admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-09-16T16:00:18.117813+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-09-16 16:03:16 +00:00
parent e5c06e9737
commit 87c90daf8f
117 changed files with 2749 additions and 833 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
CVE-2023/CVE-2023-20xx/CVE-2023-2042.json
View File

@ -2,16 +2,60 @@
"id": "CVE-2023-2042",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-04-14T10:15:09.837",
"lastModified": "2024-05-17T02:22:36.040",
"lastModified": "2024-09-16T15:15:13.047",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in DataGear up to 4.5.1. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-225920. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
"value": "A vulnerability, which was classified as problematic, has been found in DataGear up to 4.7.0/5.1.0. Affected by this issue is some unknown functionality of the component JDBC Server Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
@ -132,6 +176,10 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?submit.109292",
"source": "cna@vuldb.com"
}
]
}

14
CVE-2023/CVE-2023-218xx/CVE-2023-21842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21842",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-01-18T00:15:13.650",
"lastModified": "2023-01-24T19:24:37.147",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:01.747",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-219xx/CVE-2023-21925.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21925",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:13.510",
"lastModified": "2023-04-20T13:34:35.200",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:02.663",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-219xx/CVE-2023-21964.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21964",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:16.173",
"lastModified": "2023-04-19T14:30:52.223",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:03.420",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-219xx/CVE-2023-21969.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21969",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:16.547",
"lastModified": "2023-04-19T18:02:35.520",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:04.267",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-219xx/CVE-2023-21979.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21979",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:17.160",
"lastModified": "2023-04-19T18:07:55.163",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:05.713",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"configurations": [

12
CVE-2023/CVE-2023-219xx/CVE-2023-21980.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-21980",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:17.227",
"lastModified": "2023-04-27T15:15:12.407",
"lastModified": "2024-09-16T15:35:06.437",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-219xx/CVE-2023-21985.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21985",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:17.517",
"lastModified": "2023-04-20T15:41:50.613",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:07.530",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-219xx/CVE-2023-21987.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21987",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:17.673",
"lastModified": "2023-04-20T17:29:27.427",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:08.380",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -65,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-219xx/CVE-2023-21990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-21990",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2023-04-18T20:15:17.900",
"lastModified": "2023-04-20T17:39:43.783",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:09.307",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-22xx/CVE-2023-2290.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2290",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:09.867",
"lastModified": "2023-07-05T17:22:10.923",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:15:13.293",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -72,7 +72,7 @@
"description": [
{
"lang": "en",
"value": "CWE-119"
"value": "CWE-787"
}
]
}

6
CVE-2023/CVE-2023-254xx/CVE-2023-25493.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-25493",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-04-05T21:15:07.607",
"lastModified": "2024-04-08T18:49:25.863",
"lastModified": "2024-09-16T15:15:12.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "\nA potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code. \n\n"
"value": "A potential vulnerability was reported in the BIOS update tool driver for some Desktop, Smart Edge, Smart Office, and ThinkStation products that could allow a local user with elevated privileges to execute arbitrary code."
},
{
"lang": "es",
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-287"
"value": "CWE-306"
}
]
}

6
CVE-2023/CVE-2023-29xx/CVE-2023-2992.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2992",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-06-26T20:15:09.933",
"lastModified": "2023-07-05T17:27:57.377",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:15:13.580",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -72,7 +72,7 @@
"description": [
{
"lang": "en",
"value": "CWE-400"
"value": "CWE-405"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3628.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3628",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T14:15:08.323",
"lastModified": "2024-01-25T14:15:25.900",
"lastModified": "2024-09-16T14:15:11.667",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -165,10 +165,6 @@
"tags": [
"Issue Tracking"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0004/",
"source": "secalert@redhat.com"
}
]
}

6
CVE-2023/CVE-2023-36xx/CVE-2023-3629.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3629",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T14:15:08.557",
"lastModified": "2024-01-25T14:15:26.017",
"lastModified": "2024-09-16T14:15:11.800",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -165,10 +165,6 @@
"tags": [
"Issue Tracking"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0004/",
"source": "secalert@redhat.com"
}
]
}

13
CVE-2023/CVE-2023-39xx/CVE-2023-3961.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-3961",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T13:15:08.723",
"lastModified": "2024-01-02T21:15:08.913",
"lastModified": "2024-09-16T15:15:13.740",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -206,17 +206,6 @@
"Issue Tracking"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0002/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-3961.html",
"source": "secalert@redhat.com",

17
CVE-2023/CVE-2023-40xx/CVE-2023-4091.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4091",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-03T08:15:08.197",
"lastModified": "2024-04-22T16:15:13.120",
"lastModified": "2024-09-16T15:15:15.190",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -205,21 +205,6 @@
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0002/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-4091.html",
"source": "secalert@redhat.com",

14
CVE-2023/CVE-2023-416xx/CVE-2023-41629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-41629",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-17T22:15:17.057",
"lastModified": "2023-10-23T18:28:03.807",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:10.540",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-34"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-426xx/CVE-2023-42669.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42669",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-11-06T07:15:09.137",
"lastModified": "2023-11-24T09:15:08.710",
"lastModified": "2024-09-16T15:15:13.973",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -216,10 +216,6 @@
"Issue Tracking"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231124-0002/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.samba.org/samba/security/CVE-2023-42669.html",
"source": "secalert@redhat.com",

6
CVE-2023/CVE-2023-437xx/CVE-2023-43785.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43785",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-10T13:15:21.877",
"lastModified": "2024-05-22T17:16:04.760",
"lastModified": "2024-09-16T15:15:14.147",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -157,10 +157,6 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0006/",
"source": "secalert@redhat.com"
}
]
}

14
CVE-2023/CVE-2023-437xx/CVE-2023-43786.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43786",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-10T13:15:22.023",
"lastModified": "2024-05-22T17:16:04.927",
"lastModified": "2024-09-16T15:15:14.303",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -135,10 +135,6 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/9",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2145",
"source": "secalert@redhat.com"
@ -161,14 +157,6 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0006/",
"source": "secalert@redhat.com"
}
]
}

14
CVE-2023/CVE-2023-437xx/CVE-2023-43787.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43787",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-10T13:15:22.083",
"lastModified": "2024-05-22T17:16:05.057",
"lastModified": "2024-09-16T15:15:14.430",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -135,10 +135,6 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/01/24/9",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:2145",
"source": "secalert@redhat.com"
@ -161,14 +157,6 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://jfrog.com/blog/xorg-libx11-vulns-cve-2023-43786-cve-2023-43787-part-two/",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20231103-0006/",
"source": "secalert@redhat.com"
}
]
}

