mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-09 16:05:11 +00:00
Auto-Update: 2024-06-20T16:00:26.248885+00:00
This commit is contained in:
parent
a8f86b31a4
commit
5aeeec9e3e
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2022-28805",
|
||||
"sourceIdentifier": "cve@mitre.org",
|
||||
"published": "2022-04-08T06:15:07.243",
|
||||
"lastModified": "2023-11-07T03:45:45.560",
|
||||
"vulnStatus": "Modified",
|
||||
"lastModified": "2024-06-20T14:44:42.220",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -86,8 +86,8 @@
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:lua:lua:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "5.4.0",
|
||||
"versionEndIncluding": "5.4.4",
|
||||
"matchCriteriaId": "76830514-E848-4FD7-9FBD-2C29C5336981"
|
||||
"versionEndExcluding": "5.4.5",
|
||||
"matchCriteriaId": "57801ACF-A19D-4A5B-8189-BAEE33E23BA3"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -125,11 +125,17 @@
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJNJ66IFDUKWJJZXHGOLRGIA3HWWC36R/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UHYZOEFDVLVAD6EEP4CDW6DNONIVVHPA/",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lua-users.org/lists/lua-l/2022-02/msg00001.html",
|
||||
@ -160,7 +166,10 @@
|
||||
},
|
||||
{
|
||||
"url": "https://security.gentoo.org/glsa/202305-23",
|
||||
"source": "cve@mitre.org"
|
||||
"source": "cve@mitre.org",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
15
CVE-2023/CVE-2023-33xx/CVE-2023-3353.json
Normal file
15
CVE-2023/CVE-2023-33xx/CVE-2023-3353.json
Normal file
@ -0,0 +1,15 @@
|
||||
{
|
||||
"id": "CVE-2023-3353",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-06-20T14:15:10.650",
|
||||
"lastModified": "2024-06-20T14:15:10.650",
|
||||
"vulnStatus": "Rejected",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Rejected reason: ** REJECT ** Developer patched two issues with a single patch, so only one CVE is necessary. Please use CVE-2023-3352."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": []
|
||||
}
|
43
CVE-2024/CVE-2024-372xx/CVE-2024-37222.json
Normal file
43
CVE-2024/CVE-2024-372xx/CVE-2024-37222.json
Normal file
@ -0,0 +1,43 @@
|
||||
{
|
||||
"id": "CVE-2024-37222",
|
||||
"sourceIdentifier": "audit@patchstack.com",
|
||||
"published": "2024-06-20T15:15:50.117",
|
||||
"lastModified": "2024-06-20T15:15:50.117",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through 3.9.10."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "audit@patchstack.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7.1,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://patchstack.com/database/vulnerability/master-slider/wordpress-master-slider-plugin-3-9-10-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
|
||||
"source": "audit@patchstack.com"
|
||||
}
|
||||
]
|
||||
}
|
59
CVE-2024/CVE-2024-375xx/CVE-2024-37532.json
Normal file
59
CVE-2024/CVE-2024-375xx/CVE-2024-37532.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2024-37532",
|
||||
"sourceIdentifier": "psirt@us.ibm.com",
|
||||
"published": "2024-06-20T14:15:10.920",
|
||||
"lastModified": "2024-06-20T14:15:10.920",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "psirt@us.ibm.com",
|
||||
"type": "Secondary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-347"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294721",
|
||||
"source": "psirt@us.ibm.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.ibm.com/support/pages/node/7158031",
|
||||
"source": "psirt@us.ibm.com"
|
||||
}
|
||||
]
|
||||
}
|
47
CVE-2024/CVE-2024-51xx/CVE-2024-5156.json
Normal file
47
CVE-2024/CVE-2024-51xx/CVE-2024-5156.json
Normal file
@ -0,0 +1,47 @@
|
||||
{
|
||||
"id": "CVE-2024-5156",
|
||||
"sourceIdentifier": "security@wordfence.com",
|
||||
"published": "2024-06-20T14:15:11.400",
|
||||
"lastModified": "2024-06-20T14:15:11.400",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "The Flatsome theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.18.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "security@wordfence.com",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.4,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.1,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"references": [
|
||||
{
|
||||
"url": "https://themeforest.net/item/flatsome-multipurpose-responsive-woocommerce-theme/5484319#item-description__change-log",
|
||||
"source": "security@wordfence.com"
|
||||
},
|
||||
{
|
||||
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf6c13de-e666-4c80-aa4c-6f610d899d03?source=cve",
|
||||
"source": "security@wordfence.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5832",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.350",
|
||||
"lastModified": "2024-06-14T06:15:14.293",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:09:08.407",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "Use after free en Dawn en Google Chrome anterior a 126.0.6478.54 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/340196361",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/340196361",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5833",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.430",
|
||||
"lastModified": "2024-06-14T06:15:14.547",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:09:20.810",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "Type Confusion en V8 en Google Chrome anterior a 126.0.6478.54 permit\u00eda a un atacante remoto realizar potencialmente un acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/342602616",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "CWE-843"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/342602616",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5834",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.513",
|
||||
"lastModified": "2024-06-14T06:15:14.953",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:07:28.820",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "La implementaci\u00f3n inapropiada en Dawn en Google Chrome anterior a 126.0.6478.54 permiti\u00f3 a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/342840932",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/342840932",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5835",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.583",
|
||||
