admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-09T19:00:29.420592+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-09 19:03:54 +00:00
parent d0484cf596
commit 97c04cf9e8
98 changed files with 4535 additions and 1104 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
CVE-2019/CVE-2019-108xx/CVE-2019-10891.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-10891",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-09-06T20:15:11.003",
"lastModified": "2025-01-06T15:15:09.593",
"lastModified": "2025-01-09T18:15:23.760",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [

107
CVE-2021/CVE-2021-470xx/CVE-2021-47069.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47069",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-01T22:15:46.857",
"lastModified": "2024-11-21T06:35:18.510",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T18:21:01.560",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,120 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ipc/mqueue, msg, sem: evite confiar en una referencia de pila despu\u00e9s de su vencimiento do_mq_timedreceive llama a wq_sleep con una direcci\u00f3n local de pila. El remitente (do_mq_timedsend) usa esta direcci\u00f3n para luego llamar a pipelined_send. Esto conduce a una ejecuci\u00f3n muy dif\u00edcil de desencadenar en la que una llamada do_mq_timedreceive puede regresar y dejar que do_mq_timedsend dependa de una direcci\u00f3n no v\u00e1lida, lo que provoca el siguiente bloqueo: RIP: 0010:wake_q_add_safe+0x13/0x60 Seguimiento de llamadas: __x64_sys_mq_timedsend+0x2a9/0x490 do_syscall_64+0x80 /0x680 Entry_SYSCALL_64_after_hwframe+0x44/0xa9 RIP: 0033:0x7f5928e40343 La ejecuci\u00f3n ocurre como: 1. do_mq_timedreceive llama a wq_sleep con la direcci\u00f3n de `struct ext_wait_queue` en la pila de funciones (alias `ewq_addr` aqu\u00ed): contiene una `struct ext_wait_queue * v\u00e1lida ` siempre y cuando la pila no haya sido sobrescrita. 2. `ewq_addr` se agrega a info->e_wait_q[RECV].list en wq_add, y do_mq_timedsend lo recibe a trav\u00e9s de wq_get_first_waiter(info, RECV) para llamar a __pipelined_op. 3. El remitente llama a __pipelined_op::smp_store_release(&this->state, STATE_READY). Aqu\u00ed es donde comienza la ventana de ejecuci\u00f3n. (`esto` es `ewq_addr`.) 4. Si el receptor se activa ahora en do_mq_timedreceive::wq_sleep, ver\u00e1 `state == STATE_READY` y se interrumpir\u00e1. 5. do_mq_timedreceive regresa y ya no se garantiza que `ewq_addr` sea una `struct ext_wait_queue *` ya que estaba en la pila de do_mq_timedreceive. (Aunque es posible que la direcci\u00f3n no se sobrescriba hasta que otra funci\u00f3n la toque, lo que significa que puede persistir por un tiempo indefinido). 6. do_mq_timedsend::__pipelined_op() todav\u00eda cree que `ewq_addr` es una `struct ext_wait_queue *`, y lo usa para encontrar una task_struct para pasar a la llamada wake_q_add_safe. En el afortunado caso de que nada haya sobrescrito `ewq_addr` todav\u00eda, `ewq_addr->task` es la estructura de tarea correcta. En el desafortunado caso, __pipelined_op::wake_q_add_safe recibe una direcci\u00f3n falsa como la task_struct del receptor que causa el bloqueo. do_mq_timedsend::__pipelined_op() no debe eliminar la referencia a \"esto\" despu\u00e9s de configurar STATE_READY, ya que la contraparte del receptor ahora puede regresar. Cambie __pipelined_op para llamar a wake_q_add_safe en el task_struct del receptor devuelto por get_task_struct, en lugar de desreferenciar \"this\" que se encuentra en la pila del receptor. Como se\u00f1al\u00f3 Manfred, la ejecuci\u00f3n tambi\u00e9n existe potencialmente en ipc/msg.c::expunge_all e ipc/sem.c::wake_up_sem_queue_prepare. Arr\u00e9glelos de la misma manera."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-672"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.6",
"versionEndExcluding": "5.10.40",
"matchCriteriaId": "CC04C860-B3F3-4630-B20D-99BEA8F2A42A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.12.7",
"matchCriteriaId": "E8F2CE30-38B0-4716-B12B-A139B0F9C5C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/4528c0c323085e645b8765913b4a7fd42cf49b65",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/807fa14536b26803b858da878b643be72952a097",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a11ddb37bf367e6b5239b95ca759e5389bb46048",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4528c0c323085e645b8765913b4a7fd42cf49b65",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/807fa14536b26803b858da878b643be72952a097",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a11ddb37bf367e6b5239b95ca759e5389bb46048",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

22
CVE-2022/CVE-2022-370xx/CVE-2022-37056.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-37056",
"sourceIdentifier": "cve@mitre.org",
"published": "2022-08-28T17:15:08.413",
"lastModified": "2025-01-06T15:15:09.993",
"lastModified": "2025-01-09T18:15:24.797",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},

32
CVE-2023/CVE-2023-19xx/CVE-2023-1945.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-1945",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:10.493",
"lastModified": "2024-11-21T07:40:12.070",
"lastModified": "2025-01-09T17:15:08.213",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

43
CVE-2023/CVE-2023-239xx/CVE-2023-23913.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2023-23913",
"sourceIdentifier": "support@hackerone.com",
"published": "2025-01-09T01:15:07.257",
"lastModified": "2025-01-09T01:15:07.257",
"lastModified": "2025-01-09T18:15:24.993",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute."
},
{
"lang": "es",
"value": "Existe un problema potencial de Cross-Site Scripting basado en DOM en rails-ujs que aprovecha la API del portapapeles para apuntar a elementos HTML a los que se les asigna el atributo contenteditable. Esto puede ocurrir al pegar contenido HTML malicioso desde el portapapeles que incluye un atributo data-method, data-remote o data-disable-with."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1033263",

41
CVE-2023/CVE-2023-281xx/CVE-2023-28159.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28159",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:12.033",
"lastModified": "2024-11-21T07:54:30.473",
"lastModified": "2025-01-09T17:15:09.523",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
@ -103,6 +133,15 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1783561",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

22
CVE-2023/CVE-2023-297xx/CVE-2023-29722.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29722",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T21:15:09.360",
"lastModified": "2024-11-21T07:57:25.073",
"lastModified": "2025-01-09T18:15:25.153",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},

22
CVE-2023/CVE-2023-297xx/CVE-2023-29723.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29723",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T21:15:09.407",
"lastModified": "2024-11-21T07:57:25.203",
"lastModified": "2025-01-09T18:15:25.333",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

32
CVE-2023/CVE-2023-297xx/CVE-2023-29736.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29736",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T21:15:09.450",
"lastModified": "2024-11-21T07:57:26.743",
"lastModified": "2025-01-09T18:15:25.493",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-297xx/CVE-2023-29748.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29748",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.500",
"lastModified": "2024-11-21T07:57:28.317",
"lastModified": "2025-01-09T18:15:25.667",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},

22
CVE-2023/CVE-2023-29xx/CVE-2023-2977.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2977",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-06-01T01:15:17.917",
"lastModified": "2024-11-21T07:59:40.960",
"lastModified": "2025-01-09T18:15:25.850",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.2
}
]
},

32
CVE-2023/CVE-2023-307xx/CVE-2023-30758.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30758",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.847",
"lastModified": "2024-11-21T08:00:50.750",
"lastModified": "2025-01-09T18:15:26.083",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-334xx/CVE-2023-33461.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33461",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.547",
"lastModified": "2024-11-21T08:05:35.730",
"lastModified": "2025-01-09T17:15:09.730",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33544.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33544",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T13:15:10.637",
"lastModified": "2024-11-21T08:05:41.690",
"lastModified": "2025-01-09T17:15:09.997",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33552.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33552",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T15:15:09.163",
"lastModified": "2024-11-21T08:05:42.310",
"lastModified": "2025-01-09T17:15:10.250",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-337xx/CVE-2023-33716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33716",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.590",
"lastModified": "2024-11-21T08:05:53.460",
"lastModified": "2025-01-09T18:15:26.273",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-401"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-337xx/CVE-2023-33719.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33719",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.630",
"lastModified": "2024-11-21T08:05:53.927",
"lastModified": "2025-01-09T18:15:26.460",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-401"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-337xx/CVE-2023-33754.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33754",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T20:15:09.467",
"lastModified": "2024-11-21T08:05:56.947",
"lastModified": "2025-01-09T17:15:10.470",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-307"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-337xx/CVE-2023-33764.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33764",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T20:15:09.523",
"lastModified": "2024-11-21T08:05:58.363",
"lastModified": "2025-01-09T18:15:26.620",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-337xx/CVE-2023-33778.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33778",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T04:15:10.313",
"lastModified": "2024-11-21T08:05:58.853",
"lastModified": "2025-01-09T18:15:26.790",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-798"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-343xx/CVE-2023-34312.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34312",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T03:15:20.673",
"lastModified": "2024-11-21T08:06:59.357",
"lastModified": "2025-01-09T17:15:10.757",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-763"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-763"
}
]
}
],
"configurations": [

