admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-11T16:00:18.806565+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-11 16:03:16 +00:00
parent 8f68afb969
commit 73ee09a34a
136 changed files with 7098 additions and 695 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
CVE-2020/CVE-2020-273xx/CVE-2020-27352.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2020-27352",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-06-21T20:15:10.630",
"lastModified": "2024-06-24T12:57:36.513",
"lastModified": "2024-07-11T15:05:04.077",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -38,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/snapd/+bug/1910456",

27
CVE-2023/CVE-2023-211xx/CVE-2023-21113.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-21113",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:10.717",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:05.923",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En m\u00faltiples ubicaciones, existe una posible omisi\u00f3n de permiso debido a un agente confundido. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://android.googlesource.com/platform/build/soong/+/e7b7f0833dc47ade981eddfbf462dcc143dddd10",

7
CVE-2023/CVE-2023-274xx/CVE-2023-27433.json
View File

@ -2,12 +2,13 @@
"id": "CVE-2023-27433",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-04T14:15:10.587",
"lastModified": "2023-10-05T18:10:37.703",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-11T15:15:10.777",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative plugin <=\u00a01.3.0 versions."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative allows Cross Site Request Forgery.This issue affects Make Paths Relative: from n/a through 1.3.0."
},
{
"lang": "es",

5
CVE-2023/CVE-2023-322xx/CVE-2023-32295.json
View File

@ -2,12 +2,13 @@
"id": "CVE-2023-32295",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-11T12:15:07.707",
"lastModified": "2024-04-11T12:47:44.137",
"lastModified": "2024-07-11T15:15:10.923",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.2.\n\n"
"value": "Missing Authorization vulnerability in Alex Tselegidis Easy!Appointments.This issue affects Easy!Appointments: from n/a through 1.3.3."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-419xx/CVE-2023-41915.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41915",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-09T22:15:09.530",
"lastModified": "2024-07-10T23:15:09.923",
"lastModified": "2024-07-11T14:15:12.997",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -132,6 +132,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/6",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/3",
"source": "cve@mitre.org"
},
{
"url": "https://docs.openpmix.org/en/latest/security.html",
"source": "cve@mitre.org",

40
CVE-2023/CVE-2023-448xx/CVE-2023-44853.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2023-44853",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-12T04:15:08.960",
"lastModified": "2024-04-12T12:43:46.210",
"lastModified": "2024-07-11T15:05:11.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Cobham SAILOR VSAT Ku v.164B019, que permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un script manipulado para la funci\u00f3n sub_219C4 en el archivo acu_web."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.3,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://pine-amphibian-9b9.notion.site/SAILOR-Ku-Software-RCE-and-Privilege-Escalation-Diagnostics-report-0f3923d0ed434705b7ed4a6174218c2b?pvs=4",

7
CVE-2023/CVE-2023-456xx/CVE-2023-45651.json
View File

@ -2,12 +2,13 @@
"id": "CVE-2023-45651",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-10-16T09:15:11.190",
"lastModified": "2023-10-19T17:30:00.853",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-11T15:15:11.087",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments plugin <=\u00a05.0.6 versions."
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11."
},
{
"lang": "es",

39
CVE-2023/CVE-2023-459xx/CVE-2023-45919.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45919",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-27T05:15:47.030",
"lastModified": "2024-07-10T15:15:10.657",
"lastModified": "2024-07-11T15:05:12.067",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,7 +22,42 @@
"value": "Se descubri\u00f3 que Mesa 23.0.4 conten\u00eda un b\u00fafer sobrele\u00eddo en glXQueryServerString(). NOTA: esto est\u00e1 en disputa porque no hay situaciones comunes en las que los usuarios requieran una operaci\u00f3n ininterrumpida con un servidor controlador de atacante."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-126"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jan/47",

45
CVE-2023/CVE-2023-481xx/CVE-2023-48194.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2023-48194",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T18:15:08.790",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T15:05:13.020",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Tenda AC8v4 .V16.03.34.09 due to sscanf and the last digit of s8 being overwritten with \\x0. After executing set_client_qos, control over the gp register can be obtained."
},
{
"lang": "es",
"value": "Vulnerabilidad en Tenda AC8v4 .V16.03.34.09 debido a que sscanf y el \u00faltimo d\u00edgito de s8 se sobrescriben con \\x0. Despu\u00e9s de ejecutar set_client_qos, se puede obtener el control sobre el registro gp."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://tenda.com",

73
CVE-2023/CVE-2023-495xx/CVE-2023-49595.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-49595",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:05.323",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T15:59:57.840",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the boa rollback_control_code functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to arbitrary code execution. An attacker can send a sequence of requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa rollback_control_code de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes de red especialmente manipuladas pueden provocar la ejecuci\u00f3n de c\u00f3digo arbitrario. Un atacante puede enviar una secuencia de solicitudes para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,57 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1878",
"source": "talos-cna@cisco.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1878",
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

73
CVE-2023/CVE-2023-498xx/CVE-2023-49867.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-49867",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:05.543",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T15:59:27.847",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A stack-based buffer overflow vulnerability exists in the boa formWsc functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of HTTP requests can lead to remote code execution. An attacker can send a series of HTTP requests to trigger this vulnerability."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa formWsc de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes HTTP especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una serie de solicitudes HTTP para desencadenar esta vulnerabilidad."
}
],
"metrics": {
@ -37,8 +41,18 @@
},
"weaknesses": [
{
"source": "talos-cna@cisco.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -47,10 +61,57 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1904",
"source": "talos-cna@cisco.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1904",
"source": "talos-cna@cisco.com",
"tags": [
"Third Party Advisory"
]
}
]
}

72
CVE-2023/CVE-2023-502xx/CVE-2023-50239.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2023-50239",
"sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-07-08T16:15:05.770",
"lastModified": "2024-07-08T16:35:46.377",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T15:59:15.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Two stack-based buffer overflow vulnerabilities exist in the boa set_RadvdInterfaceParam functionality of Realtek rtl819x Jungle SDK v3.4.11. A specially crafted series of network requests can lead to remote code execution. An attacker can send a sequence of requests to trigger these vulnerabilities.This stack-based buffer overflow is related to the `interfacename` request's parameter."
},
{
"lang": "es",
"value": "Existen dos vulnerabilidades de desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria en la funcionalidad boa set_RadvdInterfaceParam de Realtek rtl819x Jungle SDK v3.4.11. Una serie de solicitudes de red especialmente manipuladas pueden conducir a la ejecuci\u00f3n remota de c\u00f3digo. Un atacante puede enviar una secuencia de solicitudes para activar estas vulnerabilidades. Este desbordamiento del b\u00fafer basado en pila est\u00e1 relacionado con el par\u00e1metro de solicitud \"interfacename\"."
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
@ -47,10 +61,58 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893",
"source": "talos-cna@cisco.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:realtek:rtl819x_jungle_software_development_kit:3.4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "7891A085-C128-426B-A8BB-70E688CAAF65"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6013_firmware:rer4_a_v3411b_2t2r_lev_09_170623:*:*:*:*:*:*:*",
"matchCriteriaId": "79082BA3-FBC4-4F38-8897-37E70D7B83D3"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6013:-:*:*:*:*:*:*:*",
"matchCriteriaId": "59DE58EE-DF41-48A2-B048-65A0666808F1"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2023-1893",
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

14
CVE-2023/CVE-2023-508xx/CVE-2023-50806.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50806",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T19:15:10.820",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:15.190",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",

14
CVE-2023/CVE-2023-508xx/CVE-2023-50807.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-50807",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T19:15:11.020",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:15.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",

15
CVE-2023/CVE-2023-64xx/CVE-2023-6494.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2023-6494",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-13T09:15:06.917",
"lastModified": "2024-04-15T13:15:31.997",
"lastModified": "2024-07-11T15:05:17.510",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -38,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3069323%40woo-smart-quick-view&new=3069323%40woo-smart-quick-view&sfp_email=&sfph_mail=",

12
CVE-2024/CVE-2024-215xx/CVE-2024-21526.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21526",
"sourceIdentifier": "report@snyk.io",
"published": "2024-07-10T05:15:11.733",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:20.940",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "CWE-400"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-241"
}
]
}
],
"references": [