"lastModified": "2024-06-14T06:15:15.090",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:08:20.267",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "El desbordamiento del b\u00fafer del mont\u00f3n en Tab Groups en Google Chrome anteriores a 126.0.6478.54 permiti\u00f3 a un atacante remoto que convenci\u00f3 a un usuario para realizar gestos de interfaz de usuario espec\u00edficos para explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/341991535",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/341991535",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5836",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.657",
|
||||
"lastModified": "2024-06-14T06:15:15.463",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:08:33.157",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "La implementaci\u00f3n inapropiada en DevTools en Google Chrome anterior a 126.0.6478.54 permiti\u00f3 a un atacante que convenci\u00f3 a un usuario de instalar una extensi\u00f3n maliciosa para ejecutar c\u00f3digo arbitrario a trav\u00e9s de una extensi\u00f3n de Chrome manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/341875171",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/341875171",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5837",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.723",
|
||||
"lastModified": "2024-06-14T06:15:15.683",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:04:00.617",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "Type Confusion en V8 en Google Chrome anterior a 126.0.6478.54 permit\u00eda a un atacante remoto realizar potencialmente un acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/342415789",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "CWE-843"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/342415789",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5838",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.790",
|
||||
"lastModified": "2024-06-14T06:15:15.887",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:04:22.750",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "Type Confusion en V8 en Google Chrome anterior a 126.0.6478.54 permit\u00eda a un atacante remoto realizar acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/342522151",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "CWE-843"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/342522151",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5839",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.860",
|
||||
"lastModified": "2024-06-14T06:15:16.180",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:06:42.903",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "La implementaci\u00f3n inadecuada en Memory Allocator en Google Chrome anterior a 126.0.6478.54 permiti\u00f3 a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/340122160",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/340122160",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5840",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:54.933",
|
||||
"lastModified": "2024-06-14T06:15:16.280",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T14:55:25.307",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "La omisi\u00f3n de pol\u00edticas en CORS en Google Chrome anterior a 126.0.6478.54 permit\u00eda a un atacante remoto omitir el control de acceso discrecional a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.5,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/41492103",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/41492103",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5841",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:55.003",
|
||||
"lastModified": "2024-06-14T06:15:16.640",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T14:55:42.033",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "Use after free en V8 en Google Chrome anterior a 126.0.6478.54 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/326765855",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/326765855",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-5842",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-11T21:15:55.080",
|
||||
"lastModified": "2024-06-14T06:15:16.913",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T14:55:51.013",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,23 +14,108 @@
|
||||
"value": "Use after free en la interfaz de usuario del navegador en Google Chrome anterior a 126.0.6478.54 permit\u00eda a un atacante remoto convencer a un usuario de realizar gestos espec\u00edficos de la interfaz de usuario para realizar una lectura de memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chromium: media)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/40062622",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"lang": "en",
|
||||
"value": "CWE-416"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.54",
|
||||
"matchCriteriaId": "28906E8E-9158-4473-8807-188F6DF15D13"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646"
|
||||
},
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*",
|
||||
"matchCriteriaId": "CA277A6C-83EC-4536-9125-97B84C4FAF59"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/40062622",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7VXA32LXMNK3DSK3JBRLTBPFUH7LTODU/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MPU7AB53QQVNTBPGRMJRY5SXJNYWW3FX/",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-6100",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-20T00:15:09.810",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:18:01.470",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,8 +14,41 @@
|
||||
"value": "Type Confusion en V8 en Google Chrome anterior a 126.0.6478.114 permit\u00eda a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-843"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"type": "Secondary",
|
||||
@ -27,14 +60,38 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
"configurations": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"nodes": [
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/344608204",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.114",
|
||||
"matchCriteriaId": "1B82B0A4-B5BC-4639-AA1D-FD1B3E501892"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/344608204",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-6101",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-20T00:15:09.967",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:17:51.823",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,15 +14,74 @@
