admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-08-15T18:00:33.030202+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-08-15 18:03:30 +00:00
parent 4cf476e93a
commit 6197594d4c
170 changed files with 8769 additions and 846 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
CVE-2023/CVE-2023-372xx/CVE-2023-37228.json Normal file
View File

@ -0,0 +1,16 @@
{
"id": "CVE-2023-37228",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T16:15:16.890",
"lastModified": "2024-08-15T16:15:16.890",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {},
"references": []
}

83
CVE-2023/CVE-2023-505xx/CVE-2023-50569.json
View File

@ -2,88 +2,15 @@
"id": "CVE-2023-50569", "id": "CVE-2023-50569",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T11:15:07.840", "published": "2023-12-22T11:15:07.840",
"lastModified": "2023-12-29T06:23:17.293", "lastModified": "2024-08-15T16:15:17.360",
"vulnStatus": "Analyzed", "vulnStatus": "Rejected",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Reflected Cross Site Scripting (XSS) vulnerability in Cacti v1.2.25, allows remote attackers to escalate privileges when uploading an xml template file via templates_import.php." "value": "Rejected reason: DO NOT USE THIS CVE RECORD. Consult IDs: CVE-2023-50250. Reason: This record is a reservation duplicate of CVE-2023-50250. Notes: All CVE users should reference CVE-2023-50250 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage."
},
{
"lang": "es",
"value": "Vulnerabilidad de Cross Site Scripting (XSS) reflejado en Cacti v1.2.25, permite a atacantes remotos escalar privilegios al cargar un archivo de plantilla xml a trav\u00e9s de templates_import.php."
} }
], ],
"metrics": { "metrics": {},
"cvssMetricV31": [ "references": []
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cacti:cacti:1.2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5814EC-CFCB-4066-9260-FF78B45E2089"
}
]
}
]
}
],
"references": [
{
"url": "https://gist.github.com/ISHGARD-2/a6b57de899f977e2af41780e7428b4bf",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://github.com/Cacti/cacti/security/advisories/GHSA-xwqc-7jc4-xm73",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
} }

39
CVE-2023/CVE-2023-525xx/CVE-2023-52539.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52539", "id": "CVE-2023-52539",
"sourceIdentifier": "psirt@huawei.com", "sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T09:15:08.500", "published": "2024-04-08T09:15:08.500",
"lastModified": "2024-04-08T18:48:40.217", "lastModified": "2024-08-15T17:35:01.503",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de verificaci\u00f3n de permisos en el m\u00f3dulo de Configuraci\u00f3n. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." "value": "Vulnerabilidad de verificaci\u00f3n de permisos en el m\u00f3dulo de Configuraci\u00f3n. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://consumer.huawei.com/en/support/bulletin/2024/3/", "url": "https://consumer.huawei.com/en/support/bulletin/2024/3/",

14
CVE-2024/CVE-2024-08xx/CVE-2024-0801.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0801", "id": "CVE-2024-0801",
"sourceIdentifier": "vulnreport@tenable.com", "sourceIdentifier": "vulnreport@tenable.com",
"published": "2024-03-13T19:15:46.943", "published": "2024-03-13T19:15:46.943",
"lastModified": "2024-03-14T12:52:21.763", "lastModified": "2024-08-15T17:35:02.350",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -39,6 +39,18 @@
} }
] ]
}, },
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-75"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.tenable.com/security/research/tra-2024-07", "url": "https://www.tenable.com/security/research/tra-2024-07",

39
CVE-2024/CVE-2024-200xx/CVE-2024-20029.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20029", "id": "CVE-2024-20029",
"sourceIdentifier": "security@mediatek.com", "sourceIdentifier": "security@mediatek.com",
"published": "2024-03-04T03:15:07.453", "published": "2024-03-04T03:15:07.453",
"lastModified": "2024-03-04T13:58:23.447", "lastModified": "2024-08-15T17:35:03.250",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En el firmware WLAN, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08477406; ID del problema: MSV-1010." "value": "En el firmware WLAN, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios con permisos de ejecuci\u00f3n de System necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n. ID de parche: ALPS08477406; ID del problema: MSV-1010."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://corp.mediatek.com/product-security-bulletin/March-2024", "url": "https://corp.mediatek.com/product-security-bulletin/March-2024",

39
CVE-2024/CVE-2024-254xx/CVE-2024-25458.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25458", "id": "CVE-2024-25458",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-01T19:15:22.333", "published": "2024-05-01T19:15:22.333",
"lastModified": "2024-05-01T19:50:25.633", "lastModified": "2024-08-15T16:35:03.913",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en el firmware de la c\u00e1mara CYCZCAM, SHIX ZHAO, SHIXCAM A9 (identificador de placa de circuito A9-48B-V1.0) v.CYCAM_48B_BC01_v87_0903 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada a un puerto UDP." "value": "Un problema en el firmware de la c\u00e1mara CYCZCAM, SHIX ZHAO, SHIXCAM A9 (identificador de placa de circuito A9-48B-V1.0) v.CYCAM_48B_BC01_v87_0903 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de una solicitud manipulada a un puerto UDP."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://tanzhuyin.com/posts/cve-2024-25458/", "url": "https://tanzhuyin.com/posts/cve-2024-25458/",

27
CVE-2024/CVE-2024-257xx/CVE-2024-25743.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25743", "id": "CVE-2024-25743",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-15T18:15:10.837", "published": "2024-05-15T18:15:10.837",
"lastModified": "2024-05-17T22:15:07.310", "lastModified": "2024-08-15T16:35:04.743",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux hasta 6.7.2, un hipervisor que no es de confianza puede inyectar interrupciones virtuales 0 y 14 en cualquier momento y puede activar el controlador de se\u00f1ales SIGFPE en aplicaciones de espacio de usuario. Esto afecta a AMD SEV-SNP y AMD SEV-ES." "value": "En el kernel de Linux hasta 6.7.2, un hipervisor que no es de confianza puede inyectar interrupciones virtuales 0 y 14 en cualquier momento y puede activar el controlador de se\u00f1ales SIGFPE en aplicaciones de espacio de usuario. Esto afecta a AMD SEV-SNP y AMD SEV-ES."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"references": [ "references": [
{ {
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270836", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270836",

34
CVE-2024/CVE-2024-273xx/CVE-2024-27372.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27372", "id": "CVE-2024-27372",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-05T19:15:12.893", "published": "2024-06-05T19:15:12.893",
"lastModified": "2024-06-27T16:41:21.603", "lastModified": "2024-08-15T16:35:04.970",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -37,6 +37,26 @@
"exploitabilityScore": 1.8, "exploitabilityScore": 1.8,
"impactScore": 5.9 "impactScore": 5.9
}, },
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{ {
"source": "cve@mitre.org", "source": "cve@mitre.org",
"type": "Secondary", "type": "Secondary",
@ -69,6 +89,16 @@
"value": "CWE-787" "value": "CWE-787"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2024/CVE-2024-285xx/CVE-2024-28547.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28547", "id": "CVE-2024-28547",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-18T14:15:10.010", "published": "2024-03-18T14:15:10.010",
"lastModified": "2024-03-18T19:40:00.173", "lastModified": "2024-08-15T17:35:04.350",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Tenda AC18 V15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila en el par\u00e1metro firewallEn de la funci\u00f3n formSetFirewallCfg." "value": "Tenda AC18 V15.03.05.05 tiene una vulnerabilidad de desbordamiento de pila en el par\u00e1metro firewallEn de la funci\u00f3n formSetFirewallCfg."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetFirewallCfg.md", "url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetFirewallCfg.md",

39
CVE-2024/CVE-2024-285xx/CVE-2024-28584.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28584", "id": "CVE-2024-28584",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-03-20T06:15:12.247", "published": "2024-03-20T06:15:12.247",
"lastModified": "2024-05-01T18:15:17.567", "lastModified": "2024-08-15T16:35:06.133",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de desreferencia de puntero nulo en open source FreeImage v.3.19.0 [r1909] permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n J2KImageToFIBITMAP() al leer im\u00e1genes en formato J2K." "value": "Vulnerabilidad de desreferencia de puntero nulo en open source FreeImage v.3.19.0 [r1909] permite que un atacante local provoque una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de la funci\u00f3n J2KImageToFIBITMAP() al leer im\u00e1genes en formato J2K."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://www.openwall.com/lists/oss-security/2024/04/11/10", "url": "http://www.openwall.com/lists/oss-security/2024/04/11/10",