40
CVE-2024/CVE-2024-217xx/CVE-2024-21740.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-21740",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-25T21:15:57.190",
"lastModified": "2024-06-26T12:44:29.693",
"lastModified": "2024-07-11T15:05:22.467",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Los dispositivos Artery AT32F415CBT7 y AT32F421C8T7 tienen control de acceso incorrecto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://tches.iacr.org/index.php/TCHES/article/view/11422/10927",

28
CVE-2024/CVE-2024-231xx/CVE-2024-23151.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-23151",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-06-25T04:15:12.567",
"lastModified": "2024-06-25T12:24:17.873",
"lastModified": "2024-07-11T15:05:24.300",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "Un archivo 3DM creado con fines malintencionados, cuando se analiza en ASMkern229A.dll a trav\u00e9s de aplicaciones de Autodesk, puede forzar una escritura fuera de los l\u00edmites. Un actor malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",

27
CVE-2024/CVE-2024-236xx/CVE-2024-23697.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23697",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:12.047",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:24.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En RGXCreateHWRTData_aux de rgxta3d.c existe una posible ejecuci\u00f3n de c\u00f3digo arbitrario debido a un uso after free. Esto podr\u00eda conducir a una escalada local de privilegios en el kernel sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-06-01",

39
CVE-2024/CVE-2024-237xx/CVE-2024-23711.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23711",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:12.227",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:25.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En DevmemXIntUnreserveRange de devicemem_server.c, existe una posible ejecuci\u00f3n de c\u00f3digo arbitrario debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios en el kernel sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-06-01",

39
CVE-2024/CVE-2024-237xx/CVE-2024-23736.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23736",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T22:15:02.767",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-07-11T15:05:26.800",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de Cross Site Request Forgery (CSRF) en savignano S/Notify anterior a 4.0.2 para Confluence permite a los atacantes manipular el certificado S/MIME de la clave PGP de un usuario a trav\u00e9s de un enlace malicioso o un correo electr\u00f3nico."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://help.savignano.net/snotify-email-encryption/sa-2023-11-28#SA-2023-11-28-CSRFbasedvulnerabilityinuserupload",

40
CVE-2024/CVE-2024-237xx/CVE-2024-23767.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-23767",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T21:15:13.057",
"lastModified": "2024-06-27T12:47:19.847",
"lastModified": "2024-07-11T15:05:27.593",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en la versi\u00f3n 3 del firmware HMS Anybus X-Gateway AB7832-F. El protocolo HICP permite cambios no autenticados en las configuraciones de red de un dispositivo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-287"
}
]
}
],
"references": [
{
"url": "https://sensepost.com/blog/2024/targeting-an-industrial-protocol-gateway/",

91
CVE-2024/CVE-2024-249xx/CVE-2024-24974.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24974",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T11:15:10.103",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:47:54.920",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,8 +15,41 @@
"value": "El servicio interactivo en OpenVPN 2.6.9 y versiones anteriores permite acceder remotamente al canal del servicio OpenVPN, lo que permite a un atacante remoto interactuar con el servicio interactivo privilegiado OpenVPN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "security@openvpn.net",
"type": "Secondary",
@ -28,18 +61,52 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974",
"source": "security@openvpn.net"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionEndExcluding": "2.5.10",
"matchCriteriaId": "62343D14-4C89-4E6F-9C74-46E7EEAF79CB"
},
{
"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/",
"source": "security@openvpn.net"
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html",
"source": "security@openvpn.net"
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.10",
"matchCriteriaId": "0E77CFBC-2014-4588-B77C-C34E333645A7"
}
]
}
]
}
],
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-24974",
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/",
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html",
"source": "security@openvpn.net",
"tags": [
"Mailing List"
]
}
]
}

39
CVE-2024/CVE-2024-250xx/CVE-2024-25076.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25076",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-10T20:15:02.933",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:28.443",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en los dispositivos Renesas SmartBond DA14691, DA14695, DA14697 y DA14699. La funci\u00f3n bootrom responsable de validar el encabezado del producto Flash utiliza directamente un valor de tama\u00f1o controlable por el usuario (Longitud de la secci\u00f3n de configuraci\u00f3n de Flash) para controlar una lectura desde el dispositivo QSPI en un b\u00fafer de tama\u00f1o fijo, lo que resulta en un desbordamiento del b\u00fafer y la ejecuci\u00f3n de c\u00f3digo arbitrario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/atredispartners/advisories/blob/master/ATREDIS-2024-0001.md",

6
CVE-2024/CVE-2024-266xx/CVE-2024-26621.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26621",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:50.340",
"lastModified": "2024-07-10T23:15:10.040",
"lastModified": "2024-07-11T14:15:13.210",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -57,6 +57,10 @@
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/11/4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

23
CVE-2024/CVE-2024-26xx/CVE-2024-2659.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-2659",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-04-15T18:15:10.837",
"lastModified": "2024-04-15T19:12:25.887",
"lastModified": "2024-07-11T15:05:36.393",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -35,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},

91
CVE-2024/CVE-2024-274xx/CVE-2024-27459.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27459",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T11:15:10.303",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:47:26.447",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,8 +15,41 @@
"value": "El servicio interactivo en OpenVPN 2.6.9 y versiones anteriores permite a un atacante enviar datos provocando un desbordamiento de pila que puede usarse para ejecutar c\u00f3digo arbitrario con m\u00e1s privilegios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security@openvpn.net",
"type": "Secondary",
@ -28,18 +61,52 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27459",
"source": "security@openvpn.net"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionEndExcluding": "2.5.10",
"matchCriteriaId": "62343D14-4C89-4E6F-9C74-46E7EEAF79CB"
},
{
"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/",
"source": "security@openvpn.net"
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html",
"source": "security@openvpn.net"
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.10",
"matchCriteriaId": "0E77CFBC-2014-4588-B77C-C34E333645A7"
}
]
}
]
}
],
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27459",
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/",
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html",
"source": "security@openvpn.net",
"tags": [
"Mailing List"
]
}
]
}

40
CVE-2024/CVE-2024-276xx/CVE-2024-27602.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-27602",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T21:15:45.957",
"lastModified": "2024-04-03T12:38:04.840",
"lastModified": "2024-07-11T15:05:30.183",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,42 @@
"value": "Alldata V0.4.6 es vulnerable a un control de acceso incorrecto. Se han filtrado un total de muchos documentos de interfaz de m\u00f3dulos. Por ejemplo, el m\u00f3dulo /api/system/v2/api-docs."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Raybye/fee21f1a5b3a9ab54359818281478034",

39
CVE-2024/CVE-2024-276xx/CVE-2024-27628.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27628",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-28T19:15:05.180",
"lastModified": "2024-07-01T12:37:24.220",
"lastModified": "2024-07-11T15:05:31.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de desbordamiento de b\u00fafer en DCMTK v.3.6.8 permite a un atacante ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente del m\u00e9todo EctEnhancedCT."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/DCMTK/dcmtk/commit/ec52e99e1e33fc39810560421c0833b02da567b3",

86
CVE-2024/CVE-2024-279xx/CVE-2024-27903.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27903",
"sourceIdentifier": "security@openvpn.net",
"published": "2024-07-08T11:15:10.390",
"lastModified": "2024-07-09T16:22:25.120",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:46:26.300",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
},
{
"source": "security@openvpn.net",
"type": "Secondary",
@ -51,18 +81,52 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27903",
"source": "security@openvpn.net"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionEndExcluding": "2.5.10",
"matchCriteriaId": "62343D14-4C89-4E6F-9C74-46E7EEAF79CB"
},
{
"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/",
"source": "security@openvpn.net"
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html",
"source": "security@openvpn.net"
"vulnerable": true,
"criteria": "cpe:2.3:a:openvpn:openvpn:*:*:*:*:community:*:*:*",
"versionStartIncluding": "2.6.0",
"versionEndExcluding": "2.6.10",
"matchCriteriaId": "0E77CFBC-2014-4588-B77C-C34E333645A7"
}
]
}
]
}
],
"references": [
{
"url": "https://community.openvpn.net/openvpn/wiki/CVE-2024-27903",
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/",
"source": "security@openvpn.net",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.mail-archive.com/openvpn-users@lists.sourceforge.net/msg07534.html",
"source": "security@openvpn.net",
"tags": [
"Mailing List"
]
}
]
}

