admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-05T21:00:20.445516+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-05 21:03:21 +00:00
parent b5b2b2d050
commit 85e7926b37
99 changed files with 83448 additions and 584 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
CVE-2021/CVE-2021-40xx/CVE-2021-4034.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-4034",
"sourceIdentifier": "secalert@redhat.com",
"published": "2022-01-28T20:15:12.193",
"lastModified": "2024-11-04T16:35:01.707",
"vulnStatus": "Modified",
"lastModified": "2024-11-05T19:38:06.523",
"vulnStatus": "Analyzed",
"cveTags": [],
"cisaExploitAdd": "2022-06-27",
"cisaActionDue": "2022-07-18",
@ -471,11 +471,6 @@
"criteria": "cpe:2.3:a:starwindsoftware:command_center:1.0:update3_build5871:*:*:*:*:*:*",
"matchCriteriaId": "B323EF31-7A67-4458-8323-86F8AA58268C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:starwindsoftware:starwind_hyperconverged_appliance:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6F2F0335-AFED-4562-9CC2-F1788C9D0BB4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:starwindsoftware:starwind_virtual_san:v8:build14338:*:*:*:*:*:*",

27
CVE-2021/CVE-2021-470xx/CVE-2021-47096.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-47096",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-04T18:15:07.960",
"lastModified": "2024-03-05T13:41:01.900",
"lastModified": "2024-11-05T19:35:00.660",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ALSA: rawmidi: corrige la user_pversion no inicializada. La user_pversion no se inicializ\u00f3 para la estructura de archivos del espacio de usuario en la funci\u00f3n abierta, porque la estructura privada del archivo usa kmalloc para la asignaci\u00f3n. El c\u00f3digo del secuenciador ALSA del kernel borra la estructura del archivo, por lo que no se requieren correcciones adicionales. Enlace de error: https://github.com/alsa-project/alsa-lib/issues/178"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/39a8fc4971a00d22536aeb7d446ee4a97810611b",

14
CVE-2022/CVE-2022-420xx/CVE-2022-42045.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-42045",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-13T19:15:09.057",
"lastModified": "2023-07-25T18:54:52.357",
"vulnStatus": "Analyzed",
"lastModified": "2024-11-05T20:35:05.977",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-387xx/CVE-2023-38709.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38709",
"sourceIdentifier": "security@apache.org",
"published": "2024-04-04T20:15:08.047",
"lastModified": "2024-07-30T02:15:04.120",
"lastModified": "2024-11-05T20:35:10.857",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La validaci\u00f3n de entrada defectuosa en el n\u00facleo de Apache permite que generadores de contenido/backend maliciosos o explotables dividan las respuestas HTTP. Este problema afecta al servidor HTTP Apache: hasta 2.4.58."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1284"
}
]
}
],
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Jul/18",

27
CVE-2023/CVE-2023-428xx/CVE-2023-42858.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42858",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:49.533",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-11-05T20:35:12.087",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El problema se solucion\u00f3 con controles mejorados. Este problema se solucion\u00f3 en macOS Sonoma 14.1, macOS Monterey 12.7.1, macOS Ventura 13.6.1. Es posible que una aplicaci\u00f3n pueda acceder a datos confidenciales del usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://support.apple.com/en-us/HT213983",

27
CVE-2023/CVE-2023-468xx/CVE-2023-46841.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46841",
"sourceIdentifier": "security@xen.org",
"published": "2024-03-20T11:15:08.220",
"lastModified": "2024-03-23T03:15:09.740",
"lastModified": "2024-11-05T19:35:01.407",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Las CPU x86 recientes ofrecen una funcionalidad denominada Control-flow Enforcement Technology (CET). Una subcaracter\u00edstica de esto son Shadow Stacks (CET-SS). CET-SS es una caracter\u00edstica de hardware manipulada para proteger contra ataques de programaci\u00f3n orientada al retorno. Cuando est\u00e1n habilitadas, las pilas tradicionales que contienen datos y direcciones de retorno van acompa\u00f1adas de las llamadas \"pilas ocultas\", que contienen poco m\u00e1s que direcciones de retorno. Las pilas de sombra no se pueden escribir mediante instrucciones normales y, cuando la funci\u00f3n regresa, su contenido se usa para verificar una posible manipulaci\u00f3n de una direcci\u00f3n de retorno proveniente de la pila tradicional. En particular, ciertos accesos a la memoria necesitan ser interceptados por Xen. En varios casos, la emulaci\u00f3n necesaria implica una especie de repetici\u00f3n de la instrucci\u00f3n. Esta reproducci\u00f3n normalmente implica llenar y luego invocar un trozo. Una instrucci\u00f3n repetida de este tipo puede generar excepciones, lo cual se espera y se trata en consecuencia. Desafortunadamente, la interacci\u00f3n de los dos anteriores no fue correcta: la recuperaci\u00f3n implica la eliminaci\u00f3n de un marco de llamada de la pila (tradicional). Faltaba la contraparte de esta operaci\u00f3n para la pila de sombra."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.0,
"impactScore": 4.0
}
]
},
"references": [
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/",

39
CVE-2023/CVE-2023-499xx/CVE-2023-49932.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-49932",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:41:40.157",
"lastModified": "2024-02-29T13:49:47.277",
"lastModified": "2024-11-05T20:35:12.330",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en Couchbase Server antes de la versi\u00f3n 7.2.4. Un atacante puede eludir las restricciones del host cURL de SQL++ N1QL."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-281"
}
]
}
],
"references": [
{
"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html",

39
CVE-2023/CVE-2023-525xx/CVE-2023-52534.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52534",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-04-08T03:15:08.877",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-11-05T20:35:13.253",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En ngmm, existe un posible comportamiento indefinido debido a un manejo incorrecto de errores. Esto podr\u00eda provocar una denegaci\u00f3n remota del servicio sin necesidad de privilegios de ejecuci\u00f3n adicionales."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777148475750809602",

39
CVE-2023/CVE-2023-525xx/CVE-2023-52554.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52554",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T09:15:09.363",
"lastModified": "2024-04-08T18:48:40.217",
"lastModified": "2024-11-05T20:35:14.087",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de control de permisos en el m\u00f3dulo Bluetooth. Impacto: La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "https://consumer.huawei.com/en/support/bulletin/2024/3/",

27
CVE-2023/CVE-2023-528xx/CVE-2023-52819.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52819",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-05-21T16:15:19.910",
"lastModified": "2024-05-21T16:53:56.550",
"lastModified": "2024-11-05T19:35:01.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd: corrige el \u00edndice de matriz UBSAN fuera de l\u00edmites para Polaris y Tonga. Para estructuras pptable que usan tama\u00f1os de matriz flexibles, use matrices flexibles."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 4.7
}
]
},
"references": [
{
"url": "https://git.kernel.org/stable/c/0f0e59075b5c22f1e871fbd508d6e4f495048356",

39
CVE-2023/CVE-2023-67xx/CVE-2023-6728.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-6728",
"sourceIdentifier": "b48c3b8f-639e-4c16-8725-497bc411dad0",
"published": "2024-10-17T13:15:12.077",
"lastModified": "2024-10-18T12:52:33.507",
"lastModified": "2024-11-05T20:35:16.583",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El cifrado del archivo bof.cfg del SO SR de Nokia es vulnerable a un ataque de fuerza bruta. Esta debilidad permite que un atacante en posesi\u00f3n del archivo cifrado descifre el archivo bof.cfg y obtenga el contenido de configuraci\u00f3n BOF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-326"
}
]
}
],
"references": [
{
"url": "https://www.nokia.com/about-us/security-and-privacy/product-security-advisory/cve-2023-6728/",

56
CVE-2024/CVE-2024-01xx/CVE-2024-0134.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-0134",
"sourceIdentifier": "psirt@nvidia.com",
"published": "2024-11-05T19:15:05.203",
"lastModified": "2024-11-05T19:15:05.203",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "psirt@nvidia.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-61"
}
]
}
],
"references": [
{
"url": "https://nvidia.custhelp.com/app/answers/detail/a_id/5585",
"source": "psirt@nvidia.com"
}
]
}

69
CVE-2024/CVE-2024-103xx/CVE-2024-10376.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10376",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-25T11:15:15.037",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:41:05.657",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5. It has been declared as critical. This vulnerability affects the function actionPassOrNotAutoSign of the file /com/esafenet/servlet/service/processsign/AutoSignService.java. The manipulation of the argument UniqueId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en ESAFENET CDG 5. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n actionPassOrNotAutoSign del archivo /com/esafenet/servlet/service/processsign/AutoSignService.java. La manipulaci\u00f3n del argumento UniqueId provoca una inyecci\u00f3n SQL. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con antelaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/127494ce-0d4c-4773-9fc0-810e26841c4b?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.281806",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281806",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.426083",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

68
CVE-2024/CVE-2024-103xx/CVE-2024-10377.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10377",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-10-25T11:15:15.920",
"lastModified": "2024-10-25T12:56:07.750",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:41:20.677",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in ESAFENET CDG 5. It has been rated as critical. This issue affects the function actionPassDecryptApplication1 of the file /com/esafenet/servlet/client/DecryptApplicationService.java. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This is a different issue than CVE-2024-10069. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en ESAFENET CDG 5. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n actionPassDecryptApplication1 del archivo /com/esafenet/servlet/client/DecryptApplicationService.java. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se trata de un problema diferente al de CVE-2024-10069. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
"matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
}
]
}
]
}
],
"references": [
{
"url": "https://flowus.cn/share/1234f712-c774-4a26-a922-809e0a356405?code=G8A6P3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.281807",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.281807",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.426085",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

