admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-10-07T20:00:17.616683+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-10-07 20:03:18 +00:00
parent 7193c6109c
commit 8dd28c36c3
112 changed files with 5203 additions and 717 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CVE-2020/CVE-2020-187xx/CVE-2020-18770.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-18770",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:15:55.550",
"lastModified": "2023-08-25T20:42:53.077",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:04.940",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

14
CVE-2020/CVE-2020-197xx/CVE-2020-19726.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-19726",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:05.730",
"lastModified": "2023-08-25T02:46:50.113",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:06.327",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

14
CVE-2020/CVE-2020-208xx/CVE-2020-20813.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-20813",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:08.247",
"lastModified": "2023-08-25T02:47:23.127",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:07.053",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

14
CVE-2020/CVE-2020-215xx/CVE-2020-21583.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-21583",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:13.890",
"lastModified": "2023-08-28T16:35:03.030",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:08.053",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

14
CVE-2020/CVE-2020-216xx/CVE-2020-21686.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2020-21686",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-22T19:16:14.327",
"lastModified": "2023-08-25T20:23:55.037",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:08.940",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-562"
}
]
}
],
"configurations": [

34
CVE-2021/CVE-2021-391xx/CVE-2021-39114.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-39114",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-04-05T04:15:08.707",
"lastModified": "2022-07-12T17:42:04.277",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:10.220",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

34
CVE-2021/CVE-2021-427xx/CVE-2021-42796.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-42796",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-16T01:15:07.540",
"lastModified": "2023-12-20T17:32:33.647",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:11.143",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"configurations": [

34
CVE-2021/CVE-2021-439xx/CVE-2021-43944.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-43944",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-03-08T02:15:06.737",
"lastModified": "2022-06-13T16:21:48.587",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:12.070",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

34
CVE-2021/CVE-2021-439xx/CVE-2021-43957.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-43957",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-03-16T01:15:07.877",
"lastModified": "2022-03-22T16:01:55.473",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:13.373",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-639"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [

34
CVE-2021/CVE-2021-439xx/CVE-2021-43958.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-43958",
"sourceIdentifier": "security@atlassian.com",
"published": "2022-03-16T01:15:07.950",
"lastModified": "2022-03-22T16:02:29.927",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:14.227",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,6 +94,16 @@
"value": "CWE-307"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-18xx/CVE-2023-1818.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-1818",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-04T22:15:07.623",
"lastModified": "2023-10-24T17:30:59.503",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:15.457",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-21xx/CVE-2023-2133.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2133",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-19T04:15:31.360",
"lastModified": "2023-10-20T20:52:37.440",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:22.257",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-21xx/CVE-2023-2134.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2134",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-04-19T04:15:31.473",
"lastModified": "2023-10-20T20:52:47.177",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:23.127",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-228xx/CVE-2023-22886.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-22886",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-29T10:15:09.650",
"lastModified": "2023-07-06T19:32:59.063",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:17.363",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},

34
CVE-2023/CVE-2023-24xx/CVE-2023-2461.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-2461",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2023-05-03T00:15:09.387",
"lastModified": "2023-10-20T21:03:15.903",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:24.427",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-267xx/CVE-2023-26770.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26770",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T19:15:15.870",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:36:19.377",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "TaskCafe 0.3.2 carece de validaci\u00f3n en el valor de la cookie. Cualquier atacante no autenticado que conozca un ID de usuario registrado puede cambiar la contrase\u00f1a de ese usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory",

39
CVE-2023/CVE-2023-267xx/CVE-2023-26771.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26771",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T19:15:15.967",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:36:20.177",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Taskcafe 0.3.2 es vulnerable a Cross Site Scripting (XSS). Hay una falta de validaci\u00f3n en el tipo de archivo cuando se carga una imagen de perfil SVG con un payload XSS. Un atacante autenticado puede aprovechar esta vulnerabilidad cargando una imagen maliciosa que activar\u00e1 el payload cuando la v\u00edctima abra el archivo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://bishopfox.com/blog/taskcafe-version-0-3-2-advisory",

14
CVE-2023/CVE-2023-314xx/CVE-2023-31447.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31447",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:46.847",
"lastModified": "2023-08-30T20:50:40.443",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:25.677",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-319xx/CVE-2023-31938.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31938",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-17T20:15:09.607",
"lastModified": "2023-08-18T19:55:12.507",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:26.550",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-319xx/CVE-2023-31939.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31939",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-17T20:15:09.710",
"lastModified": "2023-08-18T19:54:56.413",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:27.430",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-319xx/CVE-2023-31940.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-31940",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-17T20:15:09.767",
"lastModified": "2023-08-18T19:54:35.387",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:28.270",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

12
CVE-2023/CVE-2023-320xx/CVE-2023-32002.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-32002",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-08-21T17:15:47.000",
"lastModified": "2023-09-15T14:15:09.747",
"lastModified": "2024-10-07T19:36:29.183",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-288"
}
]
}
],
"configurations": [

24
CVE-2023/CVE-2023-343xx/CVE-2023-34395.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-34395",
"sourceIdentifier": "security@apache.org",
"published": "2023-06-27T12:15:13.187",
"lastModified": "2023-07-06T13:38:18.830",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:30.487",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

22
CVE-2023/CVE-2023-357xx/CVE-2023-35797.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-35797",
"sourceIdentifier": "security@apache.org",
"published": "2023-07-03T10:15:09.473",
"lastModified": "2023-07-13T23:15:10.603",
"lastModified": "2024-10-07T19:36:31.623",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

14
CVE-2023/CVE-2023-396xx/CVE-2023-39660.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39660",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T17:15:48.797",
"lastModified": "2023-08-24T21:28:27.337",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:33.817",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

14
CVE-2023/CVE-2023-397xx/CVE-2023-39748.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-39748",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-08-21T03:15:11.623",
"lastModified": "2023-08-25T15:02:59.867",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:36:35.553",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -45,6 +45,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

12
CVE-2023/CVE-2023-407xx/CVE-2023-40735.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-40735",
"sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe",
"published": "2023-08-21T12:15:09.410",
"lastModified": "2023-11-07T04:20:21.290",
"lastModified": "2024-10-07T19:36:37.970",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -75,6 +75,16 @@
"value": "CWE-200"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