44
CVE-2024/CVE-2024-288xx/CVE-2024-28872.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-28872",
"sourceIdentifier": "security-officer@isc.org",
"published": "2024-07-11T15:15:11.377",
"lastModified": "2024-07-11T15:15:11.377",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The TLS certificate validation code is flawed. An attacker can obtain a TLS certificate from the Stork server and use it to connect to the Stork agent. Once this connection is established with the valid certificate, the attacker can send malicious commands to a monitored service (Kea or BIND 9), possibly resulting in confidential data loss and/or denial of service. It should be noted that this vulnerability is not related to BIND 9 or Kea directly, and only customers using the Stork management tool are potentially affected.\nThis issue affects Stork versions 0.15.0 through 1.15.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-officer@isc.org",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:L/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 8.9,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"references": [
{
"url": "https://kb.isc.org/docs/cve-2024-28872",
"source": "security-officer@isc.org"
}
]
}

14
CVE-2024/CVE-2024-291xx/CVE-2024-29153.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29153",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T20:15:10.827",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:33.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",

28
CVE-2024/CVE-2024-294xx/CVE-2024-29461.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-29461",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-12T14:15:07.597",
"lastModified": "2024-04-15T13:15:51.577",
"lastModified": "2024-07-11T15:05:34.270",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,7 +15,30 @@
"value": "Un problema en Floodlight SDN OpenFlow Controller v.1.2 permite que un atacante remoto provoque una denegaci\u00f3n de servicio a trav\u00e9s del componente datapath id."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://gist.github.com/ErodedElk/399a226905c574efe705e3bff77955e3",

68
CVE-2024/CVE-2024-297xx/CVE-2024-29778.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-29778",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:51.857",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:29:52.413",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En ProtocolPsDedicatedBearInfoAdapter::processQosSession de protocolpsadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-297xx/CVE-2024-29780.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-29780",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:51.950",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:32:47.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En hwbcc_ns_deprivilege de trusty/user/base/lib/hwbcc/client/hwbcc.c, existe una posible divulgaci\u00f3n de datos de pila no inicializados debido a datos no inicializados. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-297xx/CVE-2024-29781.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-29781",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:52.027",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:35:15.730",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En ss_AnalyzeOssReturnResUssdArgIe de ss_OssAsnManagement.c, existe una posible lectura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-297xx/CVE-2024-29785.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-29785",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:52.180",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:26:38.663",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En aur_get_state de aurora.c, existe una posible divulgaci\u00f3n de informaci\u00f3n debido a datos no inicializados. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-297xx/CVE-2024-29786.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29786",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:52.257",
"lastModified": "2024-07-03T01:52:35.427",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:10:32.990",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-297xx/CVE-2024-29787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29787",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:52.340",
"lastModified": "2024-07-03T01:52:36.683",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:05:47.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-298xx/CVE-2024-29849.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29849",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-05-22T23:15:08.683",
"lastModified": "2024-07-03T01:52:47.767",
"lastModified": "2024-07-11T15:05:34.760",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-288"
"value": "CWE-287"
}
]
}

39
CVE-2024/CVE-2024-313xx/CVE-2024-31311.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31311",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:12.840",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:38.153",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En increment_annotation_count de stats_event.c, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/StatsD/+/b6aab6c000ab85f4e4d8bb3941bcc33800550374",

27
CVE-2024/CVE-2024-313xx/CVE-2024-31315.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31315",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:13.080",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:39.143",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En m\u00faltiples funciones de ManagedServices.java, existe una forma posible de ocultar una aplicaci\u00f3n con acceso a notificaciones en la configuraci\u00f3n de notificaciones de dispositivos y aplicaciones debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/a9ee2793068235ff423d08cc0964870c054d1983",

27
CVE-2024/CVE-2024-313xx/CVE-2024-31316.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31316",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:13.140",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:39.377",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En onResult de AccountManagerService.java, existe una forma posible de realizar un inicio de actividad en segundo plano arbitrario debido a una falta de coincidencia de paquetes. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/3457d82f8e265ad615b38f6a2aa3c33f1e100cb9",

39
CVE-2024/CVE-2024-313xx/CVE-2024-31317.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31317",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:13.197",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:39.587",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En m\u00faltiples funciones de ZygoteProcess.java, existe una manera posible de lograr la ejecuci\u00f3n de c\u00f3digo como cualquier aplicaci\u00f3n a trav\u00e9s de WRITE_SECURE_SETTINGS debido a una deserializaci\u00f3n insegura. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del usuario necesarios. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/e25a0e394bbfd6143a557e1019bb7ad992d11985",

39
CVE-2024/CVE-2024-313xx/CVE-2024-31322.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31322",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:13.433",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:40.467",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En updateServicesLocked de AccessibilityManagerService.java, existe una forma posible de ocultar una aplicaci\u00f3n de la Configuraci\u00f3n mientras se conserva el Servicio de Accesibilidad debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/c1bc907a649addd5b97d489fd39afb956164a46c",

27
CVE-2024/CVE-2024-313xx/CVE-2024-31324.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31324",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:13.563",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:41.280",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En hide de WindowState.java, existe una forma posible de omitir la protecci\u00f3n contra secuestro/superposici\u00f3n iniciando la actividad en modo vertical primero y luego rot\u00e1ndola al modo horizontal. Esto podr\u00eda conducir a una escalada local de privilegios con privilegios de ejecuci\u00f3n del usuario necesarios. Se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/f16cc1135b414906164eb8fc55a76971b0e36c21",

27
CVE-2024/CVE-2024-313xx/CVE-2024-31327.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31327",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:13.820",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:41.523",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En m\u00faltiples funciones de MessageQueueBase.h, existe una posible escritura fuera de los l\u00edmites debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://android.googlesource.com/platform/system/libfmq/+/79bbf4aeef4b254c52da670a972e22956c8c659d",

27
CVE-2024/CVE-2024-313xx/CVE-2024-31332.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31332",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:13.947",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:41.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En varias ubicaciones, existe una manera posible de evitar una restricci\u00f3n para agregar nuevas conexiones Wi-Fi debido a una falta de verificaci\u00f3n de permiso. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/apps/Settings/+/d1f9e61e4480116838c7a642b54c217506361266",

39
CVE-2024/CVE-2024-313xx/CVE-2024-31334.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31334",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:14.010",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:41.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En DevmemIntFreeDefBackingPage de devicemem_server.c, existe una posible ejecuci\u00f3n de c\u00f3digo arbitrario debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios en el kernel sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-07-01",

27
CVE-2024/CVE-2024-313xx/CVE-2024-31339.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31339",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:14.137",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:42.757",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En m\u00faltiples funciones de StatsService.cpp, existe una posible corrupci\u00f3n de la memoria debido a un use after free. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://android.googlesource.com/platform/packages/modules/StatsD/+/795a0da721992432cae20fc9be21bcbce318bf5a",

