admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-12T21:00:19.683540+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-12 21:03:22 +00:00
parent 7a7480846a
commit 577c2d5dda
124 changed files with 6339 additions and 413 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
CVE-2023/CVE-2023-303xx/CVE-2023-30308.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30308",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T20:16:20.453",
"lastModified": "2024-05-29T13:02:09.280",
"lastModified": "2024-11-12T19:35:00.843",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema descubierto en los enrutadores Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR y Ruijie EG105G permite a los atacantes secuestrar sesiones TCP, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"references": [
{
"url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/",

27
CVE-2023/CVE-2023-398xx/CVE-2023-39804.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-39804",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T04:15:08.897",
"lastModified": "2024-03-27T12:29:30.307",
"lastModified": "2024-11-12T19:35:01.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En GNU tar anterior a 1.35, los atributos de extensi\u00f3n mal manejados en un archivo PAX pueden provocar un bloqueo de la aplicaci\u00f3n en xheader.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1058079",

14
CVE-2023/CVE-2023-422xx/CVE-2023-42286.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42286",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-14T22:15:22.277",
"lastModified": "2024-03-15T12:53:06.423",
"lastModified": "2024-11-12T19:35:02.187",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -16,6 +16,18 @@
}
],
"metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/Nacl122/CVEReport/blob/main/CVE-2023-42286/CVE-2023-42286.md",

56
CVE-2023/CVE-2023-442xx/CVE-2023-44255.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-44255",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:06.850",
"lastModified": "2024-11-12T19:15:06.850",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive information to an unauthorized actor [CWE-200] in Fortinet FortiManager before 7.4.2, FortiAnalyzer before 7.4.2 and FortiAnalyzer-BigData before 7.2.5 may allow a privileged attacker with administrative read permissions to read event logs of another adom via crafted HTTP or HTTPs requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-359"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-267",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2023/CVE-2023-475xx/CVE-2023-47543.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-47543",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:07.110",
"lastModified": "2024-11-12T19:15:07.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-448",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2023/CVE-2023-501xx/CVE-2023-50176.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2023-50176",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:07.360",
"lastModified": "2024-11-12T19:15:07.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A session fixation in Fortinet FortiOS version 7.4.0 through 7.4.3 and 7.2.0 through 7.2.7 and 7.0.0 through 7.0.13 allows attacker to execute unauthorized code or commands via phishing SAML authentication link."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-475",
"source": "psirt@fortinet.com"
}
]
}

39
CVE-2023/CVE-2023-512xx/CVE-2023-51219.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-51219",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-03T20:15:08.810",
"lastModified": "2024-06-25T20:15:11.020",
"lastModified": "2024-11-12T20:35:04.087",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema de validaci\u00f3n de enlace profundo en KakaoTalk 10.4.3 permiti\u00f3 que un adversario remoto dirigiera a los usuarios a ejecutar cualquier JavaScript controlador de atacante dentro de un WebView. El impacto se intensific\u00f3 a\u00fan m\u00e1s al activar otro WebView que filtr\u00f3 su token de acceso en un encabezado de solicitud HTTP. En \u00faltima instancia, este token de acceso podr\u00eda usarse para hacerse cargo de la cuenta de otro usuario y leer sus mensajes de chat."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://news.ycombinator.com/item?id=40776880",

29
CVE-2023/CVE-2023-522xx/CVE-2023-52268.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2023-52268",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-12T19:15:07.580",
"lastModified": "2024-11-12T19:15:07.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub."
}
],
"metrics": {},
"references": [
{
"url": "https://freescout.net/module/end-user-portal/",
"source": "cve@mitre.org"
},
{
"url": "https://freescout.net/modules-faq/",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/squ1dw3rm/CVE-2023-52268",
"source": "cve@mitre.org"
}
]
}

39
CVE-2023/CVE-2023-526xx/CVE-2023-52601.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52601",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:10.680",
"lastModified": "2024-11-04T13:16:40.320",
"lastModified": "2024-11-12T19:35:02.970",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: jfs: corrige el \u00edndice de matriz fuera de los l\u00edmites en dbAdjTree Actualmente falta una verificaci\u00f3n de los l\u00edmite en dbAdjTree al acceder a dmt_stree. Para agregar la verificaci\u00f3n requerida, se agreg\u00f3 el bool is_ctl que se requiere para determinar el tama\u00f1o como se sugiere en el siguiente commit. https://lore.kernel.org/linux-kernel-mentees/f9475918-2186-49b8-b801-6f0f9e75f4fa@oracle.com/"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-129"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2037cb9d95f1741885f7daf50e8a028c4ade5317",