|
||||
"value": "La implementaci\u00f3n inapropiada en V8 en Google Chrome anterior a 126.0.6478.114 permiti\u00f3 a un atacante remoto realizar acceso a la memoria fuera de los l\u00edmites a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/343748812",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "NVD-CWE-noinfo"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.114",
|
||||
"matchCriteriaId": "1B82B0A4-B5BC-4639-AA1D-FD1B3E501892"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/343748812",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-6102",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-20T00:15:10.053",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:17:42.737",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,15 +14,74 @@
|
||||
"value": "El acceso a memoria fuera de los l\u00edmites en Dawn en Google Chrome anterior a 126.0.6478.114 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"references": [
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/339169163",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-787"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"configurations": [
|
||||
{
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.114",
|
||||
"matchCriteriaId": "1B82B0A4-B5BC-4639-AA1D-FD1B3E501892"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/339169163",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-6103",
|
||||
"sourceIdentifier": "chrome-cve-admin@google.com",
|
||||
"published": "2024-06-20T00:15:10.133",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:17:16.060",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,8 +14,41 @@
|
||||
"value": "Use after free en Dawn en Google Chrome anterior a 126.0.6478.114 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Severidad de seguridad de Chrome: alta)"
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-416"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"type": "Secondary",
|
||||
@ -27,14 +60,38 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
"configurations": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
},
|
||||
"nodes": [
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/344639860",
|
||||
"source": "chrome-cve-admin@google.com"
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
|
||||
"versionEndExcluding": "126.0.6478.114",
|
||||
"matchCriteriaId": "1B82B0A4-B5BC-4639-AA1D-FD1B3E501892"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://chromereleases.googleblog.com/2024/06/stable-channel-update-for-desktop_18.html",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Third Party Advisory"
|
||||
]
|
||||
},
|
||||
{
|
||||
"url": "https://issues.chromium.org/issues/344639860",
|
||||
"source": "chrome-cve-admin@google.com",
|
||||
"tags": [
|
||||
"Permissions Required"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
59
CVE-2024/CVE-2024-61xx/CVE-2024-6162.json
Normal file
59
CVE-2024/CVE-2024-61xx/CVE-2024-6162.json
Normal file
@ -0,0 +1,59 @@
|
||||
{
|
||||
"id": "CVE-2024-6162",
|
||||
"sourceIdentifier": "secalert@redhat.com",
|
||||
"published": "2024-06-20T15:15:50.570",
|
||||
"lastModified": "2024-06-20T15:15:50.570",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of service."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "NONE",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 7.5,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.6
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "secalert@redhat.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-400"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://access.redhat.com/security/cve/CVE-2024-6162",
|
||||
"source": "secalert@redhat.com"
|
||||
},
|
||||
{
|
||||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2293069",
|
||||
"source": "secalert@redhat.com"
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-6177",
|
||||
"sourceIdentifier": "product.security@lge.com",
|
||||
"published": "2024-06-20T02:15:11.980",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:17:06.493",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,8 +14,41 @@
|
||||
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "product.security@lge.com",
|
||||
"type": "Secondary",
|
||||
@ -27,10 +60,32 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
"configurations": [
|
||||
{
|
||||
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails",
|
||||
"source": "product.security@lge.com"
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:lg:supersign_cms:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "4.1.3",
|
||||
"versionEndExcluding": "4.3.1",
|
||||
"matchCriteriaId": "6995A868-E46C-4793-9F8F-03E04879946C"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails",
|
||||
"source": "product.security@lge.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-6178",
|
||||
"sourceIdentifier": "product.security@lge.com",
|
||||
"published": "2024-06-20T02:15:12.123",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:16:58.507",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,8 +14,41 @@
|
||||
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "product.security@lge.com",
|
||||
"type": "Secondary",
|
||||
@ -27,10 +60,32 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
"configurations": [
|
||||
{
|
||||
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails",
|
||||
"source": "product.security@lge.com"
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:lg:supersign_cms:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "4.1.3",
|
||||
"versionEndExcluding": "4.3.1",
|
||||
"matchCriteriaId": "6995A868-E46C-4793-9F8F-03E04879946C"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails",
|
||||
"source": "product.security@lge.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,8 +2,8 @@
|
||||
"id": "CVE-2024-6179",
|
||||
"sourceIdentifier": "product.security@lge.com",
|
||||
"published": "2024-06-20T02:15:12.257",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"vulnStatus": "Undergoing Analysis",
|
||||
"lastModified": "2024-06-20T15:16:47.133",
|
||||
"vulnStatus": "Analyzed",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
@ -14,8 +14,41 @@
|
||||
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site Scripting') en LG Electronics SuperSign CMS permite XSS Reflejado. Este problema afecta a SuperSign CMS: desde 4.1.3 antes < 4.3.1."