409
CVE-2024/CVE-2024-318xx/CVE-2024-31897.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31897",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-08T03:15:02.200",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:52:52.907",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -51,14 +71,389 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288178",
"source": "psirt@us.ibm.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0.0",
"versionEndIncluding": "18.0.2",
"matchCriteriaId": "716DF694-558C-4115-B70E-E434602BA933"
},
{
"url": "https://www.ibm.com/support/pages/node/7159332",
"source": "psirt@us.ibm.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0.1",
"versionEndIncluding": "19.0.3",
"matchCriteriaId": "00B3BADE-C2D9-40BC-BAD0-39FCA9FC563B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.1",
"versionEndIncluding": "20.0.3",
"matchCriteriaId": "F99EDA35-605B-4AC3-AFFA-F6507F1DD8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AF7E2601-47E6-4111-9DE0-C3C01705884A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "AECC2FB4-0D29-45DB-AB55-B6C6C6A8BB2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "B8F5E495-92A5-419D-884B-C82D6AA5B56B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "508939AF-58FC-4E12-B4E2-B11865B603F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "C5B419DE-4597-4A33-861D-5530BDA9E679"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "00EE653A-0EAD-489B-9610-6BEE3295AAEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "06B644E7-7EB2-4AB6-9D30-EA0602373FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007:*:*:*:*:*:*",
"matchCriteriaId": "838846CB-8436-40D1-9C3B-FBA2426351E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_008:*:*:*:*:*:*",
"matchCriteriaId": "60AC2B63-2F8A-40E7-B2E0-4A06F79E1F7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "21D8DE68-5651-4068-B978-79B28F2DC5D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "BBEA972A-A41E-44C9-8D35-1A991D3384B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "D3009F4E-7157-43D3-B6A0-2531CDE619BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "1DA97C23-9B80-4956-9873-317902A0D804"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "1D0B6203-C775-4C5E-BAE9-C956E718F261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "257A7A17-7EDF-4E23-88A6-216BC29EC467"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007:*:*:*:*:*:*",
"matchCriteriaId": "26FF217B-1BD4-46E5-8023-2B2989FF7868"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008:*:*:*:*:*:*",
"matchCriteriaId": "C60E58EA-C4D5-4D4D-8C9B-3EC33A7027E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_009:*:*:*:*:*:*",
"matchCriteriaId": "7817670E-5649-42A9-B5F9-7586D7AEB4CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_010:*:*:*:*:*:*",
"matchCriteriaId": "FC7F85E8-8185-418A-B25F-8E64A58177DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_011:*:*:*:*:*:*",
"matchCriteriaId": "37616DCD-C26C-44EA-AA7F-732DC128FFE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_012:*:*:*:*:*:*",
"matchCriteriaId": "26CAC076-6FED-49E2-BF33-230F1D1195F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_013:*:*:*:*:*:*",
"matchCriteriaId": "5A88C56C-22CC-4791-BB33-C1494E7F41EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_014:*:*:*:*:*:*",
"matchCriteriaId": "12652B2E-307E-4568-920B-A869914ED650"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_015:*:*:*:*:*:*",
"matchCriteriaId": "8F4E242F-BDF4-4CFE-B808-4A4B7A6FAD0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_016:*:*:*:*:*:*",
"matchCriteriaId": "88E736CF-CA6E-400B-9AE3-2C58D2265752"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_017:*:*:*:*:*:*",
"matchCriteriaId": "02488B2F-8D6E-4BDC-8DA9-45F5EBC42049"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_018:*:*:*:*:*:*",
"matchCriteriaId": "854F4AF8-B712-446E-9DE1-A2496D5E9C1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_019:*:*:*:*:*:*",
"matchCriteriaId": "CF3F1B62-089B-41ED-AD3E-F31F8E967F18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_020:*:*:*:*:*:*",
"matchCriteriaId": "ABB843C3-F26D-43A5-AD3E-9D30D00339D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_021:*:*:*:*:*:*",
"matchCriteriaId": "42A67A28-CBF1-4C37-A217-F4789ED1850E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_022:*:*:*:*:*:*",
"matchCriteriaId": "BFEF1033-B100-400A-9B2B-94AEE3A7B94A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_023:*:*:*:*:*:*",
"matchCriteriaId": "5F109F93-1CE8-4F86-9070-73012ED0FE79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_024:*:*:*:*:*:*",
"matchCriteriaId": "6CC66606-EE8D-4273-832A-4A0391B5DBAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_025:*:*:*:*:*:*",
"matchCriteriaId": "8CEF57DE-61D6-41E6-8C34-06A1F859F9AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_026:*:*:*:*:*:*",
"matchCriteriaId": "7C441A0C-5FE4-4F7A-8E88-85E198790D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_028:*:*:*:*:*:*",
"matchCriteriaId": "9A6F6F2E-0ED8-4478-BFC5-92C736323A63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_029:*:*:*:*:*:*",
"matchCriteriaId": "1D823E07-4F45-4EBC-99AF-81C412330586"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_030:*:*:*:*:*:*",
"matchCriteriaId": "AE588317-A913-429C-88E8-059425506E47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_031:*:*:*:*:*:*",
"matchCriteriaId": "B0E18893-9158-4712-B879-7ADD2EB619AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_032:*:*:*:*:*:*",
"matchCriteriaId": "DFBF74EF-1B70-4FDE-A13F-6695C72E4638"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_033:*:*:*:*:*:*",
"matchCriteriaId": "C3A5C102-A3D4-456D-B985-E556E37044A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F22E2017-86A6-4CD1-8192-7A5DF0A1D818"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "31BC7CBD-C728-481C-AC5F-110FD7799B6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "49793CE0-A419-4937-89B4-B6A8F0E22C0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "E7ABFE27-D890-4AF4-8686-296F4DB90F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "BE746B2B-EECA-4332-9A24-8EF23BDA1B52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "CEE539C9-6AF2-4B02-8916-2AC7D4A93C2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "72743164-5279-4FB6-86EE-EBE5B8CD6D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "517C5EDE-5104-4E22-B9C6-64DFBA7650C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "7A81368D-744B-4886-96C7-1755A27C0AAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "5B823170-57D5-4329-B41A-6C347982E00B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "AAE375C3-E995-415F-A349-A45998764910"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "A402E881-759D-4B59-985D-4DDA49327147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "939B5364-0CF8-480A-B15A-B1FD9D9560EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "9BD80442-5DB1-44AC-B4FC-6EDF4162586B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "01632D44-1A4A-4C1A-A19D-8E815617B905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "12CE606B-49F1-425F-A00B-23E3C91CCB0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "581B838C-3242-46E8-B2A7-343734FEA3DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "287F9B5E-AD36-422B-80D5-9B51BA64F993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "0B20AAF4-0EC3-467A-96C6-102124A191DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "0EA264AE-2691-4C84-BAB6-82BEECC7435F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "91E7E70A-765F-47EC-8DDD-82BFFE14A6C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "F3A493A2-6835-4A52-9C0C-1C828C3AF662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "F5D82427-AC22-4C48-9AC8-B1922082FDF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "0767E445-1D61-4879-AB3A-2E6259CF4AF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "BA3388C6-DFAD-403E-9699-305B2146B883"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/288178",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7159332",
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-327xx/CVE-2024-32759.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-32759",
"sourceIdentifier": "productsecurity@jci.com",
"published": "2024-07-10T18:15:03.220",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:15:11.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Under certain circumstances the Software House C?CURE 9000 installer will utilize weak credentials."
"value": "Under certain circumstances the Software House C\u25cfCURE 9000 installer will utilize weak credentials."
},
{
"lang": "es",

60
CVE-2024/CVE-2024-328xx/CVE-2024-32891.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32891",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:53.690",
"lastModified": "2024-07-03T01:57:12.270",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:05:11.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-328xx/CVE-2024-32892.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32892",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:53.770",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:04:49.010",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En handle_init de goodix/main/main.c, existe una posible corrupci\u00f3n de memoria debido a confusi\u00f3n de tipos. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

64
CVE-2024/CVE-2024-328xx/CVE-2024-32893.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32893",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:53.847",
"lastModified": "2024-07-03T01:57:13.633",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:04:33.807",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,20 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-704"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +85,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-328xx/CVE-2024-32894.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32894",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:53.923",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:03:46.810",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En bc_get_converted_received_bearer de bc_utilities.c, existe una posible lectura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-328xx/CVE-2024-32897.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32897",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.150",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:28:06.287",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En ProtocolCdmaCallWaitingIndAdapter::GetCwInfo() de protocolsmsadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda conducir a la divulgaci\u00f3n remota de informaci\u00f3n y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-328xx/CVE-2024-32898.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32898",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.223",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:28:44.707",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En ProtocolCellIdentityParserV4::Parse() de protocolnetadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-328xx/CVE-2024-32899.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32899",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.287",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:22:06.627",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En gpu_pm_power_off_top_nolock de pixel_gpu_power.c, existe un posible compromiso de la memoria protegida debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda llevar a una escalada local de privilegios a TEE sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-329xx/CVE-2024-32900.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32900",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.357",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:22:34.243",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,70 @@
"value": "En lwis_fence_signal de lwis_debug.c, existe un posible Use after Free debido a un bloqueo inadecuado. Esto podr\u00eda llevar a una escalada local de privilegios desde la etiqueta hal_camera_default SELinux sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
},
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-329xx/CVE-2024-32901.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32901",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.430",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T14:23:01.377",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En v4l2_smfc_qbuf de smfc-v4l2-ioctls.c, hay una posible escritura fuera de los l\u00edmites debido a una comprobaci\u00f3n de los l\u00edmites faltante. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-329xx/CVE-2024-32903.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32903",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.583",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T15:15:02.090",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En prepare_response_locked de lwis_transaction.c, existe una posible escritura fuera de los l\u00edmites debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-329xx/CVE-2024-32904.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32904",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.657",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T15:14:41.203",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En ProtocolVsimOperationAdapter() de protocolvsimadapter.cpp, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local y comprometer el firmware de banda base. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-329xx/CVE-2024-32905.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32905",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.730",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T15:13:21.467",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En circ_read de link_device_memory_legacy.c, hay una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites incorrecta. Esto podr\u00eda conducir a la ejecuci\u00f3n remota de c\u00f3digo sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-329xx/CVE-2024-32906.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32906",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.810",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T15:13:02.713",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En AcvpOnMessage de avcp.cpp, existe un posible EOP debido a datos no inicializados. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-329xx/CVE-2024-32907.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32907",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.877",
"lastModified": "2024-07-03T01:57:15.760",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T15:10:44.407",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-329xx/CVE-2024-32908.json
View File