98
CVE-2024/CVE-2024-103xx/CVE-2024-10386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10386",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-10-25T17:15:03.987",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:07:59.487",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@ -84,6 +104,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@ -95,10 +125,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndExcluding": "11.2.10",
"matchCriteriaId": "AC6CF373-34C9-43AC-B210-2E7C31CEAEFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.0.8",
"matchCriteriaId": "9EAE9FF9-28B3-4490-8358-A3636FFDC9C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.1.0",
"versionEndExcluding": "12.1.9",
"matchCriteriaId": "667ACE9F-6074-4300-A90A-5C6F8A06B76A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.0.6",
"matchCriteriaId": "C56E6406-256A-4774-9FDD-E72625D4B1AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndExcluding": "13.1.4",
"matchCriteriaId": "EBC9C4F3-88C5-4FDF-873C-19EB726EFC26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.2.0",
"versionEndExcluding": "13.2.3",
"matchCriteriaId": "5CB3EC6B-AFAF-4D59-98C6-9BA8E817604B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48214ABF-9E29-4422-A0E6-6AF4AE199D51"
}
]
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html",
"source": "PSIRT@rockwellautomation.com"
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
]
}
]
}

98
CVE-2024/CVE-2024-103xx/CVE-2024-10387.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10387",
"sourceIdentifier": "PSIRT@rockwellautomation.com",
"published": "2024-10-25T17:15:04.230",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:05:55.323",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@ -84,6 +104,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "PSIRT@rockwellautomation.com",
"type": "Secondary",
@ -95,10 +125,72 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.2.0",
"versionEndExcluding": "11.2.10",
"matchCriteriaId": "AC6CF373-34C9-43AC-B210-2E7C31CEAEFA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.0.0",
"versionEndExcluding": "12.0.8",
"matchCriteriaId": "9EAE9FF9-28B3-4490-8358-A3636FFDC9C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "12.1.0",
"versionEndExcluding": "12.1.9",
"matchCriteriaId": "667ACE9F-6074-4300-A90A-5C6F8A06B76A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0.0",
"versionEndExcluding": "13.0.6",
"matchCriteriaId": "C56E6406-256A-4774-9FDD-E72625D4B1AA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.1.0",
"versionEndIncluding": "13.1.4",
"matchCriteriaId": "0305A358-81AA-468A-951D-98EE0C60695C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.2.0",
"versionEndIncluding": "13.2.3",
"matchCriteriaId": "4B920868-E568-44A7-9F68-B3D615956E12"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:rockwellautomation:thinmanager:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48214ABF-9E29-4422-A0E6-6AF4AE199D51"
}
]
}
]
}
],
"references": [
{
"url": "https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html",
"source": "PSIRT@rockwellautomation.com"
"source": "PSIRT@rockwellautomation.com",
"tags": [
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-106xx/CVE-2024-10699.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10699",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-02T15:15:16.313",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:15:56.417",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Wazifa System 1.0. It has been classified as critical. This affects an unknown part of the file /controllers/logincontrol.php. The manipulation of the argument username leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en code-projects Wazifa System 1.0. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo /controllers/logincontrol.php. La manipulaci\u00f3n del argumento username provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:wazifa_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0017ACDA-AB2A-4C45-81E8-8646C3FF9CE3"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/lan041221/cve/blob/main/sql9.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282867",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282867",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.435048",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

86
CVE-2024/CVE-2024-107xx/CVE-2024-10700.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10700",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-02T16:15:03.243",
"lastModified": "2024-11-04T07:15:05.757",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:15:39.427",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects University Event Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file submit.php. The manipulation of the argument name/email/title/Year/gender/fromdate/todate/people leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"name\" to be affected. But it must be assumed that a variety of other parameters is affected too."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects University Event Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo send.php. La manipulaci\u00f3n del argumento name/email/title/Year/gender/fromdate/todate/people conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona el par\u00e1metro \"name\" que se ver\u00e1 afectado. Pero se debe asumir que tambi\u00e9n se ver\u00e1n afectados otros par\u00e1metros."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -106,8 +130,18 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -124,26 +158,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:university_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8645A959-1638-43E1-AA3E-1185BAD96695"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/aa1928992772/CVE/blob/main/sqlInjection.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282868",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282868",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.435051",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-107xx/CVE-2024-10733.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10733",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T12:15:12.780",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:15:14.237",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Restaurant Order System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en code-projects Restaurant Order System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /login.php. La manipulaci\u00f3n del argumento uid provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:carmelogarcia:restaurant_order_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F9426DA-473A-44DC-BD03-A941FF6CFC8F"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/415Curry/cve/issues/1",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282902",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282902",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.435235",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

78
CVE-2024/CVE-2024-107xx/CVE-2024-10734.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10734",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T13:15:03.197",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:43:35.660",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en Project Worlds Life Insurance Management System 1.0. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo /editPayment.php. La manipulaci\u00f3n del argumento recipt_no provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -105,6 +129,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +150,54 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:life_insurance_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E652DAE-268A-458B-806B-8C96AA0F0C21"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/peteryang520/Cve-report/blob/main/SQLi-1.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282903",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282903",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.435410",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

69
CVE-2024/CVE-2024-107xx/CVE-2024-10735.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10735",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T14:15:13.127",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:16:57.857",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en Project Worlds Life Insurance Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /editNominee.php. La manipulaci\u00f3n del argumento nominee_id conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,22 +140,55 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:projectworlds:life_insurance_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E652DAE-268A-458B-806B-8C96AA0F0C21"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/GKb0y/Cve-report/blob/main/SQLi-life-insurance-management-system.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282904",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282904",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.435424",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-107xx/CVE-2024-10738.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10738",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T17:15:12.803",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:16:42.973",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in itsourcecode Farm Management System 1.0. Affected by this vulnerability is an unknown functionality of the file manage-breed.php. The manipulation of the argument breed leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en itsourcecode Farm Management System 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo manage-breed.php. La manipulaci\u00f3n del argumento breed provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:angeljudesuarez:farm_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2822E78-3BA7-4DFA-9CCE-39AB33ABA296"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/Nightmaremassacre/cve/issues/3",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://itsourcecode.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282907",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282907",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.435539",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-107xx/CVE-2024-10739.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10739",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T18:15:02.640",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:16:17.330",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects E-Health Care System 1.0. Affected by this issue is some unknown functionality of the file /Admin/adminlogin.php. The manipulation of the argument email/admin_pswd as part of String leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"email\" to be affected. But it must be assumed that parameter \"admin_pswd\" is affected as well."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en code-projects E-Health Care System 1.0. Este problema afecta a una funcionalidad desconocida del archivo /Admin/adminlogin.php. La manipulaci\u00f3n del argumento email/admin_pswd como parte de String provoca una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona que el par\u00e1metro \"email\" se ver\u00e1 afectado, pero se debe asumir que el par\u00e1metro \"admin_pswd\" tambi\u00e9n se ver\u00e1 afectado."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF4969C-5448-45BC-BD39-8ED478474F14"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/UnrealdDei/cve/blob/main/sql11.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282908",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282908",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436014",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-107xx/CVE-2024-10740.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10740",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T20:15:14.127",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:14:58.133",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in code-projects E-Health Care System up to 1.0. This affects an unknown part of the file /Admin/consulting_detail.php. The manipulation of the argument consulting_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en los proyectos de c\u00f3digo E-Health Care System hasta la versi\u00f3n 1.0. Afecta a una parte desconocida del archivo /Admin/consulting_detail.php. La manipulaci\u00f3n del argumento consulting_id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF4969C-5448-45BC-BD39-8ED478474F14"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/1270512529/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282909",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282909",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436311",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-107xx/CVE-2024-10741.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10741",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T21:15:03.253",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:14:42.127",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file /Users/registration.php. The manipulation of the argument f_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en code-projects E-Health Care System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /Users/registration.php. La manipulaci\u00f3n del argumento f_name provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Tambi\u00e9n pueden verse afectados otros par\u00e1metros."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:e-health_care_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FF4969C-5448-45BC-BD39-8ED478474F14"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/maxihongtatum/cve/blob/main/sql14.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282910",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282910",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436319",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

73
CVE-2024/CVE-2024-107xx/CVE-2024-10742.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10742",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T21:15:03.533",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:14:20.470",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Wazifa System 1.0 and classified as critical. This issue affects some unknown processing of the file /controllers/control.php. The manipulation of the argument to leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en el c\u00f3digo de proyectos Wazifa System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /controllers/control.php. La manipulaci\u00f3n del argumento to lleva a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,61 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:wazifa_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0017ACDA-AB2A-4C45-81E8-8646C3FF9CE3"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/xiaokka/cve/blob/main/sql.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.282911",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282911",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436030",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10743.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10743",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T22:15:03.987",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:13:49.317",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been classified as problematic. Affected is an unknown function of the file /shopping/admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en PHPGurukul Online Shopping Portal 2.0. Se ha clasificado como problem\u00e1tica. Se ve afectada una funci\u00f3n desconocida del archivo /shopping/admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php. La manipulaci\u00f3n del argumento valor provoca cross site scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(editable_ajax.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282912",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282912",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436060",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10744.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10744",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T23:15:03.040",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:13:29.863",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en PHPGurukul Online Shopping Portal 2.0. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. La manipulaci\u00f3n del argumento scripts conduce a cross site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(complex_header_2.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282913",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282913",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436088",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10745.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10745",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-03T23:15:03.317",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:13:01.100",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en PHPGurukul Online Shopping Portal 2.0. Se ha calificado como problem\u00e1tica. Este problema afecta a algunas funciones desconocidas del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. La manipulaci\u00f3n del argumento scripts conduce a cross site scripting. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(deferred_table.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282914",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282914",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436093",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

84
CVE-2024/CVE-2024-107xx/CVE-2024-10746.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10746",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T00:15:11.437",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:12:39.477",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en PHPGurukul Online Shopping Portal 2.0. Afecta a una parte desconocida del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. La manipulaci\u00f3n del argumento scripts conduce a la ejecuci\u00f3n de cross site scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -105,6 +129,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +150,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(dom_data.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282915",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282915",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436113",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10747.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10747",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T00:15:11.740",
"lastModified": "2024-11-04T01:35:50.083",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:12:14.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en el portal de compras en l\u00ednea PHPGurukul 2.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php. La manipulaci\u00f3n del argumento scripts conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(dom_data_th.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282916",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282916",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436115",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
]
}
]
}