|
||||
}
|
||||
],
|
||||
"metrics": {},
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "REQUIRED",
|
||||
"scope": "CHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 6.1,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 2.7
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "nvd@nist.gov",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-79"
|
||||
}
|
||||
]
|
||||
},
|
||||
{
|
||||
"source": "product.security@lge.com",
|
||||
"type": "Secondary",
|
||||
@ -27,10 +60,32 @@
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
"configurations": [
|
||||
{
|
||||
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails",
|
||||
"source": "product.security@lge.com"
|
||||
"nodes": [
|
||||
{
|
||||
"operator": "OR",
|
||||
"negate": false,
|
||||
"cpeMatch": [
|
||||
{
|
||||
"vulnerable": true,
|
||||
"criteria": "cpe:2.3:a:lg:supersign_cms:*:*:*:*:*:*:*:*",
|
||||
"versionStartIncluding": "4.1.3",
|
||||
"versionEndExcluding": "4.3.1",
|
||||
"matchCriteriaId": "6995A868-E46C-4793-9F8F-03E04879946C"
|
||||
}
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://lgsecurity.lge.com/bulletins/idproducts#updateDetails",
|
||||
"source": "product.security@lge.com",
|
||||
"tags": [
|
||||
"Vendor Advisory"
|
||||
]
|
||||
}
|
||||
]
|
||||
}
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-6181",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-06-20T11:15:56.723",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"lastModified": "2024-06-20T14:15:11.837",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-6184",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-06-20T12:15:15.560",
|
||||
"lastModified": "2024-06-20T12:43:25.663",
|
||||
"lastModified": "2024-06-20T14:15:11.953",
|
||||
"vulnStatus": "Awaiting Analysis",
|
||||
"descriptions": [
|
||||
{
|
||||
|
@ -2,7 +2,7 @@
|
||||
"id": "CVE-2024-6186",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-06-20T13:15:50.007",
|
||||
"lastModified": "2024-06-20T13:15:50.007",
|
||||
"lastModified": "2024-06-20T15:15:50.827",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
|
92
CVE-2024/CVE-2024-61xx/CVE-2024-6188.json
Normal file
92
CVE-2024/CVE-2024-61xx/CVE-2024-6188.json
Normal file
@ -0,0 +1,92 @@
|
||||
{
|
||||
"id": "CVE-2024-6188",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-06-20T14:15:12.063",
|
||||
"lastModified": "2024-06-20T14:15:12.063",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic. This issue affects some unknown processing of the file /TS/export/pagedefinition. The manipulation of the argument ID leads to direct request. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269159. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.3,
|
||||
"baseSeverity": "MEDIUM"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 1.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "NONE",
|
||||
"availabilityImpact": "NONE",
|
||||
"baseScore": 5.0
|
||||
},
|
||||
"baseSeverity": "MEDIUM",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 2.9,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-425"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://kiwiyumi.com/post/tracksys-export-source-code/",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.269159",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.269159",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.354924",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
92
CVE-2024/CVE-2024-61xx/CVE-2024-6189.json
Normal file
92
CVE-2024/CVE-2024-61xx/CVE-2024-6189.json
Normal file
@ -0,0 +1,92 @@
|
||||
{
|
||||