27
CVE-2023/CVE-2023-480xx/CVE-2023-48082.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-48082",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-14T19:15:10.780",
"lastModified": "2024-10-25T17:15:03.903",
"lastModified": "2025-01-09T18:15:27.130",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,30 +15,7 @@
"value": "Se descubri\u00f3 que Nagios XI anterior a 5.11.3 2024R1 manejaba incorrectamente la generaci\u00f3n de claves API (generadas aleatoriamente), lo que permit\u00eda a los atacantes generar posiblemente el mismo conjunto de claves API para todos los usuarios y utilizarlas para autenticarse."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"metrics": {},
"references": [
{
"url": "https://www.nagios.com/change-log/",

85
CVE-2023/CVE-2023-492xx/CVE-2023-49275.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-49275",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-19T15:15:49.847",
"lastModified": "2024-11-21T08:33:09.917",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:42:46.960",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,32 +69,81 @@
"value": "CWE-476"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.2.0",
"versionEndExcluding": "4.7.1",
"matchCriteriaId": "1423F835-4122-4332-85F6-B66CADB156DB"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.c#L1573",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.c#L1578",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-4mq7-w9r6-9975",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.c#L1573",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://github.com/wazuh/wazuh/blob/e1d5231b31b68a75f3b8b33f833155b362411078/src/analysisd/decoders/syscollector.c#L1578",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-4mq7-w9r6-9975",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

65
CVE-2023/CVE-2023-502xx/CVE-2023-50260.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-50260",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-19T15:15:50.040",
"lastModified": "2024-11-21T08:36:46.290",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:41:36.720",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,16 +69,53 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.2.0",
"versionEndExcluding": "4.7.2",
"matchCriteriaId": "A4731D6B-7AF2-4064-8D9B-792314DD0940"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-mjq2-xf8g-68vw",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

34
CVE-2024/CVE-2024-104xx/CVE-2024-10466.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10466",
"sourceIdentifier": "security@mozilla.org",
"published": "2024-10-29T13:15:04.273",
"lastModified": "2024-11-04T13:29:51.947",
"vulnStatus": "Analyzed",
"lastModified": "2025-01-09T18:15:27.253",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,26 +36,6 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -69,16 +49,6 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

24
CVE-2024/CVE-2024-105xx/CVE-2024-10525.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10525",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-10-30T12:15:02.787",
"lastModified": "2024-11-01T12:57:03.417",
"lastModified": "2025-01-09T18:15:27.403",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -59,28 +59,6 @@
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [

70
CVE-2024/CVE-2024-109xx/CVE-2024-10917.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10917",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-11-11T17:15:04.203",
"lastModified": "2024-11-12T13:55:21.227",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T18:08:16.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
@ -49,20 +69,60 @@
"value": "CWE-190"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-190"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.8.0",
"versionEndExcluding": "0.48.0",
"matchCriteriaId": "FCC7DE02-3642-44C5-BBA7-81914AB315E6"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-openj9/openj9/pull/20362",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/eclipse-openj9/openj9/releases/tag/openj9-0.48.0",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Release Notes"
]
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/47",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-116xx/CVE-2024-11614.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11614",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-12-18T09:15:06.660",
"lastModified": "2025-01-09T16:15:35.980",
"lastModified": "2025-01-09T17:15:10.980",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -64,6 +64,18 @@
"url": "https://access.redhat.com/errata/RHSA-2025:0210",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0220",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0221",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0222",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2024-11614",
"source": "secalert@redhat.com"

74
CVE-2024/CVE-2024-12xx/CVE-2024-1289.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1289",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-09T19:15:15.990",
"lastModified": "2024-11-21T08:50:14.563",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:41:10.137",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.9,
"impactScore": 2.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.2.6.4",
"matchCriteriaId": "3A49C601-BDD9-4F3D-9159-6617A460BFD9"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042945%40learnpress%2Ftags%2F4.2.6.3&new=3061851%40learnpress%2Ftags%2F4.2.6.4",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c410d91-08cc-496d-9c8e-c57f107399da?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042945%40learnpress%2Ftags%2F4.2.6.3&new=3061851%40learnpress%2Ftags%2F4.2.6.4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0c410d91-08cc-496d-9c8e-c57f107399da?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

16
CVE-2024/CVE-2024-131xx/CVE-2024-13191.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-13191",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-08T23:15:08.807",
"lastModified": "2025-01-08T23:15:08.807",
"lastModified": "2025-01-09T17:15:11.267",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en ZeroWdd myblog 1.0. Este problema afecta a la funci\u00f3n de carga del archivo src/main/java/com/wdd/myblog/controller/admin/uploadController.java. La manipulaci\u00f3n del archivo de argumentos provoca una carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +144,14 @@
{
"url": "https://vuldb.com/?submit.469229",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/ZeroWdd/myblog/issues/3",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
},
{
"url": "https://github.com/ZeroWdd/myblog/issues/3#issue-2759839215",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2024/CVE-2024-131xx/CVE-2024-13192.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-13192",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-08T23:15:09.017",
"lastModified": "2025-01-08T23:15:09.017",
"lastModified": "2025-01-09T17:15:11.420",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "En ZeroWdd myblog 1.0 se ha detectado una vulnerabilidad clasificada como problem\u00e1tica. La funci\u00f3n de actualizaci\u00f3n del archivo src/main/java/com/wdd/myblog/controller/admin/BlogController.java se ve afectada. La manipulaci\u00f3n provoca ataques de cross site scripting. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +144,10 @@
{
"url": "https://vuldb.com/?submit.469232",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/ZeroWdd/myblog/issues/4",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2024/CVE-2024-131xx/CVE-2024-13193.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-13193",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-08T23:15:09.220",
"lastModified": "2025-01-08T23:15:09.220",
"lastModified": "2025-01-09T17:15:11.553",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en SEMCMS hasta la versi\u00f3n 4.8 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo SEMCMS_Images.php del componente Image Library Management Page. La manipulaci\u00f3n conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.469563",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Upgradeextension/SEMCMS/blob/main/README.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2024/CVE-2024-131xx/CVE-2024-13194.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-13194",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T00:15:25.357",
"lastModified": "2025-01-09T00:15:25.357",
"lastModified": "2025-01-09T17:15:11.690",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Sucms 1.0 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /admin/admin_members.php?ac=search. La manipulaci\u00f3n del argumento uid conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.469566",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/Upgradeextension/Sucms-v1.0SQLinjection/blob/main/README.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

16
CVE-2024/CVE-2024-131xx/CVE-2024-13195.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-13195",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T00:15:25.570",
"lastModified": "2025-01-09T00:15:25.570",
"lastModified": "2025-01-09T17:15:11.827",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en donglight bookstore???????? 1.0.0. Se ha clasificado como cr\u00edtica. Afecta a la funci\u00f3n getHtml del archivo src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. La manipulaci\u00f3n del argumento url conduce a server-side request forgery. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,14 @@
{
"url": "https://vuldb.com/?submit.469689",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/donglight/bookstore/issues/11",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
},
{
"url": "https://github.com/donglight/bookstore/issues/11#issue-2760929273",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

16
CVE-2024/CVE-2024-131xx/CVE-2024-13196.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-13196",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T00:15:25.760",
"lastModified": "2025-01-09T00:15:25.760",
"lastModified": "2025-01-09T17:15:11.957",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in donglight bookstore\u7535\u5546\u4e66\u57ce\u7cfb\u7edf\u8bf4\u660e 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. The manipulation of the argument keywords leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en donglight bookstore???????? 1.0.0. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta a la funci\u00f3n BookSearchList del archivo src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. La manipulaci\u00f3n de las palabras clave del argumento provoca cross site scripting. El ataque se puede iniciar de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +144,14 @@
{
"url": "https://vuldb.com/?submit.469771",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/donglight/bookstore/issues/12",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
},
{
"url": "https://github.com/donglight/bookstore/issues/12#issue-2760934170",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2024/CVE-2024-132xx/CVE-2024-13202.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-13202",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T03:15:24.220",
"lastModified": "2025-01-09T03:15:24.220",
"lastModified": "2025-01-09T17:15:12.110",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en wander-chu SpringBoot-Blog 1.0 y se ha clasificado como problem\u00e1tica. Este problema afecta a la funci\u00f3n modifiyArticle del archivo src/main/java/com/my/blog/website/controller/admin/PageController.java del componente Blog Article Handler. La manipulaci\u00f3n del contenido del argumento provoca cross site scripting. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +144,10 @@
{
"url": "https://vuldb.com/?submit.470914",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/wander-chu/SpringBoot-Blog/issues/7#issue-2761643235",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2024/CVE-2024-132xx/CVE-2024-13203.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-13203",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T03:15:24.410",
"lastModified": "2025-01-09T03:15:24.410",
"lastModified": "2025-01-09T17:15:12.280",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en kurniaramadhan E-Commerce-PHP 1.0. Se ha clasificado como problem\u00e1tica. Se trata de una funci\u00f3n desconocida. La manipulaci\u00f3n conduce a cross-site request forgery. Es posible lanzar el ataque de forma remota. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -132,6 +136,10 @@
{
"url": "https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1",
"source": "cna@vuldb.com"
},
{
"url": "https://www.websecurityinsights.my.id/2024/12/ecommerce-php-by-kurniaramadhan-sql.html?m=1",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

