admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-12T19:00:22.928945+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-12 19:03:24 +00:00
parent 7ba80c8a4c
commit 7a7480846a
165 changed files with 8630 additions and 322 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CVE-2023/CVE-2023-404xx/CVE-2023-40457.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40457",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-11T00:15:13.817",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-12T18:35:01.990",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -23,6 +23,18 @@
}
],
"metrics": {},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://blog.benjojo.co.uk/asset/JgH8G5duO1",

8
CVE-2023/CVE-2023-66xx/CVE-2023-6681.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6681",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-02-12T14:15:08.003",
"lastModified": "2024-10-10T14:32:07.260",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-12T18:15:17.333",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -142,6 +142,10 @@
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9281",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-6681",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-72xx/CVE-2023-7250.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7250",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-18T13:15:06.910",
"lastModified": "2024-07-02T23:15:10.377",
"lastModified": "2024-11-12T17:15:05.750",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -56,6 +56,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:4241",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9185",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2023-7250",
"source": "secalert@redhat.com"

78
CVE-2024/CVE-2024-109xx/CVE-2024-10923.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-10923",
"sourceIdentifier": "security@opentext.com",
"published": "2024-11-12T17:15:05.947",
"lastModified": "2024-11-12T17:15:05.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText\u2122 ALM Octane Management allows Stored XSS.\u00a0The vulnerability could result in a remote code execution attack. \n\nThis issue affects ALM Octane Management: from 16.2.100 through 24.4."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:C/RE:M/U:Red",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NEGLIGIBLE",
"automatable": "NO",
"recovery": "AUTOMATIC",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "RED",
"baseScore": 8.6,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000036146?language=en_US",
"source": "security@opentext.com"
}
]
}

100
CVE-2024/CVE-2024-109xx/CVE-2024-10943.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-10943",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-11-12T17:15:06.147",
"lastModified": "2024-11-12T17:15:06.147",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An\nauthentication bypass vulnerability exists in the affected product. The\nvulnerability exists due to shared secrets across accounts and could allow a threat\nactor to impersonate a user if the threat actor is able to enumerate additional\ninformation required during authentication."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
}
}
],
"cvssMetricV31": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html",
"source": "PSIRT@rockwellautomation.com"
}
]
}

100
CVE-2024/CVE-2024-109xx/CVE-2024-10944.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-10944",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-11-12T17:15:06.397",
"lastModified": "2024-11-12T17:15:06.397",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Remote\nCode Execution vulnerability exists in the affected product. The vulnerability requires\na high level of permissions and exists due to improper input validation resulting\nin the possibility of a malicious Updated Agent being deployed."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:A/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "HIGH",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html",
"source": "PSIRT@rockwellautomation.com"
}
]
}

100
CVE-2024/CVE-2024-109xx/CVE-2024-10945.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-10945",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-11-12T17:15:06.640",
"lastModified": "2024-11-12T17:15:06.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Local Privilege Escalation vulnerability exists in the affected product. The vulnerability requires a local, low privileged threat actor to replace certain files during update and exists due to a failure to perform proper security checks before installation."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1710.html",
"source": "PSIRT@rockwellautomation.com"
}
]
}

4
CVE-2024/CVE-2024-109xx/CVE-2024-10971.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-10971",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-11-12T16:15:19.930",
"lastModified": "2024-11-12T16:15:19.930",
"lastModified": "2024-11-12T17:15:06.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control in the Password History feature in Devolutions DVLS 2024.3.7 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission."
"value": "Improper access control in the Password History feature in Devolutions DVLS 2024.3.6 and earlier allows a malicious authenticated user to obtain sensitive data via faulty permission."
}
],
"metrics": {},

56
CVE-2024/CVE-2024-110xx/CVE-2024-11004.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-11004",
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2024-11-12T17:15:06.943",
"lastModified": "2024-11-12T17:15:06.943",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.7,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs",
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75"
}
]
}

56
CVE-2024/CVE-2024-110xx/CVE-2024-11005.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-11005",
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2024-11-12T17:15:07.130",
"lastModified": "2024-11-12T17:15:07.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs",
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75"
}
]
}

56
CVE-2024/CVE-2024-110xx/CVE-2024-11006.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-11006",
"sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"published": "2024-11-12T17:15:07.333",
"lastModified": "2024-11-12T17:15:07.333",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Command injection in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote authenticated attacker with admin privileges to achieve remote code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs",
"source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75"
}
]
}