40
CVE-2023/CVE-2023-437xx/CVE-2023-43788.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43788",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-10T13:15:22.137",
"lastModified": "2024-05-22T17:16:05.223",
"lastModified": "2024-09-16T15:15:14.557",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -175,44 +175,6 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V6FARGWN7VWXXWPXYNEEDJLRR3EWFZ3T/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

18
CVE-2023/CVE-2023-437xx/CVE-2023-43789.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-43789",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-12T12:15:10.710",
"lastModified": "2024-05-22T17:16:05.443",
"lastModified": "2024-09-16T15:15:14.720",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -165,22 +165,6 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/63IBRFLQVZSMOAZBZOBKFWJP26ILRAGQ/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I3KFUQT42R7TB4D7RISNSBQFJGLTQGUL/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TFAJTBNO3PAIA6EGZR4PN62H6RLKNDTE/",
"source": "secalert@redhat.com"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZECBCLDYUGLDSVV75ECPIBW7JXOB3747/",
"source": "secalert@redhat.com"
}
]
}

24
CVE-2023/CVE-2023-456xx/CVE-2023-45685.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45685",
"sourceIdentifier": "cve@rapid7.com",
"published": "2023-10-16T17:15:09.963",
"lastModified": "2023-10-24T15:10:57.873",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:35:13.577",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},

46
CVE-2023/CVE-2023-45xx/CVE-2023-4527.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4527",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.067",
"lastModified": "2023-12-28T16:23:01.123",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T14:15:12.243",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -390,13 +390,6 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/09/25/1",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com",
@ -426,41 +419,6 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-03",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231116-0012/",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-461xx/CVE-2023-46147.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-46147",
"sourceIdentifier": "audit@patchstack.com",
"published": "2023-12-20T14:15:20.570",
"lastModified": "2023-12-28T20:04:49.337",
"lastModified": "2024-09-16T14:11:43.620",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -80,9 +80,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:themify:themify_ultra:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:themify:ultra:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "7.3.6",
"matchCriteriaId": "476E8D1A-BD6B-4ED7-80C0-0C89F676F2CD"
"matchCriteriaId": "141F4483-FACB-445C-885E-91D406DBA04E"
}
]
}

62
CVE-2023/CVE-2023-48xx/CVE-2023-4806.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-4806",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-18T17:15:55.813",
"lastModified": "2024-01-25T14:15:26.360",
"lastModified": "2024-09-16T14:15:12.460",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -259,34 +259,6 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/4",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/5",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/6",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/8",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com",
@ -319,38 +291,6 @@
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-03",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0008/",
"source": "secalert@redhat.com"
}
]
}

19
CVE-2023/CVE-2023-48xx/CVE-2023-4813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4813",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-09-12T22:15:08.277",
"lastModified": "2024-01-21T01:49:46.697",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T14:15:12.617",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -325,14 +325,6 @@
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/8",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com",
@ -369,13 +361,6 @@
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231110-0003/",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
}
]
}

125
CVE-2023/CVE-2023-49xx/CVE-2023-4911.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-4911",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-10-03T18:15:10.463",
"lastModified": "2024-02-22T20:18:58.020",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T14:15:12.840",
"vulnStatus": "Modified",
"cveTags": [],
"cisaExploitAdd": "2023-11-21",
"cisaActionDue": "2023-12-12",
@ -210,83 +210,6 @@
}
],
"references": [
{
"url": "http://packetstormsecurity.com/files/174986/glibc-ld.so-Local-Privilege-Escalation.html",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "http://packetstormsecurity.com/files/176288/Glibc-Tunables-Privilege-Escalation.html",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "http://seclists.org/fulldisclosure/2023/Oct/11",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/2",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/03/3",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/05/1",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/13/11",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/3",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/5",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2023/10/14/6",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2023:5453",
"source": "secalert@redhat.com",
@ -338,50 +261,6 @@
"Third Party Advisory"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DFG4P76UHHZEWQ26FWBXG76N2QLKKPZA/",
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Mailing List"
]
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List"
]
},
{
"url": "https://security.gentoo.org/glsa/202310-03",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20231013-0006/",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://www.debian.org/security/2023/dsa-5514",
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt",
"source": "secalert@redhat.com",

16
CVE-2023/CVE-2023-50xx/CVE-2023-5078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5078",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2023-11-08T22:15:11.957",
"lastModified": "2023-11-16T18:01:15.060",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:15:15.367",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -59,18 +59,6 @@
}
]
},
"weaknesses": [
{
"source": "psirt@lenovo.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
}
],
"configurations": [
{
"operator": "AND",

6
CVE-2023/CVE-2023-50xx/CVE-2023-5080.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5080",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-19T20:15:12.017",
"lastModified": "2024-01-26T16:02:33.997",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:15:15.590",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -76,7 +76,7 @@
"description": [
{
"lang": "en",
"value": "CWE-269"
"value": "CWE-266"
}
]
}

6
CVE-2023/CVE-2023-50xx/CVE-2023-5081.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5081",
"sourceIdentifier": "psirt@lenovo.com",
"published": "2024-01-19T20:15:12.230",
"lastModified": "2024-01-26T16:02:59.793",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:15:15.767",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -56,7 +56,7 @@
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-497"
}
]
}

12
CVE-2023/CVE-2023-51xx/CVE-2023-5115.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-5115",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T14:15:10.500",
"lastModified": "2023-12-29T17:57:50.077",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T15:15:15.890",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -232,14 +232,6 @@
"tags": [
"Issue Tracking"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html",
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

6
CVE-2023/CVE-2023-52xx/CVE-2023-5236.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-5236",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-18T14:15:10.917",
"lastModified": "2024-01-25T14:15:26.617",
"lastModified": "2024-09-16T14:15:13.093",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -150,10 +150,6 @@
"tags": [
"Issue Tracking"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240125-0004/",
"source": "secalert@redhat.com"
}
]
}

30
CVE-2024/CVE-2024-15xx/CVE-2024-1578.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-1578",
"sourceIdentifier": "4586e0a2-224d-4f8a-9cb4-8882b208c0b3",
"published": "2024-09-16T07:15:02.030",
"lastModified": "2024-09-16T07:15:02.030",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:35:14.853",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MiCard PLUS Ci and MiCard PLUS BLE reader products developed by rf IDEAS and rebranded by NT-ware have a firmware fault that may result in characters randomly being dropped from some ID card reads, which would result in the wrong ID card number being assigned during ID card self-registration and might result in failed login attempts for end-users. Random characters being dropped from ID card numbers compromises the uniqueness of ID cards that can, therefore, result in a security issue if the users are using the \u2018ID card self-registration\u2019 function."
},
{
"lang": "es",
"value": "Los lectores MiCard PLUS Ci y MiCard PLUS BLE desarrollados por rf IDEAS y renombrados por NT-ware tienen un fallo de firmware que puede provocar que se eliminen caracteres de forma aleatoria en algunas lecturas de tarjetas de identificaci\u00f3n, lo que dar\u00eda lugar a que se asignara un n\u00famero de tarjeta de identificaci\u00f3n incorrecto durante el autorregistro de la tarjeta de identificaci\u00f3n y podr\u00eda provocar intentos fallidos de inicio de sesi\u00f3n para los usuarios finales. La eliminaci\u00f3n aleatoria de caracteres de los n\u00fameros de tarjeta de identificaci\u00f3n compromete la unicidad de las tarjetas de identificaci\u00f3n, lo que puede, por lo tanto, generar un problema de seguridad si los usuarios utilizan la funci\u00f3n de \"autorregistro de tarjeta de identificaci\u00f3n\"."
}
],
"metrics": {
@ -55,6 +59,28 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L",
"attackVector": "PHYSICAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 4.7
}
]
},
"weaknesses": [