39
CVE-2024/CVE-2024-308xx/CVE-2024-30801.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30801", "id": "CVE-2024-30801",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:23:52.670", "published": "2024-05-14T15:23:52.670",
"lastModified": "2024-05-14T16:13:02.773", "lastModified": "2024-08-15T17:35:05.230",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Cloud based customer service management platform v.1.0.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para el componente Login.asp." "value": "Vulnerabilidad de inyecci\u00f3n SQL en Cloud based customer service management platform v.1.0.0 permite a un atacante local ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado para el componente Login.asp."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [ "references": [
{ {
"url": "http://cloud.com", "url": "http://cloud.com",

34
CVE-2024/CVE-2024-308xx/CVE-2024-30889.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30889", "id": "CVE-2024-30889",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-04T22:15:10.243", "published": "2024-06-04T22:15:10.243",
"lastModified": "2024-06-06T19:09:09.840", "lastModified": "2024-08-15T16:35:07.067",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.3, "exploitabilityScore": 2.3,
"impactScore": 2.7 "impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-79" "value": "CWE-79"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"configurations": [ "configurations": [

39
CVE-2024/CVE-2024-316xx/CVE-2024-31610.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31610", "id": "CVE-2024-31610",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-25T22:15:08.993", "published": "2024-04-25T22:15:08.993",
"lastModified": "2024-04-26T12:58:17.720", "lastModified": "2024-08-15T16:35:07.883",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de carga de archivos en la funci\u00f3n para que los empleados carguen avatares en Code-Projects Simple School Management System v1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo manipulado." "value": "Vulnerabilidad de carga de archivos en la funci\u00f3n para que los empleados carguen avatares en Code-Projects Simple School Management System v1.0 permite a los atacantes ejecutar c\u00f3digo arbitrario mediante la carga de un archivo manipulado."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/ss122-0ss/School/blob/main/readme.md", "url": "https://github.com/ss122-0ss/School/blob/main/readme.md",

25
CVE-2024/CVE-2024-317xx/CVE-2024-31798.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-31798",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:17.013",
"lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Identical Hardcoded Root Password for All Devices in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to retrieve the root password for all similar devices"
}
],
"metrics": {},
"references": [
{
"url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p",
"source": "cve@mitre.org"
},
{
"url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-317xx/CVE-2024-31799.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-31799",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:17.127",
"lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Information Disclosure in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to read the WiFi passphrase via the UART Debugging Port."
}
],
"metrics": {},
"references": [
{
"url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p",
"source": "cve@mitre.org"
},
{
"url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-318xx/CVE-2024-31800.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-31800",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T17:15:17.220",
"lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authentication Bypass in GNCC's GC2 Indoor Security Camera 1080P allows an attacker with physical access to gain a privileged command shell via the UART Debugging Port."
}
],
"metrics": {},
"references": [
{
"url": "https://gncchome.com/collections/indoor-camera/products/c2-indoor-security-camera-1080p",
"source": "cve@mitre.org"
},
{
"url": "https://www.nsideattacklogic.de/advisories/NSIDE-SA-2024-001",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-319xx/CVE-2024-31905.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-31905",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-15T17:15:17.310",
"lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM QRadar Network Packet Capture 7.5 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. IBM X-Force ID: 289858."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-311"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/289858",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7160961",
"source": "psirt@us.ibm.com"
}
]
}

32
CVE-2024/CVE-2024-319xx/CVE-2024-31994.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31994", "id": "CVE-2024-31994",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-19T22:15:07.747", "published": "2024-04-19T22:15:07.747",
"lastModified": "2024-04-22T13:28:43.747", "lastModified": "2024-08-15T16:35:08.717",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.0, "exploitabilityScore": 2.0,
"impactScore": 4.0 "impactScore": 4.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-400" "value": "CWE-400"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
} }
], ],
"references": [ "references": [

39
CVE-2024/CVE-2024-329xx/CVE-2024-32917.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32917", "id": "CVE-2024-32917",
"sourceIdentifier": "dsap-vuln-management@google.com", "sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:55.603", "published": "2024-06-13T21:15:55.603",
"lastModified": "2024-06-17T12:43:31.090", "lastModified": "2024-08-15T16:35:09.653",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "En pl330_dma_from_peri_start() de fp_spi_dma.c, hay una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n." "value": "En pl330_dma_from_peri_start() de fp_spi_dma.c, hay una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01", "url": "https://source.android.com/security/bulletin/pixel/2024-06-01",

39
CVE-2024/CVE-2024-332xx/CVE-2024-33220.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33220", "id": "CVE-2024-33220",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-22T15:15:28.780", "published": "2024-05-22T15:15:28.780",
"lastModified": "2024-05-22T18:59:20.240", "lastModified": "2024-08-15T17:35:06.067",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en el componente AslO3_64.sys de ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 permite a los atacantes escalar privilegios y ejecutar c\u00f3digo arbitrario mediante el env\u00edo de solicitudes IOCTL manipuladas." "value": "Un problema en el componente AslO3_64.sys de ASUSTeK Computer Inc AISuite3 v3.03.36 3.03.36 permite a los atacantes escalar privilegios y ejecutar c\u00f3digo arbitrario mediante el env\u00edo de solicitudes IOCTL manipuladas."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-782"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220", "url": "https://github.com/DriverHunter/Win-Driver-EXP/tree/main/CVE-2024-33220",

39
CVE-2024/CVE-2024-333xx/CVE-2024-33308.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33308", "id": "CVE-2024-33308",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-04-30T15:15:53.240", "published": "2024-04-30T15:15:53.240",
"lastModified": "2024-08-02T03:15:26.030", "lastModified": "2024-08-15T16:35:10.703",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [ "cveTags": [
{ {
@ -22,7 +22,42 @@
"value": "Un problema en TVS Motor Company Limited TVS Connet Android v.4.5.1 e iOS v.5.0.0 permite a un atacante remoto escalar privilegios a trav\u00e9s de la funci\u00f3n de contacto de emergencia." "value": "Un problema en TVS Motor Company Limited TVS Connet Android v.4.5.1 e iOS v.5.0.0 permite a un atacante remoto escalar privilegios a trav\u00e9s de la funci\u00f3n de contacto de emergencia."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT", "url": "https://github.com/aaravavi/TVS-Connect-Application-VAPT",

46
CVE-2024/CVE-2024-339xx/CVE-2024-33957.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33957", "id": "CVE-2024-33957",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T11:16:04.443", "published": "2024-08-06T11:16:04.443",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:47:12.787",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95465CC0-716F-4500-A34E-394A8CE3C505"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33958.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33958", "id": "CVE-2024-33958",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T11:16:04.920", "published": "2024-08-06T11:16:04.920",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:49:23.533",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95465CC0-716F-4500-A34E-394A8CE3C505"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33975.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33975", "id": "CVE-2024-33975",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T11:16:05.343", "published": "2024-08-06T11:16:05.343",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:50:35.723",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95465CC0-716F-4500-A34E-394A8CE3C505"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33976.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33976", "id": "CVE-2024-33976",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T11:16:05.580", "published": "2024-08-06T11:16:05.580",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:51:02.450",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95465CC0-716F-4500-A34E-394A8CE3C505"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33977.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33977", "id": "CVE-2024-33977",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T11:16:05.793", "published": "2024-08-06T11:16:05.793",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:53:04.110",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95465CC0-716F-4500-A34E-394A8CE3C505"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33978.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33978", "id": "CVE-2024-33978",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T11:16:06.017", "published": "2024-08-06T11:16:06.017",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:54:57.620",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:young_entrepreneur_e-negosyo_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "95465CC0-716F-4500-A34E-394A8CE3C505"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-339xx/CVE-2024-33982.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33982", "id": "CVE-2024-33982",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:53.257", "published": "2024-08-06T13:15:53.257",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:55:41.983",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,35 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-339xx/CVE-2024-33983.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33983", "id": "CVE-2024-33983",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:53.480", "published": "2024-08-06T13:15:53.480",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:56:21.197",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,35 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-339xx/CVE-2024-33984.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33984", "id": "CVE-2024-33984",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:53.693", "published": "2024-08-06T13:15:53.693",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:56:33.433",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,35 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-339xx/CVE-2024-33985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33985", "id": "CVE-2024-33985",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:53.907", "published": "2024-08-06T13:15:53.907",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:57:29.493",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,35 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-339xx/CVE-2024-33986.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33986", "id": "CVE-2024-33986",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:54.123", "published": "2024-08-06T13:15:54.123",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:57:09.407",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,35 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-339xx/CVE-2024-33987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33987", "id": "CVE-2024-33987",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:54.327", "published": "2024-08-06T13:15:54.327",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:57:00.150",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,35 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

51
CVE-2024/CVE-2024-339xx/CVE-2024-33988.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33988", "id": "CVE-2024-33988",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:54.547", "published": "2024-08-06T13:15:54.547",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:56:51.767",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,35 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_attendence_monitoring_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9E6B8938-87CD-4605-98EF-F9830FE8EC3C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33989.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33989", "id": "CVE-2024-33989",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:54.757", "published": "2024-08-06T13:15:54.757",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:58:03.693",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