@ -2,8 +2,9 @@
"id": "CVE-2024-32908",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:54.957",
"lastModified": "2024-06-17T12:43:31.090",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T15:07:31.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -14,11 +15,66 @@
"value": "En sec_media_protect de media.c, existe una posible omisi\u00f3n de permiso debido a una condici\u00f3n de ejecuci\u00f3n. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-329xx/CVE-2024-32909.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32909",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-06-13T21:15:55.027",
"lastModified": "2024-07-03T01:57:16.980",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-07-11T15:05:52.807",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F8B9FEC8-73B6-43B8-B24E-1F7C20D91D26"
}
]
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-06-01",
"source": "dsap-vuln-management@google.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-333xx/CVE-2024-33326.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33326",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-26T19:15:13.210",
"lastModified": "2024-07-11T04:15:04.567",
"lastModified": "2024-07-11T15:05:43.450",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Una vulnerabilidad de Cross Site Scripting (XSS) en el componente XsltResultControllerHtml.jsp de Lumisxp v15.0.xa v16.1.x permite a los atacantes ejecutar scripts web o HTML de su elecci\u00f3n a trav\u00e9s de un payload manipulado inyectado en el par\u00e1metro lumPageID."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/10",

437
CVE-2024/CVE-2024-346xx/CVE-2024-34602.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34602",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-07-08T07:15:02.663",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:49:05.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,10 +59,417 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07",
"source": "mobile.security@samsung.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "F1525232-54F0-467F-9575-2445F73F43B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "18940389-1FBD-48B2-BCF0-1D709C2C3045"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "B3556856-6F56-465C-8254-BB3CD8252FF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "2DB353A1-BE96-4FB5-9F4D-0119DC51F24E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E070DA79-8F09-4877-BFBA-3F23564DD8C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D80C2C7A-6F48-48B8-ACAD-720FC797F836"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "EE03013A-AAB3-4426-BB22-E1487D3B3F6C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D5EF09DB-023A-40CB-9C94-020172383EEC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5C5B44E9-BA5B-4CFB-8452-B52B6CC833F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E1553CEA-FCF4-4A9C-85FE-F7DB7A500443"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A5E68B7B-BA08-4E8C-B60A-B3836C6986BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "952CA843-7CF0-4424-BDA4-3F2A93E077B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "07AC19C6-D245-4C3A-90CC-A931A901EA0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E346DCBD-7DEB-464F-B917-8624BE87D646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "5697984D-08BA-412F-9BDF-26B658B0ADBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "73F22C26-52FC-42A7-B263-0CC7770A8C6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3D30C02C-91FB-4D29-AF49-7903158E8FEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B6D9064-844B-4D3F-AAE4-D170DF45EF8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "C581B7EE-CD08-4D6E-8858-EA8FA631F84C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3093F6FE-C562-4F62-97B7-CA0D2DDF9BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DAB2A0D7-8F4F-4128-AE09-D2658D793BF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6A89AE5B-4D1A-4ADA-B572-38B1FC4ED54C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC6E2FC7-2BAF-4C7B-9E0F-D9F844041A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "2A901EFE-90BA-474C-88D2-8A3E7D99C0E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DF7B3213-520A-49F0-A183-C73A37A56854"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FD8B9CD3-063E-481E-BE7C-1628ADA71849"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CE09EF7-B024-4D79-9400-C8223CDFBB86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "C339A665-413D-443F-AD04-F71C161235D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3DD61EDA-98ED-4309-B54F-0CF8B7D07DC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4ECB0B7A-590C-460C-878B-9A78CB37D259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D66CF415-6C4A-4AF3-B660-B2E9CF484B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EAFE015F-8130-4F10-A553-420F0BB2A132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "141E541B-8FA5-4829-A413-4F1DC19E9AE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "ACEA385E-3931-4438-A2A9-0357651F9B48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A57CB118-46CC-4CE8-ACC3-A806CD2C25A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6DD1F78D-EA98-4825-A0EA-703196DDE5E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "BDDB3FBE-99EC-4763-961B-2C436D864A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "1B02110E-71FB-495F-86CA-F2A4E55C0E42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "931CC6D7-A42D-4482-B901-B539DFF89C3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "84ED2366-D4BA-4094-94AC-AD6E7AEBB6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07",
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

272
CVE-2024/CVE-2024-346xx/CVE-2024-34603.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-34603",
"sourceIdentifier": "mobile.security@samsung.com",
"published": "2024-07-08T07:15:04.100",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:48:47.467",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "mobile.security@samsung.com",
"type": "Secondary",
@ -39,10 +59,252 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07",
"source": "mobile.security@samsung.com"
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A5E68B7B-BA08-4E8C-B60A-B3836C6986BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "952CA843-7CF0-4424-BDA4-3F2A93E077B6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "07AC19C6-D245-4C3A-90CC-A931A901EA0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "E346DCBD-7DEB-464F-B917-8624BE87D646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "5697984D-08BA-412F-9BDF-26B658B0ADBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "73F22C26-52FC-42A7-B263-0CC7770A8C6A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3D30C02C-91FB-4D29-AF49-7903158E8FEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B6D9064-844B-4D3F-AAE4-D170DF45EF8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "C581B7EE-CD08-4D6E-8858-EA8FA631F84C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*",
"matchCriteriaId": "3093F6FE-C562-4F62-97B7-CA0D2DDF9BBE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DAB2A0D7-8F4F-4128-AE09-D2658D793BF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-apr-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "6A89AE5B-4D1A-4ADA-B572-38B1FC4ED54C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC6E2FC7-2BAF-4C7B-9E0F-D9F844041A35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "2A901EFE-90BA-474C-88D2-8A3E7D99C0E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "DF7B3213-520A-49F0-A183-C73A37A56854"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FD8B9CD3-063E-481E-BE7C-1628ADA71849"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9CE09EF7-B024-4D79-9400-C8223CDFBB86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jan-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "C339A665-413D-443F-AD04-F71C161235D0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3DD61EDA-98ED-4309-B54F-0CF8B7D07DC7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4ECB0B7A-590C-460C-878B-9A78CB37D259"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-jun-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "D66CF415-6C4A-4AF3-B660-B2E9CF484B51"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EAFE015F-8130-4F10-A553-420F0BB2A132"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-mar-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "141E541B-8FA5-4829-A413-4F1DC19E9AE1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "ACEA385E-3931-4438-A2A9-0357651F9B48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-may-2024-r1:*:*:*:*:*:*",
"matchCriteriaId": "A57CB118-46CC-4CE8-ACC3-A806CD2C25A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "6DD1F78D-EA98-4825-A0EA-703196DDE5E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "BDDB3FBE-99EC-4763-961B-2C436D864A1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "1B02110E-71FB-495F-86CA-F2A4E55C0E42"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "931CC6D7-A42D-4482-B901-B539DFF89C3E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:samsung:android:14.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "84ED2366-D4BA-4094-94AC-AD6E7AEBB6FF"
}
]
}
]
}
],
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07",
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-347xx/CVE-2024-34723.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34723",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:14.407",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:45.123",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En onTransact de ParcelableListBinder.java, existe una forma posible de robar mAllowlistToken para iniciar una aplicaci\u00f3n en segundo plano debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/c702bb71811993960debe0c18fcf8834cfa2454f",

39
CVE-2024/CVE-2024-347xx/CVE-2024-34726.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34726",
"sourceIdentifier": "security@android.com",
"published": "2024-07-09T21:15:14.680",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:45.340",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En PVRSRV_MMap de pvr_bridge_k.c, existe una posible ejecuci\u00f3n de c\u00f3digo arbitrario debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda conducir a una escalada local de privilegios en el kernel sin necesidad de permisos de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-783"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/2024-07-01",