66
CVE-2024/CVE-2024-102xx/CVE-2024-10217.json Normal file
View File

@ -0,0 +1,66 @@
{
"id": "CVE-2024-10217",
"sourceIdentifier": "security@tibco.com",
"published": "2024-11-12T20:15:05.807",
"lastModified": "2024-11-12T20:15:05.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),\u00a0monitoringconsolecommon.jar\u00a0in TIBCO Software Inc\u00a0TIBCO Hawk and\u00a0TIBCO Operational Intelligence"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@tibco.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:L/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:X/U:Green",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NO",
"recovery": "USER",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "GREEN",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
}
}
]
},
"references": [
{
"url": "https://community.tibco.com/advisories",
"source": "security@tibco.com"
}
]
}

66
CVE-2024/CVE-2024-102xx/CVE-2024-10218.json Normal file
View File

@ -0,0 +1,66 @@
{
"id": "CVE-2024-10218",
"sourceIdentifier": "security@tibco.com",
"published": "2024-11-12T20:15:05.913",
"lastModified": "2024-11-12T20:15:05.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility),\u00a0monitoringconsolecommon.jar\u00a0in TIBCO Software Inc\u00a0TIBCO Hawk and\u00a0TIBCO Operational Intelligence"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@tibco.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:L/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:X/U:Green",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NO",
"recovery": "USER",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "GREEN",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
}
}
]
},
"references": [
{
"url": "https://community.tibco.com/advisories",
"source": "security@tibco.com"
}
]
}

39
CVE-2024/CVE-2024-15xx/CVE-2024-1556.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1556",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:09.053",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-11-12T20:35:06.360",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se comprob\u00f3 que el objeto incorrecto era NULL en el generador de perfiles integrado, lo que podr\u00eda provocar un acceso no v\u00e1lido a la memoria y un comportamiento indefinido. *Nota:* Este problema solo afecta a la aplicaci\u00f3n cuando el generador de perfiles se est\u00e1 ejecutando. Esta vulnerabilidad afecta a Firefox < 123."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1870414",

22
CVE-2024/CVE-2024-209xx/CVE-2024-20945.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20945",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:48.880",
"lastModified": "2024-02-20T19:51:05.510",
"lastModified": "2024-11-12T19:35:05.470",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 3.6
}
]
},

14
CVE-2024/CVE-2024-210xx/CVE-2024-21021.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21021",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:17.153",
"lastModified": "2024-04-17T12:48:31.863",
"lastModified": "2024-11-12T20:35:07.200",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.oracle.com/security-alerts/cpuapr2024.html",

56
CVE-2024/CVE-2024-22xx/CVE-2024-2207.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-2207",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-11-12T20:15:06.120",
"lastModified": "2024-11-12T20:15:06.120",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "hp-security-alert@hp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.5
}
]
},
"weaknesses": [
{
"source": "hp-security-alert@hp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_11567250-11567490-16/hpsbhf03987",
"source": "hp-security-alert@hp.com"
}
]
}

56
CVE-2024/CVE-2024-22xx/CVE-2024-2208.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-2208",
"sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-11-12T20:15:06.323",
"lastModified": "2024-11-12T20:15:06.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Potential vulnerabilities have been identified in the audio package for certain HP PC products using the Sound Research SECOMN64 driver, which might allow escalation of privilege. Sound Research has released driver updates to mitigate the potential vulnerabilities."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "hp-security-alert@hp.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "hp-security-alert@hp.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_11567250-11567490-16/hpsbhf03987",
"source": "hp-security-alert@hp.com"
}
]
}

27
CVE-2024/CVE-2024-231xx/CVE-2024-23149.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23149",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-06-25T03:15:10.370",
"lastModified": "2024-06-25T12:24:17.873",
"lastModified": "2024-11-12T20:35:08.300",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un archivo SLDDRW creado con fines malintencionados, cuando se analiza en ODXSW_DLL.dll a trav\u00e9s de aplicaciones de Autodesk, puede forzar una lectura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",