"id": "CVE-2024-6189",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-06-20T14:15:12.370",
|
||||
"lastModified": "2024-06-20T14:15:12.370",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in Tenda A301 15.13.08.12. It has been classified as critical. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269160. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "LOW",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "HIGH",
|
||||
"integrityImpact": "HIGH",
|
||||
"availabilityImpact": "HIGH",
|
||||
"baseScore": 8.8,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 2.8,
|
||||
"impactScore": 5.9
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "SINGLE",
|
||||
"confidentialityImpact": "COMPLETE",
|
||||
"integrityImpact": "COMPLETE",
|
||||
"availabilityImpact": "COMPLETE",
|
||||
"baseScore": 9.0
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 8.0,
|
||||
"impactScore": 10.0,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-121"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://military-hail-377.notion.site/Tenda-A301V2-0-stack-overflow-c95f23f03b2b4eb5b8ffd3912e9982fd",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.269160",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.269160",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.355264",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
92
CVE-2024/CVE-2024-61xx/CVE-2024-6190.json
Normal file
92
CVE-2024/CVE-2024-61xx/CVE-2024-6190.json
Normal file
@ -0,0 +1,92 @@
|
||||
{
|
||||
"id": "CVE-2024-6190",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-06-20T15:15:50.940",
|
||||
"lastModified": "2024-06-20T15:15:50.940",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability was found in itsourcecode Farm Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-269162 is the identifier assigned to this vulnerability."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 7.5
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/HryspaHodor/CVE/issues/2",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.269162",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.269162",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.359008",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
92
CVE-2024/CVE-2024-61xx/CVE-2024-6191.json
Normal file
92
CVE-2024/CVE-2024-61xx/CVE-2024-6191.json
Normal file
@ -0,0 +1,92 @@
|
||||
{
|
||||
"id": "CVE-2024-6191",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-06-20T15:15:51.230",
|
||||
"lastModified": "2024-06-20T15:15:51.230",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-269163."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 7.5
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/HryspaHodor/CVE/issues/3",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.269163",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.269163",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.359009",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
92
CVE-2024/CVE-2024-61xx/CVE-2024-6192.json
Normal file
92
CVE-2024/CVE-2024-61xx/CVE-2024-6192.json
Normal file
@ -0,0 +1,92 @@
|
||||
{
|
||||
"id": "CVE-2024-6192",
|
||||
"sourceIdentifier": "cna@vuldb.com",
|
||||
"published": "2024-06-20T15:15:51.517",
|
||||
"lastModified": "2024-06-20T15:15:51.517",
|
||||
"vulnStatus": "Received",
|
||||
"descriptions": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-269164."
|
||||
}
|
||||
],
|
||||
"metrics": {
|
||||
"cvssMetricV31": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "3.1",
|
||||
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
|
||||
"attackVector": "NETWORK",