27
CVE-2024/CVE-2024-34xx/CVE-2024-3410.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3410",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-07-09T06:15:02.263",
"lastModified": "2024-07-09T18:19:14.047",
"lastModified": "2024-07-11T15:06:16.780",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento de WordPress DN Footer Contacts anterior a 1.6.3 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/e2067637-45f3-4b42-96ca-85867c4c0409/",

7
CVE-2024/CVE-2024-356xx/CVE-2024-35672.json
View File

@ -2,12 +2,13 @@
"id": "CVE-2024-35672",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-04T19:20:08.967",
"lastModified": "2024-06-11T14:21:04.210",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-11T15:15:11.733",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.16."
"value": "Missing Authorization vulnerability in Netgsm.This issue affects Netgsm: from n/a through 2.9.19."
},
{
"lang": "es",

39
CVE-2024/CVE-2024-364xx/CVE-2024-36451.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36451",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-10T07:15:03.040",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:47.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Existe una vulnerabilidad de manejo incorrecto de permisos o privilegios insuficientes en el m\u00f3dulo ajaxterm de Webmin anterior a 2.003. Si se aprovecha esta vulnerabilidad, un usuario no autorizado puede secuestrar una sesi\u00f3n de consola. Como resultado, se pueden hacer referencias a datos dentro de un sistema, se puede alterar una p\u00e1gina web o se puede detener permanentemente un servidor."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-280"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN81442045/",

27
CVE-2024/CVE-2024-364xx/CVE-2024-36453.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36453",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-10T07:15:03.177",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:48.797",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Existe una vulnerabilidad de Cross Site Scripting en session_login.cgi de las versiones de Webmin anteriores a la 1.970 y de las versiones de Usermin anteriores a la 1.820. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accedi\u00f3 al sitio web utilizando el producto. Como resultado, una p\u00e1gina web puede verse alterada o se puede divulgar informaci\u00f3n confidencial, como una credencial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://jvn.jp/en/jp/JVN81442045/",

39
CVE-2024/CVE-2024-366xx/CVE-2024-36676.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36676",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T22:15:02.467",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:49.017",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El control de acceso incorrecto en BookStack anterior a v24.05.1 permite a los atacantes confirmar los usuarios existentes del sistema y realizar notificaciones de DoS por correo electr\u00f3nico dirigidas a trav\u00e9s de formularios p\u00fablicos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/BookStackApp/BookStack/issues/4993",

74
CVE-2024/CVE-2024-36xx/CVE-2024-3651.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3651",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-07T18:15:09.827",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:58:01.803",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
@ -41,8 +63,18 @@
},
"weaknesses": [
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security@huntr.dev",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +83,38 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d",
"source": "security@huntr.dev"
},
"nodes": [
{
"url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
"source": "security@huntr.dev"
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kjd:internationalized_domain_names_in_applications:3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "58AE756B-C46B-418C-A3CD-DD0CEE78ABB3"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/kjd/idna/commit/1d365e17e10d72d0b7876316fc7b9ca0eebdd38d",
"source": "security@huntr.dev",
"tags": [
"Patch"
]
},
{
"url": "https://huntr.com/bounties/93d78d07-d791-4b39-a845-cbfabc44aadb",
"source": "security@huntr.dev",
"tags": [
"Exploit",
"Patch"
]
}
]
}

72
CVE-2024/CVE-2024-371xx/CVE-2024-37151.json Normal file
View File

@ -0,0 +1,72 @@
{
"id": "CVE-2024-37151",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-11T15:15:11.847",
"lastModified": "2024-07-11T15:15:11.847",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. \nMishandling of multiple fragmented packets using the same IP ID value can lead to packet reassembly failure, which can lead to policy bypass. Upgrade to 7.0.6 or 6.0.20. When using af-packet, enable `defrag` to reduce the scope of the problem."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/commit/9d5c4273cb7e5ca65f195f7361f0d848c85180e0",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/commit/aab7f35c76721df19403a7c0c0025feae12f3b6b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-qrp7-g66m-px24",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7041",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7042",
"source": "security-advisories@github.com"
}
]
}

132
CVE-2024/CVE-2024-373xx/CVE-2024-37389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37389",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-08T08:15:10.847",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:48:32.300",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "security@apache.org",
"type": "Secondary",
@ -51,10 +81,102 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://lists.apache.org/thread/yso9fr0wtff53nk046h1o83hdyb1lrxh",
"source": "security@apache.org"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.10.0",
"versionEndExcluding": "1.27.0",
"matchCriteriaId": "D9D4EA18-4E49-4BEA-B450-60769AE53E84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone1:*:*:*:*:*:*",
"matchCriteriaId": "D147AF4C-74C3-41AE-B5A5-24051AC1458B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone1-rc1:*:*:*:*:*:*",
"matchCriteriaId": "8F5DBC6B-2239-4349-A836-EFB8BA720145"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone1-rc2:*:*:*:*:*:*",
"matchCriteriaId": "B366BC5E-6845-40C3-9A2E-89BF99BC0C84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone1-rc3:*:*:*:*:*:*",
"matchCriteriaId": "96565E7C-0CE5-439C-9B81-551DC0B7CB9D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone1-rc4:*:*:*:*:*:*",
"matchCriteriaId": "7547CA64-3DEC-4322-96CA-C732E132DC3B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone1-rc5:*:*:*:*:*:*",
"matchCriteriaId": "8067F8FC-2183-4302-A7EE-29912E68F1A8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone1-rc6:*:*:*:*:*:*",
"matchCriteriaId": "B1C2A606-5B3A-47C7-A94A-9BBA6E4B330F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone2:*:*:*:*:*:*",
"matchCriteriaId": "200043CB-5676-4005-97B8-C95BCFF3EE0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone2-rc1:*:*:*:*:*:*",
"matchCriteriaId": "73A9B62D-47A5-41B3-8E7C-86DED14A230D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone2-rc2:*:*:*:*:*:*",
"matchCriteriaId": "923C9C51-206A-4C12-A60D-3E9DE7808BCD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone2-rc3:*:*:*:*:*:*",
"matchCriteriaId": "98CF1F86-BE1E-410E-A425-873081B9B353"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone2-rc4:*:*:*:*:*:*",
"matchCriteriaId": "34AD9B07-0C66-487A-9D32-A75C99852EE0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone3:*:*:*:*:*:*",
"matchCriteriaId": "1DE8050C-59BA-4789-B211-7AC0D0E696BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:nifi:2.0.0:milestone3-rc1:*:*:*:*:*:*",
"matchCriteriaId": "665BBA63-AF45-4B9F-BA0E-6C900E675270"
}
]
}
]
}
],
"references": [
{
"url": "https://lists.apache.org/thread/yso9fr0wtff53nk046h1o83hdyb1lrxh",
"source": "security@apache.org",
"tags": [
"Mailing List"
]
}
]
}