75
CVE-2024/CVE-2024-107xx/CVE-2024-10754.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10754",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T03:15:03.513",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:57:39.307",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en el portal de compras en l\u00ednea PHPGurukul 2.0. Se ha calificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. La manipulaci\u00f3n del argumento scripts conduce a cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,63 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(dymanic_table.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282923",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282923",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436376",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10755.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10755",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T03:15:03.800",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:57:25.870",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Affected is an unknown function of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en PHPGurukul Online Shopping Portal 2.0. Se trata de una funci\u00f3n desconocida del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php. La manipulaci\u00f3n del argumentos scripts de conduce a la ejecuci\u00f3n de cross site scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(empty_table.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282924",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282924",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436377",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10756.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10756",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T03:15:04.107",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:56:30.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en PHPGurukul Online Shopping Portal 2.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. La manipulaci\u00f3n del argumento scripts de conduce a cross site scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(html_table.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282925",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282925",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436381",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10757.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10757",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T03:15:04.400",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:55:35.013",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en PHPGurukul Online Shopping Portal 2.0. Este problema afecta a algunas funciones desconocidas del archivo /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php. La manipulaci\u00f3n del argumentos scripts de conduce a cross site scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(js_data.php).md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://phpgurukul.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282926",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282926",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436391",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

86
CVE-2024/CVE-2024-107xx/CVE-2024-10758.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10758",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T04:15:02.970",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:55:11.337",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument user_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product is distributed under two entirely different names."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. Afecta a una parte desconocida del archivo /index.php. La manipulaci\u00f3n del argumento user_name provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Este producto se distribuye con dos nombres completamente diferentes."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -106,7 +130,7 @@
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
@ -114,24 +138,72 @@
"value": "CWE-89"
}
]
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anirbandutta9:news-buzz:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4808771E-72B7-43EF-853F-B3080E9B519B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:code-projects:content_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02CCDB18-7E64-4F10-9D59-7781D4806075"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/EmilGallajov/zero-day/blob/main/content_management_system_sqli.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282927",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282927",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436395",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10759.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10759",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T04:15:03.273",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:52:01.510",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /edit-pig.php. The manipulation of the argument pigno/weight/arrived/breed/remark/status leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"pigno\" to be affected. But it must be assumed that other parameters are affected as well."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en itsourcecode Farm Management System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /edit-pig.php. La manipulaci\u00f3n del argumento pigno/weight/arrived/breed/remark/status conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona el par\u00e1metro \"pigno\" que se ver\u00e1 afectado. Pero se debe asumir que tambi\u00e9n se ver\u00e1n afectados otros par\u00e1metros."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:angeljudesuarez:farm_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D2822E78-3BA7-4DFA-9CCE-39AB33ABA296"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/liujiaquan1122/cve/issues/2",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://itsourcecode.com/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://vuldb.com/?ctiid.282928",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282928",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436418",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

74
CVE-2024/CVE-2024-107xx/CVE-2024-10760.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-10760",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-11-04T05:15:03.810",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:45:47.893",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects University Event Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dodelete.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en code-projects University Event Management System 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /dodelete.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -57,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "cna@vuldb.com",
"type": "Secondary",
@ -116,26 +140,62 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:anisha:university_event_management_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8645A959-1638-43E1-AA3E-1185BAD96695"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/MurphyEutopia/cve/blob/main/sql15.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.282929",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.282929",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.436442",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

27
CVE-2024/CVE-2024-15xx/CVE-2024-1548.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1548",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-02-20T14:15:08.603",
"lastModified": "2024-03-04T09:15:37.787",
"lastModified": "2024-11-05T20:35:17.810",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Un sitio web podr\u00eda haber oscurecido la notificaci\u00f3n de pantalla completa mediante el uso de un elemento de entrada de selecci\u00f3n desplegable. Esto podr\u00eda haber generado confusi\u00f3n en los usuarios y posibles ataques de suplantaci\u00f3n de identidad. Esta vulnerabilidad afecta a Firefox < 123, Firefox ESR < 115.8 y Thunderbird < 115.8."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1832627",

137
CVE-2024/CVE-2024-201xx/CVE-2024-20114.json
View File

@ -2,17 +2,54 @@
"id": "CVE-2024-20114",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-11-04T02:15:16.830",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:58:15.577",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09037038; Issue ID: MSV-1714."
},
{
"lang": "es",
"value": " En ccu, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de l\u00edmites faltante. Esto podr\u00eda provocar una escalada local de privilegios, siendo necesarios los privilegios de ejecuci\u00f3n del sistema. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n. ID de parche: ALPS09037038; ID de problema: MSV-1714."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "security@mediatek.com",
"type": "Secondary",
@ -24,10 +61,102 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8538774C-906D-4B03-A3E7-FA7A55E0DA9E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6765:-:*:*:*:*:*:*:*",
"matchCriteriaId": "43E779F6-F0A0-4153-9A1D-B715C3A2F80E"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6768:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06CD97E1-8A76-48B4-9780-9698EF5A960F"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6833:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9814939B-F05E-4870-90C0-7C0F6BAAEB39"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6853:-:*:*:*:*:*:*:*",
"matchCriteriaId": "366F1912-756B-443E-9962-224937DD7DFB"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6873:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F6B8A36E-C5FB-44AE-A1C3-50EBF4C68F6B"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6877:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CA9352F-E9BD-4656-9B7C-4AFEE2C78E58"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6885:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DD64413C-C774-4C4F-9551-89E1AA9469EE"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt6893:-:*:*:*:*:*:*:*",
"matchCriteriaId": "213B5C7F-D965-4312-9CDF-4F06FA77D401"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8188:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BA3D4A45-38EE-4125-AE67-89D1C707F95A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mediatek:mt8195:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ED210E64-6CE7-42B1-849E-68C0E22521F6"
}
]
}
]
}
],
"references": [
{
"url": "https://corp.mediatek.com/product-security-bulletin/November-2024",
"source": "security@mediatek.com"
"source": "security@mediatek.com",
"tags": [
"Vendor Advisory"
]
}
]
}

331
CVE-2024/CVE-2024-204xx/CVE-2024-20426.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20426",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2024-10-23T18:15:10.147",
"lastModified": "2024-10-25T12:56:36.827",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:43:16.633",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 4.0
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "ykramarz@cisco.com",
"type": "Secondary",
@ -51,10 +81,305 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0BA16A6D-2747-4DAC-A30A-166F1FD906FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "289F9874-FC01-4809-9BDA-1AF583FB60B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "74EDFC67-E4EE-4D2C-BF9F-5881C987C662"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "826869BE-4874-4BBA-9392-14851560BA10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "EF52D477-3045-45D1-9FD3-12F396266463"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "88E310BF-F1F6-4124-A875-81967B9B531E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5B330F8F-F0DA-472C-A932-AD1D232C7DB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.39:*:*:*:*:*:*:*",
"matchCriteriaId": "6BF59DAA-268C-4FCF-A0AA-7967128AEBC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.46:*:*:*:*:*:*:*",
"matchCriteriaId": "140ED95D-173C-4ADB-A2E6-97F0D595D1AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "BC9B00E1-3E50-4356-B6D9-F84BCD552402"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "552319A9-01F7-47BA-83B3-B2DD648AA07E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "4914603C-4B1B-48F1-826C-DB803BD21F87"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2AE21762-3085-4AFC-B1DE-A4562CDAC509"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.5:*:*:*:*:*:*:*",
"matchCriteriaId": "852C3478-7529-4002-8540-ABA4D556DEFC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.8:*:*:*:*:*:*:*",
"matchCriteriaId": "23B8A815-5D58-4952-936E-D47B83637BEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.22:*:*:*:*:*:*:*",
"matchCriteriaId": "2C98D085-E321-4BAE-AF03-ABDEDC4D24BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.24:*:*:*:*:*:*:*",
"matchCriteriaId": "C05599C9-C0DB-47C1-B145-C410076C1049"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.18.4.29:*:*:*:*:*:*:*",
"matchCriteriaId": "5BC91A59-0BFA-4DE8-B414-7558D27FBC54"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BEE52F59-AABA-4069-A909-64AD5DFD2B18"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "20D7966E-B02B-48C8-BF96-723DD6C25314"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "FA618249-E76F-4104-9326-C9F2DC8DE3D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7C925E1F-6BD9-4CD1-8AC4-4263A9094786"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.18:*:*:*:*:*:*:*",
"matchCriteriaId": "C5EE76D9-6D18-4823-B6B0-E1394A4D140C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "3F635946-586D-4DE2-927B-300CE569C596"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.24:*:*:*:*:*:*:*",
"matchCriteriaId": "459C11B9-ABA1-472A-8CDA-9C7B4E48E943"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.27:*:*:*:*:*:*:*",
"matchCriteriaId": "FA060112-E2D8-4EC5-8400-D8D189A119B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "C3888BB0-B529-486C-8563-392BD1C5DFD5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.19.1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "43FE3FA7-8281-4BD9-A08B-8C79D369480E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B25468E3-03F9-4C2A-B82A-F87F4FCD57E8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC6F412-4A30-4E9A-B8DF-C4BF80E5C4B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DA47E8EA-29F2-40F3-826E-E7295FFAD8C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "B4D303F8-E6AA-4F1C-9988-055EECD0A902"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:cisco:adaptive_security_appliance_software:9.20.2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2DCBBA66-6D00-4D8B-86FE-81EF431A7806"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8288F62-8BEC-4318-8096-9D36817D1D80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A617690D-92D7-4793-AEAC-15F31162D5F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F9608894-B4A7-49A1-863A-D44E53D6CE69"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "3FDB77ED-AB5E-475F-A5F8-515B807E99A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "0BEE0323-AC5A-4570-9681-14CD9FB8FD46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "F6773BC9-C84C-4249-B6C3-FD39BAAA0555"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4DFC6F7-2BA1-4F32-AD55-8BF0888FDB92"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "291705AE-7BAE-4305-BECA-204821BF467A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC683581-4B46-46A8-BBD8-CB01283641DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CC2A816A-63D6-498B-B167-BE71F0019DB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "294D71C7-FFC3-4431-88AA-E03EFAE78CCE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FA8287D0-B817-4143-BE34-B3C7FEC7BDEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9621C619-C4F8-4906-8A24-E560C08F6921"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB7F9C8B-35E4-459C-B31E-FCF2DAD0120E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF82E95-C8D3-402B-BC97-29EA1771D5EA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0350CCE9-512A-4A77-8FAB-7A8F9B061170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3CC55E28-36AC-4D40-BB6D-A1B53503F5E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.3.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66F0A624-DDE8-490C-9DA4-762CD39764B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "901C034C-DDA4-49E1-B8B4-62F3B5C00173"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D094896F-425A-4E69-8941-41147222C42D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:cisco:firepower_threat_defense_software:7.4.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "30825677-8EF7-46A0-BB47-887707E007C3"
}
]
}
]
}
],
"references": [
{
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ikev2-dos-9FgEyHsF",
"source": "ykramarz@cisco.com"
"source": "ykramarz@cisco.com",
"tags": [
"Vendor Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-216xx/CVE-2024-21684.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-21684",
"sourceIdentifier": "security@atlassian.com",
"published": "2024-07-24T18:15:03.793",
"lastModified": "2024-07-25T12:36:39.947",
"lastModified": "2024-11-05T20:35:18.520",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-601"
}
]
}
],
"references": [
{
"url": "https://jira.atlassian.com/browse/BSERV-19454",