|
||||
"attackComplexity": "LOW",
|
||||
"privilegesRequired": "NONE",
|
||||
"userInteraction": "NONE",
|
||||
"scope": "UNCHANGED",
|
||||
"confidentialityImpact": "LOW",
|
||||
"integrityImpact": "LOW",
|
||||
"availabilityImpact": "LOW",
|
||||
"baseScore": 7.3,
|
||||
"baseSeverity": "HIGH"
|
||||
},
|
||||
"exploitabilityScore": 3.9,
|
||||
"impactScore": 3.4
|
||||
}
|
||||
],
|
||||
"cvssMetricV2": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Secondary",
|
||||
"cvssData": {
|
||||
"version": "2.0",
|
||||
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
|
||||
"accessVector": "NETWORK",
|
||||
"accessComplexity": "LOW",
|
||||
"authentication": "NONE",
|
||||
"confidentialityImpact": "PARTIAL",
|
||||
"integrityImpact": "PARTIAL",
|
||||
"availabilityImpact": "PARTIAL",
|
||||
"baseScore": 7.5
|
||||
},
|
||||
"baseSeverity": "HIGH",
|
||||
"exploitabilityScore": 10.0,
|
||||
"impactScore": 6.4,
|
||||
"acInsufInfo": false,
|
||||
"obtainAllPrivilege": false,
|
||||
"obtainUserPrivilege": false,
|
||||
"obtainOtherPrivilege": false,
|
||||
"userInteractionRequired": false
|
||||
}
|
||||
]
|
||||
},
|
||||
"weaknesses": [
|
||||
{
|
||||
"source": "cna@vuldb.com",
|
||||
"type": "Primary",
|
||||
"description": [
|
||||
{
|
||||
"lang": "en",
|
||||
"value": "CWE-89"
|
||||
}
|
||||
]
|
||||
}
|
||||
],
|
||||
"references": [
|
||||
{
|
||||
"url": "https://github.com/HryspaHodor/CVE/issues/4",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?ctiid.269164",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?id.269164",
|
||||
"source": "cna@vuldb.com"
|
||||
},
|
||||
{
|
||||
"url": "https://vuldb.com/?submit.359017",
|
||||
"source": "cna@vuldb.com"
|
||||
}
|
||||
]
|
||||
}
|
92
README.md
92
README.md
@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
|
||||
### Last Repository Update
|
||||
|
||||
```plain
|
||||
2024-06-20T14:00:20.555063+00:00
|
||||
2024-06-20T16:00:26.248885+00:00
|
||||
```
|
||||
|
||||
### Most recent CVE Modification Timestamp synchronized with NVD
|
||||
|
||||
```plain
|
||||
2024-06-20T13:24:38.797000+00:00
|
||||
2024-06-20T15:18:01.470000+00:00
|
||||
```
|
||||
|
||||
### Last Data Feed Release
|
||||
@ -33,69 +33,51 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
|
||||
### Total Number of included CVEs
|
||||
|
||||
```plain
|
||||
254730
|
||||
254740
|
||||
```
|
||||
|
||||
### CVEs added in the last Commit
|
||||
|
||||
Recently added CVEs: `59`
|
||||
Recently added CVEs: `10`
|
||||
|
||||
- [CVE-2022-48757](CVE-2022/CVE-2022-487xx/CVE-2022-48757.json) (`2024-06-20T12:15:13.823`)
|
||||
- [CVE-2022-48758](CVE-2022/CVE-2022-487xx/CVE-2022-48758.json) (`2024-06-20T12:15:13.927`)
|
||||
- [CVE-2022-48759](CVE-2022/CVE-2022-487xx/CVE-2022-48759.json) (`2024-06-20T12:15:14.023`)
|
||||
- [CVE-2022-48760](CVE-2022/CVE-2022-487xx/CVE-2022-48760.json) (`2024-06-20T12:15:14.110`)
|
||||
- [CVE-2022-48761](CVE-2022/CVE-2022-487xx/CVE-2022-48761.json) (`2024-06-20T12:15:14.203`)
|
||||
- [CVE-2022-48762](CVE-2022/CVE-2022-487xx/CVE-2022-48762.json) (`2024-06-20T12:15:14.287`)
|
||||
- [CVE-2022-48763](CVE-2022/CVE-2022-487xx/CVE-2022-48763.json) (`2024-06-20T12:15:14.363`)
|
||||
- [CVE-2022-48764](CVE-2022/CVE-2022-487xx/CVE-2022-48764.json) (`2024-06-20T12:15:14.450`)
|
||||
- [CVE-2022-48765](CVE-2022/CVE-2022-487xx/CVE-2022-48765.json) (`2024-06-20T12:15:14.530`)
|
||||
- [CVE-2022-48766](CVE-2022/CVE-2022-487xx/CVE-2022-48766.json) (`2024-06-20T12:15:14.617`)
|
||||
- [CVE-2022-48767](CVE-2022/CVE-2022-487xx/CVE-2022-48767.json) (`2024-06-20T12:15:14.703`)