409
CVE-2024/CVE-2024-375xx/CVE-2024-37528.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37528",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-08T03:15:02.450",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:49:28.177",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -51,14 +71,389 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294293",
"source": "psirt@us.ibm.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0.0",
"versionEndIncluding": "18.0.2",
"matchCriteriaId": "716DF694-558C-4115-B70E-E434602BA933"
},
{
"url": "https://www.ibm.com/support/pages/node/7159332",
"source": "psirt@us.ibm.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "19.0.1",
"versionEndIncluding": "19.0.3",
"matchCriteriaId": "00B3BADE-C2D9-40BC-BAD0-39FCA9FC563B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.1",
"versionEndIncluding": "20.0.3",
"matchCriteriaId": "F99EDA35-605B-4AC3-AFFA-F6507F1DD8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "AF7E2601-47E6-4111-9DE0-C3C01705884A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "AECC2FB4-0D29-45DB-AB55-B6C6C6A8BB2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "B8F5E495-92A5-419D-884B-C82D6AA5B56B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "508939AF-58FC-4E12-B4E2-B11865B603F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "C5B419DE-4597-4A33-861D-5530BDA9E679"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "00EE653A-0EAD-489B-9610-6BEE3295AAEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "06B644E7-7EB2-4AB6-9D30-EA0602373FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_007:*:*:*:*:*:*",
"matchCriteriaId": "838846CB-8436-40D1-9C3B-FBA2426351E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.1:interim_fix_008:*:*:*:*:*:*",
"matchCriteriaId": "60AC2B63-2F8A-40E7-B2E0-4A06F79E1F7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*",
"matchCriteriaId": "A8D6EB68-3804-494D-B12A-2E96E31D1B1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "21D8DE68-5651-4068-B978-79B28F2DC5D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "BBEA972A-A41E-44C9-8D35-1A991D3384B7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "D3009F4E-7157-43D3-B6A0-2531CDE619BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "1DA97C23-9B80-4956-9873-317902A0D804"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "1D0B6203-C775-4C5E-BAE9-C956E718F261"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "257A7A17-7EDF-4E23-88A6-216BC29EC467"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_007:*:*:*:*:*:*",
"matchCriteriaId": "26FF217B-1BD4-46E5-8023-2B2989FF7868"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_008:*:*:*:*:*:*",
"matchCriteriaId": "C60E58EA-C4D5-4D4D-8C9B-3EC33A7027E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_009:*:*:*:*:*:*",
"matchCriteriaId": "7817670E-5649-42A9-B5F9-7586D7AEB4CA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_010:*:*:*:*:*:*",
"matchCriteriaId": "FC7F85E8-8185-418A-B25F-8E64A58177DD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_011:*:*:*:*:*:*",
"matchCriteriaId": "37616DCD-C26C-44EA-AA7F-732DC128FFE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_012:*:*:*:*:*:*",
"matchCriteriaId": "26CAC076-6FED-49E2-BF33-230F1D1195F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_013:*:*:*:*:*:*",
"matchCriteriaId": "5A88C56C-22CC-4791-BB33-C1494E7F41EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_014:*:*:*:*:*:*",
"matchCriteriaId": "12652B2E-307E-4568-920B-A869914ED650"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_015:*:*:*:*:*:*",
"matchCriteriaId": "8F4E242F-BDF4-4CFE-B808-4A4B7A6FAD0D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_016:*:*:*:*:*:*",
"matchCriteriaId": "88E736CF-CA6E-400B-9AE3-2C58D2265752"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_017:*:*:*:*:*:*",
"matchCriteriaId": "02488B2F-8D6E-4BDC-8DA9-45F5EBC42049"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_018:*:*:*:*:*:*",
"matchCriteriaId": "854F4AF8-B712-446E-9DE1-A2496D5E9C1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_019:*:*:*:*:*:*",
"matchCriteriaId": "CF3F1B62-089B-41ED-AD3E-F31F8E967F18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_020:*:*:*:*:*:*",
"matchCriteriaId": "ABB843C3-F26D-43A5-AD3E-9D30D00339D2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_021:*:*:*:*:*:*",
"matchCriteriaId": "42A67A28-CBF1-4C37-A217-F4789ED1850E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_022:*:*:*:*:*:*",
"matchCriteriaId": "BFEF1033-B100-400A-9B2B-94AEE3A7B94A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_023:*:*:*:*:*:*",
"matchCriteriaId": "5F109F93-1CE8-4F86-9070-73012ED0FE79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_024:*:*:*:*:*:*",
"matchCriteriaId": "6CC66606-EE8D-4273-832A-4A0391B5DBAC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_025:*:*:*:*:*:*",
"matchCriteriaId": "8CEF57DE-61D6-41E6-8C34-06A1F859F9AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_026:*:*:*:*:*:*",
"matchCriteriaId": "7C441A0C-5FE4-4F7A-8E88-85E198790D48"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_028:*:*:*:*:*:*",
"matchCriteriaId": "9A6F6F2E-0ED8-4478-BFC5-92C736323A63"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_029:*:*:*:*:*:*",
"matchCriteriaId": "1D823E07-4F45-4EBC-99AF-81C412330586"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_030:*:*:*:*:*:*",
"matchCriteriaId": "AE588317-A913-429C-88E8-059425506E47"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_031:*:*:*:*:*:*",
"matchCriteriaId": "B0E18893-9158-4712-B879-7ADD2EB619AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_032:*:*:*:*:*:*",
"matchCriteriaId": "DFBF74EF-1B70-4FDE-A13F-6695C72E4638"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:21.0.3:interim_fix_033:*:*:*:*:*:*",
"matchCriteriaId": "C3A5C102-A3D4-456D-B985-E556E37044A9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "F22E2017-86A6-4CD1-8192-7A5DF0A1D818"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "31BC7CBD-C728-481C-AC5F-110FD7799B6F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "49793CE0-A419-4937-89B4-B6A8F0E22C0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "E7ABFE27-D890-4AF4-8686-296F4DB90F73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "BE746B2B-EECA-4332-9A24-8EF23BDA1B52"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "CEE539C9-6AF2-4B02-8916-2AC7D4A93C2F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.1:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "72743164-5279-4FB6-86EE-EBE5B8CD6D1C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "517C5EDE-5104-4E22-B9C6-64DFBA7650C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "7A81368D-744B-4886-96C7-1755A27C0AAD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "5B823170-57D5-4329-B41A-6C347982E00B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "AAE375C3-E995-415F-A349-A45998764910"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "A402E881-759D-4B59-985D-4DDA49327147"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "939B5364-0CF8-480A-B15A-B1FD9D9560EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:22.0.2:interim_fix_006:*:*:*:*:*:*",
"matchCriteriaId": "9BD80442-5DB1-44AC-B4FC-6EDF4162586B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:-:*:*:*:*:*:*",
"matchCriteriaId": "01632D44-1A4A-4C1A-A19D-8E815617B905"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "12CE606B-49F1-425F-A00B-23E3C91CCB0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "581B838C-3242-46E8-B2A7-343734FEA3DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "287F9B5E-AD36-422B-80D5-9B51BA64F993"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.1:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "0B20AAF4-0EC3-467A-96C6-102124A191DC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:-:*:*:*:*:*:*",
"matchCriteriaId": "0EA264AE-2691-4C84-BAB6-82BEECC7435F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_001:*:*:*:*:*:*",
"matchCriteriaId": "91E7E70A-765F-47EC-8DDD-82BFFE14A6C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_002:*:*:*:*:*:*",
"matchCriteriaId": "F3A493A2-6835-4A52-9C0C-1C828C3AF662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_003:*:*:*:*:*:*",
"matchCriteriaId": "F5D82427-AC22-4C48-9AC8-B1922082FDF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_004:*:*:*:*:*:*",
"matchCriteriaId": "0767E445-1D61-4879-AB3A-2E6259CF4AF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:cloud_pak_for_business_automation:23.0.2:interim_fix_005:*:*:*:*:*:*",
"matchCriteriaId": "BA3388C6-DFAD-403E-9699-305B2146B883"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294293",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7159332",
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-377xx/CVE-2024-37770.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-10T18:15:04.983",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:53.090",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que 14Finger v1.1 conten\u00eda una vulnerabilidad de ejecuci\u00f3n remota de comandos (RCE) en la funci\u00f3n de huellas dactilares. Esta vulnerabilidad permite a los atacantes ejecutar comandos arbitrarios mediante un payload manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/b1ackc4t/14Finger/issues/13",

39
CVE-2024/CVE-2024-378xx/CVE-2024-37829.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37829",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T21:15:14.770",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:05:54.680",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en Outline &lt;= v0.76.1 permite a los atacantes ejecutar un ataque de secuestro de sesi\u00f3n mediante la interacci\u00f3n del usuario con un magic sign-in link manipulado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://github.com/sysentr0py/CVEs/tree/main/CVE-2024-37829",

39
CVE-2024/CVE-2024-378xx/CVE-2024-37871.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37871",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T20:15:11.767",
"lastModified": "2024-07-11T13:06:13.187",
"lastModified": "2024-07-11T15:05:55.507",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en login.php en Itsourcecode Online Discussion Forum Project en PHP con C\u00f3digo Fuente 1.0 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro email."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/TThuyyy/cve1/issues/1",

62
CVE-2024/CVE-2024-379xx/CVE-2024-37999.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37999",
"sourceIdentifier": "productcert@siemens.com",
"published": "2024-07-08T11:15:10.487",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:44:57.050",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
@ -85,8 +105,18 @@
},
"weaknesses": [
{
"source": "productcert@siemens.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "productcert@siemens.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -95,10 +125,30 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799",
"source": "productcert@siemens.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:siemens:medicalis_workflow_orchestrator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B41D288A-8939-4C75-94C9-F199CE866B20"
}
]
}
]
}
],
"references": [
{
"url": "https://www.siemens-healthineers.com/en-us/support-documentation/cybersecurity/shsa-501799",
"source": "productcert@siemens.com",
"tags": [
"Broken Link"
]
}
]
}