37
CVE-2024/CVE-2024-223xx/CVE-2024-22369.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22369",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-20T15:15:10.113",
"lastModified": "2024-02-20T19:50:53.960",
"lastModified": "2024-11-05T20:35:19.240",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Vulnerabilidad de deserializaci\u00f3n de datos no confiables en el componente SQL de Apache Camel. Este problema afecta a Apache Camel: desde 3.0.0 antes de 3.21.4, desde 3.22.0 antes de 3.22.1, desde 4.0.0 antes de 4.0.4, desde 4.1.0 antes de 4.4.0 . Se recomienda a los usuarios actualizar a la versi\u00f3n 4.4.0, que soluciona el problema. Si los usuarios est\u00e1n en el flujo de versiones 4.0.x LTS, se les sugiere actualizar a 4.0.4. Si los usuarios est\u00e1n en 3.x, se les sugiere pasar a 3.21.4 o 3.22.1"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
@ -26,6 +49,16 @@
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [

27
CVE-2024/CVE-2024-232xx/CVE-2024-23256.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23256",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-05T20:16:01.503",
"lastModified": "2024-03-13T21:15:57.037",
"lastModified": "2024-11-05T20:35:20.047",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Se abord\u00f3 una cuesti\u00f3n de l\u00f3gica con una mejor gesti\u00f3n de estado. Este problema se solucion\u00f3 en iOS 17.4 y iPadOS 17.4. Las pesta\u00f1as bloqueadas de un usuario pueden ser visibles brevemente al cambiar de grupo de pesta\u00f1as cuando la navegaci\u00f3n privada bloqueada est\u00e1 habilitada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "http://seclists.org/fulldisclosure/2024/Mar/18",

27
CVE-2024/CVE-2024-234xx/CVE-2024-23454.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-23454",
"sourceIdentifier": "security@apache.org",
"published": "2024-09-25T08:15:04.317",
"lastModified": "2024-09-26T13:32:02.803",
"lastModified": "2024-11-05T20:35:20.293",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "RunJar.run() de Apache Hadoop no establece permisos para el directorio temporal de forma predeterminada. Si en este archivo se encuentran datos confidenciales, todos los dem\u00e1s usuarios locales podr\u00e1n ver el contenido. Esto se debe a que, en sistemas tipo Unix, el directorio temporal del sistema se comparte entre todos los usuarios locales. Por lo tanto, los archivos escritos en este directorio, sin establecer expl\u00edcitamente los permisos posix correctos, pueden ser visibles para todos los dem\u00e1s usuarios locales."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@apache.org",

39
CVE-2024/CVE-2024-240xx/CVE-2024-24096.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24096",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-27T02:15:06.630",
"lastModified": "2024-02-27T14:20:06.637",
"lastModified": "2024-11-05T20:35:20.500",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Code-projects Computer Book Store 1.0 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de BookSBIN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/ASR511-OO7/CVE-2024-24096/blob/main/CVE-20",

39
CVE-2024/CVE-2024-265xx/CVE-2024-26517.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26517",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:09:08.060",
"lastModified": "2024-05-14T16:13:02.773",
"lastModified": "2024-11-05T19:35:02.233",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en School Task Manager v.1.0 permite a un atacante remoto obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para el componente delete-task.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/unrealjbr/CVE-2024-26517",

39
CVE-2024/CVE-2024-284xx/CVE-2024-28436.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28436",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-22T17:15:39.910",
"lastModified": "2024-04-22T19:24:06.727",
"lastModified": "2024-11-05T19:36:08.560",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Vulnerabilidad de Cross Site Scripting en los productos D-Link DAP DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 permite un atacante remoto para ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de recarga en el componente session_login.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://djallalakira.medium.com/cve-2024-28436-cross-site-scripting-vulnerability-in-d-link-dap-products-3596976cc99f",

27
CVE-2024/CVE-2024-298xx/CVE-2024-29862.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29862",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-21T04:15:09.510",
"lastModified": "2024-03-21T12:58:51.093",
"lastModified": "2024-11-05T19:36:11.563",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El firewall Kerlink en ChirpStack chirpstack-mqtt-forwarder anterior a 4.2.1 y chirpstack-gateway-bridge anterior a 4.0.11 acepta err\u00f3neamente ciertos paquetes TCP cuando una conexi\u00f3n no est\u00e1 en el estado ESTABLECIDA."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://github.com/chirpstack/chirpstack-gateway-bridge/commit/0c1e80c9fa9f5d093ff62903caedad86ec4640b6",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30616.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30616",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.193",
"lastModified": "2024-11-05T16:04:26.053",
"lastModified": "2024-11-05T19:36:11.770",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": " Chamilo LMS 1.11.26 es vulnerable a un control de acceso incorrecto a trav\u00e9s de main/auth/profile. Los usuarios que no sean administradores pueden manipular informaci\u00f3n confidencial de los perfiles, lo que representa un riesgo significativo para la integridad de los datos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30616",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30617.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30617",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-04T19:15:06.277",
"lastModified": "2024-11-05T16:04:26.053",
"lastModified": "2024-11-05T19:36:12.623",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de Cross-Site Request Forgery (CSRF) en Chamilo LMS 1.11.26 \"/main/social/home.php\" permite a los atacantes iniciar una solicitud que publica una publicaci\u00f3n falsa en el muro social del usuario sin su consentimiento o conocimiento."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://github.com/bahadoumi/Vulnerability-Research/tree/main/CVE-2024-30617",

27
CVE-2024/CVE-2024-322xx/CVE-2024-32299.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32299",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-17T14:15:09.160",
"lastModified": "2024-07-03T01:56:02.733",
"lastModified": "2024-11-05T19:36:13.413",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El firmware Tenda FH1203 v2.0.1.6 tiene una vulnerabilidad de desbordamiento de pila a trav\u00e9s del par\u00e1metro PPW en la funci\u00f3n fromWizardHandle."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",

39
CVE-2024/CVE-2024-326xx/CVE-2024-32607.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-32607",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:36:45.547",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-11-05T20:35:21.880",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "La librer\u00eda HDF5 hasta la versi\u00f3n 1.14.3 tiene un SEGV en H5A__close en H5Aint.c, lo que provoca la corrupci\u00f3n del puntero de instrucci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.4,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/",

81
CVE-2024/CVE-2024-364xx/CVE-2024-36485.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-36485",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-11-04T12:16:09.507",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T19:44:35.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine ADAudit Plus versions\u00a08121 and prior are vulnerable to SQL Injection in\u00a0Technician reports option."
},
{
"lang": "es",
"value": " Las versiones 8121 y anteriores de Zohocorp ManageEngine ADAudit Plus son vulnerables a la inyecci\u00f3n SQL en la opci\u00f3n de informes t\u00e9cnicos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary",
@ -47,10 +81,51 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "8.1",
"matchCriteriaId": "7B10BA6C-6B3E-4A00-BBFF-9F2F184852AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:-:*:*:*:*:*:*",
"matchCriteriaId": "C6086C7D-31EA-493A-9E0A-6E0DA21B486E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8100:*:*:*:*:*:*",
"matchCriteriaId": "E7AB1D57-468B-47C1-ABB7-EAD95DA47212"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8110:*:*:*:*:*:*",
"matchCriteriaId": "79BD8F1D-186F-4396-8920-F896EEF5543C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_adaudit_plus:8.1:8120:*:*:*:*:*:*",
"matchCriteriaId": "DD546237-BD35-479F-A9AA-55A692750A67"
}
]
}
]
}
],
"references": [
{
"url": "https://www.manageengine.com/products/active-directory-audit/cve-2024-36485.html",
"source": "0fc0942c-577d-436f-ae8e-945763c79b02"
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
]
}
]
}

8694
CVE-2024/CVE-2024-424xx/CVE-2024-42420.json
View File

File diff suppressed because it is too large Load Diff

8694
CVE-2024/CVE-2024-434xx/CVE-2024-43424.json
View File

File diff suppressed because it is too large Load Diff

8694
CVE-2024/CVE-2024-458xx/CVE-2024-45829.json
View File

File diff suppressed because it is too large Load Diff

8694
CVE-2024/CVE-2024-458xx/CVE-2024-45842.json
View File

File diff suppressed because it is too large Load Diff

39
CVE-2024/CVE-2024-459xx/CVE-2024-45918.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-45918",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-08T17:15:54.120",
"lastModified": "2024-10-10T12:56:30.817",
"lastModified": "2024-11-05T20:35:23.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Fujian Kelixin Communication Command and Dispatch Platform <=7.6.6.4391 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s de /client/get_gis_fence.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/Y5neKO/3e29d32e07d90c96ae808d7e7839f0aa",