56
CVE-2024/CVE-2024-236xx/CVE-2024-23666.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-23666",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:07.970",
"lastModified": "2024-11-12T19:15:07.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A client-side enforcement of server-side security in Fortinet FortiAnalyzer-BigData \r\nat least version 7.4.0 and 7.2.0 through 7.2.6 and 7.0.1 through 7.0.6 and 6.4.5 through 6.4.7 and 6.2.5, FortiManager version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.1 and 7.2.0 through 7.2.4 and 7.0.0 through 7.0.11 and 6.4.0 through 6.4.14 allows attacker to improper access control via crafted requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-602"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-23-396",
"source": "psirt@fortinet.com"
}
]
}

37
CVE-2024/CVE-2024-247xx/CVE-2024-24795.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24795",
"sourceIdentifier": "security@apache.org",
"published": "2024-04-04T20:15:08.663",
"lastModified": "2024-10-03T13:15:14.233",
"lastModified": "2024-11-12T20:35:08.640",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "La divisi\u00f3n de la respuesta HTTP en varios m\u00f3dulos en el servidor HTTP Apache permite que un atacante pueda inyectar encabezados de respuesta maliciosos en aplicaciones backend para provocar un ataque de desincronizaci\u00f3n HTTP. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.4.59, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -26,6 +49,16 @@
"value": "CWE-113"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [

80
CVE-2024/CVE-2024-256xx/CVE-2024-25622.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25622",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-11T15:15:03.947",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:04:39.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-670"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +81,46 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/h2o/h2o/issues/3332",
"source": "security-advisories@github.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-5m7v-cj65-h6pj",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2024-02-11",
"matchCriteriaId": "EC5F2FE2-7FF7-428D-9EC7-0201D0077BA8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/h2o/commit/123f5e2b65dcdba8f7ef659a00d24bd1249141be",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/h2o/h2o/issues/3332",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking"
]
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-5m7v-cj65-h6pj",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-257xx/CVE-2024-25737.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25737",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-22T19:15:08.657",
"lastModified": "2024-05-24T01:15:30.977",
"lastModified": "2024-11-12T19:35:06.243",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Server-Side Request Forgery (SSRF) en la ruta /Cover/Show (showAction en CoverController.php) en Open Library Foundation VuFind 2.4 a 9.1 anterior a 9.1.1 permite a atacantes remotos acceder a servidores HTTP internos y realizar Cross-Site Scripting (XSS) mediante proxy de URL arbitrarias a trav\u00e9s del par\u00e1metro GET del proxy."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/vufind-org/vufind/commit/345d00f7d7f1c581f46742effdac70e803b3847b",

56
CVE-2024/CVE-2024-260xx/CVE-2024-26011.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-26011",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:08.320",
"lastModified": "2024-11-12T19:15:08.320",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A missing authentication for critical function in Fortinet FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.4, 7.0.0 through 7.0.11, 6.4.0 through 6.4.14, FortiPAM version 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.9, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiSwitchManager version 7.2.0 through 7.2.3, 7.0.0 through 7.0.3, FortiPortal version 6.0.0 through 6.0.14, FortiOS version 7.4.0 through 7.4.3, 7.2.0 through 7.2.7, 7.0.0 through 7.0.14, 6.4.0 through 6.4.15, 6.2.0 through 6.2.16, 6.0.0 through 6.0.18 allows attacker to execute unauthorized code or commands via specially crafted packets."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-032",
"source": "psirt@fortinet.com"
}
]
}

34
CVE-2024/CVE-2024-263xx/CVE-2024-26311.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26311",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-21T20:15:46.967",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-11-12T20:35:09.710",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -36,9 +36,41 @@
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://archerirm.com",

27
CVE-2024/CVE-2024-313xx/CVE-2024-31309.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31309",
"sourceIdentifier": "security@apache.org",
"published": "2024-04-10T12:15:09.257",
"lastModified": "2024-05-01T18:15:23.233",
"lastModified": "2024-11-12T19:35:07.513",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un ataque de HTTP/2 CONTINUATION DoS puede hacer que Apache Traffic Server consuma m\u00e1s recursos en el servidor. Las versiones de 8.0.0 a 8.1.9 y de 9.0.0 a 9.2.3 se ven afectadas. Los usuarios pueden establecer una nueva configuraci\u00f3n (proxy.config.http2.max_continuation_frames_per_minuto) para limitar el n\u00famero de fotogramas de CONTINUACI\u00d3N por minuto. ATS tiene una cantidad fija de memoria que una solicitud puede usar y ATS cumple con estos l\u00edmites en versiones anteriores. Se recomienda a los usuarios actualizar a las versiones 8.1.10 o 9.2.4, que solucionan el problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