141
CVE-2024/CVE-2024-111xx/CVE-2024-11138.json Normal file
View File

@ -0,0 +1,141 @@
{
"id": "CVE-2024-11138",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-12T18:15:17.543",
"lastModified": "2024-11-12T18:15:17.543",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in DedeCMS 5.7.116. This affects an unknown part of the file /dede/uploads/dede/friendlink_add.php. The manipulation of the argument logoimg leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
},
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://github.com/falling-snow1/cve1/blob/main/DedeCMS%20V5.7.116%20has%20Remote%20Code%20Excute%20vulnerability.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.283977",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.283977",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.441900",
"source": "cna@vuldb.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21937.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21937",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:17.863",
"lastModified": "2024-11-12T18:15:17.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the AMD HIP SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-6015.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21938.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21938",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:18.073",
"lastModified": "2024-11-12T18:15:18.073",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the AMD Management Plugin for the Microsoft\u00ae System Center Configuration Manager (SCCM) installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9005.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21939.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21939",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:18.263",
"lastModified": "2024-11-12T18:15:18.263",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the AMD Cloud Manageability Service (ACMS) Software installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9006.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21945.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21945",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:18.450",
"lastModified": "2024-11-12T18:15:18.450",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the AMD RyzenTM Master monitoring SDK installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9004.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21946.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21946",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:18.633",
"lastModified": "2024-11-12T18:15:18.633",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the AMD RyzenTM Master Utility installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9004.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21949.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21949",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:18.813",
"lastModified": "2024-11-12T18:15:18.813",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21957.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21957",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:19.050",
"lastModified": "2024-11-12T18:15:19.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the AMD Management Console installation directory could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9003.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21958.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21958",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:19.340",
"lastModified": "2024-11-12T18:15:19.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect default permissions in the AMD Provisioning Console installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-9007.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21974.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21974",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:19.533",
"lastModified": "2024-11-12T18:15:19.533",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html",
"source": "psirt@amd.com"
}
]
}

56
CVE-2024/CVE-2024-219xx/CVE-2024-21975.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-21975",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:19.723",
"lastModified": "2024-11-12T18:15:19.723",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html",
"source": "psirt@amd.com"
}
]
}

86
CVE-2024/CVE-2024-219xx/CVE-2024-21976.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-21976",
"sourceIdentifier": "psirt@amd.com",
"published": "2024-11-12T18:15:19.920",
"lastModified": "2024-11-12T18:35:03.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in the NPU driver could allow an attacker to supply a specially crafted pointer potentially leading to arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "psirt@amd.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7017.html",
"source": "psirt@amd.com"
}
]
}

6
CVE-2024/CVE-2024-22xx/CVE-2024-2236.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2236",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-03-06T22:15:57.977",
"lastModified": "2024-09-14T04:15:02.903",
"lastModified": "2024-11-12T18:15:20.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -52,6 +52,10 @@
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:9404",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-2236",
"source": "secalert@redhat.com"

39
CVE-2024/CVE-2024-253xx/CVE-2024-25369.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25369",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-22T20:15:56.880",
"lastModified": "2024-02-23T02:42:54.547",
"lastModified": "2024-11-12T18:35:04.640",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross site scripting (XSS) reflejado en FUEL CMS 1.5.2 permite a los atacantes ejecutar c\u00f3digo arbitrario a trav\u00e9s de una cadena manipulada despu\u00e9s del par\u00e1metro group_id."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/liyako/vulnerability/blob/main/POC/FUEL%20CMS%20Reflected%20Cross-Site%20Scripting%20%28XSS%29.md",

39
CVE-2024/CVE-2024-253xx/CVE-2024-25373.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25373",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-15T19:15:14.750",
"lastModified": "2024-02-15T19:55:09.230",
"lastModified": "2024-11-12T18:35:05.530",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Tenda AC10V4.0 V16.03.10.20 conten\u00eda un desbordamiento en la regi\u00f3n stack de la memoria a trav\u00e9s del par\u00e1metro de p\u00e1gina en la funci\u00f3n sub_49B384."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://github.com/cvdyfbwa/IoT-Tenda-Router/blob/main/sub_49B384.md",