466
CVE-2023/CVE-2023-452xx/CVE-2023-45206.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45206",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T16:15:08.257",
"lastModified": "2024-02-13T18:23:02.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-07T18:27:30.103",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,473 @@
"value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 8.8.15, 9.0 y 10.0. A trav\u00e9s del endpoint del documento de ayuda en el correo web, un atacante puede inyectar c\u00f3digo JavaScript o HTML que conduzca a Cross-Site Scripting (XSS). (Agregar un mensaje adecuado para evitar c\u00f3digo malicioso mitigar\u00e1 este problema)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.5",
"matchCriteriaId": "4430E335-A033-4B25-AE36-0B649F8FAE9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
"matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
"matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
"matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
"matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
"matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
"matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
"matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
"matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
"matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
"matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
"matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
"matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*",
"matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*",
"matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*",
"matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*",
"matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*",
"matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*",
"matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*",
"matchCriteriaId": "3810385E-95E8-491E-8281-394125DB04F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*",
"matchCriteriaId": "C08B5A0A-2935-4FEB-9133-4B35E1AB0CDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p38:*:*:*:*:*:*",
"matchCriteriaId": "7126C182-30A0-4906-8C61-734D5EC0739F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p39:*:*:*:*:*:*",
"matchCriteriaId": "DFF6E019-F66B-48BD-AC6F-80CC283FD785"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p40:*:*:*:*:*:*",
"matchCriteriaId": "4CD3AEF8-0667-40B9-BCAA-6C9CA7D9C495"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p41:*:*:*:*:*:*",
"matchCriteriaId": "A0F8BB82-32E4-463D-B719-8E5186CAAECC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p42:*:*:*:*:*:*",
"matchCriteriaId": "9605C0CF-E5DF-497A-B298-D64ABCDAF88E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p43:*:*:*:*:*:*",
"matchCriteriaId": "0A77DFFA-CBBF-4F8C-9D8E-68CC115B4D2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*",
"matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "FD1DCE2B-D944-43AE-AD0E-9282DE6D618F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "2079B9F8-128B-487D-A965-E8B37FDF6304"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "9679FD62-815E-47A8-8552-D28CE48B82B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "D659AE6A-591E-4D5B-9781-9648250F5576"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "E4054E3E-561C-4B1C-A615-3CCE5CB69D77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "4FA0E9C4-25E4-4CD6-B88A-02B413385866"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