74
CVE-2024/CVE-2024-14xx/CVE-2024-1463.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1463",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-09T19:15:17.540",
"lastModified": "2024-11-21T08:50:38.330",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:37:21.223",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 1.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:thimpress:learnpress:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "4.2.6.4",
"matchCriteriaId": "3A49C601-BDD9-4F3D-9159-6617A460BFD9"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042945%40learnpress%2Ftags%2F4.2.6.3&new=3061851%40learnpress%2Ftags%2F4.2.6.4",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abb4b617-884b-4e72-812f-5f23a0976ab6?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042945%40learnpress%2Ftags%2F4.2.6.3&new=3061851%40learnpress%2Ftags%2F4.2.6.4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/abb4b617-884b-4e72-812f-5f23a0976ab6?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-216xx/CVE-2024-21652.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21652",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-18T18:15:09.697",
"lastModified": "2024-11-21T08:54:48.430",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:07:47.467",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,16 +69,64 @@
"value": "CWE-307"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.13",
"matchCriteriaId": "6312AE1F-68E1-4B95-952B-BCFA03CCC7AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.9.0",
"versionEndExcluding": "2.9.9",
"matchCriteriaId": "89CCBDB3-E3A5-4529-9483-556AE5F93775"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.10.0",
"versionEndExcluding": "2.10.4",
"matchCriteriaId": "5FD6C646-5A70-42B0-A92A-DEB525C09A64"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

118
CVE-2024/CVE-2024-216xx/CVE-2024-21661.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21661",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-18T19:15:06.687",
"lastModified": "2024-11-21T08:54:49.030",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:09:38.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,48 +69,122 @@
"value": "CWE-787"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.13",
"matchCriteriaId": "6312AE1F-68E1-4B95-952B-BCFA03CCC7AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.9.0",
"versionEndExcluding": "2.9.9",
"matchCriteriaId": "89CCBDB3-E3A5-4529-9483-556AE5F93775"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.10.0",
"versionEndExcluding": "2.10.4",
"matchCriteriaId": "5FD6C646-5A70-42B0-A92A-DEB525C09A64"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/argoproj/argo-cd/blob/54601c8fd30b86a4c4b7eb449956264372c8bde0/util/session/sessionmanager.go#L302-L311",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/2a22e19e06aaf6a1e734443043310a66c234e345",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/5bbb51ab423f273dda74ab956469843d2db2e208",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/ce04dc5c6f6e92033221ec6d96b74403b065ca8b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/argoproj/argo-cd/blob/54601c8fd30b86a4c4b7eb449956264372c8bde0/util/session/sessionmanager.go#L302-L311",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/2a22e19e06aaf6a1e734443043310a66c234e345",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/5bbb51ab423f273dda74ab956469843d2db2e208",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/ce04dc5c6f6e92033221ec6d96b74403b065ca8b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

118
CVE-2024/CVE-2024-216xx/CVE-2024-21662.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21662",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-18T19:15:06.870",
"lastModified": "2024-11-21T08:54:49.157",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:13:17.787",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
@ -49,48 +69,122 @@
"value": "CWE-307"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-307"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.8.13",
"matchCriteriaId": "6312AE1F-68E1-4B95-952B-BCFA03CCC7AD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.9.0",
"versionEndExcluding": "2.9.9",
"matchCriteriaId": "89CCBDB3-E3A5-4529-9483-556AE5F93775"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.10.0",
"versionEndExcluding": "2.10.4",
"matchCriteriaId": "5FD6C646-5A70-42B0-A92A-DEB525C09A64"
}
]
}
]
}
],
"references": [
{
"url": "https://argo-cd.readthedocs.io/en/stable/security_considerations/#cve-2020-8827-insufficient-anti-automationanti-brute-force",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://argo-cd.readthedocs.io/en/stable/security_considerations/#cve-2020-8827-insufficient-anti-automationanti-brute-force",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-21xx/CVE-2024-2181.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2181",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-09T19:15:28.957",
"lastModified": "2024-11-21T09:09:12.207",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:23:38.353",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpzoom:beaver_builder_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.5",
"matchCriteriaId": "3AD967ED-D8DA-4DA1-99A3-D4385C2264E6"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3046905/wpzoom-addons-for-beaver-builder",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6baa44c7-1c13-45ad-9fb5-da06933f3cd0?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3046905/wpzoom-addons-for-beaver-builder",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/6baa44c7-1c13-45ad-9fb5-da06933f3cd0?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-21xx/CVE-2024-2183.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2183",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-09T19:15:29.127",
"lastModified": "2024-11-21T09:09:12.500",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:18:25.953",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpzoom:beaver_builder_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.5",
"matchCriteriaId": "3AD967ED-D8DA-4DA1-99A3-D4385C2264E6"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3046905/wpzoom-addons-for-beaver-builder",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/781987af-3753-46ec-9d56-fb8b6ef42277?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3046905/wpzoom-addons-for-beaver-builder",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/781987af-3753-46ec-9d56-fb8b6ef42277?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

74
CVE-2024/CVE-2024-21xx/CVE-2024-2187.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2187",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-09T19:15:29.627",
"lastModified": "2024-11-21T09:09:13.087",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:06:43.647",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpzoom:beaver_builder_addons:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "1.3.5",
"matchCriteriaId": "3AD967ED-D8DA-4DA1-99A3-D4385C2264E6"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3046905/wpzoom-addons-for-beaver-builder",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02fceb91-7691-4629-b18b-57959e9f3f62?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3046905/wpzoom-addons-for-beaver-builder",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/02fceb91-7691-4629-b18b-57959e9f3f62?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

27
CVE-2024/CVE-2024-22xx/CVE-2024-2201.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-2201",
"sourceIdentifier": "cret@cert.org",
"published": "2024-12-19T21:15:08.103",
"lastModified": "2024-12-19T21:15:08.103",
"lastModified": "2025-01-09T17:15:12.423",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Una vulnerabilidad de cross-privilege en Spectre v2 permite a los atacantes eludir todas las mitigaciones implementadas, incluida la reciente Fine (IBT), y filtrar memoria arbitraria del kernel de Linux en sistemas Intel."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.0,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/04/09/15",

74
CVE-2024/CVE-2024-24xx/CVE-2024-2492.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2492",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-04-09T19:15:34.350",
"lastModified": "2024-11-21T09:09:52.440",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:01:54.423",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ideabox:powerpack_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.7.19",
"matchCriteriaId": "CD3979F8-819D-4DE3-93BE-DA26C30F856F"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3059841/powerpack-lite-for-elementor",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11386b6a-632c-451a-b726-846f74b6f42d?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3059841/powerpack-lite-for-elementor",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/11386b6a-632c-451a-b726-846f74b6f42d?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

83
CVE-2024/CVE-2024-272xx/CVE-2024-27299.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27299",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-25T19:15:57.563",
"lastModified": "2024-11-21T09:04:16.593",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:27:11.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,32 +69,79 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901"
}
]
}
]
}
],
"references": [
{
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

83
CVE-2024/CVE-2024-273xx/CVE-2024-27300.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27300",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-25T19:15:57.807",
"lastModified": "2024-11-21T09:04:16.727",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:16:12.273",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.1,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,32 +69,79 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-281xx/CVE-2024-28105.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28105",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-25T19:15:58.020",
"lastModified": "2024-11-21T09:05:49.490",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:14:59.820",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -49,24 +69,65 @@
"value": "CWE-434"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-281xx/CVE-2024-28106.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28106",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-25T19:15:58.263",
"lastModified": "2024-11-21T09:05:49.623",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:30:11.107",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.9,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,24 +69,65 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-281xx/CVE-2024-28107.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28107",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-25T19:15:58.477",
"lastModified": "2024-11-21T09:05:49.743",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:01:02.587",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,24 +69,65 @@
"value": "CWE-89"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