56
CVE-2024/CVE-2024-339xx/CVE-2024-33990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33990", "id": "CVE-2024-33990",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:54.973", "published": "2024-08-06T13:15:54.973",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:58:21.570",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33991.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33991", "id": "CVE-2024-33991",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:55.250", "published": "2024-08-06T13:15:55.250",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:58:42.497",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33992", "id": "CVE-2024-33992",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:55.487", "published": "2024-08-06T13:15:55.487",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:58:58.480",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

46
CVE-2024/CVE-2024-339xx/CVE-2024-33993.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33993", "id": "CVE-2024-33993",
"sourceIdentifier": "cve-coordination@incibe.es", "sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-08-06T13:15:55.693", "published": "2024-08-06T13:15:55.693",
"lastModified": "2024-08-06T16:30:24.547", "lastModified": "2024-08-15T16:59:06.307",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{ {
"source": "cve-coordination@incibe.es", "source": "cve-coordination@incibe.es",
"type": "Secondary", "type": "Secondary",
@ -51,10 +71,30 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:janobe:school_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7C436FF2-199A-4964-9C5A-600289DC83C3"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products", "url": "https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-janobe-products",
"source": "cve-coordination@incibe.es" "source": "cve-coordination@incibe.es",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

64
CVE-2024/CVE-2024-341xx/CVE-2024-34118.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34118", "id": "CVE-2024-34118",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:18.657", "published": "2024-08-14T15:15:18.657",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T16:48:41.250",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -37,8 +37,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -47,10 +57,56 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.9.5",
"matchCriteriaId": "AAA22FF1-4262-476F-A57F-2140A9C66F70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.0",
"versionEndExcluding": "28.6",
"matchCriteriaId": "0CAA6BF3-38F6-4E33-9D80-66CE521775AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html", "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

52
CVE-2024/CVE-2024-341xx/CVE-2024-34133.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34133", "id": "CVE-2024-34133",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:19.867", "published": "2024-08-14T15:15:19.867",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T16:48:11.847",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,56 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.9.5",
"matchCriteriaId": "AAA22FF1-4262-476F-A57F-2140A9C66F70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.0",
"versionEndExcluding": "28.6",
"matchCriteriaId": "0CAA6BF3-38F6-4E33-9D80-66CE521775AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html", "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

74
CVE-2024/CVE-2024-341xx/CVE-2024-34134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34134", "id": "CVE-2024-34134",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:20.107", "published": "2024-08-14T15:15:20.107",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T16:47:51.770",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -14,8 +14,28 @@
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L",
@ -47,10 +67,56 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.9.5",
"matchCriteriaId": "AAA22FF1-4262-476F-A57F-2140A9C66F70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.0",
"versionEndExcluding": "28.6",
"matchCriteriaId": "0CAA6BF3-38F6-4E33-9D80-66CE521775AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html", "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

52
CVE-2024/CVE-2024-341xx/CVE-2024-34135.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34135", "id": "CVE-2024-34135",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:20.347", "published": "2024-08-14T15:15:20.347",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T16:47:32.560",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,56 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.9.5",
"matchCriteriaId": "AAA22FF1-4262-476F-A57F-2140A9C66F70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.0",
"versionEndExcluding": "28.6",
"matchCriteriaId": "0CAA6BF3-38F6-4E33-9D80-66CE521775AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html", "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

52
CVE-2024/CVE-2024-341xx/CVE-2024-34136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34136", "id": "CVE-2024-34136",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:20.570", "published": "2024-08-14T15:15:20.570",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T16:42:26.677",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,56 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.9.5",
"matchCriteriaId": "AAA22FF1-4262-476F-A57F-2140A9C66F70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.0",
"versionEndExcluding": "28.6",
"matchCriteriaId": "0CAA6BF3-38F6-4E33-9D80-66CE521775AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html", "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

52
CVE-2024/CVE-2024-341xx/CVE-2024-34137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34137", "id": "CVE-2024-34137",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:20.793", "published": "2024-08-14T15:15:20.793",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T16:42:15.847",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,56 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.9.5",
"matchCriteriaId": "AAA22FF1-4262-476F-A57F-2140A9C66F70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.0",
"versionEndExcluding": "28.6",
"matchCriteriaId": "0CAA6BF3-38F6-4E33-9D80-66CE521775AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html", "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

52
CVE-2024/CVE-2024-341xx/CVE-2024-34138.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34138", "id": "CVE-2024-34138",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:21.040", "published": "2024-08-14T15:15:21.040",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T16:36:24.433",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,56 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "27.0.0",
"versionEndExcluding": "27.9.5",
"matchCriteriaId": "AAA22FF1-4262-476F-A57F-2140A9C66F70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:illustrator:*:*:*:*:*:*:*:*",
"versionStartIncluding": "28.0",
"versionEndExcluding": "28.6",
"matchCriteriaId": "0CAA6BF3-38F6-4E33-9D80-66CE521775AA"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html", "url": "https://helpx.adobe.com/security/products/illustrator/apsb24-45.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

27
CVE-2024/CVE-2024-349xx/CVE-2024-34948.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34948", "id": "CVE-2024-34948",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-05-20T17:15:09.600", "published": "2024-05-20T17:15:09.600",
"lastModified": "2024-05-20T19:34:58.277", "lastModified": "2024-08-15T17:35:06.870",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "Un problema en Quanxun Huiju Network Technology (Beijing) Co., Ltd IK-Q3000 3.7.10 x64 Build202401261655 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) al intentar realizar conexiones TCP." "value": "Un problema en Quanxun Huiju Network Technology (Beijing) Co., Ltd IK-Q3000 3.7.10 x64 Build202401261655 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) al intentar realizar conexiones TCP."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [ "references": [
{ {
"url": "https://gist.github.com/wuyuhang422/8de771b0b4538eb6fa23cf8282061209", "url": "https://gist.github.com/wuyuhang422/8de771b0b4538eb6fa23cf8282061209",

153
CVE-2024/CVE-2024-361xx/CVE-2024-36136.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-36136", "id": "CVE-2024-36136",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2024-08-14T03:15:04.390", "published": "2024-08-14T03:15:04.390",
"lastModified": "2024-08-14T14:35:25.547", "lastModified": "2024-08-15T17:31:15.880",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "support@hackerone.com", "source": "support@hackerone.com",
@ -40,6 +62,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-193"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,10 +83,125 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "6060540C-A977-4E2A-8E1B-41CC3C3E92ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*",
"matchCriteriaId": "771C1447-6F5E-45DE-BDE6-8FFBB4708D67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778D9C09-12BB-47FC-B74B-DC114AE3A540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "617DA85C-5FCE-4650-99AA-A1052E690B2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "44ABD265-3F8F-415A-96B3-16975661CDEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*",
"matchCriteriaId": "CF93250C-0754-4B87-9BBE-DDF255EEB157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*",
"matchCriteriaId": "521CD0B6-8348-41D6-8AD8-79F884F4F10F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3162335B-9FA4-4AC3-85F0-BD34F859EDFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*",
"matchCriteriaId": "03E7F6CA-8A72-4A3E-A281-2A7653162FB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AB421E-C976-4CFF-93F9-40354CB579C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:premise:*:*:*",
"matchCriteriaId": "4C581973-06B3-4E16-B37C-41FE7B4388CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E1AF8-A8ED-4E49-B25F-E27AD4B61E7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:premise:*:*:*",
"matchCriteriaId": "3CC6AA75-22CD-4588-A1F9-574D7E7698CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*",
"matchCriteriaId": "F5A7D50A-DD35-40B6-B4AD-8703DB016E90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1196CC8F-4D46-4258-9997-1C7E9954A8D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9D82B4-4AF6-4E14-AACE-56982D4F8969"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "5FA149E2-AF10-4D3A-9F6C-8AF74110DEF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.207:*:*:*:premise:*:*:*",
"matchCriteriaId": "CC521F86-4E3F-4217-836D-235B1D9E8876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.236:*:*:*:premise:*:*:*",
"matchCriteriaId": "45AA1E4F-2B38-42A3-A99C-F7ED17067E00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "78794BF3-682E-4256-92DA-D669BF78A297"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373", "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