456
CVE-2023/CVE-2023-452xx/CVE-2023-45207.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-45207",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-13T16:15:08.313",
"lastModified": "2024-02-13T18:23:02.393",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-07T18:31:50.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,19 +15,463 @@
"value": "Se descubri\u00f3 un problema en Zimbra Collaboration (ZCS) 8.8.15, 9.0 y 10.0. Un atacante puede enviar un documento PDF por correo que contenga JavaScript malicioso. Mientras se obtiene una vista previa de este archivo en el correo web en el navegador Chrome, se ejecuta el payload XSS almacenado. (Esto se ha mitigado al sanitizar el c\u00f3digo JavaScript presente en un documento PDF)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.0.0",
"versionEndExcluding": "10.0.5",
"matchCriteriaId": "4430E335-A033-4B25-AE36-0B649F8FAE9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:-:*:*:*:*:*:*",
"matchCriteriaId": "1B17C1A7-0F0A-4E7C-8C0C-0BBB0BF66C82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p1:*:*:*:*:*:*",
"matchCriteriaId": "BA48C450-201C-4398-AB65-EF6F95FB0380"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p10:*:*:*:*:*:*",
"matchCriteriaId": "5F759114-CF2D-48BF-8D09-EBE8D1ED1949"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p11:*:*:*:*:*:*",
"matchCriteriaId": "AE8BD950-24A2-4AFF-B7EE-6EE115BD75D6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p12:*:*:*:*:*:*",
"matchCriteriaId": "C43634F5-2946-44D2-8A50-B717374A8126"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p13:*:*:*:*:*:*",
"matchCriteriaId": "20315895-5410-4B88-B2D9-E9C5D79A64DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p14:*:*:*:*:*:*",
"matchCriteriaId": "BF405091-A832-4945-87EC-AA525F37DF91"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p15:*:*:*:*:*:*",
"matchCriteriaId": "C9B6FFA8-CFD2-47C6-9475-79210CB9AA84"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p16:*:*:*:*:*:*",
"matchCriteriaId": "964CA714-937C-4FC0-A1E9-07F846C786BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p17:*:*:*:*:*:*",
"matchCriteriaId": "DAF8F155-1406-46ED-A81F-BCC4CE525F43"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p18:*:*:*:*:*:*",
"matchCriteriaId": "56A8F56B-3457-4C19-B213-3B04FEE8D7A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p19:*:*:*:*:*:*",
"matchCriteriaId": "B4F8D255-3F91-45FF-9133-4023BA688F9E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p2:*:*:*:*:*:*",
"matchCriteriaId": "37BC4DF5-D111-4295-94FC-AA8929CDF2A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p20:*:*:*:*:*:*",
"matchCriteriaId": "A9D50108-0404-4791-8057-DB1786D311C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p21:*:*:*:*:*:*",
"matchCriteriaId": "F2A7E53F-8EAC-4DA9-8EAE-117759EFABEF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p22:*:*:*:*:*:*",
"matchCriteriaId": "858727DB-AE6F-435D-B8FD-6C94C3400E40"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p23:*:*:*:*:*:*",
"matchCriteriaId": "3FA6AC95-288C-4ABA-B2A7-47E4134EDC31"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p24:*:*:*:*:*:*",
"matchCriteriaId": "4AA82728-5901-482A-83CF-F883D4B6A8E5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p25:*:*:*:*:*:*",
"matchCriteriaId": "7E762792-542E-43D0-A95A-E7F48F328A28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p26:*:*:*:*:*:*",
"matchCriteriaId": "6DD4641A-EC23-4B1A-8729-9AECD70390AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p27:*:*:*:*:*:*",
"matchCriteriaId": "E0E3E825-1D1E-4ECD-B306-DD8BDCDD0547"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p28:*:*:*:*:*:*",
"matchCriteriaId": "840F98DC-57F1-4054-A6C1-6E7F0340AC2C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p29:*:*:*:*:*:*",
"matchCriteriaId": "EE2A1305-68B7-4CB7-837F-4EDE2EBED507"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p3:*:*:*:*:*:*",
"matchCriteriaId": "21768A61-7578-4EEC-A23B-FEC10CAA9EDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p30:*:*:*:*:*:*",
"matchCriteriaId": "CA758408-4302-43BC-BDC9-1B70EC5D2FED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p31:*:*:*:*:*:*",
"matchCriteriaId": "822CDEBC-0650-4970-B46F-06F505993086"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p32:*:*:*:*:*:*",
"matchCriteriaId": "971B5005-4676-4D93-A7DD-6AFDC8D0BEEB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p33:*:*:*:*:*:*",
"matchCriteriaId": "81BC6A7F-D014-44B3-9361-20DB256D3C8D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p34:*:*:*:*:*:*",
"matchCriteriaId": "6A3DC694-4CCC-4E9F-B6E9-891B1DF115C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p35:*:*:*:*:*:*",
"matchCriteriaId": "3810385E-95E8-491E-8281-394125DB04F4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p37:*:*:*:*:*:*",
"matchCriteriaId": "C08B5A0A-2935-4FEB-9133-4B35E1AB0CDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p4:*:*:*:*:*:*",
"matchCriteriaId": "661403E7-1D65-4710-8413-47D74FF65BE4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p40:*:*:*:*:*:*",
"matchCriteriaId": "4CD3AEF8-0667-40B9-BCAA-6C9CA7D9C495"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p41:*:*:*:*:*:*",
"matchCriteriaId": "A0F8BB82-32E4-463D-B719-8E5186CAAECC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p42:*:*:*:*:*:*",
"matchCriteriaId": "9605C0CF-E5DF-497A-B298-D64ABCDAF88E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p43:*:*:*:*:*:*",
"matchCriteriaId": "0A77DFFA-CBBF-4F8C-9D8E-68CC115B4D2B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p5:*:*:*:*:*:*",
"matchCriteriaId": "0695D2E0-45B3-493C-BA6D-471B90C0ACC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p6:*:*:*:*:*:*",
"matchCriteriaId": "714FAFE6-68AE-4304-B040-48BC46F85A2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p7:*:*:*:*:*:*",
"matchCriteriaId": "73FC2D2D-8BBD-4259-8B35-0D9BFA40567B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p8:*:*:*:*:*:*",
"matchCriteriaId": "AB97E9E6-CC4A-458D-B731-6D51130B942C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:8.8.15:p9:*:*:*:*:*:*",
"matchCriteriaId": "BA688C43-846A-4C4A-AEDB-113D967D3D73"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:-:*:*:*:*:*:*",
"matchCriteriaId": "685D9652-2934-4C13-8B36-40582C79BFC1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p0:*:*:*:*:*:*",
"matchCriteriaId": "5E4DF01A-1AA9-47E8-82FD-65A02ECA1376"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "BDE59185-B917-4A81-8DE4-C65A079F52FE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "BA3ED95F-95F2-4676-8EAF-B4B9EB64B260"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "4BB93336-CC3C-4B7F-B194-7DED036ABBAF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "876F1675-F65C-4E86-ADBD-36EB8D8A997D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p13:*:*:*:*:*:*",
"matchCriteriaId": "2306F526-9C56-4A57-AA9B-02F2D6058C97"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p14:*:*:*:*:*:*",
"matchCriteriaId": "F9EA2A61-67AA-4B7E-BC6E-80EB1363EF85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p15:*:*:*:*:*:*",
"matchCriteriaId": "C77A35B7-96F6-43A7-A747-C6AEEDE961E1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p16:*:*:*:*:*:*",
"matchCriteriaId": "DC35882B-E709-42D8-8800-F1B734CEAFC3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p19:*:*:*:*:*:*",
"matchCriteriaId": "B7A47276-F241-4A68-9458-E1481EBDC5E6"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "12D0D469-6C9B-4B66-9581-DC319773238A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p20:*:*:*:*:*:*",
"matchCriteriaId": "40629BEB-DF4B-4FB8-8D3D-7BAC43C90766"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p21:*:*:*:*:*:*",
"matchCriteriaId": "9503131F-CC23-4545-AE9C-9714B287CC25"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p23:*:*:*:*:*:*",
"matchCriteriaId": "B4CE2D12-AD31-4FED-AD0F-ADF64E92E1B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24:*:*:*:*:*:*",
"matchCriteriaId": "8113A4E3-AA96-4382-815D-6FD88BA42EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p24.1:*:*:*:*:*:*",
"matchCriteriaId": "DC8C28E0-6C51-41EE-A7B2-DB185D1D8FD0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p25:*:*:*:*:*:*",
"matchCriteriaId": "BC19F11D-23D9-429D-A957-D67F23A40A01"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p26:*:*:*:*:*:*",
"matchCriteriaId": "AAFA2EE7-C965-4F27-8CAE-E607A9F202AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p27:*:*:*:*:*:*",
"matchCriteriaId": "1D09DCF6-1C8F-4CA1-B7D4-AFDD4EB35771"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "C52705E6-2C6B-47BC-A0CD-F6AAE0BFC302"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p30:*:*:*:*:*:*",
"matchCriteriaId": "FD1DCE2B-D944-43AE-AD0E-9282DE6D618F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p31:*:*:*:*:*:*",
"matchCriteriaId": "2079B9F8-128B-487D-A965-E8B37FDF6304"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p32:*:*:*:*:*:*",
"matchCriteriaId": "9679FD62-815E-47A8-8552-D28CE48B82B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p33:*:*:*:*:*:*",
"matchCriteriaId": "D659AE6A-591E-4D5B-9781-9648250F5576"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p34:*:*:*:*:*:*",
"matchCriteriaId": "E4054E3E-561C-4B1C-A615-3CCE5CB69D77"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p35:*:*:*:*:*:*",
"matchCriteriaId": "4FA0E9C4-25E4-4CD6-B88A-02B413385866"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p36:*:*:*:*:*:*",
"matchCriteriaId": "5D6F7CA3-C36A-466C-8FAD-D0B3CEF01F0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "33F50D8C-7027-4A8D-8E95-98C224283772"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "82000BA4-1781-4312-A7BD-92EC94D137AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "4B52D301-2559-457A-8FFB-F0915299355A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "7215AE2C-8A33-4AB9-88D5-7C8CD11E806C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p7.1:*:*:*:*:*:*",
"matchCriteriaId": "8D859F77-8E39-4D46-BC90-C5C1D805A666"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "CDC810C7-45DA-4BDF-9138-2D3B2750243E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:zimbra:collaboration:9.0.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "E09D95A4-764D-4E0B-8605-1D94FD548AB2"
}
]
}
]
}
],
"references": [
{
"url": "https://wiki.zimbra.com/wiki/Security_Center",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Product"
]
},
{
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-200xx/CVE-2024-20090.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20090",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.430",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:36:41.627",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1703."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