56
CVE-2024/CVE-2024-314xx/CVE-2024-31496.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-31496",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:08.617",
"lastModified": "2024-11-12T19:15:08.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData 7.4.0 and before 7.2.7 allows a privileged attacker to execute unauthorized code or commands via crafted CLI requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-098",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-321xx/CVE-2024-32116.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-32116",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:08.860",
"lastModified": "2024-11-12T19:15:08.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple relative path traversal vulnerabilities [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and FortiAnalyzer-BigData version 7.4.0 and before 7.2.7 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-099",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-321xx/CVE-2024-32117.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-32117",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:09.073",
"lastModified": "2024-11-12T19:15:09.073",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiManager version 7.4.0 through 7.4.2 and below 7.2.5, FortiAnalyzer version 7.4.0 through 7.4.2 and below 7.2.5 & FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker to read arbitrary files from the underlying system via crafted HTTP or HTTPs requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-115",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-321xx/CVE-2024-32118.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-32118",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:09.287",
"lastModified": "2024-11-12T19:15:09.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerabilities [CWE-78] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5, Fortinet FortiAnalyzer version 7.4.0 through 7.4.2 and before 7.2.5 and Fortinet FortiAnalyzer-BigData before 7.4.0 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-116",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-335xx/CVE-2024-33505.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-33505",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:09.500",
"lastModified": "2024-11-12T19:15:09.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-based buffer overflow in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specially crafted http requests"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-125",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-335xx/CVE-2024-33510.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-33510",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:09.723",
"lastModified": "2024-11-12T19:15:09.723",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An\u00a0improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability [CWE-74] in FortiOS version 7.4.3 and below, version 7.2.8 and below, version 7.0.16 and below; FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below; FortiSASE version 24.2.b SSL-VPN web user interface may allow a remote unauthenticated attacker to perform phishing attempts via crafted requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-358"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-033",
"source": "psirt@fortinet.com"
}
]
}

39
CVE-2024/CVE-2024-338xx/CVE-2024-33803.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33803",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T16:15:16.413",
"lastModified": "2024-05-28T17:11:47.007",
"lastModified": "2024-11-12T19:35:08.007",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en /model/get_exam.php en campcodes Complete Web-Based School Management System 1.0 permite a un atacante ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro id."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/E1CHO/cve_hub/blob/main/Complete%20Web-Based%20School%20Management%20System/Complete%20Web-Based%20School%20Management%20System%20-%20vuln%2011.pdf",

56
CVE-2024/CVE-2024-352xx/CVE-2024-35274.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-35274",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:09.993",
"lastModified": "2024-11-12T19:15:09.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability [CWE-22] in Fortinet FortiAnalyzer versions below 7.4.2, Fortinet FortiManager versions below 7.4.2 and Fortinet FortiAnalyzer-BigData version 7.4.0 and below 7.2.7 allows a privileged attacker with read write administrative privileges to create non-arbitrary files on a chosen directory via crafted CLI requests."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-23"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-179",
"source": "psirt@fortinet.com"
}
]
}

14
CVE-2024/CVE-2024-364xx/CVE-2024-36457.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36457",
"sourceIdentifier": "secure@symantec.com",
"published": "2024-07-15T14:15:02.917",
"lastModified": "2024-07-16T13:43:58.773",
"lastModified": "2024-11-12T19:35:08.833",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -61,6 +61,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24678",

56
CVE-2024/CVE-2024-365xx/CVE-2024-36507.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-36507",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:10.233",
"lastModified": "2024-11-12T19:15:10.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A untrusted search path in Fortinet FortiClientWindows versions 7.4.0, versions 7.2.4 through 7.2.0, versions 7.0.12 through 7.0.0 allows an attacker to run arbitrary code via DLL hijacking and social engineering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-205",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-365xx/CVE-2024-36509.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-36509",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:10.440",
"lastModified": "2024-11-12T19:15:10.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE-497] in FortiWeb version 7.6.0, version 7.4.3 and below, version 7.2.10 and below, version 7.0.10 and below, version 6.3.23 and below may allow an authenticated attacker to access the encrypted passwords of other administrators via the \"Log Access Event\" logs page."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-497"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-180",
"source": "psirt@fortinet.com"
}
]
}