4
CVE-2024/CVE-2024-223xx/CVE-2024-22399.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22399",
"sourceIdentifier": "security@apache.org",
"published": "2024-09-16T12:15:02.530",
"lastModified": "2024-09-16T12:15:02.530",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

52
CVE-2024/CVE-2024-272xx/CVE-2024-27257.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27257",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-10T15:15:15.570",
"lastModified": "2024-09-10T15:50:47.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T14:26:15.400",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -41,8 +41,18 @@
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "psirt@us.ibm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,14 +61,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:openpages_grc_platform:*:*:*:*:*:*:*:*",
"versionStartIncluding": "8.3",
"versionEndExcluding": "8.3.0.2",
"matchCriteriaId": "D7B42C86-1171-4BF2-9502-0E3573E7A4BE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ibm:openpages_with_watson:*:*:*:*:*:*:*:*",
"versionStartIncluding": "9.0",
"versionEndExcluding": "9.0.0.3",
"matchCriteriaId": "D8FAA3AA-5EB1-470F-A0C1-A6D5F26C22D5"
}
]
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/283966",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.ibm.com/support/pages/node/7167702",
"source": "psirt@us.ibm.com"
"source": "psirt@us.ibm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

33
CVE-2024/CVE-2024-297xx/CVE-2024-29779.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-29779",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-13T21:15:10.273",
"lastModified": "2024-09-14T11:47:14.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-16T15:35:15.137",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "there is a possible escalation of privilege due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "Existe una posible escalada de privilegios debido a una causa ra\u00edz inusual. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-09-01",

60
CVE-2024/CVE-2024-383xx/CVE-2024-38315.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-38315",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-09-16T15:15:16.087",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/294742",
"source": "psirt@us.ibm.com"
},
{
"url": "https://www.ibm.com/support/pages/node/7168379",
"source": "psirt@us.ibm.com"
}
]
}

58
CVE-2024/CVE-2024-395xx/CVE-2024-39574.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39574",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-10T09:15:02.290",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T15:59:10.653",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:insightiq:5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "48BEF25F-9AFD-4436-9668-627CD87E14F2"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-395xx/CVE-2024-39580.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39580",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-10T09:15:02.740",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T15:40:09.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:insightiq:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "6A736FD4-A93E-4879-859B-7D3FEAF28975"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2024/CVE-2024-395xx/CVE-2024-39581.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39581",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-10T09:15:02.993",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T15:50:55.350",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:insightiq:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "6A736FD4-A93E-4879-859B-7D3FEAF28975"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

46
CVE-2024/CVE-2024-395xx/CVE-2024-39582.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39582",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-10T09:15:03.243",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T15:36:21.687",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:insightiq:5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCDE7D0-133C-4BDA-AD64-0CF9489A091B"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

48
CVE-2024/CVE-2024-395xx/CVE-2024-39583.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-39583",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-10T09:15:03.513",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T15:42:06.347",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -51,10 +71,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:insightiq:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.0",
"versionEndExcluding": "5.1.1",
"matchCriteriaId": "6A736FD4-A93E-4879-859B-7D3FEAF28975"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228412/dsa-2024-360-security-update-for-dell-powerscale-insightiq-for-multiple-security-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-396xx/CVE-2024-39613.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-39613",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-09-16T07:15:02.373",
"lastModified": "2024-09-16T07:15:02.373",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop App versions <=5.8.0 fail to\u00a0specify an absolute path when searching the cmd.exe file, which allows a local attacker who is able to put an cmd.exe file in the Downloads folder of a user's machine to cause remote code execution on that machine."
},
{
"lang": "es",
"value": "Las versiones de la aplicaci\u00f3n de escritorio Mattermost &lt;=5.8.0 no pueden especificar una ruta absoluta al buscar el archivo cmd.exe, lo que permite que un atacante local que pueda colocar un archivo cmd.exe en la carpeta Descargas de la m\u00e1quina de un usuario provoque la ejecuci\u00f3n remota de c\u00f3digo en esa m\u00e1quina."
}
],
"metrics": {

56
CVE-2024/CVE-2024-397xx/CVE-2024-39772.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-39772",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-09-16T15:15:16.350",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop App versions <=5.8.0 fail to safeguard screen capture functionality which allows an attacker to silently capture high-quality screenshots via JavaScript APIs."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

121
CVE-2024/CVE-2024-417xx/CVE-2024-41728.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41728",
"sourceIdentifier": "cna@sap.com",
"published": "2024-09-10T04:15:04.470",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T14:14:52.840",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -51,14 +71,107 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:700:*:*:*:*:*:*:*",
"matchCriteriaId": "C5A3C915-0E5F-4B1A-B1EB-5ADEA517F620"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:701:*:*:*:*:*:*:*",
"matchCriteriaId": "98B2522A-B850-4EC2-B2F2-5EBF36801B39"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*",
"matchCriteriaId": "421A5354-F764-402B-A3A4-2D746EACEB46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:*",
"matchCriteriaId": "48DFFD36-0A4A-417F-9BC5-77FD4152B637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:912:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F8173D-96E8-4194-9927-681AFF56B3F0"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3496410",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Patch"
]
}
]
}