39
CVE-2024/CVE-2024-268xx/CVE-2024-26804.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26804",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:09.217",
"lastModified": "2024-11-05T10:15:51.333",
"lastModified": "2024-11-12T17:35:03.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: ip_tunnel: evita el crecimiento perpetuo del espacio libre syzkaller activado despu\u00e9s de kasan splat: ERROR: KASAN: use-after-free en __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Lectura del tama\u00f1o 1 en la direcci\u00f3n ffff88812fb4000e mediante la tarea syz-executor183/5191 [..] kasan_report+0xda/0x110 mm/kasan/report.c:588 __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 skb_flow_dissect_flow_key incluir/linux /skbuff.h:1514 [en l\u00ednea] ___skb_get_hash net/core/flow_dissector.c:1791 [en l\u00ednea] __skb_get_hash+0xc7/0x540 net/core/flow_dissector.c:1856 skb_get_hash include/linux/skbuff.h:1556 [en l\u00ednea] ip_tunnel_xmit +0x1855/0x33c0 net/ipv4/ip_tunnel.c:748 ipip_tunnel_xmit+0x3cc/0x4e0 net/ipv4/ipip.c:308 __netdev_start_xmit include/linux/netdevice.h:4940 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:4954 [en l\u00ednea] xmit_one net/core/dev.c:3548 [en l\u00ednea] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 __dev_queue_xmit+0x7c1/0x3d60 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice .h:3134 [en l\u00ednea] neigh_connected_output+0x42c/0x5d0 net/core/neighbour.c:1592 ... ip_finish_output2+0x833/0x2550 net/ipv4/ip_output.c:235 ip_finish_output+0x31/0x310 net/ipv4/ip_output.c :323 .. iptunnel_xmit+0x5b4/0x9b0 net/ipv4/ip_tunnel_core.c:82 ip_tunnel_xmit+0x1dbc/0x33c0 net/ipv4/ip_tunnel.c:831 ipgre_xmit+0x4a1/0x980 net/ipv4/ip_gre.c:665 __netdev_start_xmit incluir /linux /netdevice.h:4940 [en l\u00ednea] netdev_start_xmit include/linux/netdevice.h:4954 [en l\u00ednea] xmit_one net/core/dev.c:3548 [en l\u00ednea] dev_hard_start_xmit+0x13d/0x6d0 net/core/dev.c:3564 . .. El s\u00edmbolo se produce porque skb->data apunta m\u00e1s all\u00e1 del \u00e1rea asignada de skb->head. Esto se debe a que la capa vecina hace: __skb_pull(skb, skb_network_offset(skb)); ... pero skb_network_offset() devuelve un desplazamiento negativo y el argumento __skb_pull() no est\u00e1 firmado. OIA, nosotros, skb->los datos, se \"ajustan\" en un valor enorme. El valor negativo se devuelve porque la distancia de skb->head y skb->data es superior a 64k y skb->network_header (u16) se ha ajustado. El error est\u00e1 en la infraestructura ip_tunnel, lo que puede hacer que dev->needed_headroom se incremente hasta el infinito. El reproductor syzkaller consta de paquetes que se enrutan a trav\u00e9s de un t\u00fanel gre y una ruta de paquetes encapsulados gre que apuntan a otro t\u00fanel (ipip). La encapsulaci\u00f3n ipip encuentra gre0 como el siguiente dispositivo de salida. Esto da como resultado el siguiente patr\u00f3n: 1). El primer paquete se enviar\u00e1 a trav\u00e9s de gre0. La b\u00fasqueda de ruta encontr\u00f3 un dispositivo de salida, ipip0. 2). ip_tunnel_xmit para gre0 aumenta gre0->needed_headroom seg\u00fan el dispositivo de salida futuro, rt.dev->needed_headroom (ipip0). 3). ipoutput/start_xmit mueve skb a ipip0. que ejecuta la misma ruta de c\u00f3digo nuevamente (xmit recursividad). 4). El paso de enrutamiento para el paquete post-gre0-encap encuentra gre0 como dispositivo de salida para usar con el paquete encapsulado ipip0. tunl0->needed_headroom luego se incrementa seg\u00fan el espacio libre del dispositivo gre0 (ya aumentado). Esto se repite para cada paquete futuro: gre0->needed_headroom se infla porque el paso ipip0 de los paquetes anteriores increment\u00f3 el espacio libre rt->dev (gre0), y ipip0 se increment\u00f3 porque se aument\u00f3 el espacio necesario_headroom de gre0. Para cada paquete posterior, gre/ipip0->needed_headroom crece hasta que las reasignaciones posteriores a la expansi\u00f3n del cabezal dan como resultado una distancia skb->head/data de m\u00e1s de 64k. Una vez que eso sucede, skb->network_header (u16) se ajusta cuando pskb_expand_head intenta asegurarse de que skb_network_offset() no cambie despu\u00e9s de la expansi\u00f3n/reasignaci\u00f3n del espacio libre. Despu\u00e9s de esto, skb_network_offset(skb) devuelve un resultado diferente (y negativo) posterior a la expansi\u00f3n del espacio libre.---trucado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/049d7989c67e8dd50f07a2096dbafdb41331fb9b",