56
CVE-2024/CVE-2024-365xx/CVE-2024-36513.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-36513",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:10.633",
"lastModified": "2024-11-12T19:15:10.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A privilege context switching error vulnerability [CWE-270] in FortiClient Windows version 7.2.4 and below, version 7.0.12 and below, 6.4 all versions may allow an authenticated user to escalate their privileges via lua auto patch scripts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-270"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-144",
"source": "psirt@fortinet.com"
}
]
}

39
CVE-2024/CVE-2024-38xx/CVE-2024-3855.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3855",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-04-16T16:15:08.487",
"lastModified": "2024-04-17T12:48:31.863",
"lastModified": "2024-11-12T19:35:09.877",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En ciertos casos, el JIT optimiz\u00f3 incorrectamente las operaciones de MSubstr, lo que provoc\u00f3 lecturas fuera de los l\u00edmites. Esta vulnerabilidad afecta a Firefox < 125."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1885828",

56
CVE-2024/CVE-2024-405xx/CVE-2024-40592.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-40592",
"sourceIdentifier": "psirt@fortinet.com",
"published": "2024-11-12T19:15:11.013",
"lastModified": "2024-11-12T19:15:11.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An improper verification of cryptographic signature vulnerability [CWE-347] in FortiClient MacOS version 7.4.0, version 7.2.4 and below, version 7.0.10 and below, version 6.4.10 and below may allow a local authenticated attacker to\u00a0swap the installer with a malicious package via a race condition during the installation process."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@fortinet.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@fortinet.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-022",
"source": "psirt@fortinet.com"
}
]
}

14
CVE-2024/CVE-2024-434xx/CVE-2024-43429.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-43429",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-11-11T13:15:03.880",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-12T20:35:11.370",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"references": [
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304257",

56
CVE-2024/CVE-2024-436xx/CVE-2024-43613.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43613",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T19:15:11.560",
"lastModified": "2024-11-12T19:15:11.560",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43613",
"source": "secure@microsoft.com"
}
]
}

51
CVE-2024/CVE-2024-439xx/CVE-2024-43928.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43928",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:49.080",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:49:01.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.6",
"matchCriteriaId": "07DF4154-B368-4731-BD9C-6DCC5CE5F69A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-439xx/CVE-2024-43929.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43929",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:49.293",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:49:57.193",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.5.6",
"matchCriteriaId": "07DF4154-B368-4731-BD9C-6DCC5CE5F69A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-jobsearch/wordpress-jobsearch-wp-job-board-wordpress-plugin-plugin-2-5-4-broken-access-control-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-451xx/CVE-2024-45114.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45114",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:12.860",
"lastModified": "2024-11-12T19:15:12.860",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-451xx/CVE-2024-45147.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45147",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:13.090",
"lastModified": "2024-11-12T19:15:13.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bridge versions 13.0.9, 14.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/bridge/apsb24-77.html",
"source": "psirt@adobe.com"
}
]
}

60
CVE-2024/CVE-2024-453xx/CVE-2024-45396.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45396",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-11T15:15:04.457",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:05:09.367",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +71,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p",
"source": "security-advisories@github.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:quicly:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024-10-10",
"matchCriteriaId": "8A1D2045-0B2C-490A-BF1E-A71AA3E9E4B3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/quicly/commit/2a95896104901589c495bc41460262e64ffcad5c",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/h2o/quicly/security/advisories/GHSA-mp3c-h5gg-mm6p",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2024/CVE-2024-453xx/CVE-2024-45397.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45397",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-11T15:15:04.690",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:14:25.083",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-290"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,18 +81,45 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/h2o/h2o/commit/15ed15a2efb83a77bb4baaa5a119e639c2f6898a",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-jf2c-xjcp-wg4c",
"source": "security-advisories@github.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://h2o.examp1e.net/configure/http3_directives.html",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2024-10-10",
"matchCriteriaId": "A7760480-4001-4F10-B91B-CF59236F1427"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/h2o/commit/15ed15a2efb83a77bb4baaa5a119e639c2f6898a",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-jf2c-xjcp-wg4c",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://h2o.examp1e.net/configure/http3_directives.html",
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