89
CVE-2024/CVE-2024-380xx/CVE-2024-38071.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38071",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:40.677",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:47:39.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Remote Desktop Licensing Service Denial of Service Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de denegaci\u00f3n de servicio del servicio Windows Remote Desktop Licensing"
}
],
"metrics": {
@ -36,6 +40,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -47,10 +61,75 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38071",
"source": "secure@microsoft.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB18C4CE-5917-401E-ACF7-2747084FD36E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.7159",
"matchCriteriaId": "59C9A2A5-AE44-4583-A7B1-B8D62B0E83BB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.6054",
"matchCriteriaId": "3401E6F7-2430-4247-8A22-0B733A03501A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2582",
"matchCriteriaId": "4E433A09-F730-4EBE-8050-8789755B0D35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.1009",
"matchCriteriaId": "EDA01A4A-9AED-484A-8B10-3282FA13F635"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38071",
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-383xx/CVE-2024-38330.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38330",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-07-08T02:15:01.963",
"lastModified": "2024-07-08T15:49:22.437",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T14:53:16.417",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
@ -51,14 +71,48 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295227",
"source": "psirt@us.ibm.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i:7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5E41BD05-37B8-4494-9344-506D4BCF43C2"
},
{
"url": "https://www.ibm.com/support/pages/node/7159615",
"source": "psirt@us.ibm.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DD4F4919-D935-4B81-B4E8-0E0F2DAC09B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:i:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2B298C-E1F6-43BD-A5EF-83964C6669CE"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/295227",
"source": "psirt@us.ibm.com",
"tags": [
"VDB Entry",
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7159615",
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-385xx/CVE-2024-38534.json Normal file
View File

@ -0,0 +1,68 @@
{
"id": "CVE-2024-38534",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-11T15:15:12.350",
"lastModified": "2024-07-11T15:15:12.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Crafted modbus traffic can lead to unlimited resource accumulation within a flow. Upgrade to 7.0.6. Set a limited stream.reassembly.depth to reduce the issue."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/commit/a753cdbe84caee3b66d0bf49b2712d29a50d67ae",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-59qg-h357-69fq",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/6987",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/6988",
"source": "security-advisories@github.com"
}
]
}

76
CVE-2024/CVE-2024-385xx/CVE-2024-38535.json Normal file
View File

@ -0,0 +1,76 @@
{
"id": "CVE-2024-38535",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-11T15:15:12.557",
"lastModified": "2024-07-11T15:15:12.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Suricata can run out of memory when parsing crafted HTTP/2 traffic. Upgrade to 6.0.20 or 7.0.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/commit/62d5cac1b8483d5f9d2b79833a4e59f5d80129b7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/commit/c82fa5ca0d1ce0bd8f936e0b860707a6571373b2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-cg8j-7mwm-v563",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7104",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7105",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7112",
"source": "security-advisories@github.com"
}
]
}

64
CVE-2024/CVE-2024-385xx/CVE-2024-38536.json Normal file
View File

@ -0,0 +1,64 @@
{
"id": "CVE-2024-38536",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-07-11T15:15:12.760",
"lastModified": "2024-07-11T15:15:12.760",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. A memory allocation failure due to `http.memcap` being reached leads to a NULL-ptr reference leading to a crash. Upgrade to 7.0.6."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://github.com/OISF/suricata/security/advisories/GHSA-j32j-4w6g-94hh",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7029",
"source": "security-advisories@github.com"
},
{
"url": "https://redmine.openinfosecfoundation.org/issues/7033",
"source": "security-advisories@github.com"
}
]
}

39
CVE-2024/CVE-2024-389xx/CVE-2024-38959.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38959",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T21:15:15.040",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:06:03.203",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de Cross Site Scripting en Creativeitem Academy LMS Learning Management System v.6.8.1 permite a un atacante remoto ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro de cadena."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://medium.com/%40geetmadan22/reflected-cross-site-scripting-on-academy-lms-learning-management-system-product-4ab04ef51022",

34
CVE-2024/CVE-2024-389xx/CVE-2024-38972.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-38972",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T18:15:10.703",
"lastModified": "2024-07-11T03:00:24.250",
"vulnStatus": "Analyzed",
"lastModified": "2024-07-11T15:06:04.187",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

43
CVE-2024/CVE-2024-389xx/CVE-2024-38987.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-38987",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:04.717",
"lastModified": "2024-07-01T16:37:39.040",
"lastModified": "2024-07-11T15:06:05.027",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que aofl cli-lib v3.14.0 conten\u00eda un prototipo de contaminaci\u00f3n a trav\u00e9s del componente defaultsDeep. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) mediante la inyecci\u00f3n de propiedades arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/29636943e6989e67f38251580cbcea73",

43
CVE-2024/CVE-2024-390xx/CVE-2024-39001.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-39001",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.397",
"lastModified": "2024-07-01T16:37:39.040",
"lastModified": "2024-07-11T15:06:05.870",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ag-grid-enterprise v31.3.2 was discovered to contain a prototype pollution via the component _ModuleSupport.jsonApply. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que ag-grid-enterprise v31.3.2 conten\u00eda un prototipo de contaminaci\u00f3n a trav\u00e9s del componente _ModuleSupport.jsonApply. Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) mediante la inyecci\u00f3n de propiedades arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/18e8c27f3a6376e7cf082cfe1ca766fa",

43
CVE-2024/CVE-2024-390xx/CVE-2024-39018.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-39018",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T13:15:05.950",
"lastModified": "2024-07-01T16:37:39.040",
"lastModified": "2024-07-11T15:06:06.723",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function \"query\". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que harvey-woo cat5th/key-serializer v0.2.5 conten\u00eda un prototipo de contaminaci\u00f3n a trav\u00e9s de la funci\u00f3n \"consulta\". Esta vulnerabilidad permite a los atacantes ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (DoS) mediante la inyecci\u00f3n de propiedades arbitrarias."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1321"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/mestrtee/be75c60307b2292884cc03cebd361f3f",

39
CVE-2024/CVE-2024-390xx/CVE-2024-39071.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39071",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T21:15:15.237",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-07-11T15:06:07.560",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Fujian Kelixun &lt;=7.6.6.4391 es vulnerable a la inyecci\u00f3n SQL en send_event.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Y5neKO/561a038dab8584c1448aad3013b9c2c7",

43
CVE-2024/CVE-2024-391xx/CVE-2024-39119.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-39119",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-02T13:15:10.850",
"lastModified": "2024-07-02T17:44:45.700",
"lastModified": "2024-07-11T15:06:08.390",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que idccms v1.35 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s de admin/info_deal.php?mudi=rev&amp;nohrefStr=close."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/2477231995/cms/blob/main/1.md",

45
CVE-2024/CVE-2024-391xx/CVE-2024-39171.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-39171",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-09T17:15:48.367",
"lastModified": "2024-07-09T18:18:38.713",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-07-11T15:06:09.273",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory Travel in PHPVibe v11.0.46 due to incomplete blacklist checksums and directory checks, which can lead to code execution via writing specific statements to .htaccess and code to a file with a .png suffix."
},
{
"lang": "es",
"value": "Directory travel en PHPVibe v11.0.46 debido a sumas de verificaci\u00f3n de lista negra y verificaciones de directorio incompletas, lo que puede llevar a la ejecuci\u00f3n de c\u00f3digo mediante la escritura de declaraciones espec\u00edficas en .htaccess y c\u00f3digo en un archivo con un sufijo .png."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-35"
}
]
}
],
"metrics": {},
"references": [
{
"url": "http://phpvibe.com",

39
CVE-2024/CVE-2024-392xx/CVE-2024-39251.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39251",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-07-01T19:15:05.480",
"lastModified": "2024-07-02T12:09:16.907",
"lastModified": "2024-07-11T15:06:10.633",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en el componente ControlCenter.sys/ControlCenter64.sys de ThundeRobot Control Center v2.0.0.10 permite a los atacantes acceder a informaci\u00f3n confidencial, ejecutar c\u00f3digo arbitrario o escalar privilegios mediante el env\u00edo de solicitudes IOCTL manipuladas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 10.0,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-782"
}
]
}
],
"references": [
{
"url": "https://github.com/Souhardya/Exploit-PoCs/tree/main/ThundeRobot_Control_center",

Some files were not shown because too many files have changed in this diff Show More