39
CVE-2024/CVE-2024-276xx/CVE-2024-27625.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-27625",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T14:15:49.160",
"lastModified": "2024-03-05T14:27:46.090",
"lastModified": "2024-11-12T18:35:06.473",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "CMS Made Simple versi\u00f3n 2.2.19 es vulnerable a Cross Site Scripting (XSS). Esta vulnerabilidad reside en el m\u00f3dulo Administrador de archivos del panel de administraci\u00f3n. Espec\u00edficamente, el problema surge debido a una sanitizaci\u00f3n inadecuada de la entrada del usuario en el campo \"Nuevo directorio\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://packetstormsecurity.com/files/177243/CMS-Made-Simple-2.2.19-Cross-Site-Scripting.html",

27
CVE-2024/CVE-2024-290xx/CVE-2024-29007.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29007",
"sourceIdentifier": "security@apache.org",
"published": "2024-04-04T08:15:06.970",
"lastModified": "2024-04-04T12:48:41.700",
"lastModified": "2024-11-12T18:35:07.403",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se podr\u00eda enga\u00f1ar al servidor de administraci\u00f3n de CloudStack y a la m\u00e1quina virtual de almacenamiento secundario para que realicen solicitudes a recursos restringidos o aleatorios mediante las siguientes redirecciones HTTP 301 presentadas por servidores externos al descargar plantillas o ISO. Se recomienda a los usuarios actualizar a la versi\u00f3n 4.18.1.1 o 4.19.0.1, que soluciona este problema."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

56
CVE-2024/CVE-2024-301xx/CVE-2024-30133.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-30133",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-11-12T17:15:07.590",
"lastModified": "2024-11-12T18:35:07.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HCL Traveler for Microsoft Outlook (HTMO) is susceptible to a control flow vulnerability. The application does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-670"
}
]
}
],
"references": [
{
"url": "https://support.hcl-software.com/csm?id=kb_article&sysparm_article=KB0114725",
"source": "psirt@hcl.com"
}
]
}

39
CVE-2024/CVE-2024-316xx/CVE-2024-31684.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31684",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-03T19:15:09.260",
"lastModified": "2024-06-03T19:23:17.807",
"lastModified": "2024-11-12T18:35:08.927",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El control de acceso incorrecto en el mecanismo de autenticaci\u00f3n de huellas dactilares de Bitdefender Mobile Security v4.11.3-gms permite a los atacantes eludir la autenticaci\u00f3n de huellas dactilares debido al uso de una API obsoleta."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://play.google.com/store/apps/details?id=com.choiceoflove.dating&hl=en_US",

39
CVE-2024/CVE-2024-340xx/CVE-2024-34044.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34044",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-30T00:15:07.607",
"lastModified": "2024-04-30T13:11:16.690",
"lastModified": "2024-11-12T17:35:04.873",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La funci\u00f3n O-RAN E2T I-Release buildPrometheusList puede tener una desreferencia de puntero NULL porque peerInfo puede ser NULL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://jira.o-ran-sc.org/browse/RIC-1043",