61
CVE-2024/CVE-2024-454xx/CVE-2024-45402.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45402",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-11T15:15:04.903",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:02:56.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +71,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/h2o/picotls/commit/9b88159ce763d680e4a13b6e8f3171ae923a535d",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/h2o/picotls/security/advisories/GHSA-w7c8-wjx9-vvvv",
"source": "security-advisories@github.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:picotls:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024-08-12",
"versionEndExcluding": "2024-10-10",
"matchCriteriaId": "C8B44BB8-1995-4076-BA61-135AFD0E512D"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/picotls/commit/9b88159ce763d680e4a13b6e8f3171ae923a535d",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/h2o/picotls/security/advisories/GHSA-w7c8-wjx9-vvvv",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

81
CVE-2024/CVE-2024-454xx/CVE-2024-45403.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45403",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-11T15:15:05.123",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T19:59:51.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,22 +71,53 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c",
"source": "security-advisories@github.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92",
"source": "security-advisories@github.com"
},
{
"url": "https://h2o.examp1e.net/configure/http3_directives.html",
"source": "security-advisories@github.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:dena:h2o:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2024-06-18",
"versionEndExcluding": "2024-09-04",
"matchCriteriaId": "150B718B-AB9A-4FA0-AAFD-AB3E7CA96120"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/h2o/h2o/commit/16b13eee8ad7895b4fe3fcbcabee53bd52782562",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/h2o/h2o/commit/1ed32b23f999acf0c5029f09c8525f93eb1d354c",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/h2o/h2o/security/advisories/GHSA-4xp5-3jhc-3m92",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://h2o.examp1e.net/configure/http3_directives.html",
"source": "security-advisories@github.com",
"tags": [
"Product"
]
}
]
}

41
CVE-2024/CVE-2024-469xx/CVE-2024-46955.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46955",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-10T22:15:12.887",
"lastModified": "2024-11-12T13:55:21.227",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-12T20:35:12.407",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en psi/zcolor.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. Hay una lectura fuera de los l\u00edmites al leer colores en el espacio de color indexado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707990",

41
CVE-2024/CVE-2024-469xx/CVE-2024-46956.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46956",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-10T22:15:12.943",
"lastModified": "2024-11-12T13:55:21.227",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-12T20:35:13.723",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en psi/zfile.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. El acceso a datos fuera de los l\u00edmites en filenameforall puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://bugs.ghostscript.com/show_bug.cgi?id=707895",

62
CVE-2024/CVE-2024-470xx/CVE-2024-47074.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47074",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-11T15:15:05.353",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T19:52:38.023",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,6 +59,28 @@
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
@ -73,14 +95,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/dataease/dataease/commit/86eafc4d77f0bbc0eaa7fc58e5076a085257f259",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-jgg7-w629-wcpc",
"source": "security-advisories@github.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dataease:dataease:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.18.25",
"matchCriteriaId": "D508B577-F415-41D2-99AC-DC412C371CE0"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/dataease/dataease/commit/86eafc4d77f0bbc0eaa7fc58e5076a085257f259",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/dataease/dataease/security/advisories/GHSA-jgg7-w629-wcpc",
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-473xx/CVE-2024-47302.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47302",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:53.547",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:40:46.890",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/fluent-support/wordpress-fluent-support-plugin-1-8-0-broken-access-control-on-email-verification-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpmanageninja:fluent_support:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.8.1",
"matchCriteriaId": "1CC5733A-0031-42D9-B820-CC71EFC22D27"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/fluent-support/wordpress-fluent-support-plugin-1-8-0-broken-access-control-on-email-verification-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-473xx/CVE-2024-47308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47308",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:53.743",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:35:53.600",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/templately/wordpress-templately-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:templately:templately:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.1.3",
"matchCriteriaId": "08E8BDAF-AB5F-4FFA-8809-44093A4833D4"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/templately/wordpress-templately-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-473xx/CVE-2024-47311.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47311",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:53.960",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:35:03.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/wheel-of-life/wordpress-wheel-of-life-plugin-1-1-8-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kraftplugins:wheel_of_life:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.1.9",
"matchCriteriaId": "2B9C3C84-EE18-4301-804A-F0ED2A05C65D"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wheel-of-life/wordpress-wheel-of-life-plugin-1-1-8-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-473xx/CVE-2024-47314.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47314",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:54.170",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:34:11.720",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sunshinephotocart:sunshine_photo_cart:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.2.9",
"matchCriteriaId": "DC7AD9B2-BA4E-4D38-8A9B-95C21F09A33A"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sunshine-photo-cart/wordpress-sunshine-photo-cart-plugin-3-2-8-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-473xx/CVE-2024-47317.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47317",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:54.400",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:33:17.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -12,11 +12,31 @@
},
{
"lang": "es",
"value": " La vulnerabilidad de autorizaci\u00f3n faltante en WP Quads Ads de WPQuads (Adsense Ads, Banner Ads, Popup Ads) permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Ads by WPQuads (Adsense Ads, Banner Ads, Popup Ads): desde n/a hasta 2.0.84."
"value": " La vulnerabilidad de autorizaci\u00f3n faltante en WP Quads Ads by WPQuads \u2013 Adsense Ads, Banner Ads, Popup Ads permite explotar los niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a Ads by WPQuads \u2013 Adsense Ads, Banner Ads, Popup Ads: desde n/a hasta 2.0.84."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/quick-adsense-reloaded/wordpress-ads-by-wpquads-plugin-2-0-84-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpquads:ads:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.0.85",
"matchCriteriaId": "88F53029-AA9F-4607-B374-8E7716A94223"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/quick-adsense-reloaded/wordpress-ads-by-wpquads-plugin-2-0-84-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