73
CVE-2024/CVE-2024-281xx/CVE-2024-28108.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28108",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-25T19:15:58.700",
"lastModified": "2024-11-21T09:05:49.880",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:00:12.770",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -53,24 +73,65 @@
"value": "CWE-80"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:phpmyfaq:phpmyfaq:3.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD7923-9316-46E2-B3C4-33105AD9E901"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

87
CVE-2024/CVE-2024-281xx/CVE-2024-28175.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28175",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-13T21:16:00.570",
"lastModified": "2024-11-21T09:05:57.817",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:05:59.063",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,24 +69,79 @@
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "1.0.0",
"versionEndExcluding": "2.8.12",
"matchCriteriaId": "E0393269-E1BA-4E3B-9A76-6EECFD36FDA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.9.0",
"versionEndExcluding": "2.9.8",
"matchCriteriaId": "CFDD1F75-11BA-4CB4-BAD8-7A2DC23339D7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.10.0",
"versionEndExcluding": "2.10.3",
"matchCriteriaId": "91F1733A-B8C1-4676-96B5-C9EF16E9C23B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-290xx/CVE-2024-29020.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29020",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-29T15:15:11.437",
"lastModified": "2024-11-21T09:07:23.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:20:18.197",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
@ -49,16 +69,51 @@
"value": "CWE-639"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.10.6",
"matchCriteriaId": "07104EF2-D3BA-4E56-95DB-23114EF726F7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7mqc-23hr-cr62",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-7mqc-23hr-cr62",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-290xx/CVE-2024-29024.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29024",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-29T15:15:11.707",
"lastModified": "2024-11-21T09:07:23.763",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:32:54.613",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
@ -49,16 +69,51 @@
"value": "CWE-639"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.10.6",
"matchCriteriaId": "07104EF2-D3BA-4E56-95DB-23114EF726F7"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-8wqm-rfc7-q27q",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-292xx/CVE-2024-29201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29201",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-29T15:15:11.963",
"lastModified": "2024-11-21T09:07:47.373",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:27:57.507",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
@ -49,16 +69,53 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.10.7",
"matchCriteriaId": "5D9BDDB1-9645-419E-A682-7693BC8A7141"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-pjpp-cm9x-6rwj",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-pjpp-cm9x-6rwj",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

65
CVE-2024/CVE-2024-292xx/CVE-2024-29202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29202",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-03-29T15:15:12.223",
"lastModified": "2024-11-21T09:07:48.547",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:25:13.830",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
}
]
},
@ -49,16 +69,53 @@
"value": "CWE-94"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:fit2cloud:jumpserver:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.10.7",
"matchCriteriaId": "5D9BDDB1-9645-419E-A682-7693BC8A7141"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/jumpserver/jumpserver/security/advisories/GHSA-2vvr-vmvx-73ch",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

72
CVE-2024/CVE-2024-302xx/CVE-2024-30262.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30262",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-09T17:16:02.850",
"lastModified": "2024-11-21T09:11:34.673",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:51:27.337",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 4.2
}
]
},
@ -53,24 +73,64 @@
"value": "CWE-613"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:contao:contao:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.13.40",
"matchCriteriaId": "481B6B86-03CA-4612-99A8-18381D0E16F2"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/contao/contao/commit/3032baa456f607169ffae82a8920354adb338fe9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/contao/contao/security/advisories/GHSA-r4r6-j2j3-7pp5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/contao/contao/commit/3032baa456f607169ffae82a8920354adb338fe9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/contao/contao/security/advisories/GHSA-r4r6-j2j3-7pp5",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

34
CVE-2024/CVE-2024-309xx/CVE-2024-30962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30962",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-05T23:15:05.147",
"lastModified": "2024-12-18T17:44:24.507",
"vulnStatus": "Analyzed",
"lastModified": "2025-01-09T17:15:12.600",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-120"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

62
CVE-2024/CVE-2024-312xx/CVE-2024-31278.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31278",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-04-10T16:15:13.483",
"lastModified": "2024-11-21T09:13:10.977",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:15:33.957",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,16 +69,50 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:leap13:premium_addons_for_elementor:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "4.10.22",
"matchCriteriaId": "576A3771-51C0-4EED-885B-502161566B2C"
}
]
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-22-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
"source": "audit@patchstack.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-22-sensitive-data-exposure-vulnerability?_s_id=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

129
CVE-2024/CVE-2024-319xx/CVE-2024-31988.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31988",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-10T21:15:07.297",
"lastModified": "2024-11-21T09:14:17.400",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T18:54:53.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,56 +69,137 @@
"value": "CWE-352"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.9",
"versionEndExcluding": "14.10.19",
"matchCriteriaId": "C98B05F5-893C-40C4-A707-4230DF901C0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.4",
"matchCriteriaId": "C15AC764-BCCE-4AF3-98F5-28EC637500A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "15.9",
"matchCriteriaId": "3E8A87CB-01A7-4C55-99FF-93FAAC70532B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/commit/4896712ee6483da623f131be2e618f1f2b79cb8d",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/9f8cc88497418750b09ce9fde5d67d840f038fbf",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/d88da4572fb7d4f95e1f54bb0cce33fce3df08d9",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/d9f5043da289ff106f08e23576746fd8baf98794",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r5vh-gc3r-r24w",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21424",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/4896712ee6483da623f131be2e618f1f2b79cb8d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/9f8cc88497418750b09ce9fde5d67d840f038fbf",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/d88da4572fb7d4f95e1f54bb0cce33fce3df08d9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/d9f5043da289ff106f08e23576746fd8baf98794",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r5vh-gc3r-r24w",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21424",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

107
CVE-2024/CVE-2024-319xx/CVE-2024-31990.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31990",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-15T20:15:11.127",
"lastModified": "2024-11-21T09:14:17.697",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:04:35.590",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
]
},
@ -49,40 +69,107 @@
"value": "CWE-863"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.4.0",
"versionEndExcluding": "2.8.16",
"matchCriteriaId": "9B87AF18-0754-4EA4-B6D6-B29F1DD75590"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.9.0",
"versionEndExcluding": "2.9.12",
"matchCriteriaId": "5FBE3254-59C6-4CA7-AE67-673BA527A8DE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:argoproj:argo_cd:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.10.0",
"versionEndExcluding": "2.10.7",
"matchCriteriaId": "71FAC3BD-2DF6-400F-813C-A98370A10F0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/c514105af739eebedb9dbe89d8a6dd8dfc30bb2c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/c5a252c4cc260e240e2074794aedb861d07e9ca5",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/commit/e0ff56d89fbd7d066e9c862b30337f6520f13f17",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-2gvw-w6fj-7m3c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

131
CVE-2024/CVE-2024-319xx/CVE-2024-31996.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-31996",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-10T21:15:07.510",
"lastModified": "2024-11-21T09:14:18.477",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T18:50:19.793",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,56 +69,139 @@
"value": "CWE-95"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.1",
"versionEndExcluding": "14.10.19",
"matchCriteriaId": "7385D8A9-93D4-4B6D-8030-67F9E3F3CB83"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.0",
"versionEndExcluding": "15.5.4",
"matchCriteriaId": "C15AC764-BCCE-4AF3-98F5-28EC637500A4"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"versionStartIncluding": "15.6",
"versionEndExcluding": "15.9",
"matchCriteriaId": "3E8A87CB-01A7-4C55-99FF-93FAAC70532B"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/xwiki/xwiki-commons/commit/b0805160ec7b01ee12417e79cb384e60ae4817aa",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/commit/b94142e2a66ec32e89eacab67c3da8d91f5ef93a",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/commit/ed7ff515a2436a1c6dcbd0c6ca0c41e434d58915",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-hf43-47q4-fhq5",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XCOMMONS-2828",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21438",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/commit/b0805160ec7b01ee12417e79cb384e60ae4817aa",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/commit/b94142e2a66ec32e89eacab67c3da8d91f5ef93a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/commit/ed7ff515a2436a1c6dcbd0c6ca0c41e434d58915",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/xwiki/xwiki-commons/security/advisories/GHSA-hf43-47q4-fhq5",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XCOMMONS-2828",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-21438",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

109
CVE-2024/CVE-2024-320xx/CVE-2024-32035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32035",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-15T20:15:11.323",
"lastModified": "2024-11-21T09:14:21.920",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T18:35:14.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,48 +69,113 @@
"value": "CWE-789"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.8",
"matchCriteriaId": "A06E81B0-6C7F-43A9-B154-E5BF07241973"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.1.4",
"matchCriteriaId": "CDB61675-C17E-41D0-AFBF-24E39F753A0A"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://docs.sixlabors.com/articles/imagesharp.web/processingcommands.html#securing-processing-commands",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://docs.sixlabors.com/articles/imagesharp/security.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/b6b08ac3e7cea8da5ac1e90f7c0b67dd254535c3",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/f21d64188e59ae9464ff462056a5e29d8e618b27",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-g85r-6x2q-45w7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