|
||||
- [CVE-2022-48768](CVE-2022/CVE-2022-487xx/CVE-2022-48768.json) (`2024-06-20T12:15:14.783`)
|
||||
- [CVE-2022-48769](CVE-2022/CVE-2022-487xx/CVE-2022-48769.json) (`2024-06-20T12:15:14.870`)
|
||||
- [CVE-2022-48770](CVE-2022/CVE-2022-487xx/CVE-2022-48770.json) (`2024-06-20T12:15:14.953`)
|
||||
- [CVE-2022-48771](CVE-2022/CVE-2022-487xx/CVE-2022-48771.json) (`2024-06-20T12:15:15.043`)
|
||||
- [CVE-2023-49110](CVE-2023/CVE-2023-491xx/CVE-2023-49110.json) (`2024-06-20T13:15:49.250`)
|
||||
- [CVE-2023-49111](CVE-2023/CVE-2023-491xx/CVE-2023-49111.json) (`2024-06-20T13:15:49.380`)
|
||||
- [CVE-2023-49112](CVE-2023/CVE-2023-491xx/CVE-2023-49112.json) (`2024-06-20T13:15:49.480`)
|
||||
- [CVE-2023-49113](CVE-2023/CVE-2023-491xx/CVE-2023-49113.json) (`2024-06-20T13:15:49.560`)
|
||||
- [CVE-2023-52883](CVE-2023/CVE-2023-528xx/CVE-2023-52883.json) (`2024-06-20T12:15:15.140`)
|
||||
- [CVE-2024-6183](CVE-2024/CVE-2024-61xx/CVE-2024-6183.json) (`2024-06-20T12:15:15.233`)
|
||||
- [CVE-2024-6184](CVE-2024/CVE-2024-61xx/CVE-2024-6184.json) (`2024-06-20T12:15:15.560`)
|
||||
- [CVE-2024-6185](CVE-2024/CVE-2024-61xx/CVE-2024-6185.json) (`2024-06-20T12:15:15.873`)
|
||||
- [CVE-2024-6186](CVE-2024/CVE-2024-61xx/CVE-2024-6186.json) (`2024-06-20T13:15:50.007`)
|
||||
- [CVE-2024-6187](CVE-2024/CVE-2024-61xx/CVE-2024-6187.json) (`2024-06-20T13:15:50.320`)
|
||||
- [CVE-2023-3353](CVE-2023/CVE-2023-33xx/CVE-2023-3353.json) (`2024-06-20T14:15:10.650`)
|
||||
- [CVE-2024-37222](CVE-2024/CVE-2024-372xx/CVE-2024-37222.json) (`2024-06-20T15:15:50.117`)
|
||||
- [CVE-2024-37532](CVE-2024/CVE-2024-375xx/CVE-2024-37532.json) (`2024-06-20T14:15:10.920`)
|
||||
- [CVE-2024-5156](CVE-2024/CVE-2024-51xx/CVE-2024-5156.json) (`2024-06-20T14:15:11.400`)
|
||||
- [CVE-2024-6162](CVE-2024/CVE-2024-61xx/CVE-2024-6162.json) (`2024-06-20T15:15:50.570`)
|
||||
- [CVE-2024-6188](CVE-2024/CVE-2024-61xx/CVE-2024-6188.json) (`2024-06-20T14:15:12.063`)
|
||||
- [CVE-2024-6189](CVE-2024/CVE-2024-61xx/CVE-2024-6189.json) (`2024-06-20T14:15:12.370`)
|
||||
- [CVE-2024-6190](CVE-2024/CVE-2024-61xx/CVE-2024-6190.json) (`2024-06-20T15:15:50.940`)
|
||||
- [CVE-2024-6191](CVE-2024/CVE-2024-61xx/CVE-2024-6191.json) (`2024-06-20T15:15:51.230`)
|
||||
- [CVE-2024-6192](CVE-2024/CVE-2024-61xx/CVE-2024-6192.json) (`2024-06-20T15:15:51.517`)
|
||||
|
||||
|
||||
### CVEs modified in the last Commit
|
||||
|
||||
Recently modified CVEs: `408`
|
||||
Recently modified CVEs: `22`
|
||||
|
||||
- [CVE-2024-6103](CVE-2024/CVE-2024-61xx/CVE-2024-6103.json) (`2024-06-20T12:43:25.663`)
|
||||
- [CVE-2024-6108](CVE-2024/CVE-2024-61xx/CVE-2024-6108.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6109](CVE-2024/CVE-2024-61xx/CVE-2024-6109.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6110](CVE-2024/CVE-2024-61xx/CVE-2024-6110.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6111](CVE-2024/CVE-2024-61xx/CVE-2024-6111.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6112](CVE-2024/CVE-2024-61xx/CVE-2024-6112.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6113](CVE-2024/CVE-2024-61xx/CVE-2024-6113.json) (`2024-06-20T12:43:25.663`)
|
||||