61
CVE-2024/CVE-2024-473xx/CVE-2024-47318.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47318",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:54.617",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:32:35.303",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +81,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/pwa-for-wp/wordpress-pwa-for-wp-amp-plugin-1-7-72-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magazine3:pwa_for_wp_\\&_amp:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.7.73",
"matchCriteriaId": "F91B0A73-D8F5-4D8B-80DF-6A01D7694AF6"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/pwa-for-wp/wordpress-pwa-for-wp-amp-plugin-1-7-72-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-473xx/CVE-2024-47321.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47321",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:54.840",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:29:51.207",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/wp-datepicker/wordpress-wp-datepicker-plugin-2-1-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:androidbubbles:wp_datepicker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.1.2",
"matchCriteriaId": "902921D1-B15E-43F0-864A-CF1B5E2AB366"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/wp-datepicker/wordpress-wp-datepicker-plugin-2-1-1-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-473xx/CVE-2024-47358.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47358",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:55.043",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:28:55.623",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/popup-maker/wordpress-popup-maker-plugin-1-19-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-atlantic:popup_maker:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.20.0",
"matchCriteriaId": "1AF385E1-1958-43F8-80F0-874EE6940504"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/popup-maker/wordpress-popup-maker-plugin-1-19-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-473xx/CVE-2024-47359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47359",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:55.270",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:26:27.230",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/depicter/wordpress-depicter-plugin-3-2-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:depicter:depicter:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.5.0",
"matchCriteriaId": "BADA2753-A953-420D-B435-E2128BBEA0B9"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/depicter/wordpress-depicter-plugin-3-2-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