8694
CVE-2024/CVE-2024-470xx/CVE-2024-47005.json
View File

File diff suppressed because it is too large Load Diff

8694
CVE-2024/CVE-2024-474xx/CVE-2024-47406.json
View File

File diff suppressed because it is too large Load Diff

8694
CVE-2024/CVE-2024-475xx/CVE-2024-47549.json
View File

File diff suppressed because it is too large Load Diff

8694
CVE-2024/CVE-2024-478xx/CVE-2024-47801.json
View File

File diff suppressed because it is too large Load Diff

39
CVE-2024/CVE-2024-483xx/CVE-2024-48312.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48312",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T17:15:06.093",
"lastModified": "2024-11-05T17:15:06.093",
"lastModified": "2024-11-05T20:35:24.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "WebLaudos v20.8 (118) was discovered to contain a cross-site scripting (XSS) vulnerability via the login page."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://medium.com/%40wagneralves_87750/poc-cve-weblaudos-d1ec40cfc183",

8694
CVE-2024/CVE-2024-488xx/CVE-2024-48870.json
View File

File diff suppressed because it is too large Load Diff

146
CVE-2024/CVE-2024-488xx/CVE-2024-48878.json
View File

@ -2,17 +2,41 @@
"id": "CVE-2024-48878",
"sourceIdentifier": "0fc0942c-577d-436f-ae8e-945763c79b02",
"published": "2024-11-04T11:15:06.417",
"lastModified": "2024-11-04T18:50:05.607",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-05T19:44:58.650",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zohocorp ManageEngine ADManager Plus versions 7241 and prior are vulnerable to SQL Injection in\u00a0Archived Audit Report."
},
{
"lang": "es",
"value": " Las versiones 7241 y anteriores de Zohocorp ManageEngine ADManager Plus son vulnerables a la inyecci\u00f3n SQL en el informe de auditor\u00eda archivado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary",
@ -36,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"type": "Secondary",
@ -47,10 +81,116 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.2",
"matchCriteriaId": "7927FC8C-ED61-4E24-AF57-2D5C0E06AB2A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7200:*:*:*:*:*:*",
"matchCriteriaId": "1AE608DF-E02C-4A63-AD3E-7E3C1B921C3D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7201:*:*:*:*:*:*",
"matchCriteriaId": "72C14C6D-5C72-4A39-A8FF-93CD89C831C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7202:*:*:*:*:*:*",
"matchCriteriaId": "D47DA377-0AF4-453E-9605-A5F87FA14E61"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7203:*:*:*:*:*:*",
"matchCriteriaId": "BC919233-CE66-416C-8649-B94A23F131F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7210:*:*:*:*:*:*",
"matchCriteriaId": "AD2880B4-88AD-49E4-B423-5C0CCCF5DF4B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7211:*:*:*:*:*:*",
"matchCriteriaId": "C8BCAFB6-F46D-4E09-8827-13ED1A7D5740"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7212:*:*:*:*:*:*",
"matchCriteriaId": "0D0166A3-B34B-44FC-9DB8-E06BDDAC7CC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7220:*:*:*:*:*:*",
"matchCriteriaId": "CE25B1E5-D380-490C-98A6-121FA10A3311"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7221:*:*:*:*:*:*",
"matchCriteriaId": "50283EE9-A9EC-4BD2-958E-F2A278B84C0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7222:*:*:*:*:*:*",
"matchCriteriaId": "645C5636-1E03-47D2-834B-3DE95B347E1F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7223:*:*:*:*:*:*",
"matchCriteriaId": "4340408B-3928-430F-BDBA-10E43F25C595"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7224:*:*:*:*:*:*",
"matchCriteriaId": "C792F787-B6F6-4908-923C-25679BA67988"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7230:*:*:*:*:*:*",
"matchCriteriaId": "826183CE-C9B9-4C34-8885-3773F42AAAB9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7231:*:*:*:*:*:*",
"matchCriteriaId": "F7A9A00F-1792-4DAA-B393-AFAB279F850C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7232:*:*:*:*:*:*",
"matchCriteriaId": "250DC9F9-082E-4C3A-B0C4-681C8AFCCD50"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7240:*:*:*:*:*:*",
"matchCriteriaId": "308413DB-AB0D-47B1-863E-B6C4B6D88D2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zohocorp:manageengine_admanager_plus:7.2:7241:*:*:*:*:*:*",
"matchCriteriaId": "CB2D7A55-BC4E-451C-BA49-AAAA5180724B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html",
"source": "0fc0942c-577d-436f-ae8e-945763c79b02"
"source": "0fc0942c-577d-436f-ae8e-945763c79b02",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-489xx/CVE-2024-48948.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48948",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-15T14:15:05.280",
"lastModified": "2024-10-16T16:38:43.170",
"lastModified": "2024-11-05T19:36:14.127",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El paquete Elliptic 6.5.7 para Node.js, en su implementaci\u00f3n para ECDSA, no verifica correctamente las firmas v\u00e1lidas si el hash contiene al menos cuatro bytes 0 iniciales y cuando el orden del punto base de la curva el\u00edptica es menor que el hash, debido a una anomal\u00eda _truncateToN. Esto hace que se rechacen firmas v\u00e1lidas. Las transacciones o comunicaciones leg\u00edtimas pueden marcarse incorrectamente como no v\u00e1lidas."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-347"
}
]
}
],
"references": [
{
"url": "https://github.com/indutny/elliptic/issues/321",

60
CVE-2024/CVE-2024-493xx/CVE-2024-49377.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-49377",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:05.737",
"lastModified": "2024-11-05T19:15:05.737",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmation dialog have been patched in the bugfix release 1.10.3 by individual escaping of the detected locations. A global change throughout all of OctoPrint's templating system with the upcoming 1.11.0 release will handle this further, switching to globally enforced automatic escaping and thus reducing the attack surface in general. The latter will also improve the security of third party plugins. During a transition period, third party plugins will be able to opt into the automatic escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be enforced even for third party plugins, unless they explicitly opt-out."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-xvxq-g8hw-fx4g",
"source": "security-advisories@github.com"
}
]
}

70
CVE-2024/CVE-2024-497xx/CVE-2024-49767.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49767",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-25T20:15:04.530",
"lastModified": "2024-10-28T13:58:09.230",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:03:04.847",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,6 +59,28 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
@ -77,22 +99,58 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palletsprojects:quart:*:*:*:*:*:python:*:*",
"versionEndExcluding": "0.19.7",
"matchCriteriaId": "9E539F20-B2D2-42F4-98D4-DB92AAB1741E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:palletsprojects:werkzeug:*:*:*:*:*:*:*:*",
"versionEndExcluding": "3.0.6",
"matchCriteriaId": "50FE9673-B294-4203-9C8D-DEF5028AE799"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/pallets/quart/commit/5e78c4169b8eb66b91ead3e62d44721b9e1644ee",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pallets/werkzeug/commit/50cfeebcb0727e18cc52ffbeb125f4a66551179b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/pallets/werkzeug/releases/tag/3.0.6",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Release Notes"
]
},
{
"url": "https://github.com/pallets/werkzeug/security/advisories/GHSA-q34m-jh98-gwm2",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-497xx/CVE-2024-49772.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49772",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:05.970",
"lastModified": "2024-11-05T19:15:05.970",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-4xj8-hr85-hm3m",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-497xx/CVE-2024-49773.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49773",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:06.200",
"lastModified": "2024-11-05T19:15:06.200",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export` entry point can be abused to perform blind SQL injection via generateSearchWhere(). Allows for Information disclosure, including personally identifiable information. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-5hr4-r43c-6qf7",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-497xx/CVE-2024-49774.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-49774",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:06.410",
"lastModified": "2024-11-05T19:15:06.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-9v56-vhp4-x227",
"source": "security-advisories@github.com"
}
]
}

97
CVE-2024/CVE-2024-500xx/CVE-2024-50066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50066",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-10-23T06:15:10.467",
"lastModified": "2024-10-23T15:12:34.673",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-11-05T20:19:07.983",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,104 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/mremap: correcci\u00f3n de la ejecuci\u00f3n move_normal_pmd/retract_page_tables En mremap(), move_page_tables() examina el tipo de entrada PMD y el rango de direcciones especificado para determinar mediante qu\u00e9 m\u00e9todo se debe mover el siguiente fragmento de entradas de la tabla de p\u00e1ginas. En ese punto, el mmap_lock se mantiene en modo de escritura, pero a\u00fan no se mantienen bloqueos rmap. Para las entradas PMD que apuntan a tablas de p\u00e1ginas y est\u00e1n completamente cubiertas por el rango de direcciones de origen, se llama a move_pgt_entry(NORMAL_PMD, ...), que primero toma bloqueos rmap y luego realiza move_normal_pmd(). move_normal_pmd() toma los bloqueos de tabla de p\u00e1ginas necesarios en el origen y el destino, luego mueve una tabla de p\u00e1ginas completa desde el origen hasta el destino. El problema es el siguiente: los bloqueos de rmap, que protegen contra la eliminaci\u00f3n simult\u00e1nea de tablas de p\u00e1ginas por retract_page_tables() en el c\u00f3digo THP, solo se toman despu\u00e9s de que se haya le\u00eddo la entrada PMD y se haya decidido c\u00f3mo moverla. Por lo tanto, podemos competir de la siguiente manera (con dos procesos que tienen asignaciones del mismo archivo tmpfs que est\u00e1 almacenado en un montaje tmpfs con huge=advise); tenga en cuenta que el proceso A accede a las tablas de p\u00e1ginas a trav\u00e9s del MM mientras que el proceso B lo hace a trav\u00e9s del archivo rmap: proceso A proceso B ========= ========= mremap mremap_to move_vma move_page_tables get_old_pmd alloc_new_pmd *** PREEMPT *** madvise(MADV_COLLAPSE) do_madvise madvise_walk_vmas madvise_vma_behavior madvise_collapse hpage_collapse_scan_file collapse_file retract_page_tables i_mmap_lock_read(mapping) pmdp_collapse_flush i_mmap_unlock_read(mapping) move_pgt_entry(NORMAL_PMD, ...) take_rmap_locks move_normal_pmd drop_rmap_locks Cuando esto sucede, move_normal_pmd() puede terminar creando entradas PMD falsas en la l\u00ednea `pmd_populate(mm, new_pmd, pmd_pgtable(pmd))`. El efecto depende de detalles espec\u00edficos de la arquitectura y de la m\u00e1quina; en x86, puede terminar con la p\u00e1gina f\u00edsica 0 mapeada como una tabla de p\u00e1ginas, lo que probablemente sea explotable para la escalada de privilegios de usuario a kernel. Arregle la ejecuci\u00f3n permitiendo que el proceso B vuelva a verificar que el PMD a\u00fan apunta a una tabla de p\u00e1ginas despu\u00e9s de que se hayan tomado los bloqueos rmap. De lo contrario, abandonamos y dejamos que el llamador vuelva a la ruta de copia de nivel PTE, que luego abandonar\u00e1 inmediatamente en la verificaci\u00f3n pmd_none(). Alcance del error: Alcanzar este error requiere que pueda crear asignaciones shmem/file THP - el THP an\u00f3nimo usa un c\u00f3digo diferente que no elimina cosas bajo bloqueos rmap. El THP de archivo est\u00e1 controlado por un indicador de configuraci\u00f3n experimental (CONFIG_READ_ONLY_THP_FOR_FS), por lo que en los n\u00facleos de distribuci\u00f3n normales necesita shmem THP para alcanzar este error. Hasta donde yo s\u00e9, obtener shmem THP normalmente requiere que puedas montar tu propio tmpfs con los indicadores de montaje correctos, lo que requerir\u00eda crear tu propio espacio de nombres de usuario+montaje; aunque no s\u00e9 si algunas distribuciones habilitan shmem THP de forma predeterminada o algo as\u00ed. Impacto del error: es probable que este problema se pueda usar para la escalada de privilegios de usuario a kernel cuando sea posible."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6",
"versionEndExcluding": "6.6.58",
"matchCriteriaId": "EF2A1323-F872-46E8-8B68-855EFEFA193F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.5",
"matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1552ce9ce8af47c0fe911682e5e1855e25851ca9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/17396e32f975130b3e6251f024c8807d192e4c3e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6fa1066fc5d00cb9f1b0e83b7ff6ef98d26ba2aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