27
CVE-2024/CVE-2024-200xx/CVE-2024-20092.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20092",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.680",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:36:41.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09028313; Issue ID: MSV-1700."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

27
CVE-2024/CVE-2024-200xx/CVE-2024-20094.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20094",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:02.823",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:36:42.200",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "In Modem, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00843282; Issue ID: MSV-1535."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

27
CVE-2024/CVE-2024-200xx/CVE-2024-20098.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20098",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.127",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:36:42.660",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996886; Issue ID: MSV-1626."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

27
CVE-2024/CVE-2024-200xx/CVE-2024-20099.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20099",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.200",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:36:42.860",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08997492; Issue ID: MSV-1625."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

27
CVE-2024/CVE-2024-201xx/CVE-2024-20100.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20100",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.273",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:36:43.050",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998449; Issue ID: MSV-1603."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

27
CVE-2024/CVE-2024-201xx/CVE-2024-20101.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20101",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.350",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:36:43.247",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998901; Issue ID: MSV-1602."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

27
CVE-2024/CVE-2024-201xx/CVE-2024-20103.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-20103",
"sourceIdentifier": "security@mediatek.com",
"published": "2024-10-07T03:15:03.500",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:36:43.530",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -11,7 +11,30 @@
"value": "In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001358; Issue ID: MSV-1599."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@mediatek.com",

217
CVE-2024/CVE-2024-213xx/CVE-2024-21363.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21363",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-02-13T18:15:53.400",
"lastModified": "2024-05-29T00:15:28.540",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:09:55.043",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -18,7 +18,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "secure@microsoft.com",
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -36,10 +36,40 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "secure@microsoft.com",
"type": "Secondary",
@ -51,10 +81,189 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.10240.20469",
"matchCriteriaId": "11175D86-F0D1-434C-811A-750CB5C17148"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1507:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.10240.20469",
"matchCriteriaId": "C62CCD10-636D-4979-A90F-CDBDE048518B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.14393.6709",
"matchCriteriaId": "57927CA7-FE09-43AA-9F66-6E68EE3125D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1607:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.14393.6709",
"matchCriteriaId": "6D84C15B-58BF-4124-A1AF-BE62B4259D2D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.17763.5458",
"matchCriteriaId": "97FA2666-D83E-4645-AB34-B17DD82A705B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.17763.5458",
"matchCriteriaId": "9EF5A993-EF3B-4BE1-8325-62354DD7A7E7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.17763.5458",
"matchCriteriaId": "1957C71A-2CE0-4173-8BB6-0BE0E93E9BCC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19044.4046",
"matchCriteriaId": "50D5393A-A6D4-4D7A-9148-43B7E032C7F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19044.4046",
"matchCriteriaId": "10F0B291-2F86-4DFA-9C0F-367872EA13A7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19044.4046",
"matchCriteriaId": "D364FB2D-0B0B-45E9-89DC-ABAC36B5C124"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.19045.4046",
"matchCriteriaId": "9A6AFF70-FED0-4AF5-9D8F-5C90BF982941"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.19045.4046",
"matchCriteriaId": "88085285-0229-4033-BEB6-0BF4AD5EA72A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:x86:*",
"versionEndExcluding": "10.0.19045.4046",
"matchCriteriaId": "A0B61E17-FC01-4FF3-BF96-37819033F412"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22000.2777",
"matchCriteriaId": "481C9CDC-7383-4D08-9608-BDA2F9FADB36"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22000.2777",
"matchCriteriaId": "60E272E2-0D33-4342-92C3-5D66C89DE531"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22621.3155",
"matchCriteriaId": "3F8D8343-22E1-4C56-9918-9430326AB9BD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22621.3155",
"matchCriteriaId": "16B1BAB4-91BD-4105-81CF-EAFD3800CB85"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:arm64:*",
"versionEndExcluding": "10.0.22631.3155",
"matchCriteriaId": "E2FB8ADD-663B-445B-B0F2-6B5E168D9E2E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:x64:*",
"versionEndExcluding": "10.0.22631.3155",
"matchCriteriaId": "679CCD68-F014-452C-8D3F-F9D17329779C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x64:*",
"matchCriteriaId": "2127D10C-B6F3-4C1D-B9AA-5D78513CC996"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:-:sp2:*:*:*:*:x86:*",
"matchCriteriaId": "AB425562-C0A0-452E-AABE-F70522F15E1A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:*:*:*:*:*:*:*",
"matchCriteriaId": "36559BC0-44D7-48B3-86FF-1BFF0257B5ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:x64:*",
"matchCriteriaId": "AF07A81D-12E5-4B1D-BFF9-C8D08C32FF4F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7DF96F8-BA6A-4780-9CA3-F719B3F81074"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.14393.6709",
"matchCriteriaId": "14F86494-7001-40DB-A99E-34A9490F5B58"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.17763.5458",
"matchCriteriaId": "A9098F92-79E7-4762-A37C-99B4CFA8CDD1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.20348.2322",
"matchCriteriaId": "5C8F0436-3AFE-48BD-AE92-8F8392DD0A1D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.0.25398.709",
"matchCriteriaId": "B6FCF1A0-6B8E-457A-AB6A-2DE939B9D18B"
}
]
}
]
}
],
"references": [
{
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21363",
"source": "secure@microsoft.com"
"source": "secure@microsoft.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

4
CVE-2024/CVE-2024-221xx/CVE-2024-22188.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22188",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T02:15:27.443",
"lastModified": "2024-10-04T19:15:16.110",
"lastModified": "2024-10-07T19:36:44.783",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -46,7 +46,7 @@
"description": [
{
"lang": "en",
"value": "CWE-77"
"value": "CWE-94"
}
]
}

47
CVE-2024/CVE-2024-305xx/CVE-2024-30515.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30515",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T11:15:52.010",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:16:59.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:pixelite:events_manager:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "6.4.7",
"matchCriteriaId": "FEBA157A-2CE5-4CED-9FD7-7AD98D515308"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/events-manager/wordpress-events-manager-plugin-6-4-6-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

47
CVE-2024/CVE-2024-305xx/CVE-2024-30517.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30517",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-06-09T11:15:52.233",
"lastModified": "2024-06-10T02:52:08.267",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:14:46.923",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "audit@patchstack.com",
"type": "Secondary",
@ -51,10 +71,31 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:slicedinvoices:sliced_invoices:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "3.9.3",
"matchCriteriaId": "3751EA63-14B1-470A-8BB2-2B91C331DAA7"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/sliced-invoices/wordpress-sliced-invoices-plugin-3-9-2-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
}
]
}