39
CVE-2024/CVE-2024-362xx/CVE-2024-36246.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36246", "id": "CVE-2024-36246",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-31T06:15:12.407", "published": "2024-05-31T06:15:12.407",
"lastModified": "2024-05-31T13:01:46.727", "lastModified": "2024-08-15T17:35:07.080",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de autorizaci\u00f3n faltante en Unifier y Unifier Cast versi\u00f3n 5.0 o posterior, y el parche \"20240527\" no se aplic\u00f3. Si se explota esta vulnerabilidad, se puede ejecutar c\u00f3digo arbitrario con privilegios LocalSystem. Como resultado, se puede instalar un programa malicioso y se pueden modificar o eliminar datos." "value": "Existe una vulnerabilidad de autorizaci\u00f3n faltante en Unifier y Unifier Cast versi\u00f3n 5.0 o posterior, y el parche \"20240527\" no se aplic\u00f3. Si se explota esta vulnerabilidad, se puede ejecutar c\u00f3digo arbitrario con privilegios LocalSystem. Como resultado, se puede instalar un programa malicioso y se pueden modificar o eliminar datos."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/jp/JVN17680667/", "url": "https://jvn.jp/en/jp/JVN17680667/",

39
CVE-2024/CVE-2024-367xx/CVE-2024-36789.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36789", "id": "CVE-2024-36789",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-07T15:15:50.323", "published": "2024-06-07T15:15:50.323",
"lastModified": "2024-06-07T19:24:09.243", "lastModified": "2024-08-15T16:35:11.633",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 permite a los atacantes crear contrase\u00f1as que no se ajustan a los est\u00e1ndares de seguridad definidos." "value": "Un problema en Netgear WNR614 JNR1010V2/N300-V1.1.0.54_1.0.1 permite a los atacantes crear contrase\u00f1as que no se ajustan a los est\u00e1ndares de seguridad definidos."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-521"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/", "url": "https://redfoxsec.com/blog/security-advisory-multiple-vulnerabilities-in-netgear-wnr614-router/",

4
CVE-2024/CVE-2024-368xx/CVE-2024-36877.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-36877", "id": "CVE-2024-36877",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T16:15:15.300", "published": "2024-08-12T16:15:15.300",
"lastModified": "2024-08-13T20:35:10.353", "lastModified": "2024-08-15T16:15:19.160",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3." "value": "Micro-Star International Z-series motherboards (Z590, Z490, and Z790) and B-series motherboards (B760, B560, B660, and B460) with firmware 7D25v14, 7D25v17 to 7D25v19, and 7D25v1A to 7D25v1H was discovered to contain a write-what-where condition in the in the SW handler for SMI 0xE3. Motherboard's with the following chipsets are affected: Intel 300, Intel 400, Intel 500, Intel 600, Intel 700, AMD 300, AMD 400, AMD 500, AMD 600 and AMD 700."
}, },
{ {
"lang": "es", "lang": "es",

153
CVE-2024/CVE-2024-373xx/CVE-2024-37373.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37373", "id": "CVE-2024-37373",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2024-08-14T03:15:04.667", "published": "2024-08-14T03:15:04.667",
"lastModified": "2024-08-14T14:35:26.827", "lastModified": "2024-08-15T17:31:32.407",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "support@hackerone.com", "source": "support@hackerone.com",
@ -40,6 +62,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,10 +83,125 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "6060540C-A977-4E2A-8E1B-41CC3C3E92ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*",
"matchCriteriaId": "771C1447-6F5E-45DE-BDE6-8FFBB4708D67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778D9C09-12BB-47FC-B74B-DC114AE3A540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "617DA85C-5FCE-4650-99AA-A1052E690B2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "44ABD265-3F8F-415A-96B3-16975661CDEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*",
"matchCriteriaId": "CF93250C-0754-4B87-9BBE-DDF255EEB157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*",
"matchCriteriaId": "521CD0B6-8348-41D6-8AD8-79F884F4F10F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3162335B-9FA4-4AC3-85F0-BD34F859EDFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*",
"matchCriteriaId": "03E7F6CA-8A72-4A3E-A281-2A7653162FB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AB421E-C976-4CFF-93F9-40354CB579C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:premise:*:*:*",
"matchCriteriaId": "4C581973-06B3-4E16-B37C-41FE7B4388CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E1AF8-A8ED-4E49-B25F-E27AD4B61E7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:premise:*:*:*",
"matchCriteriaId": "3CC6AA75-22CD-4588-A1F9-574D7E7698CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*",
"matchCriteriaId": "F5A7D50A-DD35-40B6-B4AD-8703DB016E90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1196CC8F-4D46-4258-9997-1C7E9954A8D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9D82B4-4AF6-4E14-AACE-56982D4F8969"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "5FA149E2-AF10-4D3A-9F6C-8AF74110DEF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.207:*:*:*:premise:*:*:*",
"matchCriteriaId": "CC521F86-4E3F-4217-836D-235B1D9E8876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.236:*:*:*:premise:*:*:*",
"matchCriteriaId": "45AA1E4F-2B38-42A3-A99C-F7ED17067E00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "78794BF3-682E-4256-92DA-D669BF78A297"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373", "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

153
CVE-2024/CVE-2024-373xx/CVE-2024-37399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37399", "id": "CVE-2024-37399",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2024-08-14T03:15:04.850", "published": "2024-08-14T03:15:04.850",
"lastModified": "2024-08-14T14:35:28.153", "lastModified": "2024-08-15T17:31:49.067",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "support@hackerone.com", "source": "support@hackerone.com",
@ -40,6 +62,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,10 +83,125 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "6060540C-A977-4E2A-8E1B-41CC3C3E92ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*",
"matchCriteriaId": "771C1447-6F5E-45DE-BDE6-8FFBB4708D67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778D9C09-12BB-47FC-B74B-DC114AE3A540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "617DA85C-5FCE-4650-99AA-A1052E690B2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "44ABD265-3F8F-415A-96B3-16975661CDEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*",
"matchCriteriaId": "CF93250C-0754-4B87-9BBE-DDF255EEB157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*",
"matchCriteriaId": "521CD0B6-8348-41D6-8AD8-79F884F4F10F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3162335B-9FA4-4AC3-85F0-BD34F859EDFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*",
"matchCriteriaId": "03E7F6CA-8A72-4A3E-A281-2A7653162FB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AB421E-C976-4CFF-93F9-40354CB579C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:premise:*:*:*",
"matchCriteriaId": "4C581973-06B3-4E16-B37C-41FE7B4388CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E1AF8-A8ED-4E49-B25F-E27AD4B61E7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:premise:*:*:*",
"matchCriteriaId": "3CC6AA75-22CD-4588-A1F9-574D7E7698CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*",
"matchCriteriaId": "F5A7D50A-DD35-40B6-B4AD-8703DB016E90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1196CC8F-4D46-4258-9997-1C7E9954A8D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9D82B4-4AF6-4E14-AACE-56982D4F8969"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "5FA149E2-AF10-4D3A-9F6C-8AF74110DEF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.207:*:*:*:premise:*:*:*",
"matchCriteriaId": "CC521F86-4E3F-4217-836D-235B1D9E8876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.236:*:*:*:premise:*:*:*",
"matchCriteriaId": "45AA1E4F-2B38-42A3-A99C-F7ED17067E00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "78794BF3-682E-4256-92DA-D669BF78A297"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373", "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

32
CVE-2024/CVE-2024-375xx/CVE-2024-37568.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37568", "id": "CVE-2024-37568",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-09T19:15:52.323", "published": "2024-06-09T19:15:52.323",
"lastModified": "2024-07-25T18:15:03.717", "lastModified": "2024-08-15T16:35:12.900",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 3.6 "impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-347" "value": "CWE-347"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
} }
], ],
"configurations": [ "configurations": [

119
CVE-2024/CVE-2024-381xx/CVE-2024-38134.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38134", "id": "CVE-2024-38134",
"sourceIdentifier": "secure@microsoft.com", "sourceIdentifier": "secure@microsoft.com",
"published": "2024-08-13T18:15:16.537", "published": "2024-08-13T18:15:16.537",
"lastModified": "2024-08-14T02:07:05.410", "lastModified": "2024-08-15T17:43:41.003",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability" "value": "Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de elevaci\u00f3n de privilegios del controlador del servicio Thunk WOW de transmisi\u00f3n del kernel"
} }
], ],
"metrics": { "metrics": {
@ -47,10 +51,119 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.10240.20751",
"matchCriteriaId": "7E76B107-D977-41BE-8E5C-6A9B52C6EBDE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7259",
"matchCriteriaId": "6808A3F0-AC0E-4825-A582-5D7841F4870F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6189",
"matchCriteriaId": "C0893DB0-24BA-41A1-907E-8B6F66741A0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19044.4780",
"matchCriteriaId": "8D75E5B4-14B7-4D0F-96B5-2B9C270B7F98"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.19045.4780",
"matchCriteriaId": "3F9C3ED0-C639-42B9-8512-5CAD50B7095B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22000.3147",
"matchCriteriaId": "66EC161E-9908-4511-933C-727D46A8271E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22621.4037",
"matchCriteriaId": "EE5B452D-B921-4E5F-9C79-360447CD3BF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.22631.4037",
"matchCriteriaId": "B56F0E20-88FD-4A42-B5DE-06A6D2FAC6FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.26100.1457",
"matchCriteriaId": "3C7E2433-4D16-40E5-973A-42F651779A47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:*:*",
"matchCriteriaId": "5F422A8C-2C4E-42C8-B420-E0728037E15C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7259",
"matchCriteriaId": "7CA31F69-6718-4968-8B0D-88728179F3CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6189",
"matchCriteriaId": "A2267317-26DF-4EB8-A7EA-EA467727DA71"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2655",
"matchCriteriaId": "8E3975C0-EA3C-4B85-94BC-43BA94474FCA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1085",
"matchCriteriaId": "094C36FE-9CCB-4148-AA0F-5727D6933768"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38134", "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38134",
"source": "secure@microsoft.com" "source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
} }
] ]
} }