56
CVE-2024/CVE-2024-503xx/CVE-2024-50332.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50332",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:06.623",
"lastModified": "2024-11-05T19:15:06.623",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-53xh-mjmq-j35p",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-503xx/CVE-2024-50333.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50333",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:06.840",
"lastModified": "2024-11-05T19:15:06.840",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-qrv6-3q86-qv89",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-503xx/CVE-2024-50335.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-50335",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:07.060",
"lastModified": "2024-11-05T19:15:07.060",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The \"Publish Key\" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicious JavaScript code. This can be exploited to steal CSRF tokens and perform unauthorized actions, such as creating new administrative users without proper authentication. The vulnerability arises due to insufficient input validation and sanitization of the Publish Key field within the SuiteCRM application. When an attacker injects a malicious script, it gets executed within the context of an authenticated user's session. The injected script (o.js) then leverages the captured CSRF token to forge requests that create new administrative users, effectively compromising the integrity and security of the CRM instance. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/salesagility/SuiteCRM/security/advisories/GHSA-8rw6-g96j-3w7m",
"source": "security-advisories@github.com"
}
]
}

39
CVE-2024/CVE-2024-510xx/CVE-2024-51024.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51024",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T15:15:26.037",
"lastModified": "2024-11-05T16:04:26.053",
"lastModified": "2024-11-05T20:35:25.253",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/pjqwudi1/my_vuln/blob/main/D-link4/vuln_43/43.md",

21
CVE-2024/CVE-2024-512xx/CVE-2024-51240.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-51240",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T19:15:07.283",
"lastModified": "2024-11-05T19:15:07.283",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package"
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/VitoCrl/vulnerability_research/tree/main/CVE-2024-51240",
"source": "cve@mitre.org"
}
]
}

69
CVE-2024/CVE-2024-512xx/CVE-2024-51244.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51244",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T17:15:18.093",
"lastModified": "2024-11-04T17:35:31.740",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-05T19:28:09.403",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "467D1536-4AB7-47D8-8880-60391A68A457"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEECFBBC-5551-4135-9194-4216A39B04B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-512xx/CVE-2024-51245.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51245",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T17:15:18.237",
"lastModified": "2024-11-04T17:35:33.130",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-05T19:28:18.903",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "467D1536-4AB7-47D8-8880-60391A68A457"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEECFBBC-5551-4135-9194-4216A39B04B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-512xx/CVE-2024-51247.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51247",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T17:15:18.380",
"lastModified": "2024-11-04T17:35:35.743",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-05T19:28:25.143",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "467D1536-4AB7-47D8-8880-60391A68A457"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEECFBBC-5551-4135-9194-4216A39B04B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-512xx/CVE-2024-51248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51248",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T17:15:18.513",
"lastModified": "2024-11-04T17:35:37.110",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-05T19:28:29.730",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "467D1536-4AB7-47D8-8880-60391A68A457"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEECFBBC-5551-4135-9194-4216A39B04B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

69
CVE-2024/CVE-2024-512xx/CVE-2024-51252.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-51252",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-01T18:15:07.287",
"lastModified": "2024-11-04T21:35:11.177",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-11-05T20:54:38.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,10 +81,43 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:draytek:vigor3900_firmware:1.5.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "467D1536-4AB7-47D8-8880-60391A68A457"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:draytek:vigor3900:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FEECFBBC-5551-4135-9194-4216A39B04B9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/fu37kola/cve/blob/main/DrayTek/Vigor3900/1.5.1.3/DrayTek_Vigor_3900_1.5.1.3.pdf",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

21
CVE-2024/CVE-2024-513xx/CVE-2024-51379.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-51379",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T19:15:07.373",
"lastModified": "2024-11-05T19:15:07.373",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions."
}
],
"metrics": {},
"references": [
{
"url": "https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-3-stored-xss-description-component-de49d0077a96",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-513xx/CVE-2024-51380.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-51380",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T19:15:07.470",
"lastModified": "2024-11-05T19:15:07.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the injected script is executed in the admin's browser, which could lead to unauthorized actions, including account compromise and privilege escalation."
}
],
"metrics": {},
"references": [
{
"url": "https://hacking-notes.medium.com/cve-2024-51380-jatos-v3-9-3-stored-xss-properties-component-44aea338ee9c",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-513xx/CVE-2024-51381.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-51381",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T19:15:07.550",
"lastModified": "2024-11-05T19:15:07.550",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control."
}
],
"metrics": {},
"references": [
{
"url": "https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-513xx/CVE-2024-51382.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-51382",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-05T19:15:07.640",
"lastModified": "2024-11-05T19:15:07.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system."
}
],
"metrics": {},
"references": [
{
"url": "https://hacking-notes.medium.com/cve-2024-51382-jatos-v3-9-3-csrf-admin-password-reset-1adeff0386ed",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-514xx/CVE-2024-51493.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51493",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:07.730",
"lastModified": "2024-11-05T19:15:07.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-620"
}
]
}
],
"references": [
{
"url": "https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-cc6x-8cc7-9953",
"source": "security-advisories@github.com"
}
]
}

24
CVE-2024/CVE-2024-517xx/CVE-2024-51734.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-51734",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-04T23:15:05.213",
"lastModified": "2024-11-05T16:04:26.053",
"lastModified": "2024-11-05T20:35:26.167",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -59,6 +59,28 @@
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 0.0
}
]
},
"weaknesses": [

82
CVE-2024/CVE-2024-517xx/CVE-2024-51735.json Normal file
View File

@ -0,0 +1,82 @@
{
"id": "CVE-2024-51735",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:07.947",
"lastModified": "2024-11-05T19:15:07.947",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template.The contents of the files are read and used to generate the report. However, the file contents are not properly filtered, leading to XSS. This may lead to commands executed on the host as well. This issue is not yet resolved. Users are advised to add their own filtering or to reach out to the developer to aid in developing a patch."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
},
{
"lang": "en",
"value": "CWE-80"
}
]
}
],
"references": [
{
"url": "https://github.com/j3ssie/osmedeus/security/advisories/GHSA-wvv7-wm5v-w2gv",
"source": "security-advisories@github.com"
}
]
}

56
CVE-2024/CVE-2024-517xx/CVE-2024-51740.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-51740",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:08.087",
"lastModified": "2024-11-05T19:15:08.087",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"references": [
{
"url": "https://github.com/Combodo/iTop/security/advisories/GHSA-w9g8-mxm5-ph62",
"source": "security-advisories@github.com"
}
]
}

78
CVE-2024/CVE-2024-517xx/CVE-2024-51746.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-51746",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T19:15:08.300",
"lastModified": "2024-11-05T19:15:08.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payload. The search API returns entries that match either condition rather than both. When gitsign's credential cache is used, there can be multiple entries that use the same ephemeral keypair / signing certificate. As gitsign assumes both conditions are matched by Rekor, there is no additional validation that the entry's hash matches the payload being verified, meaning that the wrong entry can be used to successfully pass verification. Impact is minimal as while gitsign does not match the payload against the entry, it does ensure that the certificate matches. This would need to be exploited during the certificate validity window (10 minutes) by the key holder."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 1.8,
"baseSeverity": "LOW"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-706"
}
]
}
],
"references": [
{
"url": "https://github.com/sigstore/gitsign/security/advisories/GHSA-8pmp-678w-c8xx",
"source": "security-advisories@github.com"
}
]
}

86
CVE-2024/CVE-2024-517xx/CVE-2024-51752.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-51752",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T20:15:15.167",
"lastModified": "2024-11-05T20:15:15.167",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://github.com/workos/authkit-nextjs/commit/15a332632f7560b03cc6d8cc8da24fd2ac931da7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/workos/authkit-nextjs/releases/tag/v0.13.2",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/workos/authkit-nextjs/security/advisories/GHSA-5wmg-9cvh-qw25",
"source": "security-advisories@github.com"
}
]
}