89
CVE-2024/CVE-2024-320xx/CVE-2024-32036.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32036",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-15T20:15:11.543",
"lastModified": "2024-11-21T09:14:22.033",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T18:14:46.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,32 +69,85 @@
"value": "CWE-226"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-212"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1.8",
"matchCriteriaId": "A06E81B0-6C7F-43A9-B154-E5BF07241973"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:sixlabors:imagesharp:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.0.0",
"versionEndExcluding": "3.1.4",
"matchCriteriaId": "CDB61675-C17E-41D0-AFBF-24E39F753A0A"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/8f0b4d3e680e78d479a88e7b1472bccd8f096d68",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/commit/da5f09a42513489fe359578d81cec2f15ba588ba",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-5x7m-6737-26cr",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

63
CVE-2024/CVE-2024-320xx/CVE-2024-32038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-32038",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-04-19T15:15:50.610",
"lastModified": "2024-11-21T09:14:22.157",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-01-09T17:38:55.253",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,16 +69,51 @@
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wazuh:wazuh:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.8.0",
"versionEndExcluding": "4.7.2",
"matchCriteriaId": "72216961-C021-43DF-B94D-099AB12D6190"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327",
"source": "security-advisories@github.com"
"source": "security-advisories@github.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/wazuh/wazuh/security/advisories/GHSA-fcpw-v3pg-c327",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

39
CVE-2024/CVE-2024-353xx/CVE-2024-35314.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35314",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-21T21:15:05.533",
"lastModified": "2024-11-08T18:15:16.867",
"lastModified": "2025-01-09T18:15:27.657",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,42 +15,7 @@
"value": "Una vulnerabilidad en el cliente de escritorio de Mitel MiCollab hasta la versi\u00f3n 9.7.1.110 y en MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25 podr\u00eda permitir que un atacante no autenticado realice un ataque de inyecci\u00f3n de comandos debido a una desinfecci\u00f3n insuficiente de los par\u00e1metros. Una explotaci\u00f3n exitosa podr\u00eda permitir que un atacante ejecute scripts arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0015-001-v3.pdf",

32
CVE-2024/CVE-2024-373xx/CVE-2024-37392.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37392",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-23T21:15:07.253",
"lastModified": "2024-12-03T18:15:13.410",
"lastModified": "2025-01-09T18:15:27.790",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,26 +36,6 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -69,16 +49,6 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-399xx/CVE-2024-39924.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39924",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T18:15:03.810",
"lastModified": "2024-11-11T21:15:06.150",
"lastModified": "2025-01-09T18:15:27.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,42 +15,7 @@
"value": "Se descubri\u00f3 un problema en Vaultwarden (anteriormente Bitwarden_RS) 1.30.3. Se identific\u00f3 una vulnerabilidad en el proceso de autenticaci\u00f3n y autorizaci\u00f3n del endpoint responsable de alterar los metadatos de un acceso de emergencia. Permite que un atacante con acceso de emergencia concedido escale sus privilegios cambiando el nivel de acceso y modificando el tiempo de espera. En consecuencia, el atacante puede obtener control total sobre la b\u00f3veda (cuando solo se pretende que tenga acceso de lectura) mientras se salta el per\u00edodo de espera necesario."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/api/core/emergency_access.rs#L115-L148",

39
CVE-2024/CVE-2024-399xx/CVE-2024-39925.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39925",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T18:15:03.927",
"lastModified": "2024-11-11T21:15:06.237",
"lastModified": "2025-01-09T18:15:28.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,42 +15,7 @@
"value": "Se descubri\u00f3 un problema en Vaultwarden (anteriormente Bitwarden_RS) 1.30.3. Carece de un proceso de desvinculaci\u00f3n para los miembros que abandonan una organizaci\u00f3n. Como resultado, la clave de organizaci\u00f3n compartida no se rota cuando un miembro se va. En consecuencia, el miembro que se va, cuyo acceso debe revocarse, conserva una copia de la clave de la organizaci\u00f3n. Adem\u00e1s, la aplicaci\u00f3n no protege adecuadamente algunos datos cifrados almacenados en el servidor. En consecuencia, un usuario autenticado podr\u00eda obtener acceso no autorizado a los datos cifrados de cualquier organizaci\u00f3n, incluso si el usuario no es miembro de la organizaci\u00f3n en cuesti\u00f3n. Sin embargo, el usuario necesitar\u00eda saber el ID de organizaci\u00f3n correspondiente. Por lo tanto, si un usuario (cuyo acceso a una organizaci\u00f3n ha sido revocado) ya posee la clave de la organizaci\u00f3n, ese usuario podr\u00eda usar la clave para descifrar los datos filtrados."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dani-garcia/vaultwarden/releases",

39
CVE-2024/CVE-2024-399xx/CVE-2024-39926.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-39926",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-13T18:15:04.013",
"lastModified": "2024-11-11T21:15:06.297",
"lastModified": "2025-01-09T18:15:28.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,42 +15,7 @@
"value": "Se descubri\u00f3 un problema en Vaultwarden (anteriormente Bitwarden_RS) 1.30.3. Se descubri\u00f3 una vulnerabilidad de inyecci\u00f3n de HTML o de Cross-site Scripting (XSS) almacenado, debido a la CSP predeterminada, en el panel de control del administrador. Esto potencialmente permite que un atacante autenticado inyecte c\u00f3digo malicioso en el panel de control, que luego se ejecuta o se muestra en el contexto del navegador de un administrador al visualizar el contenido inyectado. Sin embargo, es importante tener en cuenta que la Pol\u00edtica de seguridad de contenido (CSP) predeterminada de la aplicaci\u00f3n bloquea la mayor\u00eda de las rutas de explotaci\u00f3n, lo que mitiga significativamente el impacto potencial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/dani-garcia/vaultwarden/blob/1.30.3/src/static/scripts/admin_users.js#L201",

81
CVE-2024/CVE-2024-39xx/CVE-2024-3933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3933",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-05-27T06:15:09.367",
"lastModified": "2024-11-21T09:30:43.833",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T18:00:53.140",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.0,
"impactScore": 4.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.8,
"impactScore": 5.5
}
]
},
@ -57,24 +77,73 @@
"value": "CWE-805"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:openj9:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.13.0",
"versionEndExcluding": "0.44.0",
"matchCriteriaId": "76AC6E23-7314-4C84-8BB7-EF9D7DB1C71C"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse/omr/pull/7275",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/21",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/eclipse/omr/pull/7275",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/21",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

24
CVE-2024/CVE-2024-39xx/CVE-2024-3935.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3935",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-10-30T12:15:03.090",
"lastModified": "2024-11-01T12:57:03.417",
"lastModified": "2025-01-09T18:15:28.337",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -59,28 +59,6 @@
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [

74
CVE-2024/CVE-2024-44xx/CVE-2024-4452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4452",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-05-21T14:15:12.563",
"lastModified": "2024-11-21T09:42:51.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T17:46:34.190",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,25 +36,87 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:wpmet:elementskit:*:*:*:*:pro:wordpress:*:*",
"versionEndExcluding": "3.6.2",
"matchCriteriaId": "49350E3D-5C97-4857-90E9-CC2C78E9FA76"
}
]
}
]
}
],
"references": [
{
"url": "https://wpmet.com/plugin/elementskit/",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/488ac848-786e-4100-a387-5a40e8fc4175?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://wpmet.com/plugin/elementskit/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/488ac848-786e-4100-a387-5a40e8fc4175?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

14
CVE-2024/CVE-2024-453xx/CVE-2024-45346.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-45346",
"sourceIdentifier": "security@xiaomi.com",
"published": "2024-08-28T07:15:08.823",
"lastModified": "2024-08-29T03:15:05.247",
"lastModified": "2025-01-09T18:15:28.703",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,18 +39,6 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://trust.mi.com/misrc/bulletins/advisory?cveId=545",

27
CVE-2024/CVE-2024-469xx/CVE-2024-46972.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-46972",
"sourceIdentifier": "367425dc-4d06-4041-9650-c2dc6aaa27ce",
"published": "2024-12-28T05:15:08.497",
"lastModified": "2024-12-28T05:15:08.497",
"lastModified": "2025-01-09T17:15:15.030",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El software instalado y ejecutado como un usuario sin privilegios puede realizar llamadas al sistema de GPU indebidas para activar excepciones de kernel de use-after-free."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "367425dc-4d06-4041-9650-c2dc6aaa27ce",