39
CVE-2024/CVE-2024-357xx/CVE-2024-35797.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35797",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-17T14:15:11.937",
"lastModified": "2024-05-17T18:35:35.070",
"lastModified": "2024-11-12T17:35:05.710",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: cachestat: corrige dos errores de shmem Cuando cachestat en shmem se ejecuta con intercambio e invalidaci\u00f3n, hay dos errores posibles: 1) Un error de intercambio puede haber resultado en una entrada de intercambio envenenada en la matriz x del inodo shmem. Llamar a get_shadow_from_swap_cache() dar\u00e1 como resultado un acceso fuera de los l\u00edmites a swapper_spaces[]. Valide la entrada con non_swap_entry() antes de continuar. 2) Cuando encontramos una entrada de intercambio v\u00e1lida en el inodo de shmem, es posible que la entrada oculta en el cach\u00e9 de intercambio a\u00fan no exista: el intercambio de E/S a\u00fan est\u00e1 en progreso y estamos antes de __remove_mapping; swapin, invalidaci\u00f3n o swapoff han eliminado la sombra de swapcache despu\u00e9s de que vimos la entrada de intercambio shmem. Esto enviar\u00e1 un NULL aworkingset_test_recent(). Este \u00faltimo opera exclusivamente con bits de puntero, por lo que no fallar\u00e1 (el nodo 0, el ID de memcg 0, la marca de tiempo de desalojo 0, etc. son todas entradas v\u00e1lidas), pero es una prueba falsa. En teor\u00eda, eso podr\u00eda resultar en un recuento falso de \"desalojados recientemente\". Un falso positivo as\u00ed no ser\u00eda el fin del mundo. Pero para mayor claridad del c\u00f3digo y solidez (futura), sea expl\u00edcito sobre este caso. Libere get_shadow_from_swap_cache() y devuelva NULL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/24a0e73d544439bb9329fbbafac44299e548a677",

39
CVE-2024/CVE-2024-358xx/CVE-2024-35878.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35878",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-19T09:15:09.090",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-11-12T17:35:06.573",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: de: m\u00f3dulo: evita la desreferencia del puntero NULL en vsnprintf() En of_modalias(), podemos pasar los par\u00e1metros str y len que provocar\u00edan un kernel ups en vsnprintf() ya que solo permite pasar un ptr NULL cuando la longitud tambi\u00e9n es 0. Adem\u00e1s, necesitamos filtrar los valores negativos del par\u00e1metro len ya que estos dar\u00e1n como resultado un b\u00fafer realmente enorme ya que snprintf() toma el par\u00e1metro size_t mientras que el nuestro es ssize_t... Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico Svace."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/544561dc56f7e69a053c25e11e6170f48bb97898",

39
CVE-2024/CVE-2024-360xx/CVE-2024-36061.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36061",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-11T20:15:17.673",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-12T17:35:07.450",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Los dispositivos EnGenius EWS356-FIT hasta la versi\u00f3n 1.1.30 permiten la inyecci\u00f3n ciega de comandos del sistema operativo. Esto permite que un atacante ejecute comandos arbitrarios del sistema operativo a trav\u00e9s de metacaracteres de shell en las utilidades Ping y Speed Test."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/cve/blob/main/Engenius/CVE-2024-36061",

14
CVE-2024/CVE-2024-370xx/CVE-2024-37086.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37086",
"sourceIdentifier": "security@vmware.com",
"published": "2024-06-25T15:15:12.570",
"lastModified": "2024-06-25T18:50:42.040",
"lastModified": "2024-11-12T18:35:10.230",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505",

56
CVE-2024/CVE-2024-382xx/CVE-2024-38203.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38203",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:20.720",
"lastModified": "2024-11-12T18:15:20.720",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Package Library Manager Information Disclosure Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38203",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-382xx/CVE-2024-38255.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38255",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:21.043",
"lastModified": "2024-11-12T18:15:21.043",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38255",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-382xx/CVE-2024-38264.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-38264",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:21.390",
"lastModified": "2024-11-12T18:15:21.390",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-591"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38264",
"source": "secure@microsoft.com"
}
]
}

39
CVE-2024/CVE-2024-384xx/CVE-2024-38480.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-38480",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-07-01T05:15:04.613",
"lastModified": "2024-07-01T12:37:24.220",
"lastModified": "2024-11-12T18:35:13.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La aplicaci\u00f3n \"Piccoma\" para versiones de Android e iOS anteriores a la 6.20.0 utiliza una clave API codificada para un servicio externo, lo que puede permitir que un atacante local obtenga la clave API. Tenga en cuenta que los usuarios de la aplicaci\u00f3n no se ven directamente afectados por esta vulnerabilidad."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://apps.apple.com/jp/app/%E3%83%94%E3%83%83%E3%82%B3%E3%83%9E/id1091496983",