70
CVE-2024/CVE-2024-318xx/CVE-2024-31835.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31835",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-01T19:15:07.493",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:55:10.790",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,15 +15,75 @@
"value": "Vulnerabilidad de Cross-Site Scripting en Flatpress CMS Flatpress v1.3 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el par\u00e1metro de nombre de archivo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:flatpress:flatpress:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3",
"matchCriteriaId": "2C1FD291-99DD-40F3-96DB-D79CA8279692"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/file/d/1OthtP87MduNTYur_p0RZv3moY8CrBcaM/view",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/paragbagul111/CVE-2024-31835",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

41
CVE-2024/CVE-2024-378xx/CVE-2024-37868.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37868",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T21:15:13.150",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-07T19:37:06.350",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de carga de archivos en Itsourcecode Online Discussion Forum Project v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del archivo \"sendreply.php\", y el archivo cargado se recibi\u00f3 utilizando la variable \"$- FILES\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/TERRENCE-REX/bfca92171143e28899bb8511f311f9ed",

41
CVE-2024/CVE-2024-378xx/CVE-2024-37869.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-37869",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T21:15:13.240",
"lastModified": "2024-10-07T17:48:28.117",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-07T19:37:07.633",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de carga de archivos en Itsourcecode Online Discussion Forum Project v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del archivo \"poster.php\", y el archivo cargado se recibi\u00f3 utilizando la variable \"$- FILES\""
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/TERRENCE-REX/7e5dfdd3583bf9fd81196f557a8b8879",

27
CVE-2024/CVE-2024-415xx/CVE-2024-41511.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41511",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.090",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:09.727",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Una vulnerabilidad de Path Traversal (inclusi\u00f3n de archivos locales) en \"BinaryFileRedirector.ashx\" en CADClick v1.11.0 y anteriores permite a atacantes remotos recuperar archivos locales arbitrarios a trav\u00e9s del par\u00e1metro \"path\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 3.9,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.3,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "http://cadclick.de/",

39
CVE-2024/CVE-2024-415xx/CVE-2024-41512.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41512",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.153",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:09.920",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en \"ccHandler.aspx\" en todas las versiones de CADClick v.1.11.0 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro \"bomid\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "http://cadclick.de/",

39
CVE-2024/CVE-2024-415xx/CVE-2024-41513.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41513",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.220",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:10.700",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en \"Artikel.aspx\" en CADClick v1.11.0 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"searchindex\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://cadclick.de/",

39
CVE-2024/CVE-2024-415xx/CVE-2024-41514.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41514",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.297",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:11.483",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en \"PrevPgGroup.aspx\" en CADClick v1.11.0 y anteriores permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"wer\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://cadclick.de/",

39
CVE-2024/CVE-2024-415xx/CVE-2024-41515.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41515",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.347",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:12.283",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en \"ccHandlerResource.ashx\" en CADClick <= 1.11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"res_url\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://cadclick.de/",

39
CVE-2024/CVE-2024-415xx/CVE-2024-41516.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41516",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T18:15:08.410",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:13.090",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) reflejado en \"ccHandler.aspx\" CADClick <= 1.11.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s del par\u00e1metro \"bomid\"."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://cadclick.de/",

39
CVE-2024/CVE-2024-415xx/CVE-2024-41585.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41585",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-03T19:15:04.197",
"lastModified": "2024-10-04T13:50:43.727",
"lastModified": "2024-10-07T19:37:13.900",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Los dispositivos DrayTek Vigor3910 hasta la versi\u00f3n 4.3.2.6 est\u00e1n afectados por una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo que permite a un atacante aprovechar el binario recvCmd para escapar de la instancia emulada e inyectar comandos arbitrarios en la m\u00e1quina host."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.forescout.com/resources/draybreak-draytek-research/",

39
CVE-2024/CVE-2024-415xx/CVE-2024-41588.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41588",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-03T19:15:04.363",
"lastModified": "2024-10-04T13:50:43.727",
"lastModified": "2024-10-07T19:37:15.063",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Los endpoints CGI v2x00.cgi y cgiwcg.cgi de los dispositivos DrayTek Vigor3910 hasta 4.3.2.6 son vulnerables a desbordamientos de b\u00fafer, por parte de usuarios autenticados, debido a la falta de verificaci\u00f3n de los l\u00edmites en los par\u00e1metros pasados a trav\u00e9s de solicitudes POST a la funci\u00f3n strncpy."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.forescout.com/resources/draybreak-draytek-research/",

39
CVE-2024/CVE-2024-415xx/CVE-2024-41590.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-41590",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-03T19:15:04.487",
"lastModified": "2024-10-04T13:50:43.727",
"lastModified": "2024-10-07T19:37:16.150",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Varios endpoints de CGI son vulnerables a desbordamientos de b\u00fafer, por parte de usuarios autenticados, debido a la falta de verificaci\u00f3n de los l\u00edmites en los par\u00e1metros pasados a trav\u00e9s de solicitudes POST a la funci\u00f3n strcpy en dispositivos DrayTek Vigor310 hasta 4.3.2.6."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://www.forescout.com/resources/draybreak-draytek-research/",

60
CVE-2024/CVE-2024-417xx/CVE-2024-41722.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41722",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:06.193",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:35:27.803",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -85,8 +105,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -95,10 +125,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "911C90A4-A8B6-4263-8BC8-066B33EDA943"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

58
CVE-2024/CVE-2024-419xx/CVE-2024-41931.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-41931",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:06.453",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:50:00.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -84,6 +104,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -95,10 +125,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "911C90A4-A8B6-4263-8BC8-066B33EDA943"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

36
CVE-2024/CVE-2024-420xx/CVE-2024-42027.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42027",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-10-07T13:15:15.020",
"lastModified": "2024-10-07T17:47:48.410",
"lastModified": "2024-10-07T19:37:18.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -12,6 +12,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
}
],
"cvssMetricV30": [
{
"source": "support@hackerone.com",
@ -35,6 +57,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1391"
}
]
}
],
"references": [
{
"url": "https://hackerone.com/reports/2546437",

12
CVE-2024/CVE-2024-425xx/CVE-2024-42514.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-42514",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-01T19:15:07.883",
"lastModified": "2024-10-04T13:51:25.567",
"lastModified": "2024-10-07T19:37:19.973",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -22,19 +22,19 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]