39
CVE-2024/CVE-2024-472xx/CVE-2024-47220.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-47220",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-22T01:15:11.950",
"lastModified": "2024-09-26T13:32:55.343",
"lastModified": "2025-01-09T18:15:28.837",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,42 +22,7 @@
"value": "Se descubri\u00f3 un problema en el kit de herramientas WEBrick a trav\u00e9s de la versi\u00f3n 1.8.1 para Ruby. Permite el contrabando de solicitudes HTTP al proporcionar un encabezado Content-Length y un encabezado Transfer-Encoding, por ejemplo, \"GET /admin HTTP/1.1\\r\\n\" dentro de una solicitud \"POST /user HTTP/1.1\\r\\n\". NOTA: la posici\u00f3n del proveedor es \"Webrick no debe usarse en producci\u00f3n\"."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ruby/webrick/issues/145",

39
CVE-2024/CVE-2024-480xx/CVE-2024-48063.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48063",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-29T21:15:04.080",
"lastModified": "2024-11-01T13:15:12.020",
"lastModified": "2025-01-09T18:15:29.013",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -22,42 +22,7 @@
"value": " En PyTorch <=2.4.1, RemoteModule tiene RCE de deserializaci\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/hexian2001/c046c066895a963ecc0a2cf9e1180065",

39
CVE-2024/CVE-2024-489xx/CVE-2024-48955.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-48955",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-29T18:15:05.690",
"lastModified": "2024-11-01T12:57:35.843",
"lastModified": "2025-01-09T18:15:29.147",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,42 +15,7 @@
"value": " En NetAdmin 4.0.30319, un atacante puede robar una cookie de sesi\u00f3n v\u00e1lida e inyectarla en otro dispositivo, lo que le otorga acceso no autorizado. Este tipo de ataque se conoce com\u00fanmente como secuestro de sesi\u00f3n."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/BrotherOfJhonny/CVE-2024-48955_Overview",

32
CVE-2024/CVE-2024-535xx/CVE-2024-53564.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-53564",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-02T18:15:11.353",
"lastModified": "2025-01-09T01:15:08.627",
"lastModified": "2025-01-09T17:15:15.423",
"vulnStatus": "Awaiting Analysis",
"cveTags": [
{
@ -43,26 +43,6 @@
},
"exploitabilityScore": 0.7,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -76,16 +56,6 @@
"value": "CWE-434"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [

26
CVE-2024/CVE-2024-555xx/CVE-2024-55539.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-55539",
"sourceIdentifier": "security@acronis.com",
"published": "2024-12-23T14:15:06.270",
"lastModified": "2024-12-23T14:15:06.270",
"lastModified": "2025-01-09T17:15:16.057",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -16,6 +16,28 @@
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 2.5,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.0,
"impactScore": 1.4
}
],
"cvssMetricV30": [
{
"source": "security@acronis.com",
@ -42,7 +64,7 @@
"weaknesses": [
{
"source": "security@acronis.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

24
CVE-2024/CVE-2024-74xx/CVE-2024-7474.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7474",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-29T13:15:09.530",
"lastModified": "2024-11-14T14:15:19.373",
"lastModified": "2025-01-09T18:15:29.380",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,26 +36,6 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
],
"cvssMetricV30": [
@ -84,7 +64,7 @@
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

12
CVE-2024/CVE-2024-78xx/CVE-2024-7807.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-7807",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-10-29T13:15:10.360",
"lastModified": "2024-11-14T14:15:19.500",
"lastModified": "2025-01-09T18:15:29.543",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -81,16 +81,6 @@
"value": "CWE-770"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [

73
CVE-2024/CVE-2024-92xx/CVE-2024-9202.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9202",
"sourceIdentifier": "emo@eclipse.org",
"published": "2024-09-27T10:15:02.827",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T18:07:29.847",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -59,6 +59,28 @@
"providerUrgency": "AMBER"
}
}
],
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 3.6
}
]
},
"weaknesses": [
@ -71,20 +93,61 @@
"value": "CWE-862"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:eclipse:eclipse_dataspace_components:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.1.3",
"versionEndExcluding": "0.9.1",
"matchCriteriaId": "19307830-8F92-4DE4-9921-4E8204DD647E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/eclipse-edc/Connector/pull/4490",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://github.com/eclipse-edc/Connector/pull/4491",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Patch"
]
},
{
"url": "https://gitlab.eclipse.org/security/cve-assignement/-/issues/35",
"source": "emo@eclipse.org"
"source": "emo@eclipse.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

24
CVE-2024/CVE-2024-95xx/CVE-2024-9575.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-9575",
"sourceIdentifier": "655498c3-6ec5-4f0b-aea6-853b334d05a6",
"published": "2024-10-09T10:15:06.853",
"lastModified": "2024-10-14T08:15:02.970",
"lastModified": "2025-01-09T18:15:29.763",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -59,28 +59,6 @@
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [

12
CVE-2025/CVE-2025-03xx/CVE-2025-0328.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-0328",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T05:15:07.997",
"lastModified": "2025-01-09T05:15:07.997",
"lastModified": "2025-01-09T17:15:17.330",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument code leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en KaiYuanTong ECT Platform hasta la versi\u00f3n 2.0.0. Este problema afecta a algunas funciones desconocidas del archivo /public/server/runCode.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del c\u00f3digo de argumentos conduce a la inyecci\u00f3n de comandos. El ataque puede ejecutarse de forma remota. El exploit se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.470601",
"source": "cna@vuldb.com"
},
{
"url": "https://note.zhaoj.in/share/ASPsoVCrLqKK",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2025/CVE-2025-03xx/CVE-2025-0331.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-0331",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T05:15:08.237",
"lastModified": "2025-01-09T05:15:08.237",
"lastModified": "2025-01-09T17:15:17.933",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en YunzMall hasta la versi\u00f3n 2.4.2. Este problema afecta a la funci\u00f3n changePwd del archivo /app/platform/controllers/ResetpwdController.php del componente HTTP POST Request Handler. La manipulaci\u00f3n del argumento pwd provoca una recuperaci\u00f3n de contrase\u00f1as d\u00e9bil. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -132,6 +136,10 @@
{
"url": "https://vuldb.com/?submit.471663",
"source": "cna@vuldb.com"
},
{
"url": "https://note.zhaoj.in/share/DsijzdQDJSAp",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

12
CVE-2025/CVE-2025-03xx/CVE-2025-0333.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2025-0333",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-01-09T05:15:08.453",
"lastModified": "2025-01-09T05:15:08.453",
"lastModified": "2025-01-09T17:15:18.077",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "En leiyuxi cy-fast 1.0 se ha detectado una vulnerabilidad clasificada como cr\u00edtica. La funci\u00f3n listData del archivo /sys/role/listData est\u00e1 afectada. La manipulaci\u00f3n del orden de los argumentos provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -136,6 +140,10 @@
{
"url": "https://vuldb.com/?submit.475297",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/d3do-23/cvelist/blob/main/cy-fast/sqli1.md",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