- [CVE-2024-6114](CVE-2024/CVE-2024-61xx/CVE-2024-6114.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6115](CVE-2024/CVE-2024-61xx/CVE-2024-6115.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6116](CVE-2024/CVE-2024-61xx/CVE-2024-6116.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6125](CVE-2024/CVE-2024-61xx/CVE-2024-6125.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6128](CVE-2024/CVE-2024-61xx/CVE-2024-6128.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6129](CVE-2024/CVE-2024-61xx/CVE-2024-6129.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6132](CVE-2024/CVE-2024-61xx/CVE-2024-6132.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6142](CVE-2024/CVE-2024-61xx/CVE-2024-6142.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6143](CVE-2024/CVE-2024-61xx/CVE-2024-6143.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6144](CVE-2024/CVE-2024-61xx/CVE-2024-6144.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6145](CVE-2024/CVE-2024-61xx/CVE-2024-6145.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6146](CVE-2024/CVE-2024-61xx/CVE-2024-6146.json) (`2024-06-20T12:44:01.637`)
|
||||
- [CVE-2024-6176](CVE-2024/CVE-2024-61xx/CVE-2024-6176.json) (`2024-06-20T12:43:25.663`)
|
||||
- [CVE-2024-6177](CVE-2024/CVE-2024-61xx/CVE-2024-6177.json) (`2024-06-20T12:43:25.663`)
|
||||
- [CVE-2024-6178](CVE-2024/CVE-2024-61xx/CVE-2024-6178.json) (`2024-06-20T12:43:25.663`)
|
||||
- [CVE-2024-6179](CVE-2024/CVE-2024-61xx/CVE-2024-6179.json) (`2024-06-20T12:43:25.663`)
|
||||
- [CVE-2024-6181](CVE-2024/CVE-2024-61xx/CVE-2024-6181.json) (`2024-06-20T12:43:25.663`)
|
||||
- [CVE-2024-6182](CVE-2024/CVE-2024-61xx/CVE-2024-6182.json) (`2024-06-20T12:43:25.663`)
|
||||
- [CVE-2022-28805](CVE-2022/CVE-2022-288xx/CVE-2022-28805.json) (`2024-06-20T14:44:42.220`)
|
||||
- [CVE-2024-5832](CVE-2024/CVE-2024-58xx/CVE-2024-5832.json) (`2024-06-20T15:09:08.407`)
|
||||
- [CVE-2024-5833](CVE-2024/CVE-2024-58xx/CVE-2024-5833.json) (`2024-06-20T15:09:20.810`)
|
||||
- [CVE-2024-5834](CVE-2024/CVE-2024-58xx/CVE-2024-5834.json) (`2024-06-20T15:07:28.820`)
|
||||
- [CVE-2024-5835](CVE-2024/CVE-2024-58xx/CVE-2024-5835.json) (`2024-06-20T15:08:20.267`)
|
||||
- [CVE-2024-5836](CVE-2024/CVE-2024-58xx/CVE-2024-5836.json) (`2024-06-20T15:08:33.157`)
|
||||
- [CVE-2024-5837](CVE-2024/CVE-2024-58xx/CVE-2024-5837.json) (`2024-06-20T15:04:00.617`)
|
||||
- [CVE-2024-5838](CVE-2024/CVE-2024-58xx/CVE-2024-5838.json) (`2024-06-20T15:04:22.750`)
|
||||
- [CVE-2024-5839](CVE-2024/CVE-2024-58xx/CVE-2024-5839.json) (`2024-06-20T15:06:42.903`)
|
||||
- [CVE-2024-5840](CVE-2024/CVE-2024-58xx/CVE-2024-5840.json) (`2024-06-20T14:55:25.307`)
|
||||
- [CVE-2024-5841](CVE-2024/CVE-2024-58xx/CVE-2024-5841.json) (`2024-06-20T14:55:42.033`)
|
||||
- [CVE-2024-5842](CVE-2024/CVE-2024-58xx/CVE-2024-5842.json) (`2024-06-20T14:55:51.013`)
|
||||
- [CVE-2024-6100](CVE-2024/CVE-2024-61xx/CVE-2024-6100.json) (`2024-06-20T15:18:01.470`)
|
||||
- [CVE-2024-6101](CVE-2024/CVE-2024-61xx/CVE-2024-6101.json) (`2024-06-20T15:17:51.823`)
|
||||
- [CVE-2024-6102](CVE-2024/CVE-2024-61xx/CVE-2024-6102.json) (`2024-06-20T15:17:42.737`)
|
||||
- [CVE-2024-6103](CVE-2024/CVE-2024-61xx/CVE-2024-6103.json) (`2024-06-20T15:17:16.060`)
|
||||
- [CVE-2024-6177](CVE-2024/CVE-2024-61xx/CVE-2024-6177.json) (`2024-06-20T15:17:06.493`)
|
||||
- [CVE-2024-6178](CVE-2024/CVE-2024-61xx/CVE-2024-6178.json) (`2024-06-20T15:16:58.507`)
|
||||
- [CVE-2024-6179](CVE-2024/CVE-2024-61xx/CVE-2024-6179.json) (`2024-06-20T15:16:47.133`)
|
||||
- [CVE-2024-6181](CVE-2024/CVE-2024-61xx/CVE-2024-6181.json) (`2024-06-20T14:15:11.837`)
|
||||
- [CVE-2024-6184](CVE-2024/CVE-2024-61xx/CVE-2024-6184.json) (`2024-06-20T14:15:11.953`)
|
||||
- [CVE-2024-6186](CVE-2024/CVE-2024-61xx/CVE-2024-6186.json) (`2024-06-20T15:15:50.827`)
|
||||
|
||||
|
||||
## Download and Usage
|
||||
|
968
_state.csv
968
_state.csv
File diff suppressed because it is too large
Load Diff
Loading…
x
Reference in New Issue
Block a user