144
CVE-2024/CVE-2024-392xx/CVE-2024-39226.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39226",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-06T16:15:48.757",
"lastModified": "2024-08-15T16:15:19.493",
"lastModified": "2024-11-12T17:35:08.293",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
@ -60,9 +90,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "25FB0820-4ABA-4998-86BB-878B17468245"
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82"
}
]
},
@ -71,9 +101,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:mt6000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CCDE99A6-DA15-4E4B-8C60-CCB9D580BD82"
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:mt6000_firmware:4.5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "25FB0820-4ABA-4998-86BB-878B17468245"
}
]
}
@ -82,17 +112,6 @@
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "72ECCE6C-E44B-4165-8FB6-55008C376274"
}
]
},
{
"operator": "OR",
"negate": false,
@ -103,23 +122,23 @@
"matchCriteriaId": "D6DBF472-E98E-4E00-B6A0-6D8FA1678AEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA22E2A-8C0B-44D4-917F-4A929C266AD3"
"criteria": "cpe:2.3:o:gl-inet:a1300_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "72ECCE6C-E44B-4165-8FB6-55008C376274"
}
]
},
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
@ -130,23 +149,23 @@
"matchCriteriaId": "B2AA4BAC-C6D1-42C0-94E9-5B05AC24A235"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C75FBC4F-7547-47F4-8577-FA31CF9A95EA"
"criteria": "cpe:2.3:o:gl-inet:x300b_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "FBA22E2A-8C0B-44D4-917F-4A929C266AD3"
}
]
},
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
@ -157,23 +176,23 @@
"matchCriteriaId": "BCB312FD-370C-4DF9-961F-F0C4920AA368"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "43114B40-C368-435A-91EC-B4666CC691CB"
"criteria": "cpe:2.3:o:gl-inet:ax1800_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C75FBC4F-7547-47F4-8577-FA31CF9A95EA"
}
]
},
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
@ -184,6 +203,17 @@
"matchCriteriaId": "FF453954-BC32-4577-8CE4-066812193495"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:axt1800_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "43114B40-C368-435A-91EC-B4666CC691CB"
}
]
}
]
},
@ -195,9 +225,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5222AC63-91C6-4B99-8FDD-2CCFD1CA66EF"
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28"
}
]
},
@ -206,9 +236,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:mt2500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3ADF5BF3-0F52-4947-8BC2-3505EDEEDF28"
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:mt2500_firmware:4.5.16:*:*:*:*:*:*:*",
"matchCriteriaId": "5222AC63-91C6-4B99-8FDD-2CCFD1CA66EF"
}
]
}
@ -249,9 +279,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "95C80395-9A66-4952-8259-89623C5EC065"
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C"
}
]
},
@ -260,9 +290,9 @@
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:gl-inet:x3000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9479FFAA-9C87-4530-884D-B96055A3D41C"
"vulnerable": true,
"criteria": "cpe:2.3:o:gl-inet:x3000_firmware:4.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "95C80395-9A66-4952-8259-89623C5EC065"
}
]
}

39
CVE-2024/CVE-2024-419xx/CVE-2024-41992.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41992",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-11T01:15:04.813",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-12T18:35:14.290",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La versi\u00f3n wfa_dut de Wi-Fi Alliance (en Wi-Fi Test Suite) hasta la versi\u00f3n 9.0.0 permite la inyecci\u00f3n de comandos del sistema operativo a trav\u00e9s de tramas 802.11x porque se utiliza la funci\u00f3n de librer\u00eda system(). Por ejemplo, en los dispositivos Arcadyan FMIMG51AX000J, esto lleva a la ejecuci\u00f3n remota del c\u00f3digo wfaTGSendPing como root a trav\u00e9s del tr\u00e1fico al puerto TCP 8000 o 8080 en una interfaz LAN. En otros dispositivos, esto puede ser explotable a trav\u00e9s de una interfaz WAN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/",