29
CVE-2024/CVE-2024-428xx/CVE-2024-42831.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-42831",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-07T18:15:04.497",
"lastModified": "2024-10-07T18:15:04.497",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php."
}
],
"metrics": {},
"references": [
{
"url": "http://elaine.com",
"source": "cve@mitre.org"
},
{
"url": "http://realtime.com",
"source": "cve@mitre.org"
},
{
"url": "https://seclists.org/fulldisclosure/2024/Sep/49",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-431xx/CVE-2024-43108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43108",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:06.713",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:45:19.810",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -85,8 +105,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-345"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -95,10 +125,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "911C90A4-A8B6-4263-8BC8-066B33EDA943"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

48
CVE-2024/CVE-2024-436xx/CVE-2024-43694.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43694",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:06.960",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:40:04.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -95,10 +115,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:atak_plugin:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "0339DE99-2478-48B6-9664-CB8847C5EE47"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

60
CVE-2024/CVE-2024-438xx/CVE-2024-43814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-43814",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:07.207",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:37:50.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -85,8 +105,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -95,10 +125,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "911C90A4-A8B6-4263-8BC8-066B33EDA943"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

60
CVE-2024/CVE-2024-440xx/CVE-2024-44068.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-44068",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-07T19:15:09.907",
"lastModified": "2024-10-07T19:37:23.523",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
"source": "cve@mitre.org"
},
{
"url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2024-44068/",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-446xx/CVE-2024-44674.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-44674",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-07T18:15:04.590",
"lastModified": "2024-10-07T18:15:04.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "D-Link COVR-2600R FW101b05 is vulnerable to Buffer Overflow. In the function sub_24E28, the HTTP_REFERER is obtained through an environment variable, and this field is controllable, allowing it to be used as the value for src."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/REYu6/iot/blob/21e59c0cf491a9663423c515370c4fcb43436ae0/CVE/dlink/Covr-3902/2600R.md",
"source": "cve@mitre.org"
},
{
"url": "https://www.dlink.com/en/security-bulletin/",
"source": "cve@mitre.org"
}
]
}

60
CVE-2024/CVE-2024-453xx/CVE-2024-45374.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45374",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:07.687",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:27:17.363",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -85,8 +105,18 @@
},
"weaknesses": [
{
"source": "ics-cert@hq.dhs.gov",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -95,10 +125,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "911C90A4-A8B6-4263-8BC8-066B33EDA943"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

48
CVE-2024/CVE-2024-458xx/CVE-2024-45838.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45838",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:08.170",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:59:40.293",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -61,6 +61,26 @@
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "ics-cert@hq.dhs.gov",
"type": "Secondary",
@ -95,10 +115,32 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna:*:*:*:*:*:atak:*:*",
"versionEndExcluding": "2.0.7",
"matchCriteriaId": "911C90A4-A8B6-4263-8BC8-066B33EDA943"
}
]
}
]
}
],
"references": [
{
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-24-270-05",
"source": "ics-cert@hq.dhs.gov"
"source": "ics-cert@hq.dhs.gov",
"tags": [
"Third Party Advisory",
"US Government Resource"
]
}
]
}

25
CVE-2024/CVE-2024-458xx/CVE-2024-45894.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-45894",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-07T19:15:09.980",
"lastModified": "2024-10-07T19:15:09.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/yihanjinchangtai/215ea4bf71edb0ac9df33b221b63a3a9",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/source-trace/bluecms/issues/1",
"source": "cve@mitre.org"
}
]
}

41
CVE-2024/CVE-2024-459xx/CVE-2024-45932.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45932",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-07T16:15:05.340",
"lastModified": "2024-10-07T17:47:48.410",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-10-07T19:37:25.637",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "Krayin CRM v1.3.0 is vulnerable to Cross Site Scripting (XSS) via the organization name field in /admin/contacts/organizations/edit/2."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "http://TobeReleased.com",

65
CVE-2024/CVE-2024-459xx/CVE-2024-45999.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45999",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-01T20:15:05.390",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:00:37.637",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,11 +15,68 @@
"value": "Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n SQL en Cloudlog 2.6.15, espec\u00edficamente dentro de la funci\u00f3n get_station_info() ubicada en el archivo /application/models/Oqrs_model.php. La vulnerabilidad se puede explotar a trav\u00e9s del par\u00e1metro station_id."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:magicbug:cloudlog:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.6.15",
"matchCriteriaId": "EECF10E7-4835-43B8-88F8-51CB3878A1AF"
}
]
}
]
}
],
"references": [
{
"url": "https://chiggerlor.substack.com/p/cve-2024-45999",
"source": "cve@mitre.org"
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

25
CVE-2024/CVE-2024-460xx/CVE-2024-46076.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-46076",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-07T18:15:04.653",
"lastModified": "2024-10-07T18:15:04.653",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "RuoYi v4.7.9 and before has a security flaw that allows escaping from comments within the code generation feature, enabling the injection of malicious code."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/kkll5875/f237f200bae6db6b47eea3236d82ad0d",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/yangzongzhuan/RuoYi",
"source": "cve@mitre.org"
}
]
}

39
CVE-2024/CVE-2024-460xx/CVE-2024-46077.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46077",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T19:15:16.617",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:26.967",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "itsourcecode Online Tours and Travels Management System v1.0 es vulnerable a cross-site scripting (XSS) a trav\u00e9s de un payload manipulado para los par\u00e1metros val-username, val-email, val-suggestions, val-digits y state_name en travelling.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/n00bS3cLe4rner/CVE-s/blob/main/CVE-2024-46077.md",

39
CVE-2024/CVE-2024-460xx/CVE-2024-46078.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46078",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T19:15:16.683",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:27.763",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "itsourcecode Sports Management System Project 1.0 es vulnerable a una inyecci\u00f3n SQL en la funci\u00f3n delete_category del archivo sports_scheduling/player.php a trav\u00e9s del argumento id."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/n00bS3cLe4rner/CVE-s/blob/main/CVE-2024-46078.md",

39
CVE-2024/CVE-2024-464xx/CVE-2024-46409.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46409",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T17:15:17.073",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:28.597",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) almacenadas en SeedDMS v6.0.28 permite a los atacantes ejecutar secuencias de comandos web o HTML arbitrarios mediante la inyecci\u00f3n de un payload manipulado en el par\u00e1metro Nombre de la p\u00e1gina Calendario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://demo6.seeddms.org/out/out.LogManagement.php?logname=20240831.log",

39
CVE-2024/CVE-2024-464xx/CVE-2024-46486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46486",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T17:15:17.173",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:29.423",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que TP-LINK TL-WDR5620 v2.3 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s de la funci\u00f3n httpProcDataSrv. "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/fishykz/TP-POC",