153
CVE-2024/CVE-2024-386xx/CVE-2024-38652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38652", "id": "CVE-2024-38652",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2024-08-14T03:15:05.020", "published": "2024-08-14T03:15:05.020",
"lastModified": "2024-08-14T14:35:31.657", "lastModified": "2024-08-15T17:32:39.067",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "support@hackerone.com", "source": "support@hackerone.com",
@ -40,6 +62,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,10 +83,125 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "6060540C-A977-4E2A-8E1B-41CC3C3E92ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*",
"matchCriteriaId": "771C1447-6F5E-45DE-BDE6-8FFBB4708D67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778D9C09-12BB-47FC-B74B-DC114AE3A540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "617DA85C-5FCE-4650-99AA-A1052E690B2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "44ABD265-3F8F-415A-96B3-16975661CDEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*",
"matchCriteriaId": "CF93250C-0754-4B87-9BBE-DDF255EEB157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*",
"matchCriteriaId": "521CD0B6-8348-41D6-8AD8-79F884F4F10F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3162335B-9FA4-4AC3-85F0-BD34F859EDFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*",
"matchCriteriaId": "03E7F6CA-8A72-4A3E-A281-2A7653162FB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AB421E-C976-4CFF-93F9-40354CB579C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:premise:*:*:*",
"matchCriteriaId": "4C581973-06B3-4E16-B37C-41FE7B4388CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E1AF8-A8ED-4E49-B25F-E27AD4B61E7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:premise:*:*:*",
"matchCriteriaId": "3CC6AA75-22CD-4588-A1F9-574D7E7698CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*",
"matchCriteriaId": "F5A7D50A-DD35-40B6-B4AD-8703DB016E90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1196CC8F-4D46-4258-9997-1C7E9954A8D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9D82B4-4AF6-4E14-AACE-56982D4F8969"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "5FA149E2-AF10-4D3A-9F6C-8AF74110DEF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.207:*:*:*:premise:*:*:*",
"matchCriteriaId": "CC521F86-4E3F-4217-836D-235B1D9E8876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.236:*:*:*:premise:*:*:*",
"matchCriteriaId": "45AA1E4F-2B38-42A3-A99C-F7ED17067E00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "78794BF3-682E-4256-92DA-D669BF78A297"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373", "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

153
CVE-2024/CVE-2024-386xx/CVE-2024-38653.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38653", "id": "CVE-2024-38653",
"sourceIdentifier": "support@hackerone.com", "sourceIdentifier": "support@hackerone.com",
"published": "2024-08-14T03:15:05.200", "published": "2024-08-14T03:15:05.200",
"lastModified": "2024-08-14T14:35:32.550", "lastModified": "2024-08-15T17:32:57.587",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -16,6 +16,28 @@
} }
], ],
"metrics": { "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [ "cvssMetricV30": [
{ {
"source": "support@hackerone.com", "source": "support@hackerone.com",
@ -40,6 +62,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
},
{ {
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary", "type": "Secondary",
@ -51,10 +83,125 @@
] ]
} }
], ],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "6060540C-A977-4E2A-8E1B-41CC3C3E92ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.1.1507:*:*:*:premise:*:*:*",
"matchCriteriaId": "771C1447-6F5E-45DE-BDE6-8FFBB4708D67"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "778D9C09-12BB-47FC-B74B-DC114AE3A540"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:*:windows:*:*",
"matchCriteriaId": "617DA85C-5FCE-4650-99AA-A1052E690B2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "44ABD265-3F8F-415A-96B3-16975661CDEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:*:*:*:*",
"matchCriteriaId": "CF93250C-0754-4B87-9BBE-DDF255EEB157"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.2.3490:*:*:*:premise:*:*:*",
"matchCriteriaId": "521CD0B6-8348-41D6-8AD8-79F884F4F10F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "3162335B-9FA4-4AC3-85F0-BD34F859EDFB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3:*:*:*:premise:*:*:*",
"matchCriteriaId": "03E7F6CA-8A72-4A3E-A281-2A7653162FB3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:*:*:*:*",
"matchCriteriaId": "E2AB421E-C976-4CFF-93F9-40354CB579C5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.3.101:*:*:*:premise:*:*:*",
"matchCriteriaId": "4C581973-06B3-4E16-B37C-41FE7B4388CB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "FE9E1AF8-A8ED-4E49-B25F-E27AD4B61E7D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4:*:*:*:premise:*:*:*",
"matchCriteriaId": "3CC6AA75-22CD-4588-A1F9-574D7E7698CF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.3.4.153:*:*:*:premise:*:*:*",
"matchCriteriaId": "F5A7D50A-DD35-40B6-B4AD-8703DB016E90"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1196CC8F-4D46-4258-9997-1C7E9954A8D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DF9D82B4-4AF6-4E14-AACE-56982D4F8969"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1:*:*:*:premise:*:*:*",
"matchCriteriaId": "5FA149E2-AF10-4D3A-9F6C-8AF74110DEF8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.207:*:*:*:premise:*:*:*",
"matchCriteriaId": "CC521F86-4E3F-4217-836D-235B1D9E8876"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.1.236:*:*:*:premise:*:*:*",
"matchCriteriaId": "45AA1E4F-2B38-42A3-A99C-F7ED17067E00"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ivanti:avalanche:6.4.2:*:*:*:premise:*:*:*",
"matchCriteriaId": "78794BF3-682E-4256-92DA-D669BF78A297"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373", "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-6-4-4-CVE-2024-38652-CVE-2024-38653-CVE-2024-36136-CVE-2024-37399-CVE-2024-37373",
"source": "support@hackerone.com" "source": "support@hackerone.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

64
CVE-2024/CVE-2024-389xx/CVE-2024-38953.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38953", "id": "CVE-2024-38953",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T14:15:05.600", "published": "2024-07-01T14:15:05.600",
"lastModified": "2024-07-01T16:37:39.040", "lastModified": "2024-08-15T17:19:19.663",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,11 +15,67 @@
"value": "phpok 6.4.003 contiene una vulnerabilidad de cross-site scripting (XSS) en el m\u00e9todo ok_f() en el archivo framework/api/upload_control.php." "value": "phpok 6.4.003 contiene una vulnerabilidad de cross-site scripting (XSS) en el m\u00e9todo ok_f() en el archivo framework/api/upload_control.php."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpok:phpok:6.4.003:*:*:*:*:*:*:*",
"matchCriteriaId": "BE377B1F-6F96-47F2-A732-EF6A068CAA71"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/qinggan/phpok/issues/17", "url": "https://github.com/qinggan/phpok/issues/17",
"source": "cve@mitre.org" "source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
]
} }
] ]
} }

9
CVE-2024/CVE-2024-392xx/CVE-2024-39225.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39225", "id": "CVE-2024-39225",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-06T16:15:48.647", "published": "2024-08-06T16:15:48.647",
"lastModified": "2024-08-08T15:35:16.513", "lastModified": "2024-08-15T16:15:19.317",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -840,13 +840,6 @@
} }
], ],
"references": [ "references": [
{
"url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{ {
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md", "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Bypass%20the%20login%20mechanism.md",
"source": "cve@mitre.org", "source": "cve@mitre.org",

13
CVE-2024/CVE-2024-392xx/CVE-2024-39226.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-39226", "id": "CVE-2024-39226",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-06T16:15:48.757", "published": "2024-08-06T16:15:48.757",
"lastModified": "2024-08-07T20:55:49.350", "lastModified": "2024-08-15T16:15:19.493",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data." "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a vulnerability can be exploited to manipulate routers by passing malicious shell commands through the s2s API."
}, },
{ {
"lang": "es", "lang": "es",
@ -810,13 +810,6 @@
} }
], ],
"references": [ "references": [
{
"url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{ {
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md", "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/s2s%20interface%20shell%20injection.md",
"source": "cve@mitre.org", "source": "cve@mitre.org",