148
CVE-2024/CVE-2024-421xx/CVE-2024-42137.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42137",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:05.583",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T14:01:40.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,161 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Bluetooth: qca: corrija el error de habilitaci\u00f3n de BT nuevamente para QCA6390 despu\u00e9s de un reinicio en caliente. La confirmaci\u00f3n 272970be3dab (\"Bluetooth: hci_qca: corrija el apagado del controlador en un serdev cerrado\") causar\u00e1 el siguiente problema de regresi\u00f3n: BT puede No se habilitar\u00e1 despu\u00e9s de los pasos siguientes: arranque en fr\u00edo -&gt; habilitar BT -&gt; deshabilitar BT -&gt; reinicio en caliente -&gt; falla de habilitaci\u00f3n de BT si la propiedad enable-gpios no est\u00e1 configurada dentro de DT|ACPI para QCA6390. El compromiso es solucionar un problema de use after free dentro de qca_serdev_shutdown() agregando una condici\u00f3n para evitar que el serdev se vac\u00ede o escriba despu\u00e9s de cerrarse, pero tambi\u00e9n introduce este problema de regresi\u00f3n con respecto a los pasos anteriores, ya que el VSC no se env\u00eda para restablecer el controlador durante el reinicio en caliente. . Se solucion\u00f3 enviando el VSC para restablecer el controlador dentro de qca_serdev_shutdown() una vez que BT estuvo habilitado, y el problema de use after free tambi\u00e9n se solucion\u00f3 con este cambio ya que el serdev todav\u00eda est\u00e1 abierto antes de vaciarse o escribirse. Verificado por la computadora port\u00e1til Dell XPS 13 9310 de la m\u00e1quina informada en las siguientes dos confirmaciones del kernel: confirmaci\u00f3n e00fc2700a3f (\"Bluetooth: btusb: soluci\u00f3n de activaci\u00f3n de la implementaci\u00f3n de coredump para QCA\") del \u00e1rbol siguiente de bluetooth. confirme b23d98d46d28 (\"Bluetooth: btusb: soluci\u00f3n que activa la implementaci\u00f3n de coredump para QCA\") del \u00e1rbol principal de Linux."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.165",
"versionEndExcluding": "5.10.222",
"matchCriteriaId": "CF05EAFA-9345-4303-8E4A-118C81B5FDC8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.90",
"versionEndExcluding": "5.15.163",
"matchCriteriaId": "F190A745-DE5B-4FA4-B504-04D029449519"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.8",
"versionEndExcluding": "6.1.98",
"matchCriteriaId": "7D6B9E05-F2EB-4D2B-94B9-4CB17D7D13C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.39",
"matchCriteriaId": "29E894E4-668F-4DB0-81F7-4FB5F698E970"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.9",
"matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2EBB4392-5FA6-4DA9-9772-8F9C750109FA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc2:*:*:*:*:*:*",
"matchCriteriaId": "331C2F14-12C7-45D5-893D-8C52EE38EA10"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3173713D-909A-4DD3-9DD4-1E171EB057EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc4:*:*:*:*:*:*",
"matchCriteriaId": "79F18AFA-40F7-43F0-BA30-7BDB65F918B9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc5:*:*:*:*:*:*",
"matchCriteriaId": "BD973AA4-A789-49BD-8D57-B2846935D3C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.10:rc6:*:*:*:*:*:*",
"matchCriteriaId": "8F3E9E0C-AC3E-4967-AF80-6483E8AB0078"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/215a26c2404fa34625c725d446967fa328a703eb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4ca6013cd18e58ac1044908c40d4006a92093a11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/88e72239ead9814b886db54fc4ee39ef3c2b8f26",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/977b9dc65e14fb80de4763d949c7dec2ecb15b9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e2d8aa4c763593704ac21e7591aed4f13e32f3b5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e6e200b264271f62a3fadb51ada9423015ece37b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

81
CVE-2024/CVE-2024-421xx/CVE-2024-42144.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42144",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-30T08:15:06.157",
"lastModified": "2024-07-30T13:32:45.943",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T14:12:56.537",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,88 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Thermal/drivers/mediatek/lvts_thermal: Verifique NULL ptr en lvts_data Verifique que lvts_data no sea NULL antes de usarlo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.39",
"matchCriteriaId": "AFFE1388-D45B-4287-88F7-BBA975D80E4C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.9.9",
"matchCriteriaId": "ADCC1407-0CB3-4C8F-B4C5-07F682CD7085"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/79ef1a5593fdb8aa4dbccf6085c48f1739338bc9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a1191a77351e25ddf091bb1a231cae12ee598b5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fd7ae1cabfedd727be5bee774c87acbc7b10b886",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

99
CVE-2024/CVE-2024-424xx/CVE-2024-42425.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42425",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-10T09:15:03.777",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T15:46:03.110",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
@ -41,8 +61,18 @@
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
},
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +81,71 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:precision_7920_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.22.1",
"matchCriteriaId": "BC189661-C4D5-4711-B34A-472F81F2A134"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:precision_7920:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0BCCF11B-05BD-4E70-AD26-6B26A7E701FA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:7920_xl_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.22.1",
"matchCriteriaId": "19274738-5950-4F0C-B721-5668789F5453"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:dell:7920_xl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2BB0803-F5C9-4D65-8462-971BCB19B824"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227015/dsa-2024-328",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-424xx/CVE-2024-42474.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-42474",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-08-12T17:15:17.513",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T14:30:13.683",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
],
"cvssMetricV30": [
{
"source": "security-advisories@github.com",
@ -40,6 +62,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +83,50 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:snowflake:streamlit:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.37.0",
"matchCriteriaId": "B5071B4F-8442-43A8-9567-C30F381E2C97"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/streamlit/streamlit/commit/3a639859cfdfba2187c81897d44a3e33825eb0a3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/streamlit/streamlit/security/advisories/GHSA-rxff-vr5r-8cj5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-440xx/CVE-2024-44053.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44053",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:02.013",
"lastModified": "2024-09-15T09:15:02.013",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mohammad Arif Opor Ayam allows Reflected XSS.This issue affects Opor Ayam: from n/a through 1.8."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Mohammad Arif Opor Ayam permite XSS reflejado. Este problema afecta a Opor Ayam: desde n/a hasta 1.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44054.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44054",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:02.290",
"lastModified": "2024-09-15T09:15:02.290",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Fluida allows Stored XSS.This issue affects Fluida: from n/a through 1.8.8."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Fluida permite XSS almacenado. Este problema afecta a Fluida: desde n/a hasta 1.8.8."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44056.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44056",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:02.800",
"lastModified": "2024-09-15T09:15:02.800",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Mantra allows Stored XSS.This issue affects Mantra: from n/a through 3.3.2."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CryoutCreations Mantra permite XSS almacenado. Este problema afecta a Mantra: desde n/a hasta 3.3.2."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44057.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44057",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:03.270",
"lastModified": "2024-09-15T09:15:03.270",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Nirvana allows Stored XSS.This issue affects Nirvana: from n/a through 1.6.3."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Nirvana de CryoutCreations permite XSS almacenado. Este problema afecta a Nirvana: desde n/a hasta 1.6.3."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44058.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44058",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:03.883",
"lastModified": "2024-09-15T09:15:03.883",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CryoutCreations Parabola allows Stored XSS.This issue affects Parabola: from n/a through 2.4.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Parabola de CryoutCreations permite XSS almacenado. Este problema afecta a Parabola: desde n/a hasta 2.4.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44059.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44059",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T09:15:04.613",
"lastModified": "2024-09-15T09:15:04.613",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MediaRon LLC Custom Query Blocks allows Stored XSS.This issue affects Custom Query Blocks: from n/a through 5.3.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en MediaRon LLC Custom Query Blocks permite XSS almacenado. Este problema afecta a Custom Query Blocks: desde n/a hasta 5.3.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44060.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44060",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:11.367",
"lastModified": "2024-09-15T08:15:11.367",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Jennifer Hall Filmix allows Reflected XSS.This issue affects Filmix: from n/a through 1.1."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Jennifer Hall Filmix permite XSS reflejado. Este problema afecta a Filmix: desde n/a hasta 1.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44062.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44062",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:12.710",
"lastModified": "2024-09-15T08:15:12.710",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6.5."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Hiroaki Miyashita Custom Field Template permite XSS almacenado. Este problema afecta a Custom Field Template: desde n/a hasta 2.6.5."
}
],
"metrics": {