56
CVE-2024/CVE-2024-434xx/CVE-2024-43447.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43447",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:21.707",
"lastModified": "2024-11-12T18:15:21.707",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows SMBv3 Server Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43447",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-434xx/CVE-2024-43449.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43449",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:21.977",
"lastModified": "2024-11-12T18:15:21.977",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Video Class System Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43449",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-434xx/CVE-2024-43450.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43450",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:22.237",
"lastModified": "2024-11-12T18:15:22.237",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DNS Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-924"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43450",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-434xx/CVE-2024-43451.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43451",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:22.483",
"lastModified": "2024-11-12T18:15:22.483",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NTLM Hash Disclosure Spoofing Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-73"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-434xx/CVE-2024-43452.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43452",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:22.737",
"lastModified": "2024-11-12T18:15:22.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Registry Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43452",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-434xx/CVE-2024-43459.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43459",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:23.090",
"lastModified": "2024-11-12T18:15:23.090",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43459",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-434xx/CVE-2024-43462.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43462",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:23.370",
"lastModified": "2024-11-12T18:15:23.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43462",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-434xx/CVE-2024-43498.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43498",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:24.110",
"lastModified": "2024-11-12T18:15:24.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-434xx/CVE-2024-43499.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43499",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:24.363",
"lastModified": "2024-11-12T18:15:24.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": ".NET and Visual Studio Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-606"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-435xx/CVE-2024-43530.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43530",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:25.997",
"lastModified": "2024-11-12T18:15:25.997",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Update Stack Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43530",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-435xx/CVE-2024-43598.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43598",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:28.277",
"lastModified": "2024-11-12T18:15:28.277",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "LightGBM Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43598",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43602.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43602",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:28.563",
"lastModified": "2024-11-12T18:15:28.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Azure CycleCloud Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43602",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43620.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43620",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:29.037",
"lastModified": "2024-11-12T18:15:29.037",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43620",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43621.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43621",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:29.270",
"lastModified": "2024-11-12T18:15:29.270",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43621",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43622.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43622",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:29.513",
"lastModified": "2024-11-12T18:15:29.513",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43622",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43623.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43623",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:29.743",
"lastModified": "2024-11-12T18:15:29.743",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows NT OS Kernel Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43623",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43624.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43624",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:29.987",
"lastModified": "2024-11-12T18:15:29.987",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Shared Virtual Disk Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43624",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43625.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43625",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:30.230",
"lastModified": "2024-11-12T18:15:30.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Windows VMSwitch Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43625",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43626.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43626",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:30.443",
"lastModified": "2024-11-12T18:15:30.443",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43626",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43627.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43627",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:30.663",
"lastModified": "2024-11-12T18:15:30.663",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43627",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43628.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43628",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:30.900",
"lastModified": "2024-11-12T18:15:30.900",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43628",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43629.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43629",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:31.133",
"lastModified": "2024-11-12T18:15:31.133",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows DWM Core Library Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43629",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43630.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43630",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:31.353",
"lastModified": "2024-11-12T18:15:31.353",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43630",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43631.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43631",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:31.580",
"lastModified": "2024-11-12T18:15:31.580",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Secure Kernel Mode Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43631",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43633.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43633",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:31.800",
"lastModified": "2024-11-12T18:15:31.800",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Hyper-V Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-591"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43633",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43634.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43634",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:32.050",
"lastModified": "2024-11-12T18:15:32.050",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Video Class System Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43634",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43635.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43635",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:32.287",
"lastModified": "2024-11-12T18:15:32.287",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Telephony Service Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43635",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43636.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43636",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:32.537",
"lastModified": "2024-11-12T18:15:32.537",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Win32k Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43636",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43637.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43637",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:32.773",
"lastModified": "2024-11-12T18:15:32.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Video Class System Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43637",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43638.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43638",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:33.013",
"lastModified": "2024-11-12T18:15:33.013",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Video Class System Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43638",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43639.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43639",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:33.267",
"lastModified": "2024-11-12T18:15:33.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kerberos Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-197"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43639",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43640.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43640",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:33.507",
"lastModified": "2024-11-12T18:15:33.507",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Kernel-Mode Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-415"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43640",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43641.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43641",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:33.727",
"lastModified": "2024-11-12T18:15:33.727",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Registry Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43641",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43642.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43642",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:33.960",
"lastModified": "2024-11-12T18:15:33.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows SMB Denial of Service Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43642",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43643.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43643",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:34.370",
"lastModified": "2024-11-12T18:15:34.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows USB Video Class System Driver Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43643",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43644.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43644",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:34.643",
"lastModified": "2024-11-12T18:15:34.643",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Client-Side Caching Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43644",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43645.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43645",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:34.903",
"lastModified": "2024-11-12T18:15:34.903",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Defender Application Control (WDAC) Security Feature Bypass Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43645",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-436xx/CVE-2024-43646.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-43646",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:35.150",
"lastModified": "2024-11-12T18:15:35.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Windows Secure Kernel Mode Elevation of Privilege Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-822"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43646",
"source": "secure@microsoft.com"
}
]
}

6
CVE-2024/CVE-2024-457xx/CVE-2024-45769.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-45769",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-09-19T09:15:02.343",
"lastModified": "2024-09-20T12:30:17.483",
"lastModified": "2024-11-12T18:15:35.427",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -84,6 +84,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:6848",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9452",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-45769",
"source": "secalert@redhat.com"