100
CVE-2025/CVE-2025-215xx/CVE-2025-21592.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21592",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-01-09T17:15:18.203",
"lastModified": "2025-01-09T17:15:18.203",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Exposure of Sensitive Information to an Unauthorized Actor\u00a0vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system.\n\nThrough the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system.\n\n\nThis issue affects Junos OS SRX Series:\n\n\n\n * All versions before 21.4R3-S8,\n\n * from 22.2 before 22.2R3-S5,\n\n * from 22.3 before 22.3R3-S3,\n * from 22.4 before 22.4R3-S2,\n\n * from 23.2 before 23.2R2-S1,\n\n * from 23.4 before 23.4R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA92860",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2025/CVE-2025-215xx/CVE-2025-21593.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21593",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-01-09T17:15:18.380",
"lastModified": "2025-01-09T17:15:18.380",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS).\n\nOn devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition.\u00a0\n\nThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S9,\u00a0\n * from 21.4 before 21.4R3-S10,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S3,\u00a0\n * from 23.2 before 23.2R2-S2,\u00a0\n * from 23.4 before 23.4R2;\n\n\n\nand Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.2R3-S9-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S10-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S5-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S4-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-S3-EVO,\n * from 23.2-EVO before 23.2R2-S2-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-664"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA92861",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2025/CVE-2025-215xx/CVE-2025-21596.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21596",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-01-09T17:15:18.593",
"lastModified": "2025-01-09T17:15:18.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system.\n\nThis issue affects Junos OS on SRX1500, SRX4100, SRX4200:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S4,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S1."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:X/RE:M/U:X",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NO",
"recovery": "USER",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA92864",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2025/CVE-2025-215xx/CVE-2025-21599.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21599",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-01-09T17:15:18.770",
"lastModified": "2025-01-09T17:15:18.770",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A\u00a0Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service.\u00a0\n\nReceipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS).\u00a0Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition.\nThis issue only affects systems configured with IPv6.\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * from 22.4-EVO before 22.4R3-S5-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-S2-EVO,\u00a0\n * from 23.4-EVO before 23.4R2-S2-EVO,\u00a0\n * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA92869",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2025/CVE-2025-216xx/CVE-2025-21600.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21600",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-01-09T17:15:18.960",
"lastModified": "2025-01-09T17:15:18.960",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Out-of-Bounds Read vulnerability in\n\nthe routing protocol daemon (rpd) of \n\n Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\n\n\nThis issue only affects systems configured in\n either of two ways:\n\n \n \n * systems with BGP traceoptions enabled\n\n * systems with BGP family traffic-engineering (BGP-LS)\n configured\n\n\n and can be exploited from a directly connected and configured BGP peer.\u00a0\n\nThis issue affects iBGP and eBGP \n\nwith \n\nany address family\n\n configured, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects:\n\nJunos OS:\u00a0\n\n\n\n * All versions before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\u00a0\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * All versions before 21.4R3-S9-EVO,\u00a0\n * from 22.2 before 22.2R3-S5-EVO,\u00a0\n * from 22.3 before 22.3R3-S4-EVO,\u00a0\n * from 22.4 before 22.4R3-S5-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S2-EVO,\u00a0\n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\n\nThis is a similar, but different vulnerability than the issue reported as CVE-2024-39516."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Green",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NO",
"recovery": "AUTOMATIC",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "GREEN"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA92870",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2025/CVE-2025-216xx/CVE-2025-21602.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2025-21602",
"sourceIdentifier": "sirt@juniper.net",
"published": "2025-01-09T17:15:19.150",
"lastModified": "2025-01-09T17:15:19.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). \n\nContinuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * from 21.4 before 21.4R3-S9,\u00a0\n * from 22.2 before 22.2R3-S5,\u00a0\n * from 22.3 before 22.3R3-S4,\n * from 22.4 before 22.4R3-S5,\u00a0\n * from 23.2 before 23.2R2-S3,\u00a0\n * from 23.4 before 23.4R2-S3,\u00a0\n * from 24.2 before 24.2R1-S2, 24.2R2;\u00a0\n\n\nThis issue does not affect versions prior to\u00a021.1R1.\n\n\n\n\n\nJunos OS Evolved:\u00a0\n\n\n\n * from 21.4 before 21.4R3-S9-EVO,\u00a0\n * from 22.2 before 22.2R3-S5-EVO,\u00a0\n * from 22.3 before 22.3R3-S4-EVO,\n * from 22.4 before 22.4R3-S5-EVO,\u00a0\n * from 23.2 before 23.2R2-S3-EVO,\u00a0\n * from 23.4 before 23.4R2-S3-EVO,\u00a0\n * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO.\n\n\nThis issue does not affect versions prior to 21.1R1-EVO"
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:A/V:C/RE:M/U:Green",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NO",
"recovery": "AUTOMATIC",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "GREEN"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA92872",
"source": "sirt@juniper.net"
}
]
}

60
CVE-2025/CVE-2025-216xx/CVE-2025-21628.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2025-21628",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-09T18:15:30.070",
"lastModified": "2025-01-09T18:15:30.070",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by adding a tautological WHERE clause. This issue is patched with v3.16.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.1,
"impactScore": 5.3
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/chatwoot/chatwoot/commit/b34dac7bbe3c910186083b680e51aad5ea60b44b",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/chatwoot/chatwoot/security/advisories/GHSA-g8f9-hh83-rcq9",
"source": "security-advisories@github.com"
}
]
}

86
CVE-2025/CVE-2025-221xx/CVE-2025-22149.json Normal file
View File

@ -0,0 +1,86 @@
{
"id": "CVE-2025-22149",
"sourceIdentifier": "security-advisories@github.com",
"published": "2025-01-09T18:15:30.233",
"lastModified": "2025-01-09T18:15:30.233",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation. The affected auto-caching HTTP client was added in version v0.5.0 and fixed in v0.6.0. The only workaround would be to remove the provided auto-caching HTTP client and replace it with a custom implementation. This involves setting the HTTPClientStorageOptions.RefreshInterval to zero (or not specifying the value)."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:H/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"baseScore": 2.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED"
}
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-672"
}
]
}
],
"references": [
{
"url": "https://github.com/MicahParks/jwkset/commit/01db49a90f7f20c7fb39a699a2f19a7a5f379ed3",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MicahParks/jwkset/issues/40",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/MicahParks/jwkset/security/advisories/GHSA-675f-rq2r-jw82",
"source": "security-advisories@github.com"
}
]
}