8
CVE-2024/CVE-2024-440xx/CVE-2024-44063.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-44063",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:12.940",
"lastModified": "2024-09-15T08:15:12.940",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Happyforms allows Stored XSS.This issue affects Happyforms: from n/a through 1.26.0."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Happyforms permite XSS almacenado. Este problema afecta a Happyforms: desde n/a hasta 1.26.0."
}
],
"metrics": {

45
CVE-2024/CVE-2024-440xx/CVE-2024-44092.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-44092",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-13T21:15:10.560",
"lastModified": "2024-09-14T11:47:14.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-16T15:35:15.640",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In TBD of TBD, there is a possible LCS signing enforcement missing due to test/debugging code left in a production build. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En el futuro pr\u00f3ximo, es posible que falte una implementaci\u00f3n de firma de LCS debido a que se dej\u00f3 c\u00f3digo de prueba o depuraci\u00f3n en una compilaci\u00f3n de producci\u00f3n. Esto podr\u00eda generar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-489"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-09-01",

45
CVE-2024/CVE-2024-440xx/CVE-2024-44093.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-44093",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-13T21:15:10.613",
"lastModified": "2024-09-14T11:47:14.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-16T15:35:16.687",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ppmp_unprotect_buf of drm/code/drm_fw.c, there is a possible memory corruption due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En ppmp_unprotect_buf de drm/code/drm_fw.c, existe una posible corrupci\u00f3n de memoria debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-783"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-09-01",

45
CVE-2024/CVE-2024-440xx/CVE-2024-44094.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-44094",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-13T21:15:10.667",
"lastModified": "2024-09-14T11:47:14.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-16T15:35:17.793",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En ppmp_protect_mfcfw_buf de code/drm_fw.c, existe una posible corrupci\u00f3n de memoria debido a una validaci\u00f3n de entrada incorrecta. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-09-01",

45
CVE-2024/CVE-2024-440xx/CVE-2024-44095.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-44095",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-13T21:15:10.720",
"lastModified": "2024-09-14T11:47:14.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-16T15:35:18.860",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In ppmp_protect_mfcfw_buf of code/drm_fw.c, there is a possible corrupt memory due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "En ppmp_protect_mfcfw_buf de code/drm_fw.c, existe una posible memoria da\u00f1ada debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una escalada local de privilegios sin necesidad de permisos de ejecuci\u00f3n adicionales. No se necesita interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-783"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-09-01",

45
CVE-2024/CVE-2024-440xx/CVE-2024-44096.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-44096",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-09-13T21:15:10.777",
"lastModified": "2024-09-14T11:47:14.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-16T15:35:19.900",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "there is a possible arbitrary read due to an insecure default value. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation."
},
{
"lang": "es",
"value": "Existe la posibilidad de una lectura arbitraria debido a un valor predeterminado inseguro. Esto podr\u00eda provocar la divulgaci\u00f3n de informaci\u00f3n local, con privilegios de ejecuci\u00f3n de System necesarios. No se necesita la interacci\u00f3n del usuario para la explotaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-453"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-09-01",

121
CVE-2024/CVE-2024-441xx/CVE-2024-44112.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44112",
"sourceIdentifier": "cna@sap.com",
"published": "2024-09-10T04:15:04.710",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T14:19:24.917",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -51,14 +71,107 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:600:*:*:*:*:*:*:*",
"matchCriteriaId": "8E4FDD2B-B5BA-45E3-9E3C-1DE16EE7F8A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:602:*:*:*:*:*:*:*",
"matchCriteriaId": "E37B0E5D-5F45-4325-BCBE-14868058C02E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:603:*:*:*:*:*:*:*",
"matchCriteriaId": "E2D57ACB-6555-4BC1-BDA4-C1AEE627FDBC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:604:*:*:*:*:*:*:*",
"matchCriteriaId": "E8AC6142-D03B-4437-907D-F80C2FD6C18C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:605:*:*:*:*:*:*:*",
"matchCriteriaId": "796F8470-CA51-42C4-B03A-97A02617E6D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:606:*:*:*:*:*:*:*",
"matchCriteriaId": "48701B07-F944-4A55-B43F-8827DD0F3F4A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:617:*:*:*:*:*:*:*",
"matchCriteriaId": "7B575B79-8F75-4B9F-9379-BBDB126D139F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:618:*:*:*:*:*:*:*",
"matchCriteriaId": "77D5E396-0DA6-49A5-A66B-1A4A3D14C646"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:800:*:*:*:*:*:*:*",
"matchCriteriaId": "90F7113F-DA15-4F74-BD77-39D8A9FC9E7C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:802:*:*:*:*:*:*:*",
"matchCriteriaId": "5FF8F332-0BCC-4DCA-B7ED-15936FE73DC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:803:*:*:*:*:*:*:*",
"matchCriteriaId": "AACBC4D0-3EC8-4F1E-BBCA-60F736CA4D41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:804:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6D519D-D774-43E2-A4D0-B41443B6C8E4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:805:*:*:*:*:*:*:*",
"matchCriteriaId": "593CF420-1660-43E1-BCBC-DBE877784A85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:806:*:*:*:*:*:*:*",
"matchCriteriaId": "83271FF6-2026-4735-9BD8-E5D328CB6753"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:oil_\\%\\/_gas:807:*:*:*:*:*:*:*",
"matchCriteriaId": "FF3686DE-F526-473D-A8D2-02F94FE0D385"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3505293",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Patch"
]
}
]
}