6
CVE-2024/CVE-2024-457xx/CVE-2024-45770.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-45770",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-09-19T09:15:02.613",
"lastModified": "2024-09-20T12:30:17.483",
"lastModified": "2024-11-12T18:15:35.643",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -84,6 +84,10 @@
"url": "https://access.redhat.com/errata/RHSA-2024:6848",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:9452",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-45770",
"source": "secalert@redhat.com"

39
CVE-2024/CVE-2024-469xx/CVE-2024-46965.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46965",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-11T20:15:17.740",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-12T17:35:09.427",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La aplicaci\u00f3n DS allvideo.downloader.browser (tambi\u00e9n conocida como Fast Video Downloader: Browser) hasta la versi\u00f3n 1.6-RC1 para Android permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente allvideo.downloader.browser.DefaultBrowserActivity."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/actuator/allvideo.downloader.browser/blob/main/CVE-2024-46965",

4
CVE-2024/CVE-2024-477xx/CVE-2024-47779.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-47779",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-15T16:15:04.963",
"lastModified": "2024-10-16T16:38:43.170",
"lastModified": "2024-11-12T17:15:08.037",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Element is a Matrix web client built using the Matrix React SDK .Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets."
"value": "Element is a Matrix web client built using the Matrix React SDK. Element Web versions 1.11.70 through 1.11.80 contain a vulnerability which can, under specially crafted conditions, lead to the access token becoming exposed to third parties. At least one vector has been identified internally, involving malicious widgets, but other vectors may exist. Note that despite superficial similarity to CVE-2024-47771, this is an entirely separate vulnerability, caused by a separate piece of code included only in Element Web. Element Web and Element Desktop share most but not all, of their code and this vulnerability exists in the part of the code base which is not shared between the projects. Users are strongly advised to upgrade to version 1.11.81 to remediate the issue. As a workaround, avoid granting permissions to untrusted widgets."
},
{
"lang": "es",

39
CVE-2024/CVE-2024-483xx/CVE-2024-48322.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48322",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-11T20:15:17.807",
"lastModified": "2024-11-12T13:55:21.227",
"lastModified": "2024-11-12T17:35:10.953",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "UsersController.php en Run.codes 1.5.2 y anteriores tiene una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de restablecimiento de contrase\u00f1a."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-367"
}
]
}
],
"references": [
{
"url": "https://github.com/runcodes-icmc/server",

56
CVE-2024/CVE-2024-489xx/CVE-2024-48993.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-48993",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:35.840",
"lastModified": "2024-11-12T18:15:35.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48993",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-489xx/CVE-2024-48994.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-48994",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:36.117",
"lastModified": "2024-11-12T18:15:36.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48994",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-489xx/CVE-2024-48995.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-48995",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:36.360",
"lastModified": "2024-11-12T18:15:36.360",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48995",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-489xx/CVE-2024-48996.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-48996",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:36.637",
"lastModified": "2024-11-12T18:15:36.637",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48996",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-489xx/CVE-2024-48997.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-48997",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:36.870",
"lastModified": "2024-11-12T18:15:36.870",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48997",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-489xx/CVE-2024-48998.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-48998",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:37.110",
"lastModified": "2024-11-12T18:15:37.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48998",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-489xx/CVE-2024-48999.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-48999",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:37.340",
"lastModified": "2024-11-12T18:15:37.340",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-48999",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49000.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49000",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:37.577",
"lastModified": "2024-11-12T18:15:37.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49000",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49001.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49001",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:37.807",
"lastModified": "2024-11-12T18:15:37.807",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49001",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49002.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49002",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.040",
"lastModified": "2024-11-12T18:15:38.040",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49002",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49003.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49003",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.257",
"lastModified": "2024-11-12T18:15:38.257",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49003",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49004.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49004",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.500",
"lastModified": "2024-11-12T18:15:38.500",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49004",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49005.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49005",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.740",
"lastModified": "2024-11-12T18:15:38.740",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49005",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49006.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49006",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:38.963",
"lastModified": "2024-11-12T18:15:38.963",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49006",
"source": "secure@microsoft.com"
}
]
}

56
CVE-2024/CVE-2024-490xx/CVE-2024-49007.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49007",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-11-12T18:15:39.203",
"lastModified": "2024-11-12T18:15:39.203",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Server Native Client Remote Code Execution Vulnerability"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "secure@microsoft.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49007",
"source": "secure@microsoft.com"
}
]
}

Some files were not shown because too many files have changed in this diff Show More