51
CVE-2024/CVE-2024-473xx/CVE-2024-47361.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47361",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-11-01T15:15:55.490",
"lastModified": "2024-11-01T20:24:53.730",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T20:25:04.763",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-6-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:webtechstreet:elementor_addon_elements:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.13.7",
"matchCriteriaId": "C495BB62-6ECA-4679-89D8-91F47D07B463"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-13-6-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47426.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47426",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:08.313",
"lastModified": "2024-11-12T20:15:08.313",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Double Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47427.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47427",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:08.523",
"lastModified": "2024-11-12T20:15:08.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47428.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47428",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:08.720",
"lastModified": "2024-11-12T20:15:08.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47429.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47429",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:08.930",
"lastModified": "2024-11-12T20:15:08.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47430.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47430",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:09.127",
"lastModified": "2024-11-12T20:15:09.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47431.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47431",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:09.323",
"lastModified": "2024-11-12T20:15:09.323",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47432.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47432",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:09.523",
"lastModified": "2024-11-12T20:15:09.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47433.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47433",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:09.720",
"lastModified": "2024-11-12T20:15:09.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47434.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47434",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:09.920",
"lastModified": "2024-11-12T20:15:09.920",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47435.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47435",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:10.117",
"lastModified": "2024-11-12T20:15:10.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47436.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47436",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:10.317",
"lastModified": "2024-11-12T20:15:10.317",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47437.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47437",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:10.513",
"lastModified": "2024-11-12T20:15:10.513",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47438.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47438",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:10.720",
"lastModified": "2024-11-12T20:15:10.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Write-what-where Condition vulnerability that could lead to a memory leak. This vulnerability allows an attacker to write a controlled value at a controlled memory location, which could result in the disclosure of sensitive memory content. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-123"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47439.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47439",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:10.933",
"lastModified": "2024-11-12T20:15:10.933",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47440.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47440",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:11.140",
"lastModified": "2024-11-12T20:15:11.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47441.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47441",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:13.310",
"lastModified": "2024-11-12T19:15:13.310",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb24-85.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47442.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47442",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:13.517",
"lastModified": "2024-11-12T19:15:13.517",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb24-85.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47443.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47443",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:13.730",
"lastModified": "2024-11-12T19:15:13.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb24-85.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47444.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47444",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:13.947",
"lastModified": "2024-11-12T19:15:13.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb24-85.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47445.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47445",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:14.157",
"lastModified": "2024-11-12T19:15:14.157",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb24-85.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47446.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47446",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:14.377",
"lastModified": "2024-11-12T19:15:14.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "After Effects versions 23.6.9, 24.6.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/after_effects/apsb24-85.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47449.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47449",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:14.597",
"lastModified": "2024-11-12T19:15:14.597",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Audition versions 23.6.9, 24.4.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/audition/apsb24-83.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47450.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47450",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:14.823",
"lastModified": "2024-11-12T19:15:14.823",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47451.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47451",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:15.037",
"lastModified": "2024-11-12T19:15:15.037",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47452.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47452",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:15.240",
"lastModified": "2024-11-12T19:15:15.240",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47453.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47453",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:15.443",
"lastModified": "2024-11-12T19:15:15.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47454.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47454",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:15.647",
"lastModified": "2024-11-12T19:15:15.647",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47455.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47455",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:15.853",
"lastModified": "2024-11-12T19:15:15.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47456.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47456",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:16.060",
"lastModified": "2024-11-12T19:15:16.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47457.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47457",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:16.263",
"lastModified": "2024-11-12T19:15:16.263",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Illustrator versions 28.7.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-87.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-474xx/CVE-2024-47458.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47458",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T19:15:16.480",
"lastModified": "2024-11-12T19:15:16.480",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Bridge versions 13.0.9, 14.1.2 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/bridge/apsb24-77.html",
"source": "psirt@adobe.com"
}
]
}

6
CVE-2024/CVE-2024-476xx/CVE-2024-47636.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47636",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-10-10T18:15:07.920",
"lastModified": "2024-10-30T14:32:17.523",
"lastModified": "2024-11-12T20:52:49.130",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -80,9 +80,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eyecix:jobsearch:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:eyecix:jobsearch_wp_job_board:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "2.5.9",
"matchCriteriaId": "1B1622BA-5F68-411F-A676-45E1626F043E"
"matchCriteriaId": "993BA74C-BF07-4252-B669-AC06E5C8019A"
}
]
}

71
CVE-2024/CVE-2024-478xx/CVE-2024-47830.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47830",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-11T15:15:05.613",
"lastModified": "2024-10-15T12:58:51.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-12T19:55:58.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +81,39 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1",
"source": "security-advisories@github.com"
},
"nodes": [
{
"url": "https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348",
"source": "security-advisories@github.com"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:plane:plane:*:*:*:*:*:*:*:*",
"versionEndExcluding": "0.23.0",
"matchCriteriaId": "B71D6DB9-FD53-489A-AF83-855FBF28B78F"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/makeplane/plane/commit/b9f78ba42b70461c8c1d26638fa8b9beef6a96a1",
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/makeplane/plane/security/advisories/GHSA-39gx-38xf-c348",
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49042.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49042",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T19:15:17.507",
"lastModified": "2024-11-12T19:15:17.507",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure Database for PostgreSQL Flexible Server Extension Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49042",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-495xx/CVE-2024-49515.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49515",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:12.477",
"lastModified": "2024-11-12T20:15:12.477",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an Untrusted Search Path vulnerability that might allow attackers to execute arbitrary code. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. The problem extends to any type of critical resource that the application trusts. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-495xx/CVE-2024-49516.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49516",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:12.680",
"lastModified": "2024-11-12T20:15:12.680",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-495xx/CVE-2024-49517.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49517",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:12.877",
"lastModified": "2024-11-12T20:15:12.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-495xx/CVE-2024-49518.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49518",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:13.087",
"lastModified": "2024-11-12T20:15:13.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

56
CVE-2024/CVE-2024-495xx/CVE-2024-49519.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49519",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-12T20:15:13.297",
"lastModified": "2024-11-12T20:15:13.297",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Painter versions 10.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-86.html",
"source": "psirt@adobe.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More