111
CVE-2024/CVE-2024-441xx/CVE-2024-44114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44114",
"sourceIdentifier": "cna@sap.com",
"published": "2024-09-10T03:15:03.077",
"lastModified": "2024-09-10T12:09:50.377",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T14:09:10.170",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{
"source": "cna@sap.com",
"type": "Secondary",
@ -51,14 +71,97 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:702:*:*:*:*:*:*:*",
"matchCriteriaId": "706FEB9E-3EE9-405E-A8C9-733DAF68AC6D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:*",
"matchCriteriaId": "5CC29738-CF17-4E6B-9C9E-879B17F7E001"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:*",
"matchCriteriaId": "127E508F-6CC1-41C8-96DF-8D14FFDD4020"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:*",
"matchCriteriaId": "7777AA80-1608-420E-B7D5-09ABECD51728"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:*",
"matchCriteriaId": "0539618A-1C4D-463F-B2BB-DD1C239C23EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:*",
"matchCriteriaId": "62828DCD-F80E-4C7C-A988-EFEA06A5223E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:*",
"matchCriteriaId": "D9F38585-73AE-4DBB-A978-F0272DF8FB58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:*",
"matchCriteriaId": "D416C064-BB8A-4230-A761-84A93E017F79"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:*",
"matchCriteriaId": "6B8D3EA0-28E6-4333-8C67-B9D3775EB9BC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:756:*:*:*:*:*:*:*",
"matchCriteriaId": "72491771-4492-4902-9F0C-CE6A60BAA705"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:757:*:*:*:*:*:*:*",
"matchCriteriaId": "421A5354-F764-402B-A3A4-2D746EACEB46"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:758:*:*:*:*:*:*:*",
"matchCriteriaId": "48DFFD36-0A4A-417F-9BC5-77FD4152B637"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sap:netweaver_application_server_abap:912:*:*:*:*:*:*:*",
"matchCriteriaId": "D2F8173D-96E8-4194-9927-681AFF56B3F0"
}
]
}
]
}
],
"references": [
{
"url": "https://me.sap.com/notes/3507252",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://url.sap/sapsecuritypatchday",
"source": "cna@sap.com"
"source": "cna@sap.com",
"tags": [
"Patch"
]
}
]
}

45
CVE-2024/CVE-2024-444xx/CVE-2024-44430.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-44430",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T20:15:02.940",
"lastModified": "2024-09-14T11:47:14.677",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-09-16T15:35:20.943",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL Injection vulnerability in Best Free Law Office Management Software-v1.0 allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload to the kortex_lite/control/register_case.php interface"
},
{
"lang": "es",
"value": "La vulnerabilidad de inyecci\u00f3n SQL en Best Free Law Office Management Software-v1.0 permite a un atacante ejecutar c\u00f3digo arbitrario y obtener informaci\u00f3n confidencial a trav\u00e9s de un payload manipulado para la interfaz kortex_lite/control/register_case.php"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://blog.csdn.net/samwbs/article/details/140954482",

8
CVE-2024/CVE-2024-454xx/CVE-2024-45455.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45455",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:13.150",
"lastModified": "2024-09-15T08:15:13.150",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en JoomUnited WP Meta SEO permite XSS almacenado. Este problema afecta a WP Meta SEO: desde n/a hasta 4.5.13."
}
],
"metrics": {

8
CVE-2024/CVE-2024-454xx/CVE-2024-45456.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45456",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:13.350",
"lastModified": "2024-09-15T08:15:13.350",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JoomUnited WP Meta SEO allows Stored XSS.This issue affects WP Meta SEO: from n/a through 4.5.13."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en JoomUnited WP Meta SEO permite XSS almacenado. Este problema afecta a WP Meta SEO: desde n/a hasta 4.5.13."
}
],
"metrics": {

8
CVE-2024/CVE-2024-454xx/CVE-2024-45457.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45457",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:13.547",
"lastModified": "2024-09-15T08:15:13.547",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Spiffy Plugins Spiffy Calendar permite XSS almacenado. Este problema afecta a Spiffy Calendar: desde n/a hasta 4.9.13."
}
],
"metrics": {

8
CVE-2024/CVE-2024-454xx/CVE-2024-45458.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45458",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:13.763",
"lastModified": "2024-09-15T08:15:13.763",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Reflected XSS.This issue affects Spiffy Calendar: from n/a through 4.9.13."
},
{
"lang": "es",
"value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Spiffy Plugins Spiffy Calendar permite XSS reflejado. Este problema afecta a Spiffy Calendar: desde n/a hasta 4.9.13."
}
],
"metrics": {

8
CVE-2024/CVE-2024-454xx/CVE-2024-45459.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45459",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:13.963",
"lastModified": "2024-09-15T08:15:13.963",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Product Slider for WooCommerce allows Reflected XSS.This issue affects Product Slider for WooCommerce: from n/a through 1.13.50."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en PickPlugins Product Slider para WooCommerce permite XSS reflejado. Este problema afecta a Product Slider para WooCommerce: desde n/a hasta 1.13.50."
}
],
"metrics": {

8
CVE-2024/CVE-2024-454xx/CVE-2024-45460.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45460",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-09-15T08:15:14.173",
"lastModified": "2024-09-15T08:15:14.173",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Manu225 Flipping Cards allows Stored XSS.This issue affects Flipping Cards: from n/a through 1.30."
},
{
"lang": "es",
"value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Manu225 Flipping Cards permite XSS almacenado. Este problema afecta a Flipping Cards: desde n/a hasta 1.30."
}
],
"metrics": {

8
CVE-2024/CVE-2024-456xx/CVE-2024-45694.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45694",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-09-16T07:15:02.610",
"lastModified": "2024-09-16T07:15:02.610",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device."
},
{
"lang": "es",
"value": "El servicio web de ciertos modelos de enrutadores inal\u00e1mbricos D-Link contiene una vulnerabilidad de desbordamiento de b\u00fafer basada en pila, que permite a atacantes remotos no autenticados explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el dispositivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-456xx/CVE-2024-45695.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45695",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-09-16T07:15:02.840",
"lastModified": "2024-09-16T07:15:02.840",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The web service of certain models of D-Link wireless routers contains a Stack-based Buffer Overflow vulnerability, which allows unauthenticated remote attackers to exploit this vulnerability to execute arbitrary code on the device."
},
{
"lang": "es",
"value": "El servicio web de ciertos modelos de enrutadores inal\u00e1mbricos D-Link contiene una vulnerabilidad de desbordamiento de b\u00fafer basada en pila, que permite a atacantes remotos no autenticados explotar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el dispositivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-456xx/CVE-2024-45696.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45696",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-09-16T07:15:03.037",
"lastModified": "2024-09-16T07:15:03.037",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain models of D-Link wireless routers contain hidden functionality. By sending specific packets to the web service, the attacker can forcibly enable the telnet service and log in using hard-coded credentials. The telnet service enabled through this method can only be accessed from within the same local network as the device."
},
{
"lang": "es",
"value": "Algunos modelos de enrutadores inal\u00e1mbricos D-Link contienen funciones ocultas. Al enviar paquetes espec\u00edficos al servicio web, el atacante puede habilitar por la fuerza el servicio Telnet e iniciar sesi\u00f3n con credenciales codificadas. Solo se puede acceder al servicio Telnet habilitado mediante este m\u00e9todo desde la misma red local que el dispositivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-456xx/CVE-2024-45697.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45697",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-09-16T07:15:03.233",
"lastModified": "2024-09-16T07:15:03.233",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain models of D-Link wireless routers have a hidden functionality where the telnet service is enabled when the WAN port is plugged in. Unauthorized remote attackers can log in and execute OS commands using hard-coded credentials."
},
{
"lang": "es",
"value": "Ciertos modelos de enrutadores inal\u00e1mbricos D-Link tienen una funcionalidad oculta donde el servicio telnet se habilita cuando el puerto WAN est\u00e1 conectado. Atacantes remotos no autorizados pueden iniciar sesi\u00f3n y ejecutar comandos del sistema operativo utilizando credenciales codificadas."
}
],
"metrics": {