93
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-01-09T17:00:48.657060+00:00
2025-01-09T19:00:29.420592+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-01-09T16:59:41.167000+00:00
2025-01-09T18:54:53.390000+00:00
```
### Last Data Feed Release
@ -33,69 +33,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
276509
276517
```
### CVEs added in the last Commit
Recently added CVEs: `50`
Recently added CVEs: `8`
- [CVE-2025-22801](CVE-2025/CVE-2025-228xx/CVE-2025-22801.json) (`2025-01-09T16:16:29.323`)
- [CVE-2025-22802](CVE-2025/CVE-2025-228xx/CVE-2025-22802.json) (`2025-01-09T16:16:29.470`)
- [CVE-2025-22803](CVE-2025/CVE-2025-228xx/CVE-2025-22803.json) (`2025-01-09T16:16:29.627`)
- [CVE-2025-22804](CVE-2025/CVE-2025-228xx/CVE-2025-22804.json) (`2025-01-09T16:16:29.787`)
- [CVE-2025-22805](CVE-2025/CVE-2025-228xx/CVE-2025-22805.json) (`2025-01-09T16:16:29.937`)
- [CVE-2025-22806](CVE-2025/CVE-2025-228xx/CVE-2025-22806.json) (`2025-01-09T16:16:30.090`)
- [CVE-2025-22807](CVE-2025/CVE-2025-228xx/CVE-2025-22807.json) (`2025-01-09T16:16:30.253`)
- [CVE-2025-22808](CVE-2025/CVE-2025-228xx/CVE-2025-22808.json) (`2025-01-09T16:16:30.403`)
- [CVE-2025-22809](CVE-2025/CVE-2025-228xx/CVE-2025-22809.json) (`2025-01-09T16:16:30.557`)
- [CVE-2025-22810](CVE-2025/CVE-2025-228xx/CVE-2025-22810.json) (`2025-01-09T16:16:30.713`)
- [CVE-2025-22811](CVE-2025/CVE-2025-228xx/CVE-2025-22811.json) (`2025-01-09T16:16:30.880`)
- [CVE-2025-22812](CVE-2025/CVE-2025-228xx/CVE-2025-22812.json) (`2025-01-09T16:16:31.047`)
- [CVE-2025-22813](CVE-2025/CVE-2025-228xx/CVE-2025-22813.json) (`2025-01-09T16:16:31.200`)
- [CVE-2025-22814](CVE-2025/CVE-2025-228xx/CVE-2025-22814.json) (`2025-01-09T16:16:31.370`)
- [CVE-2025-22815](CVE-2025/CVE-2025-228xx/CVE-2025-22815.json) (`2025-01-09T16:16:31.543`)
- [CVE-2025-22817](CVE-2025/CVE-2025-228xx/CVE-2025-22817.json) (`2025-01-09T16:16:31.693`)
- [CVE-2025-22818](CVE-2025/CVE-2025-228xx/CVE-2025-22818.json) (`2025-01-09T16:16:31.850`)
- [CVE-2025-22819](CVE-2025/CVE-2025-228xx/CVE-2025-22819.json) (`2025-01-09T16:16:32.000`)
- [CVE-2025-22820](CVE-2025/CVE-2025-228xx/CVE-2025-22820.json) (`2025-01-09T16:16:32.173`)
- [CVE-2025-22821](CVE-2025/CVE-2025-228xx/CVE-2025-22821.json) (`2025-01-09T16:16:32.363`)
- [CVE-2025-22822](CVE-2025/CVE-2025-228xx/CVE-2025-22822.json) (`2025-01-09T16:16:32.557`)
- [CVE-2025-22823](CVE-2025/CVE-2025-228xx/CVE-2025-22823.json) (`2025-01-09T16:16:32.717`)
- [CVE-2025-22824](CVE-2025/CVE-2025-228xx/CVE-2025-22824.json) (`2025-01-09T16:16:32.893`)
- [CVE-2025-22826](CVE-2025/CVE-2025-228xx/CVE-2025-22826.json) (`2025-01-09T16:16:33.047`)
- [CVE-2025-22827](CVE-2025/CVE-2025-228xx/CVE-2025-22827.json) (`2025-01-09T16:16:33.200`)
- [CVE-2025-21592](CVE-2025/CVE-2025-215xx/CVE-2025-21592.json) (`2025-01-09T17:15:18.203`)
- [CVE-2025-21593](CVE-2025/CVE-2025-215xx/CVE-2025-21593.json) (`2025-01-09T17:15:18.380`)
- [CVE-2025-21596](CVE-2025/CVE-2025-215xx/CVE-2025-21596.json) (`2025-01-09T17:15:18.593`)
- [CVE-2025-21599](CVE-2025/CVE-2025-215xx/CVE-2025-21599.json) (`2025-01-09T17:15:18.770`)
- [CVE-2025-21600](CVE-2025/CVE-2025-216xx/CVE-2025-21600.json) (`2025-01-09T17:15:18.960`)
- [CVE-2025-21602](CVE-2025/CVE-2025-216xx/CVE-2025-21602.json) (`2025-01-09T17:15:19.150`)
- [CVE-2025-21628](CVE-2025/CVE-2025-216xx/CVE-2025-21628.json) (`2025-01-09T18:15:30.070`)
- [CVE-2025-22149](CVE-2025/CVE-2025-221xx/CVE-2025-22149.json) (`2025-01-09T18:15:30.233`)
### CVEs modified in the last Commit
Recently modified CVEs: `126`
Recently modified CVEs: `88`
- [CVE-2024-53164](CVE-2024/CVE-2024-531xx/CVE-2024-53164.json) (`2025-01-09T16:16:21.297`)
- [CVE-2024-53179](CVE-2024/CVE-2024-531xx/CVE-2024-53179.json) (`2025-01-09T16:16:21.440`)
- [CVE-2024-53522](CVE-2024/CVE-2024-535xx/CVE-2024-53522.json) (`2025-01-09T16:16:21.560`)
- [CVE-2024-53704](CVE-2024/CVE-2024-537xx/CVE-2024-53704.json) (`2025-01-09T15:15:18.640`)
- [CVE-2024-53705](CVE-2024/CVE-2024-537xx/CVE-2024-53705.json) (`2025-01-09T15:15:18.800`)
- [CVE-2024-53706](CVE-2024/CVE-2024-537xx/CVE-2024-53706.json) (`2025-01-09T16:16:21.743`)
- [CVE-2024-55459](CVE-2024/CVE-2024-554xx/CVE-2024-55459.json) (`2025-01-09T15:15:18.963`)
- [CVE-2024-56582](CVE-2024/CVE-2024-565xx/CVE-2024-56582.json) (`2025-01-09T16:16:21.920`)
- [CVE-2024-56588](CVE-2024/CVE-2024-565xx/CVE-2024-56588.json) (`2025-01-09T16:16:22.040`)
- [CVE-2024-56599](CVE-2024/CVE-2024-565xx/CVE-2024-56599.json) (`2025-01-09T16:16:22.167`)
- [CVE-2024-56607](CVE-2024/CVE-2024-566xx/CVE-2024-56607.json) (`2025-01-09T16:16:22.327`)
- [CVE-2024-56609](CVE-2024/CVE-2024-566xx/CVE-2024-56609.json) (`2025-01-09T16:16:22.443`)
- [CVE-2024-56616](CVE-2024/CVE-2024-566xx/CVE-2024-56616.json) (`2025-01-09T16:16:22.620`)
- [CVE-2024-56626](CVE-2024/CVE-2024-566xx/CVE-2024-56626.json) (`2025-01-09T16:16:22.770`)
- [CVE-2024-56627](CVE-2024/CVE-2024-566xx/CVE-2024-56627.json) (`2025-01-09T16:16:22.907`)
- [CVE-2024-56694](CVE-2024/CVE-2024-566xx/CVE-2024-56694.json) (`2025-01-09T16:16:23.053`)
- [CVE-2024-56715](CVE-2024/CVE-2024-567xx/CVE-2024-56715.json) (`2025-01-09T16:16:23.240`)
- [CVE-2024-56716](CVE-2024/CVE-2024-567xx/CVE-2024-56716.json) (`2025-01-09T16:16:23.387`)
- [CVE-2024-56759](CVE-2024/CVE-2024-567xx/CVE-2024-56759.json) (`2025-01-09T16:16:23.547`)
- [CVE-2024-56761](CVE-2024/CVE-2024-567xx/CVE-2024-56761.json) (`2025-01-09T16:16:23.667`)
- [CVE-2024-56763](CVE-2024/CVE-2024-567xx/CVE-2024-56763.json) (`2025-01-09T16:16:23.780`)
- [CVE-2024-56766](CVE-2024/CVE-2024-567xx/CVE-2024-56766.json) (`2025-01-09T16:16:23.913`)
- [CVE-2024-56767](CVE-2024/CVE-2024-567xx/CVE-2024-56767.json) (`2025-01-09T16:16:24.063`)
- [CVE-2024-56769](CVE-2024/CVE-2024-567xx/CVE-2024-56769.json) (`2025-01-09T16:16:24.203`)
- [CVE-2024-8809](CVE-2024/CVE-2024-88xx/CVE-2024-8809.json) (`2025-01-09T16:11:32.663`)
- [CVE-2024-32035](CVE-2024/CVE-2024-320xx/CVE-2024-32035.json) (`2025-01-09T18:35:14.097`)
- [CVE-2024-32036](CVE-2024/CVE-2024-320xx/CVE-2024-32036.json) (`2025-01-09T18:14:46.097`)
- [CVE-2024-32038](CVE-2024/CVE-2024-320xx/CVE-2024-32038.json) (`2025-01-09T17:38:55.253`)
- [CVE-2024-35314](CVE-2024/CVE-2024-353xx/CVE-2024-35314.json) (`2025-01-09T18:15:27.657`)
- [CVE-2024-37392](CVE-2024/CVE-2024-373xx/CVE-2024-37392.json) (`2025-01-09T18:15:27.790`)
- [CVE-2024-3933](CVE-2024/CVE-2024-39xx/CVE-2024-3933.json) (`2025-01-09T18:00:53.140`)
- [CVE-2024-3935](CVE-2024/CVE-2024-39xx/CVE-2024-3935.json) (`2025-01-09T18:15:28.337`)
- [CVE-2024-39924](CVE-2024/CVE-2024-399xx/CVE-2024-39924.json) (`2025-01-09T18:15:27.987`)
- [CVE-2024-39925](CVE-2024/CVE-2024-399xx/CVE-2024-39925.json) (`2025-01-09T18:15:28.117`)
- [CVE-2024-39926](CVE-2024/CVE-2024-399xx/CVE-2024-39926.json) (`2025-01-09T18:15:28.220`)
- [CVE-2024-4452](CVE-2024/CVE-2024-44xx/CVE-2024-4452.json) (`2025-01-09T17:46:34.190`)
- [CVE-2024-45346](CVE-2024/CVE-2024-453xx/CVE-2024-45346.json) (`2025-01-09T18:15:28.703`)
- [CVE-2024-46972](CVE-2024/CVE-2024-469xx/CVE-2024-46972.json) (`2025-01-09T17:15:15.030`)
- [CVE-2024-47220](CVE-2024/CVE-2024-472xx/CVE-2024-47220.json) (`2025-01-09T18:15:28.837`)
- [CVE-2024-48063](CVE-2024/CVE-2024-480xx/CVE-2024-48063.json) (`2025-01-09T18:15:29.013`)
- [CVE-2024-48955](CVE-2024/CVE-2024-489xx/CVE-2024-48955.json) (`2025-01-09T18:15:29.147`)
- [CVE-2024-53564](CVE-2024/CVE-2024-535xx/CVE-2024-53564.json) (`2025-01-09T17:15:15.423`)
- [CVE-2024-55539](CVE-2024/CVE-2024-555xx/CVE-2024-55539.json) (`2025-01-09T17:15:16.057`)
- [CVE-2024-7474](CVE-2024/CVE-2024-74xx/CVE-2024-7474.json) (`2025-01-09T18:15:29.380`)
- [CVE-2024-7807](CVE-2024/CVE-2024-78xx/CVE-2024-7807.json) (`2025-01-09T18:15:29.543`)
- [CVE-2024-9202](CVE-2024/CVE-2024-92xx/CVE-2024-9202.json) (`2025-01-09T18:07:29.847`)
- [CVE-2024-9575](CVE-2024/CVE-2024-95xx/CVE-2024-9575.json) (`2025-01-09T18:15:29.763`)
- [CVE-2025-0328](CVE-2025/CVE-2025-03xx/CVE-2025-0328.json) (`2025-01-09T17:15:17.330`)
- [CVE-2025-0331](CVE-2025/CVE-2025-03xx/CVE-2025-0331.json) (`2025-01-09T17:15:17.933`)
- [CVE-2025-0333](CVE-2025/CVE-2025-03xx/CVE-2025-0333.json) (`2025-01-09T17:15:18.077`)
## Download and Usage

534
_state.csv
View File

File diff suppressed because it is too large Load Diff