86
CVE-2024/CVE-2024-517xx/CVE-2024-51753.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2024-51753",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-05T20:15:15.300",
"lastModified": "2024-11-05T20:15:15.300",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 2.1,
"baseSeverity": "LOW"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://github.com/workos/authkit-remix/commit/32d5bcd54c795c1e2a3204f8e3977ab9ad57ec06",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/workos/authkit-remix/releases/tag/v0.4.1",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/workos/authkit-remix/security/advisories/GHSA-v2qh-f584-6hj8",
"source": "security-advisories@github.com"
}
]
}

39
CVE-2024/CVE-2024-59xx/CVE-2024-5968.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-5968",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-10-09T06:15:13.563",
"lastModified": "2024-10-10T12:51:56.987",
"lastModified": "2024-11-05T19:36:16.320",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Photo Gallery by 10Web de WordPress anterior a la versi\u00f3n 1.8.28 no desinfecta ni escapa adecuadamente algunas de las configuraciones de la galer\u00eda, lo que podr\u00eda permitir que usuarios con privilegios elevados, como el administrador, realicen ataques de Cross-site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/db73e8d8-feb1-4daa-937e-a73969a93bcc/",

27
CVE-2024/CVE-2024-70xx/CVE-2024-7011.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7011",
"sourceIdentifier": "psirt-info@cyber.jp.nec.com",
"published": "2024-09-27T03:15:02.307",
"lastModified": "2024-09-30T12:46:20.237",
"lastModified": "2024-11-05T20:35:26.370",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Proyectores Sharp NEC (NP-CB4500UL, NP-CB4500WL, NP-CB4700UL, NP-P525UL, NP-P525UL+, NP-P525ULG, NP-P525ULJL, NP-P525WL, NP-P525WL+, NP-P525WLG, NP-P525WLJL, NP-CG6500UL, NP-CG6500WL, NP-CG6700UL, NP-P605UL, NP-P605UL+, NP-P605ULG, NP-P605ULJL, NP-CA4120X, NP-CA4160W, NP-CA4160X, NP-CA4200U, NP-CA4200W, NP-CA4202W, NP-CA4260X, NP-CA4300X, NP-CA4355X, NP-CD2100U, NP-CD2120X, NP-CD2300X, NP-CR2100X, NP-CR2170W, NP-CR2170X, NP-CR2200U, NP-CR2200W, NP-CR2280X, NP-CR2310X, NP-CR2350X, NP-MC302XG, NP-MC332WG, NP-MC332WJL, NP-MC342XG, NP-MC372X, NP-MC372XG, NP-MC382W, NP-MC382WG, NP-MC422XG, NP-ME342UG, NP-ME372W, NP-ME372WG, NP-ME372WJL, NP-ME382U, NP-ME382UG, NP-ME382UJL, NP-ME402X, NP-ME402XG, NP-ME402XJL, NP-CB4500XL, NP-CG6400UL, 400WL, NP-CG6500XL, NP-PE455UL, NP-PE455ULG, NP-PE455WL, NP-PE455WLG, NP-PE505XLG, NP-CB4600U, NP-CF6600U, NP-P474U, NP-P554U, NP-P554U+, NP-P554UG, NP-P554UJL, NP-CG6600UL, NP-P547UL, NP-P547ULG, NP-P547ULJL, NP-P607UL+, NP-P627UL, NP-P627UL+, NP-P627ULG, NP-P627ULJL, NP-PV710UL-B, B1, NP-PV710UL-W, NP-PV710UL-W+, NP-PV710UL-W1, NP-PV730UL-BJL, NP-PV730UL-WJL, NP-PV800UL-B, NP-PV800UL-B+, NP-PV800UL-B1, NP-PV800UL-BJL, NP-PV800UL-W, NP-PV800UL-W+, NP-PV800UL-W1, NP-PV800UL-WJL, NP-CA4200X, NP-CA4265X, NP-CA4300U, NP-CA4300W, NP-CA4305X, NP-CA4400X, NP-CD2125X, NP-CD2200W, NP-CD2300U, NP-CD2310X, NP-CR2105X, NP-CR2200X, NP-CR2205W, NP-CR2300U, NP-CR2300W, NP-CR2315X, NP-CR2400X, NP-MC333XG, NP-MC363XG, NP-MC393WJL, NP-MC423W, NP-MC423WG, NP-MC453X, NP-MC453X, NP-MC453XG, NP-MC453XJL, NP-ME383WG, NP-ME403U, NP-ME403UG, NP-ME403UJL, NP-ME423W, NP-ME423WG, NP-ME423WJL, NP-ME453X, NP-ME453XG, NP-CB4400USL, NP-CB4400WSL, NP-CB4510UL, NP-CB4510WL, NP-CB4510XL, NP-CB4550USL, NP-CB6700UL, NP-CG6510UL, NP-PE456USL, NP-PE456USLG, NP-PE456USLJL, NP-PE456WSLG, NP-PE506UL, NP-PE506ULG, NP-PE506ULJL, NP-PE506WL, NP-PE506WLG, NP-PE506WLJL) permite a un atacante provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS) a trav\u00e9s del servicio SNMP."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "psirt-info@cyber.jp.nec.com",

56
CVE-2024/CVE-2024-79xx/CVE-2024-7995.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-7995",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-11-05T20:15:15.423",
"lastModified": "2024-11-05T20:15:15.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "psirt@autodesk.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-426"
}
]
}
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0022",
"source": "psirt@autodesk.com"
}
]
}