8
CVE-2024/CVE-2024-456xx/CVE-2024-45698.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45698",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-09-16T07:15:03.450",
"lastModified": "2024-09-16T07:15:03.450",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Certain models of D-Link wireless routers do not properly validate user input in the telnet service, allowing unauthenticated remote attackers to use hard-coded credentials to log into telnet and inject arbitrary OS commands, which can then be executed on the device."
},
{
"lang": "es",
"value": "Ciertos modelos de enrutadores inal\u00e1mbricos D-Link no validan correctamente la entrada del usuario en el servicio telnet, lo que permite que atacantes remotos no autenticados utilicen credenciales codificadas para iniciar sesi\u00f3n en telnet e inyectar comandos arbitrarios del sistema operativo, que luego pueden ejecutarse en el dispositivo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-458xx/CVE-2024-45833.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45833",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-09-16T07:15:03.663",
"lastModified": "2024-09-16T07:15:03.663",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Mobile Apps versions <=2.18.0 fail to disable autocomplete during login while typing the password and visible password is selected, which allows the\u00a0password to get saved in the dictionary when the user has Swiftkey as the default keyboard, the masking is off and the password contains a special character.."
},
{
"lang": "es",
"value": "Las versiones &lt;=2.18.0 de Mattermost Mobile Apps no pueden deshabilitar el autocompletado durante el inicio de sesi\u00f3n al escribir la contrase\u00f1a y se selecciona la contrase\u00f1a visible, lo que permite que la contrase\u00f1a se guarde en el diccionario cuando el usuario tiene Swiftkey como teclado predeterminado, el enmascaramiento est\u00e1 desactivado y la contrase\u00f1a contiene un car\u00e1cter especial."
}
],
"metrics": {

56
CVE-2024/CVE-2024-458xx/CVE-2024-45835.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45835",
"sourceIdentifier": "responsibledisclosure@mattermost.com",
"published": "2024-09-16T15:15:16.803",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Mattermost Desktop App versions <=5.8.0 fail to sufficiently configure Electron Fuses which allows an attacker to gather Chromium cookies or abuse other misconfigurations via remote/local access."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.5,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "responsibledisclosure@mattermost.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://mattermost.com/security-updates",
"source": "responsibledisclosure@mattermost.com"
}
]
}

21
CVE-2024/CVE-2024-464xx/CVE-2024-46419.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-46419",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-16T14:15:13.337",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220 has a buffer overflow vulnerability in the setWizardCfg function via the ssid5g parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/TTTJJJWWW/AHU-IoT-vulnerable/blob/main/TOTOLINK/AC1200T8/setWizardCfg.md",
"source": "cve@mitre.org"
}
]
}

4
CVE-2024/CVE-2024-464xx/CVE-2024-46424.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46424",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-16T13:15:10.760",
"lastModified": "2024-09-16T13:15:10.760",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

4
CVE-2024/CVE-2024-464xx/CVE-2024-46451.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46451",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-16T13:15:10.847",
"lastModified": "2024-09-16T13:15:10.847",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-469xx/CVE-2024-46918.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46918",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-15T20:15:02.390",
"lastModified": "2024-09-15T20:15:02.390",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org."
},
{
"lang": "es",
"value": "app/Controller/UserLoginProfilesController.php en MISP anterior a 2.4.198 no impide que un administrador de organizaci\u00f3n vea campos de inicio de sesi\u00f3n confidenciales de otro administrador de organizaci\u00f3n en la misma organizaci\u00f3n."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-469xx/CVE-2024-46937.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-46937",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-16T13:15:10.917",
"lastModified": "2024-09-16T13:15:10.917",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{

8
CVE-2024/CVE-2024-469xx/CVE-2024-46938.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46938",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-15T22:15:09.830",
"lastModified": "2024-09-15T22:15:09.830",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM), and Experience Commerce (XC) 8.0 Initial Release through 10.4 Initial Release. An unauthenticated attacker can read arbitrary files."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Sitecore Experience Platform (XP), Experience Manager (XM) y Experience Commerce (XC) desde la versi\u00f3n inicial 8.0 hasta la versi\u00f3n inicial 10.4. Un atacante no autenticado puede leer archivos arbitrarios."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-469xx/CVE-2024-46942.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46942",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-15T23:15:11.033",
"lastModified": "2024-09-15T23:15:11.033",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) through 13.0.1, a controller with a follower role can configure flow entries in an OpenDaylight clustering deployment."
},
{
"lang": "es",
"value": "En OpenDaylight Model-Driven Service Abstraction Layer (MD-SAL) hasta la versi\u00f3n 13.0.1, un controlador con un rol de seguidor puede configurar entradas de flujo en una implementaci\u00f3n de agrupamiento de OpenDaylight."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-469xx/CVE-2024-46943.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46943",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-15T23:15:11.100",
"lastModified": "2024-09-15T23:15:11.100",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en OpenDaylight Authentication, Authorization and Accounting (AAA) hasta la versi\u00f3n 0.19.3. Un controlador no autorizado puede unirse a un cl\u00faster para hacerse pasar por un par sin conexi\u00f3n, incluso si este controlador no autorizado no posee la informaci\u00f3n completa de configuraci\u00f3n del cl\u00faster."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-469xx/CVE-2024-46958.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46958",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-16T02:15:01.803",
"lastModified": "2024-09-16T02:15:01.803",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4."
},
{
"lang": "es",
"value": "En Nextcloud Desktop Client 3.13.1 a 3.13.3 en Linux, los archivos sincronizados (entre el servidor y el cliente) pueden volverse legibles o modificables por todos. Esto se solucion\u00f3 en 3.13.4."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-469xx/CVE-2024-46970.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-46970",
"sourceIdentifier": "cve@jetbrains.com",
"published": "2024-09-16T11:15:13.540",
"lastModified": "2024-09-16T11:15:13.540",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In JetBrains IntelliJ IDEA before 2024.1 hTML injection via the project name was possible"
},
{
"lang": "es",
"value": "En JetBrains IntelliJ IDEA antes de 2024.1 era posible la inyecci\u00f3n de HTML a trav\u00e9s del nombre del proyecto"
}
],
"metrics": {