12
CVE-2024/CVE-2024-465xx/CVE-2024-46503.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46503",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-30T21:15:03.590",
"lastModified": "2024-10-04T13:51:25.567",
"lastModified": "2024-10-07T19:37:30.217",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -22,8 +22,8 @@
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
@ -31,10 +31,10 @@
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]

39
CVE-2024/CVE-2024-466xx/CVE-2024-46658.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46658",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-03T21:15:08.500",
"lastModified": "2024-10-04T13:50:43.727",
"lastModified": "2024-10-07T19:37:30.467",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 que Syrotech SY-GOPON-8OLT-L3 v1.6.0_240629 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos autenticados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://github.com/jackalkarlos/CVE-2024-46658/tree/main",

14
CVE-2024/CVE-2024-471xx/CVE-2024-47122.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47122",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:09.077",
"lastModified": "2024-10-07T16:25:04.050",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:01:45.653",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -104,9 +104,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "19DC36E7-4EBB-41FC-BE57-15FC0B726239"
"matchCriteriaId": "82A99D81-2393-4C97-BF3A-18C373E586AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "4EB02402-526B-42AA-8A5F-0A0D99B432E1"
}
]
}

14
CVE-2024/CVE-2024-471xx/CVE-2024-47123.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47123",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:09.193",
"lastModified": "2024-10-07T16:46:26.183",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:03:13.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -134,9 +134,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "19DC36E7-4EBB-41FC-BE57-15FC0B726239"
"matchCriteriaId": "82A99D81-2393-4C97-BF3A-18C373E586AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "4EB02402-526B-42AA-8A5F-0A0D99B432E1"
}
]
}

14
CVE-2024/CVE-2024-471xx/CVE-2024-47124.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47124",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:09.310",
"lastModified": "2024-10-07T16:17:10.437",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:01:34.350",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -104,9 +104,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "19DC36E7-4EBB-41FC-BE57-15FC0B726239"
"matchCriteriaId": "82A99D81-2393-4C97-BF3A-18C373E586AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "4EB02402-526B-42AA-8A5F-0A0D99B432E1"
}
]
}

12
CVE-2024/CVE-2024-471xx/CVE-2024-47126.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47126",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:09.553",
"lastModified": "2024-10-07T14:27:45.007",
"lastModified": "2024-10-07T18:02:34.093",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -114,9 +114,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "19DC36E7-4EBB-41FC-BE57-15FC0B726239"
"matchCriteriaId": "82A99D81-2393-4C97-BF3A-18C373E586AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "4EB02402-526B-42AA-8A5F-0A0D99B432E1"
}
]
}

12
CVE-2024/CVE-2024-471xx/CVE-2024-47127.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47127",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:09.667",
"lastModified": "2024-10-07T14:17:55.767",
"lastModified": "2024-10-07T18:02:44.587",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -114,9 +114,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "19DC36E7-4EBB-41FC-BE57-15FC0B726239"
"matchCriteriaId": "82A99D81-2393-4C97-BF3A-18C373E586AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "4EB02402-526B-42AA-8A5F-0A0D99B432E1"
}
]
}

12
CVE-2024/CVE-2024-471xx/CVE-2024-47128.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47128",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-09-26T18:15:09.783",
"lastModified": "2024-10-04T19:17:15.237",
"lastModified": "2024-10-07T18:00:51.110",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
@ -114,9 +114,15 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:iphone_os:*:*",
"versionEndIncluding": "1.6.1",
"matchCriteriaId": "19DC36E7-4EBB-41FC-BE57-15FC0B726239"
"matchCriteriaId": "82A99D81-2393-4C97-BF3A-18C373E586AB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gotenna:gotenna_pro:*:*:*:*:*:android:*:*",
"versionEndExcluding": "2.0.3",
"matchCriteriaId": "4EB02402-526B-42AA-8A5F-0A0D99B432E1"
}
]
}

58
CVE-2024/CVE-2024-475xx/CVE-2024-47523.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47523",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-01T21:15:07.050",
"lastModified": "2024-10-04T13:50:43.727",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:07:30.287",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +71,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.9.0",
"matchCriteriaId": "E39B6DE8-DAD4-4158-B2BF-93B804AE09FF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/blob/4777247327c793ed0a3306d0464b95176008177b/includes/html/print-alert-transports.php#L40",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/librenms/librenms/commit/ee1afba003d33667981e098c83295f599d88439c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-7f84-28qh-9486",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

58
CVE-2024/CVE-2024-475xx/CVE-2024-47525.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47525",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-01T21:15:07.520",
"lastModified": "2024-10-04T13:50:43.727",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:08:18.707",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,18 +71,46 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.9.0",
"matchCriteriaId": "E39B6DE8-DAD4-4158-B2BF-93B804AE09FF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/blob/9455173edce6971777cf6666d540eeeaf6201920/includes/html/print-alert-rules.php#L405",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/librenms/librenms/commit/7620d220e48563938d869da7689b8ac3f7721490",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-j2j9-7pr6-xqwv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-475xx/CVE-2024-47527.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47527",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-01T21:15:07.967",
"lastModified": "2024-10-04T13:50:43.727",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T19:08:41.467",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
@ -51,14 +71,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:librenms:librenms:*:*:*:*:*:*:*:*",
"versionEndExcluding": "24.9.0",
"matchCriteriaId": "E39B6DE8-DAD4-4158-B2BF-93B804AE09FF"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/librenms/librenms/commit/36b38a50cc10d4ed16caab92bdc18ed6abac9685",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/librenms/librenms/security/advisories/GHSA-rwwc-2v8q-gc9v",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

56
CVE-2024/CVE-2024-475xx/CVE-2024-47555.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47555",
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"published": "2024-10-07T18:15:04.787",
"lastModified": "2024-10-07T18:15:04.787",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authentication - User & System Configuration"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf",
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f"
}
]
}

56
CVE-2024/CVE-2024-475xx/CVE-2024-47556.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47556",
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"published": "2024-10-07T19:15:10.057",
"lastModified": "2024-10-07T19:15:10.057",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pre-Auth RCE via Path Traversal"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf",
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f"
}
]
}

56
CVE-2024/CVE-2024-475xx/CVE-2024-47557.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47557",
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"published": "2024-10-07T19:15:10.260",
"lastModified": "2024-10-07T19:15:10.260",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Pre-Auth RCE via Path Traversal"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf",
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f"
}
]
}