103
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-11-05T19:00:20.554266+00:00
2024-11-05T21:00:20.445516+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-11-05T18:35:18.260000+00:00
2024-11-05T20:54:38.960000+00:00
```
### Last Data Feed Release
@ -33,69 +33,64 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
268363
268383
```
### CVEs added in the last Commit
Recently added CVEs: `56`
Recently added CVEs: `20`
- [CVE-2024-50118](CVE-2024/CVE-2024-501xx/CVE-2024-50118.json) (`2024-11-05T18:15:14.887`)
- [CVE-2024-50119](CVE-2024/CVE-2024-501xx/CVE-2024-50119.json) (`2024-11-05T18:15:14.957`)
- [CVE-2024-50120](CVE-2024/CVE-2024-501xx/CVE-2024-50120.json) (`2024-11-05T18:15:15.023`)
- [CVE-2024-50121](CVE-2024/CVE-2024-501xx/CVE-2024-50121.json) (`2024-11-05T18:15:15.080`)
- [CVE-2024-50122](CVE-2024/CVE-2024-501xx/CVE-2024-50122.json) (`2024-11-05T18:15:15.210`)
- [CVE-2024-50123](CVE-2024/CVE-2024-501xx/CVE-2024-50123.json) (`2024-11-05T18:15:15.367`)
- [CVE-2024-50124](CVE-2024/CVE-2024-501xx/CVE-2024-50124.json) (`2024-11-05T18:15:15.487`)
- [CVE-2024-50125](CVE-2024/CVE-2024-501xx/CVE-2024-50125.json) (`2024-11-05T18:15:15.550`)
- [CVE-2024-50126](CVE-2024/CVE-2024-501xx/CVE-2024-50126.json) (`2024-11-05T18:15:15.607`)
- [CVE-2024-50127](CVE-2024/CVE-2024-501xx/CVE-2024-50127.json) (`2024-11-05T18:15:15.670`)
- [CVE-2024-50128](CVE-2024/CVE-2024-501xx/CVE-2024-50128.json) (`2024-11-05T18:15:15.730`)
- [CVE-2024-50129](CVE-2024/CVE-2024-501xx/CVE-2024-50129.json) (`2024-11-05T18:15:15.797`)
- [CVE-2024-50130](CVE-2024/CVE-2024-501xx/CVE-2024-50130.json) (`2024-11-05T18:15:15.850`)
- [CVE-2024-50131](CVE-2024/CVE-2024-501xx/CVE-2024-50131.json) (`2024-11-05T18:15:15.917`)
- [CVE-2024-50132](CVE-2024/CVE-2024-501xx/CVE-2024-50132.json) (`2024-11-05T18:15:15.973`)
- [CVE-2024-50133](CVE-2024/CVE-2024-501xx/CVE-2024-50133.json) (`2024-11-05T18:15:16.030`)
- [CVE-2024-50134](CVE-2024/CVE-2024-501xx/CVE-2024-50134.json) (`2024-11-05T18:15:16.093`)
- [CVE-2024-50135](CVE-2024/CVE-2024-501xx/CVE-2024-50135.json) (`2024-11-05T18:15:16.153`)
- [CVE-2024-50136](CVE-2024/CVE-2024-501xx/CVE-2024-50136.json) (`2024-11-05T18:15:16.213`)
- [CVE-2024-50137](CVE-2024/CVE-2024-501xx/CVE-2024-50137.json) (`2024-11-05T18:15:16.277`)
- [CVE-2024-50138](CVE-2024/CVE-2024-501xx/CVE-2024-50138.json) (`2024-11-05T18:15:16.337`)
- [CVE-2024-51132](CVE-2024/CVE-2024-511xx/CVE-2024-51132.json) (`2024-11-05T17:15:07.310`)
- [CVE-2024-51362](CVE-2024/CVE-2024-513xx/CVE-2024-51362.json) (`2024-11-05T17:15:07.383`)
- [CVE-2024-51739](CVE-2024/CVE-2024-517xx/CVE-2024-51739.json) (`2024-11-05T18:15:16.547`)
- [CVE-2024-9579](CVE-2024/CVE-2024-95xx/CVE-2024-9579.json) (`2024-11-05T17:15:07.667`)
- [CVE-2024-0134](CVE-2024/CVE-2024-01xx/CVE-2024-0134.json) (`2024-11-05T19:15:05.203`)
- [CVE-2024-49377](CVE-2024/CVE-2024-493xx/CVE-2024-49377.json) (`2024-11-05T19:15:05.737`)
- [CVE-2024-49772](CVE-2024/CVE-2024-497xx/CVE-2024-49772.json) (`2024-11-05T19:15:05.970`)
- [CVE-2024-49773](CVE-2024/CVE-2024-497xx/CVE-2024-49773.json) (`2024-11-05T19:15:06.200`)
- [CVE-2024-49774](CVE-2024/CVE-2024-497xx/CVE-2024-49774.json) (`2024-11-05T19:15:06.410`)
- [CVE-2024-50332](CVE-2024/CVE-2024-503xx/CVE-2024-50332.json) (`2024-11-05T19:15:06.623`)
- [CVE-2024-50333](CVE-2024/CVE-2024-503xx/CVE-2024-50333.json) (`2024-11-05T19:15:06.840`)
- [CVE-2024-50335](CVE-2024/CVE-2024-503xx/CVE-2024-50335.json) (`2024-11-05T19:15:07.060`)
- [CVE-2024-51240](CVE-2024/CVE-2024-512xx/CVE-2024-51240.json) (`2024-11-05T19:15:07.283`)
- [CVE-2024-51379](CVE-2024/CVE-2024-513xx/CVE-2024-51379.json) (`2024-11-05T19:15:07.373`)
- [CVE-2024-51380](CVE-2024/CVE-2024-513xx/CVE-2024-51380.json) (`2024-11-05T19:15:07.470`)
- [CVE-2024-51381](CVE-2024/CVE-2024-513xx/CVE-2024-51381.json) (`2024-11-05T19:15:07.550`)
- [CVE-2024-51382](CVE-2024/CVE-2024-513xx/CVE-2024-51382.json) (`2024-11-05T19:15:07.640`)
- [CVE-2024-51493](CVE-2024/CVE-2024-514xx/CVE-2024-51493.json) (`2024-11-05T19:15:07.730`)
- [CVE-2024-51735](CVE-2024/CVE-2024-517xx/CVE-2024-51735.json) (`2024-11-05T19:15:07.947`)
- [CVE-2024-51740](CVE-2024/CVE-2024-517xx/CVE-2024-51740.json) (`2024-11-05T19:15:08.087`)
- [CVE-2024-51746](CVE-2024/CVE-2024-517xx/CVE-2024-51746.json) (`2024-11-05T19:15:08.300`)
- [CVE-2024-51752](CVE-2024/CVE-2024-517xx/CVE-2024-51752.json) (`2024-11-05T20:15:15.167`)
- [CVE-2024-51753](CVE-2024/CVE-2024-517xx/CVE-2024-51753.json) (`2024-11-05T20:15:15.300`)
- [CVE-2024-7995](CVE-2024/CVE-2024-79xx/CVE-2024-7995.json) (`2024-11-05T20:15:15.423`)
### CVEs modified in the last Commit
Recently modified CVEs: `77`
- [CVE-2024-50994](CVE-2024/CVE-2024-509xx/CVE-2024-50994.json) (`2024-11-05T17:35:20.363`)
- [CVE-2024-50995](CVE-2024/CVE-2024-509xx/CVE-2024-50995.json) (`2024-11-05T17:35:21.167`)
- [CVE-2024-50996](CVE-2024/CVE-2024-509xx/CVE-2024-50996.json) (`2024-11-05T17:35:21.940`)
- [CVE-2024-50997](CVE-2024/CVE-2024-509xx/CVE-2024-50997.json) (`2024-11-05T17:35:22.727`)
- [CVE-2024-50998](CVE-2024/CVE-2024-509xx/CVE-2024-50998.json) (`2024-11-05T17:35:23.530`)
- [CVE-2024-50999](CVE-2024/CVE-2024-509xx/CVE-2024-50999.json) (`2024-11-05T17:35:24.530`)
- [CVE-2024-51000](CVE-2024/CVE-2024-510xx/CVE-2024-51000.json) (`2024-11-05T17:35:25.467`)
- [CVE-2024-51001](CVE-2024/CVE-2024-510xx/CVE-2024-51001.json) (`2024-11-05T17:35:26.337`)
- [CVE-2024-51326](CVE-2024/CVE-2024-513xx/CVE-2024-51326.json) (`2024-11-05T18:35:15.287`)
- [CVE-2024-51327](CVE-2024/CVE-2024-513xx/CVE-2024-51327.json) (`2024-11-05T18:35:16.387`)
- [CVE-2024-51398](CVE-2024/CVE-2024-513xx/CVE-2024-51398.json) (`2024-11-05T18:35:17.420`)
- [CVE-2024-51399](CVE-2024/CVE-2024-513xx/CVE-2024-51399.json) (`2024-11-05T18:35:18.260`)
- [CVE-2024-51502](CVE-2024/CVE-2024-515xx/CVE-2024-51502.json) (`2024-11-05T17:35:27.493`)
- [CVE-2024-52016](CVE-2024/CVE-2024-520xx/CVE-2024-52016.json) (`2024-11-05T17:35:27.993`)
- [CVE-2024-52017](CVE-2024/CVE-2024-520xx/CVE-2024-52017.json) (`2024-11-05T17:35:29.290`)
- [CVE-2024-52018](CVE-2024/CVE-2024-520xx/CVE-2024-52018.json) (`2024-11-05T17:35:30.507`)
- [CVE-2024-52019](CVE-2024/CVE-2024-520xx/CVE-2024-52019.json) (`2024-11-05T17:35:31.593`)
- [CVE-2024-5578](CVE-2024/CVE-2024-55xx/CVE-2024-5578.json) (`2024-11-05T17:35:32.760`)
- [CVE-2024-7587](CVE-2024/CVE-2024-75xx/CVE-2024-7587.json) (`2024-11-05T17:24:52.503`)
- [CVE-2024-9191](CVE-2024/CVE-2024-91xx/CVE-2024-9191.json) (`2024-11-05T17:06:41.363`)
- [CVE-2024-9235](CVE-2024/CVE-2024-92xx/CVE-2024-9235.json) (`2024-11-05T17:36:01.270`)
- [CVE-2024-9302](CVE-2024/CVE-2024-93xx/CVE-2024-9302.json) (`2024-11-05T17:39:17.120`)
- [CVE-2024-9584](CVE-2024/CVE-2024-95xx/CVE-2024-9584.json) (`2024-11-05T17:04:31.937`)
- [CVE-2024-9585](CVE-2024/CVE-2024-95xx/CVE-2024-9585.json) (`2024-11-05T17:05:59.960`)
- [CVE-2024-9607](CVE-2024/CVE-2024-96xx/CVE-2024-9607.json) (`2024-11-05T17:40:57.777`)
- [CVE-2024-36485](CVE-2024/CVE-2024-364xx/CVE-2024-36485.json) (`2024-11-05T19:44:35.830`)
- [CVE-2024-42420](CVE-2024/CVE-2024-424xx/CVE-2024-42420.json) (`2024-11-05T19:39:31.913`)
- [CVE-2024-43424](CVE-2024/CVE-2024-434xx/CVE-2024-43424.json) (`2024-11-05T19:39:33.873`)
- [CVE-2024-45829](CVE-2024/CVE-2024-458xx/CVE-2024-45829.json) (`2024-11-05T19:38:57.827`)
- [CVE-2024-45842](CVE-2024/CVE-2024-458xx/CVE-2024-45842.json) (`2024-11-05T19:37:13.447`)
- [CVE-2024-45918](CVE-2024/CVE-2024-459xx/CVE-2024-45918.json) (`2024-11-05T20:35:23.220`)
- [CVE-2024-47005](CVE-2024/CVE-2024-470xx/CVE-2024-47005.json) (`2024-11-05T19:36:41.127`)
- [CVE-2024-47406](CVE-2024/CVE-2024-474xx/CVE-2024-47406.json) (`2024-11-05T19:36:13.840`)
- [CVE-2024-47549](CVE-2024/CVE-2024-475xx/CVE-2024-47549.json) (`2024-11-05T19:40:52.070`)
- [CVE-2024-47801](CVE-2024/CVE-2024-478xx/CVE-2024-47801.json) (`2024-11-05T19:34:53.927`)
- [CVE-2024-48312](CVE-2024/CVE-2024-483xx/CVE-2024-48312.json) (`2024-11-05T20:35:24.200`)
- [CVE-2024-48870](CVE-2024/CVE-2024-488xx/CVE-2024-48870.json) (`2024-11-05T19:34:38.287`)
- [CVE-2024-48878](CVE-2024/CVE-2024-488xx/CVE-2024-48878.json) (`2024-11-05T19:44:58.650`)
- [CVE-2024-48948](CVE-2024/CVE-2024-489xx/CVE-2024-48948.json) (`2024-11-05T19:36:14.127`)
- [CVE-2024-49767](CVE-2024/CVE-2024-497xx/CVE-2024-49767.json) (`2024-11-05T20:03:04.847`)
- [CVE-2024-50066](CVE-2024/CVE-2024-500xx/CVE-2024-50066.json) (`2024-11-05T20:19:07.983`)
- [CVE-2024-51024](CVE-2024/CVE-2024-510xx/CVE-2024-51024.json) (`2024-11-05T20:35:25.253`)
- [CVE-2024-51244](CVE-2024/CVE-2024-512xx/CVE-2024-51244.json) (`2024-11-05T19:28:09.403`)
- [CVE-2024-51245](CVE-2024/CVE-2024-512xx/CVE-2024-51245.json) (`2024-11-05T19:28:18.903`)
- [CVE-2024-51247](CVE-2024/CVE-2024-512xx/CVE-2024-51247.json) (`2024-11-05T19:28:25.143`)
- [CVE-2024-51248](CVE-2024/CVE-2024-512xx/CVE-2024-51248.json) (`2024-11-05T19:28:29.730`)
- [CVE-2024-51252](CVE-2024/CVE-2024-512xx/CVE-2024-51252.json) (`2024-11-05T20:54:38.960`)
- [CVE-2024-51734](CVE-2024/CVE-2024-517xx/CVE-2024-51734.json) (`2024-11-05T20:35:26.167`)
- [CVE-2024-5968](CVE-2024/CVE-2024-59xx/CVE-2024-5968.json) (`2024-11-05T19:36:16.320`)
- [CVE-2024-7011](CVE-2024/CVE-2024-70xx/CVE-2024-7011.json) (`2024-11-05T20:35:26.370`)
## Download and Usage

438
_state.csv
View File

File diff suppressed because it is too large Load Diff