221
CVE-2024/CVE-2024-46xx/CVE-2024-4629.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4629",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-09-03T20:15:09.003",
"lastModified": "2024-09-09T19:15:13.760",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T15:51:43.937",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -51,42 +71,221 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.0.3",
"matchCriteriaId": "EEB94F86-A977-493B-9F12-6991F84F955C"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:build_of_keycloak:*:*:*:*:*:*:*:*",
"versionStartIncluding": "22.0",
"versionEndExcluding": "22.012",
"matchCriteriaId": "395F9BD6-C79B-442A-AA00-F96CA978B910"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
"matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:single_sign-on:*:*:*:*:*:*:*:*",
"versionStartIncluding": "7.6",
"versionEndExcluding": "7.6.10",
"matchCriteriaId": "92BC930F-97E8-4FA9-80C5-3A8DB327990B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
},
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "EA983F8C-3A06-450A-AEFF-9429DE9A3454"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "40449571-22F8-44FA-B57B-B43F71AB25E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B02036DD-4489-480B-B7D4-4EB08952377B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_linuxone:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C7E78C55-45B6-4E01-9773-D3468F8EA9C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "30E2CF79-2D56-48AB-952E-5DDAFE471073"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_for_power:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "54E24055-813B-4E6D-94B7-FAD5F78B8537"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.9:*:*:*:*:*:*:*",
"matchCriteriaId": "CC262C4C-7B6A-4117-A50F-1FF69296DDD8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:redhat:openshift_container_platform_ibm_z_systems:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E58526FB-522F-4AAC-B03C-9CAB443D0CFF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/errata/RHSA-2024:6493",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6494",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6495",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6497",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6499",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6500",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:6501",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-4629",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2276761",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-60xx/CVE-2024-6052.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-6052",
"sourceIdentifier": "security@checkmk.com",
"published": "2024-07-03T15:15:06.223",
"lastModified": "2024-08-27T17:56:02.507",
"vulnStatus": "Analyzed",
"lastModified": "2024-09-16T14:15:13.410",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stored XSS in Checkmk before versions 2.3.0p10, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements"
"value": "Stored XSS in Checkmk before versions 2.3.0p8, 2.2.0p29, 2.1.0p45, and 2.0.0 (EOL) allows users to execute arbitrary scripts by injecting HTML elements"
},
{
"lang": "es",

78
CVE-2024/CVE-2024-64xx/CVE-2024-6401.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-6401",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-09-16T15:15:17.073",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SFS Consulting InsureE GL allows SQL Injection.This issue affects InsureE GL: before 4.6.2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
}
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1475",
"source": "iletisim@usom.gov.tr"
}
]
}

8
CVE-2024/CVE-2024-64xx/CVE-2024-6482.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-6482",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-09-14T13:15:10.343",
"lastModified": "2024-09-14T13:15:10.343",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Login with phone number plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.7.49. This is due to a lack of validation and missing capability check on user-supplied data in the 'lwp_update_password_action' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to any other role, including Administrator. The vulnerability was partially patched in version 1.7.40. The login with phone number pro plugin was required to exploit the vulnerability in versions 1.7.40 - 1.7.49."
},
{
"lang": "es",
"value": "El complemento Login with phone number para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 1.7.49 incluida. Esto se debe a la falta de validaci\u00f3n y a la falta de comprobaci\u00f3n de la capacidad de los datos suministrados por el usuario en la funci\u00f3n 'lwp_update_password_action'. Esto permite que los atacantes autenticados, con acceso de nivel de suscriptor o superior, actualicen su rol a cualquier otro rol, incluido el de administrador. La vulnerabilidad fue parcialmente corregida en la versi\u00f3n 1.7.40. El complemento Login with phone number pro era necesario para explotar la vulnerabilidad en las versiones 1.7.40 - 1.7.49."
}
],
"metrics": {

78
CVE-2024/CVE-2024-70xx/CVE-2024-7098.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-7098",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-09-16T15:15:17.223",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Restriction of XML External Entity Reference vulnerability in SFS Consulting ww.Winsure allows XML Injection.This issue affects ww.Winsure: before 4.6.2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:L/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
}
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1475",
"source": "iletisim@usom.gov.tr"
}
]
}

78
CVE-2024/CVE-2024-71xx/CVE-2024-7104.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-7104",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-09-16T15:15:17.380",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Generation of Code ('Code Injection') vulnerability in SFS Consulting ww.Winsure allows Code Injection.This issue affects ww.Winsure: before 4.6.2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "HIGH",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 9.2,
"baseSeverity": "CRITICAL"
}
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-1475",
"source": "iletisim@usom.gov.tr"
}
]
}

80
CVE-2024/CVE-2024-77xx/CVE-2024-7700.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7700",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-08-12T17:15:18.607",
"lastModified": "2024-08-12T18:57:17.383",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-09-16T14:20:21.087",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.6,
"impactScore": 5.9
},
{
"source": "secalert@redhat.com",
"type": "Secondary",
@ -51,14 +71,66 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E727C-BF9F-4A86-BCBE-1CE6E1108181"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:theforeman:foreman:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FD7E727C-BF9F-4A86-BCBE-1CE6E1108181"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:a:redhat:satellite:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "848C92A9-0677-442B-8D52-A448F2019903"
}
]
}
]
}
],
"references": [
{
"url": "https://access.redhat.com/security/cve/CVE-2024-7700",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304090",
"source": "secalert@redhat.com"
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
}
]
}

8
CVE-2024/CVE-2024-87xx/CVE-2024-8776.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-8776",
"sourceIdentifier": "twcert@cert.org.tw",
"published": "2024-09-16T06:15:11.023",
"lastModified": "2024-09-16T06:15:11.023",
"vulnStatus": "Received",
"lastModified": "2024-09-16T15:30:28.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SmartRobot from INTUMIT does not properly validate a specific page parameter, allowing unautheticated remote attackers to inject JavaScript code to the parameter for Reflected Cross-site Scripting attacks."
},
{
"lang": "es",
"value": "SmartRobot de INTUMIT no valida correctamente un par\u00e1metro de p\u00e1gina espec\u00edfico, lo que permite que atacantes remotos no autenticados inyecten c\u00f3digo JavaScript en el par\u00e1metro para ataques de Cross-site Scripting Reflejado."
}
],
"metrics": {

Some files were not shown because too many files have changed in this diff Show More