": "D3097D2F-1E4A-4C22-A811-AB177A90B089"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0",
"versionEndExcluding": "18.1",
"matchCriteriaId": "E24E24AB-36B7-4843-A897-1C1246E8716B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.1",
"matchCriteriaId": "468FFF6F-879C-4AF4-BC42-6A1AA30441C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0",
"versionEndExcluding": "18.1",
"matchCriteriaId": "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FA438ABE-99D4-49D3-A90A-959B8FDD4012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "5D57FCAE-9B33-4532-BC69-BC3D35719EDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1",
"matchCriteriaId": "15E4723D-CD2B-4486-A69C-27F843844A80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1",
"matchCriteriaId": "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121565",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121566",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121567",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121569",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

59
CVE-2024/CVE-2024-471xx/CVE-2024-47170.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47170",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-09-26T18:15:10.370",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:59:57.227",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:agnai:agnai:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.330",
"matchCriteriaId": "018F1D62-64B1-4A69-BC8B-37565BF64656"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/agnaistic/agnai/security/advisories/GHSA-h355-hm5h-cm8h",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

43
CVE-2024/CVE-2024-480xx/CVE-2024-48074.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-48074",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-28T12:15:15.200",
"lastModified": "2024-10-28T13:58:09.230",
"lastModified": "2024-10-29T19:35:18.963",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/mainfunction.cgi route, and finally the command is executed by the system function."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad RCE autorizada en el enrutador DrayTek Vigor2960 versi\u00f3n 1.4.4, donde un atacante puede colocar un comando malicioso en el par\u00e1metro de tabla de la funci\u00f3n doPPPoE en la ruta cgi-bin/mainfunction.cgi y, finalmente, el comando es ejecutado por la funci\u00f3n del sistema."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Giles-one/Vigor2960Crack",

57
CVE-2024/CVE-2024-481xx/CVE-2024-48120.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-48120",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T14:15:11.780",
"lastModified": "2024-10-15T16:35:09.650",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-29T20:57:53.360",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:x2engine:x2crm:8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "7D3A8BCC-7431-4545-8B68-38979A8B0C1A"
}
]
}
]
}
],
"references": [
{
"url": "https://okankurtulus.com.tr/2024/09/12/x2crm-v8-5-stored-cross-site-scripting-xss-authenticated/",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-482xx/CVE-2024-48234.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48234",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-25T22:15:02.453",
"lastModified": "2024-10-28T13:58:09.230",
"lastModified": "2024-10-29T19:35:19.743",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en mipjz 5.0.5. En el m\u00e9todo push de app\\tag\\controller\\ApiAdminTag.php, el valor del par\u00e1metro postAddress no se procesa y se pasa directamente a la ejecuci\u00f3n y salida de curl_exec, lo que genera una vulnerabilidad de Server-side request forgery (SSRF) que puede leer archivos del servidor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/sansanyun/mipjz/issues/18",

Some files were not shown because too many files have changed in this diff Show More