56
CVE-2024/CVE-2024-475xx/CVE-2024-47558.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47558",
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"published": "2024-10-07T19:15:10.473",
"lastModified": "2024-10-07T19:15:10.473",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated RCE via Path Traversal"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf",
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f"
}
]
}

56
CVE-2024/CVE-2024-475xx/CVE-2024-47559.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47559",
"sourceIdentifier": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"published": "2024-10-07T19:15:10.677",
"lastModified": "2024-10-07T19:15:10.677",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Authenticated RCE via Path Traversal"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://securitydocs.business.xerox.com/wp-content/uploads/2024/10/Xerox-Security-Bulletin-XRX24-014-for-Xerox%C2%AE-FreeFlow%C2%AE-Core-v7.0-.pdf",
"source": "10b61619-3869-496c-8a1e-f291b0e71e3f"
}
]
}

55
CVE-2024/CVE-2024-476xx/CVE-2024-47608.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-47608",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-10-01T17:15:08.970",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:51:05.650",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,6 +59,28 @@
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
@ -73,14 +95,39 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:definetlynotai:logicytics:*:*:*:*:*:*:*:*",
"versionEndIncluding": "2.3.1",
"matchCriteriaId": "7448D8CB-70CA-4E39-8284-83B2CD5AC268"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/DefinetlyNotAI/Logicytics/security/advisories/GHSA-5wvr-vvqf-668m",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.codefactor.io/repository/github/definetlynotai/logicytics/issues/main",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Product"
]
}
]
}

39
CVE-2024/CVE-2024-479xx/CVE-2024-47910.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47910",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T21:15:13.453",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:43.677",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Se descubri\u00f3 un problema en SonarSource SonarQube anterior a la versi\u00f3n 9.9.5 LTA y en la versi\u00f3n 10.x anterior a la 10.5. Un usuario de SonarQube con el rol de administrador puede modificar una configuraci\u00f3n existente de una integraci\u00f3n de GitHub para extraer un JWT firmado previamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.2,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://community.sonarsource.com/t/sonarqube-github-integration-information-leakage/126609",

14
CVE-2024/CVE-2024-479xx/CVE-2024-47911.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47911",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-04T21:15:13.530",
"lastModified": "2024-10-07T17:48:28.117",
"lastModified": "2024-10-07T19:37:44.613",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://sonarsource.atlassian.net/browse/SONAR-22340",

44
CVE-2024/CVE-2024-479xx/CVE-2024-47975.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-47975",
"sourceIdentifier": "f946a70c-00eb-42ce-8e9b-634d1f7b5a6f",
"published": "2024-10-07T19:15:10.877",
"lastModified": "2024-10-07T19:15:10.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control validation in firmware of some Solidigm DC Products may allow an attacker with physical access to gain unauthorized access or an attacker with local access to potentially enable denial of service."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "f946a70c-00eb-42ce-8e9b-634d1f7b5a6f",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 0.7,
"impactScore": 5.8
}
]
},
"references": [
{
"url": "https://https://www.solidigm.com/support-page/support-security.html",
"source": "f946a70c-00eb-42ce-8e9b-634d1f7b5a6f"
}
]
}

20
CVE-2024/CVE-2024-73xx/CVE-2024-7319.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7319",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-08-02T21:16:31.180",
"lastModified": "2024-09-24T17:00:00.917",
"vulnStatus": "Analyzed",
"lastModified": "2024-10-07T19:15:11.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -18,7 +18,7 @@
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"source": "secalert@redhat.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
@ -38,24 +38,24 @@
"impactScore": 1.4
},
{
"source": "secalert@redhat.com",
"source": "nvd@nist.gov",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 7.4,
"baseSeverity": "HIGH"
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.1,
"impactScore": 3.7
"impactScore": 1.4
}
]
},

66
CVE-2024/CVE-2024-76xx/CVE-2024-7670.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7670",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-09-30T21:15:03.680",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:43:46.983",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -51,10 +81,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "39C7EACE-BA48-45C3-BF80-F1DB7C6E271D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A699B5C0-F155-41D7-B204-F7128F24A33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08FC6D85-8BE7-46D3-B1F8-1B06CA18DB38"
}
]
}
]
}
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-76xx/CVE-2024-7671.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7671",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-09-30T21:15:03.890",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:34:28.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -51,10 +81,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "39C7EACE-BA48-45C3-BF80-F1DB7C6E271D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A699B5C0-F155-41D7-B204-F7128F24A33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08FC6D85-8BE7-46D3-B1F8-1B06CA18DB38"
}
]
}
]
}
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-76xx/CVE-2024-7672.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7672",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-09-30T21:15:04.070",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:35:02.153",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -51,10 +81,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "39C7EACE-BA48-45C3-BF80-F1DB7C6E271D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A699B5C0-F155-41D7-B204-F7128F24A33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08FC6D85-8BE7-46D3-B1F8-1B06CA18DB38"
}
]
}
]
}
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-76xx/CVE-2024-7673.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7673",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-09-30T21:15:04.250",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:34:40.640",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -51,10 +81,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "39C7EACE-BA48-45C3-BF80-F1DB7C6E271D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A699B5C0-F155-41D7-B204-F7128F24A33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08FC6D85-8BE7-46D3-B1F8-1B06CA18DB38"
}
]
}
]
}
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-76xx/CVE-2024-7674.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7674",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-09-30T21:15:04.430",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:34:56.640",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -51,10 +81,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "39C7EACE-BA48-45C3-BF80-F1DB7C6E271D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A699B5C0-F155-41D7-B204-F7128F24A33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08FC6D85-8BE7-46D3-B1F8-1B06CA18DB38"
}
]
}
]
}
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

66
CVE-2024/CVE-2024-76xx/CVE-2024-7675.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-7675",
"sourceIdentifier": "psirt@autodesk.com",
"published": "2024-09-30T21:15:04.613",
"lastModified": "2024-10-04T13:51:25.567",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-10-07T18:34:58.443",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
},
{
"source": "psirt@autodesk.com",
"type": "Secondary",
@ -51,10 +81,40 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025:*:*:*:*:*:*:*",
"matchCriteriaId": "39C7EACE-BA48-45C3-BF80-F1DB7C6E271D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A699B5C0-F155-41D7-B204-F7128F24A33B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:autodesk:navisworks:2025.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08FC6D85-8BE7-46D3-B1F8-1B06CA18DB38"
}
]
}
]
}
],
"references": [
{
"url": "https://autodesk.com/trust/security-advisories/adsk-sa-2024-0015",
"source": "psirt@autodesk.com"
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
]
}
]
}

Some files were not shown because too many files have changed in this diff Show More