13
CVE-2024/CVE-2024-392xx/CVE-2024-39227.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-39227", "id": "CVE-2024-39227",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-06T17:15:53.943", "published": "2024-08-06T17:15:53.943",
"lastModified": "2024-08-12T18:46:54.240", "lastModified": "2024-08-15T16:15:19.650",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config." "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain insecure permissions in the endpoint /cgi-bin/glc. This vulnerability allows unauthenticated attackers to execute arbitrary code or possibly a directory traversal via crafted JSON data."
}, },
{ {
"lang": "es", "lang": "es",
@ -840,13 +840,6 @@
} }
], ],
"references": [ "references": [
{
"url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{ {
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md", "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Access%20to%20the%20C%20library%20without%20logging%20in.md",
"source": "cve@mitre.org", "source": "cve@mitre.org",

11
CVE-2024/CVE-2024-392xx/CVE-2024-39228.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-39228", "id": "CVE-2024-39228",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-06T16:15:48.850", "published": "2024-08-06T16:15:48.850",
"lastModified": "2024-08-08T15:35:17.417", "lastModified": "2024-08-15T16:15:19.800",
"vulnStatus": "Modified", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 were discovered to contain a shell injection vulnerability via the interface check_config." "value": "GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a shell injection vulnerability via the interface check_ovpn_client_config and check_config."
}, },
{ {
"lang": "es", "lang": "es",
@ -840,13 +840,6 @@
} }
], ],
"references": [ "references": [
{
"url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{ {
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md", "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Ovpn%20interface%20shell%20injection.md",
"source": "cve@mitre.org", "source": "cve@mitre.org",

11
CVE-2024/CVE-2024-392xx/CVE-2024-39229.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39229", "id": "CVE-2024-39229",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-06T17:15:54.027", "published": "2024-08-06T17:15:54.027",
"lastModified": "2024-08-12T18:48:44.923", "lastModified": "2024-08-15T16:15:19.953",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -810,13 +810,6 @@
} }
], ],
"references": [ "references": [
{
"url": "http://ar750ar750sar300mar300m16mt300n-v2b1300mt1300sft1200x750.com",
"source": "cve@mitre.org",
"tags": [
"Broken Link"
]
},
{ {
"url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md", "url": "https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/DDNS%20data%20is%20not%20encrypted.md",
"source": "cve@mitre.org", "source": "cve@mitre.org",

95
CVE-2024/CVE-2024-394xx/CVE-2024-39420.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39420", "id": "CVE-2024-39420",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:24.960", "published": "2024-08-14T15:15:24.960",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:26:28.973",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -14,8 +14,28 @@
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "psirt@adobe.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "psirt@adobe.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
@ -47,10 +67,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-394xx/CVE-2024-39422.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39422", "id": "CVE-2024-39422",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:25.187", "published": "2024-08-14T15:15:25.187",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:25:54.750",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-394xx/CVE-2024-39423.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39423", "id": "CVE-2024-39423",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:25.427", "published": "2024-08-14T15:15:25.427",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:25:41.800",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

83
CVE-2024/CVE-2024-394xx/CVE-2024-39424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39424", "id": "CVE-2024-39424",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:25.640", "published": "2024-08-14T15:15:25.640",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:25:25.787",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{ {
"source": "psirt@adobe.com", "source": "psirt@adobe.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +57,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-394xx/CVE-2024-39425.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39425", "id": "CVE-2024-39425",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:25.883", "published": "2024-08-14T15:15:25.883",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:17:59.783",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-394xx/CVE-2024-39426.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39426", "id": "CVE-2024-39426",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:26.113", "published": "2024-08-14T15:15:26.113",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:17:38.680",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

6
CVE-2024/CVE-2024-397xx/CVE-2024-39708.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39708", "id": "CVE-2024-39708",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-06-28T01:15:08.793", "published": "2024-06-28T01:15:08.793",
"lastModified": "2024-06-28T10:27:00.920", "lastModified": "2024-08-15T16:15:20.100",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -43,6 +43,10 @@
{ {
"url": "https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.1-combined.htm", "url": "https://docs.delinea.com/online-help/privilege-manager/release-notes/12.0.1-combined.htm",
"source": "cve@mitre.org" "source": "cve@mitre.org"
},
{
"url": "https://www.cyberark.com/resources/threat-research-blog/identity-crisis-the-curious-case-of-a-delinea-local-privilege-escalation-vulnerability",
"source": "cve@mitre.org"
} }
] ]
} }

60
CVE-2024/CVE-2024-407xx/CVE-2024-40704.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-40704",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-15T17:15:17.697",
"lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server 11.7 could allow a privileged user to obtain sensitive information from authentication request headers. IBM X-Force ID: 298277."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/298277",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7160853",
"source": "psirt@us.ibm.com"
}
]
}

60
CVE-2024/CVE-2024-407xx/CVE-2024-40705.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-40705",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-08-15T17:15:17.967",
"lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM InfoSphere Information Server could allow an authenticated user to consume file space resources due to unrestricted file uploads. IBM X-Force ID: 298279."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-405"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/298279",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7160855",
"source": "psirt@us.ibm.com"
}
]
}

258
CVE-2024/CVE-2024-407xx/CVE-2024-40779.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40779", "id": "CVE-2024-40779",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:11.590", "published": "2024-07-29T23:15:11.590",
"lastModified": "2024-08-13T18:15:32.170", "lastModified": "2024-08-15T16:07:27.437",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,67 +15,289 @@
"value": " Se solucion\u00f3 una lectura fuera de los l\u00edmites con una verificaci\u00f3n de l\u00edmites mejorada. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso." "value": " Se solucion\u00f3 una lectura fuera de los l\u00edmites con una verificaci\u00f3n de l\u00edmites mejorada. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.6",
"matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/15", "url": "http://seclists.org/fulldisclosure/2024/Jul/15",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "url": "http://seclists.org/fulldisclosure/2024/Jul/22",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "url": "http://seclists.org/fulldisclosure/2024/Jul/23",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214121", "url": "https://support.apple.com/en-us/HT214121",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214122", "url": "https://support.apple.com/en-us/HT214122",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214123", "url": "https://support.apple.com/en-us/HT214123",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/", "url": "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

258
CVE-2024/CVE-2024-407xx/CVE-2024-40780.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40780", "id": "CVE-2024-40780",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:11.660", "published": "2024-07-29T23:15:11.660",
"lastModified": "2024-08-13T18:15:32.257", "lastModified": "2024-08-15T16:47:58.510",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,67 +15,289 @@
"value": " Se solucion\u00f3 una lectura fuera de los l\u00edmites con una verificaci\u00f3n de l\u00edmites mejorada. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso." "value": " Se solucion\u00f3 una lectura fuera de los l\u00edmites con una verificaci\u00f3n de l\u00edmites mejorada. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un fallo inesperado del proceso."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.6",
"matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/15", "url": "http://seclists.org/fulldisclosure/2024/Jul/15",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "url": "http://seclists.org/fulldisclosure/2024/Jul/22",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "url": "http://seclists.org/fulldisclosure/2024/Jul/23",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214121", "url": "https://support.apple.com/en-us/HT214121",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214122", "url": "https://support.apple.com/en-us/HT214122",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214123", "url": "https://support.apple.com/en-us/HT214123",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/", "url": "https://www.secpod.com/blog/apple-fixes-multiple-security-vulnerabilities-in-july-2024-updates/",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Third Party Advisory"
]
} }
] ]
} }

253
CVE-2024/CVE-2024-407xx/CVE-2024-40785.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40785", "id": "CVE-2024-40785",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:11.997", "published": "2024-07-29T23:15:11.997",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:46:16.290",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,63 +15,282 @@
"value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un ataque de Cross Site Scripting." "value": "Este problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, Safari 17.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. El procesamiento de contenido web creado con fines malintencionados puede provocar un ataque de Cross Site Scripting."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.6",
"matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/15", "url": "http://seclists.org/fulldisclosure/2024/Jul/15",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "url": "http://seclists.org/fulldisclosure/2024/Jul/22",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "url": "http://seclists.org/fulldisclosure/2024/Jul/23",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214121", "url": "https://support.apple.com/en-us/HT214121",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214122", "url": "https://support.apple.com/en-us/HT214122",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214123", "url": "https://support.apple.com/en-us/HT214123",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

141
CVE-2024/CVE-2024-407xx/CVE-2024-40786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40786", "id": "CVE-2024-40786",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:12.070", "published": "2024-07-29T23:15:12.070",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:44:31.820",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,154 @@
"value": " Esta cuesti\u00f3n se abord\u00f3 mediante una mejor gesti\u00f3n estatal. Este problema se solucion\u00f3 en iOS 17.6 y iPadOS 17.6, iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8. Un atacante puede ser capaz de ver informaci\u00f3n confidencial del usuario." "value": " Esta cuesti\u00f3n se abord\u00f3 mediante una mejor gesti\u00f3n estatal. Este problema se solucion\u00f3 en iOS 17.6 y iPadOS 17.6, iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8. Un atacante puede ser capaz de ver informaci\u00f3n confidencial del usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "70D16512-F797-4C1B-8612-FCB4B6039C2C"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

213
CVE-2024/CVE-2024-408xx/CVE-2024-40806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40806", "id": "CVE-2024-40806",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.083", "published": "2024-07-29T23:15:13.083",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:42:08.780",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,71 +15,246 @@
"value": "Se solucion\u00f3 un problema de lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Procesar un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n." "value": "Se solucion\u00f3 un problema de lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, visionOS 1.3, macOS Sonoma 14.6. Procesar un archivo creado con fines malintencionados puede provocar la finalizaci\u00f3n inesperada de la aplicaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.6",
"matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.4",
"matchCriteriaId": "73160D1F-755B-46D2-969F-DF8E43BB1099"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "url": "http://seclists.org/fulldisclosure/2024/Jul/22",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "url": "http://seclists.org/fulldisclosure/2024/Jul/23",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214118", "url": "https://support.apple.com/en-us/HT214118",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214122", "url": "https://support.apple.com/en-us/HT214122",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214123", "url": "https://support.apple.com/en-us/HT214123",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

109
CVE-2024/CVE-2024-408xx/CVE-2024-40807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40807", "id": "CVE-2024-40807",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.147", "published": "2024-07-29T23:15:13.147",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:35:50.210",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,122 @@
"value": " Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Un acceso directo puede utilizar datos confidenciales con determinadas acciones sin avisar al usuario." "value": " Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Un acceso directo puede utilizar datos confidenciales con determinadas acciones sin avisar al usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.6",
"matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.6",
"matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214118", "url": "https://support.apple.com/en-us/HT214118",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

195
CVE-2024/CVE-2024-408xx/CVE-2024-40809.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40809", "id": "CVE-2024-40809",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.207", "published": "2024-07-29T23:15:13.207",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:26:51.523",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,63 +15,224 @@
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. Un atajo puede evitar los requisitos de permiso de Internet." "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. Un atajo puede evitar los requisitos de permiso de Internet."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.6",
"matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.6",
"matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "url": "http://seclists.org/fulldisclosure/2024/Jul/23",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214118", "url": "https://support.apple.com/en-us/HT214118",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214123", "url": "https://support.apple.com/en-us/HT214123",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

188
CVE-2024/CVE-2024-408xx/CVE-2024-40812.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40812", "id": "CVE-2024-40812",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.330", "published": "2024-07-29T23:15:13.330",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:26:53.560",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,63 +15,217 @@
"value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. Un atajo puede evitar los requisitos de permiso de Internet." "value": "Se solucion\u00f3 un problema de l\u00f3gica con controles mejorados. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, macOS Monterey 12.7.6, iOS 17.6 y iPadOS 17.6, watchOS 10.6, visionOS 1.3, macOS Sonoma 14.6. Un atajo puede evitar los requisitos de permiso de Internet."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.6",
"matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndIncluding": "14.6",
"matchCriteriaId": "ABFFD29A-309D-4C1D-BC33-2EC407363FAE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "CDBCE187-329C-4B1C-89B7-7D45A7946AF4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/23", "url": "http://seclists.org/fulldisclosure/2024/Jul/23",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214118", "url": "https://support.apple.com/en-us/HT214118",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214123", "url": "https://support.apple.com/en-us/HT214123",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

95
CVE-2024/CVE-2024-408xx/CVE-2024-40813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40813", "id": "CVE-2024-40813",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.397", "published": "2024-07-29T23:15:13.397",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:15:52.613",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,23 +15,104 @@
"value": " Se solucion\u00f3 un problema de la pantalla de bloqueo con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en watchOS 10.6, iOS 17.6 y iPadOS 17.6. Un atacante con acceso f\u00edsico puede utilizar Siri para acceder a datos confidenciales del usuario." "value": " Se solucion\u00f3 un problema de la pantalla de bloqueo con una gesti\u00f3n de estado mejorada. Este problema se solucion\u00f3 en watchOS 10.6, iOS 17.6 y iPadOS 17.6. Un atacante con acceso f\u00edsico puede utilizar Siri para acceder a datos confidenciales del usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A8A1B228-89B1-470E-9B6E-8553E561E062"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

150
CVE-2024/CVE-2024-408xx/CVE-2024-40815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40815", "id": "CVE-2024-40815",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.523", "published": "2024-07-29T23:15:13.523",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:14:17.030",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,47 +15,171 @@
"value": " Se abord\u00f3 una condici\u00f3n de ejecuci\u00f3n con validaci\u00f3n adicional. Este problema se solucion\u00f3 en macOS Ventura 13.6.8, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. Un atacante malicioso con capacidad de lectura y escritura arbitraria puede omitir la autenticaci\u00f3n de puntero." "value": " Se abord\u00f3 una condici\u00f3n de ejecuci\u00f3n con validaci\u00f3n adicional. Este problema se solucion\u00f3 en macOS Ventura 13.6.8, iOS 17.6 y iPadOS 17.6, watchOS 10.6, tvOS 17.6, macOS Sonoma 14.6. Un atacante malicioso con capacidad de lectura y escritura arbitraria puede omitir la autenticaci\u00f3n de puntero."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A8A1B228-89B1-470E-9B6E-8553E561E062"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "1E393815-B3B5-4FF9-9D1D-AA3EA9C5D352"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "70D16512-F797-4C1B-8612-FCB4B6039C2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.6",
"matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "9FB1D28B-EF0E-4CA0-90F7-073A85D001E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/22", "url": "http://seclists.org/fulldisclosure/2024/Jul/22",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214122", "url": "https://support.apple.com/en-us/HT214122",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

109
CVE-2024/CVE-2024-408xx/CVE-2024-40816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40816", "id": "CVE-2024-40816",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.583", "published": "2024-07-29T23:15:13.583",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T16:10:13.147",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,122 @@
"value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Un atacante local puede provocar un apagado inesperado del sistema." "value": "Se solucion\u00f3 una lectura fuera de los l\u00edmites con una validaci\u00f3n de entrada mejorada. Este problema se solucion\u00f3 en macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Un atacante local puede provocar un apagado inesperado del sistema."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.6",
"matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "A9913D3D-BA40-4C2B-860C-A3439BCF069E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.6",
"matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214118", "url": "https://support.apple.com/en-us/HT214118",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

134
CVE-2024/CVE-2024-408xx/CVE-2024-40817.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40817", "id": "CVE-2024-40817",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.647", "published": "2024-07-29T23:15:13.647",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T17:10:15.093",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,43 +15,153 @@
"value": " El problema se solucion\u00f3 mejorando el manejo de la interfaz de usuario. Este problema se solucion\u00f3 en macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visitar un sitio web que enmarque contenido malicioso puede provocar una suplantaci\u00f3n de la interfaz de usuario." "value": " El problema se solucion\u00f3 mejorando el manejo de la interfaz de usuario. Este problema se solucion\u00f3 en macOS Sonoma 14.6, Safari 17.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Visitar un sitio web que enmarque contenido malicioso puede provocar una suplantaci\u00f3n de la interfaz de usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.6",
"matchCriteriaId": "A7AF9041-5C4F-42CB-99E5-5276DB6AC07C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0",
"versionEndExcluding": "12.7.6",
"matchCriteriaId": "EA924D87-8FAE-4E34-83F7-A5E25C7450E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.6",
"matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/15", "url": "http://seclists.org/fulldisclosure/2024/Jul/15",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214118", "url": "https://support.apple.com/en-us/HT214118",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214121", "url": "https://support.apple.com/en-us/HT214121",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/kb/HT214121", "url": "https://support.apple.com/kb/HT214121",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

158
CVE-2024/CVE-2024-408xx/CVE-2024-40818.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40818", "id": "CVE-2024-40818",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.703", "published": "2024-07-29T23:15:13.703",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T17:08:50.430",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,47 +15,179 @@
"value": " Este problema se solucion\u00f3 restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 y iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. Un atacante con acceso f\u00edsico puede utilizar Siri para acceder a datos confidenciales del usuario." "value": " Este problema se solucion\u00f3 restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucion\u00f3 en iOS 16.7.9 y iPadOS 16.7.9, macOS Ventura 13.6.8, iOS 17.6 y iPadOS 17.6, watchOS 10.6, macOS Sonoma 14.6. Un atacante con acceso f\u00edsico puede utilizar Siri para acceder a datos confidenciales del usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "70D16512-F797-4C1B-8612-FCB4B6039C2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.6",
"matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

139
CVE-2024/CVE-2024-408xx/CVE-2024-40822.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40822", "id": "CVE-2024-40822",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.840", "published": "2024-07-29T23:15:13.840",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T17:06:23.417",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,156 @@
"value": " Este problema se solucion\u00f3 restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucion\u00f3 en watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 y iPadOS 17.6, iOS 16.7.9 y iPadOS 16.7.9. Un atacante con acceso f\u00edsico a un dispositivo puede acceder a los contactos desde la pantalla de bloqueo." "value": " Este problema se solucion\u00f3 restringiendo las opciones ofrecidas en un dispositivo bloqueado. Este problema se solucion\u00f3 en watchOS 10.6, macOS Sonoma 14.6, iOS 17.6 y iPadOS 17.6, iOS 16.7.9 y iPadOS 16.7.9. Un atacante con acceso f\u00edsico a un dispositivo puede acceder a los contactos desde la pantalla de bloqueo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "29A9994D-AE71-45E0-8CC5-E6219420F7E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "B191C80F-3801-4AD0-9A63-EB294A029D7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.7.9",
"matchCriteriaId": "1ACEA981-1D96-49F1-8048-74D21D71FD39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "17.0",
"versionEndExcluding": "17.6",
"matchCriteriaId": "34E8C966-19C7-4376-A0C3-A242720F62DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "14.6",
"matchCriteriaId": "687902EF-637F-4537-B419-15A1695370B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.6",
"matchCriteriaId": "035D8460-BD6F-4696-9D7B-BA571A994FD0"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/16", "url": "http://seclists.org/fulldisclosure/2024/Jul/16",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/17", "url": "http://seclists.org/fulldisclosure/2024/Jul/17",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/21", "url": "http://seclists.org/fulldisclosure/2024/Jul/21",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214116", "url": "https://support.apple.com/en-us/HT214116",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214117", "url": "https://support.apple.com/en-us/HT214117",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214124", "url": "https://support.apple.com/en-us/HT214124",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

109
CVE-2024/CVE-2024-408xx/CVE-2024-40823.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-40823", "id": "CVE-2024-40823",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-07-29T23:15:13.920", "published": "2024-07-29T23:15:13.920",
"lastModified": "2024-07-30T13:32:45.943", "lastModified": "2024-08-15T17:08:03.857",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,31 +15,122 @@
"value": " El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario." "value": " El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.6, macOS Monterey 12.7.6, macOS Ventura 13.6.8. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "12.7.6",
"matchCriteriaId": "3556C7C3-14B6-4846-B3E8-FE07A503155F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.6.8",
"matchCriteriaId": "7008225C-B5B9-4F87-9392-DD2080717E9A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.6",
"matchCriteriaId": "51E2E93B-C5A3-4C83-B806-2EC555AD45FE"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/18", "url": "http://seclists.org/fulldisclosure/2024/Jul/18",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/19", "url": "http://seclists.org/fulldisclosure/2024/Jul/19",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "http://seclists.org/fulldisclosure/2024/Jul/20", "url": "http://seclists.org/fulldisclosure/2024/Jul/20",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214118", "url": "https://support.apple.com/en-us/HT214118",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214119", "url": "https://support.apple.com/en-us/HT214119",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
}, },
{ {
"url": "https://support.apple.com/en-us/HT214120", "url": "https://support.apple.com/en-us/HT214120",
"source": "product-security@apple.com" "source": "product-security@apple.com",
"tags": [
"Release Notes",
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-418xx/CVE-2024-41830.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41830", "id": "CVE-2024-41830",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:28.087", "published": "2024-08-14T15:15:28.087",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:17:23.687",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-418xx/CVE-2024-41831.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41831", "id": "CVE-2024-41831",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:28.307", "published": "2024-08-14T15:15:28.307",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:17:07.897",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-418xx/CVE-2024-41832.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41832", "id": "CVE-2024-41832",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:28.530", "published": "2024-08-14T15:15:28.530",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:16:41.400",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-418xx/CVE-2024-41833.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41833", "id": "CVE-2024-41833",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:28.757", "published": "2024-08-14T15:15:28.757",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:16:37.090",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

73
CVE-2024/CVE-2024-418xx/CVE-2024-41834.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41834", "id": "CVE-2024-41834",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:28.983", "published": "2024-08-14T15:15:28.983",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:13:25.090",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -47,10 +47,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

83
CVE-2024/CVE-2024-418xx/CVE-2024-41835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41835", "id": "CVE-2024-41835",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-08-14T15:15:29.207", "published": "2024-08-14T15:15:29.207",
"lastModified": "2024-08-14T17:49:14.177", "lastModified": "2024-08-15T17:13:11.837",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{ {
"source": "psirt@adobe.com", "source": "psirt@adobe.com",
"type": "Secondary", "type": "Secondary",
@ -47,10 +57,77 @@
] ]
} }
], ],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.30005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "B9311FEC-D9CC-421C-8E5E-8131E460FC42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "24.001.20604",
"versionEndExcluding": "24.001.30159",
"matchCriteriaId": "1A09E4B8-DB3B-45EC-B441-2C9549D299B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "D555A6CB-9EDF-4CA2-B8E5-04A9D212FD8B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:classic:*:*:*",
"versionStartIncluding": "20.001.3005",
"versionEndExcluding": "20.005.30655",
"matchCriteriaId": "883444C8-35EB-4BDF-A14C-C4C5BF97239A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:acrobat_reader_dc:*:*:*:*:continuous:*:*:*",
"versionStartIncluding": "15.008.20082",
"versionEndExcluding": "24.002.21005",
"matchCriteriaId": "9CE03784-4780-4313-A27A-37B265BF3F9D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*",
"matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [ "references": [
{ {
"url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html", "url": "https://helpx.adobe.com/security/products/acrobat/apsb24-57.html",
"source": "psirt@adobe.com" "source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

34
CVE-2024/CVE-2024-425xx/CVE-2024-42546.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42546", "id": "CVE-2024-42546",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T19:15:16.940", "published": "2024-08-12T19:15:16.940",
"lastModified": "2024-08-13T17:08:30.107", "lastModified": "2024-08-15T16:35:15.603",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 3.9, "exploitabilityScore": 3.9,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-120" "value": "CWE-120"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
} }
], ],
"configurations": [ "configurations": [

34
CVE-2024/CVE-2024-426xx/CVE-2024-42624.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42624", "id": "CVE-2024-42624",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T17:15:18.063", "published": "2024-08-12T17:15:18.063",
"lastModified": "2024-08-13T13:24:48.877", "lastModified": "2024-08-15T17:35:08.070",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-352" "value": "CWE-352"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
} }
], ],
"configurations": [ "configurations": [

34
CVE-2024/CVE-2024-426xx/CVE-2024-42628.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42628", "id": "CVE-2024-42628",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-12T16:15:16.887", "published": "2024-08-12T16:15:16.887",
"lastModified": "2024-08-13T13:18:32.317", "lastModified": "2024-08-15T17:35:08.840",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -36,6 +36,26 @@
}, },
"exploitabilityScore": 2.8, "exploitabilityScore": 2.8,
"impactScore": 5.9 "impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
} }
] ]
}, },
@ -49,6 +69,16 @@
"value": "CWE-352" "value": "CWE-352"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
} }
], ],
"configurations": [ "configurations": [

41
CVE-2024/CVE-2024-426xx/CVE-2024-42676.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42676", "id": "CVE-2024-42676",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T14:15:10.683", "published": "2024-08-15T14:15:10.683",
"lastModified": "2024-08-15T14:15:10.683", "lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -11,7 +11,42 @@
"value": "File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component" "value": "File Upload vulnerability in Huizhi enterprise resource management system v.1.0 and before allows a remote attacker to execute arbitrary code via the /nssys/common/Upload. Aspx? Action=DNPageAjaxPostBack component"
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZupload.md", "url": "https://github.com/WarmBrew/web_vul/blob/main/HZ-cve/HZupload.md",

4
CVE-2024/CVE-2024-426xx/CVE-2024-42677.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42677", "id": "CVE-2024-42677",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T14:15:10.813", "published": "2024-08-15T14:15:10.813",
"lastModified": "2024-08-15T14:15:10.813", "lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2024/CVE-2024-426xx/CVE-2024-42678.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42678", "id": "CVE-2024-42678",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T14:15:10.910", "published": "2024-08-15T14:15:10.910",
"lastModified": "2024-08-15T15:35:13.793", "lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

4
CVE-2024/CVE-2024-426xx/CVE-2024-42679.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42679", "id": "CVE-2024-42679",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-08-15T14:15:11.003", "published": "2024-08-15T14:15:11.003",
"lastModified": "2024-08-15T14:15:11.003", "lastModified": "2024-08-15T17:34:07.033",
"vulnStatus": "Received", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {

Some files were not shown because too many files have changed in this diff Show More