admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-11 16:13:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-12-12T19:00:27.565152+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-12-12 19:03:50 +00:00
parent fd5e17fb82
commit 9c955366cf
108 changed files with 5652 additions and 850 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2020/CVE-2020-121xx/CVE-2020-12148.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-12148",
"sourceIdentifier": "sirt@silver-peak.com",
"published": "2020-12-11T16:15:11.697",
"lastModified": "2024-12-12T00:15:08.490",
"lastModified": "2024-12-12T18:19:50.530",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -85,6 +85,16 @@
]
},
"weaknesses": [
{
"source": "sirt@silver-peak.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",

12
CVE-2020/CVE-2020-121xx/CVE-2020-12149.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-12149",
"sourceIdentifier": "sirt@silver-peak.com",
"published": "2020-12-11T16:15:11.807",
"lastModified": "2024-12-12T00:15:09.417",
"lastModified": "2024-12-12T18:27:55.190",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -85,6 +85,16 @@
]
},
"weaknesses": [
{
"source": "sirt@silver-peak.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",

45
CVE-2022/CVE-2022-299xx/CVE-2022-29974.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2022-29974",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T19:15:07.400",
"lastModified": "2024-12-09T19:15:07.400",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:15:06.017",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices."
},
{
"lang": "es",
"value": "El controlador NTFS 1.0.0 de AMI (tambi\u00e9n conocido como American Megatrends) (solucionado a fines de 2021 o principios de 2022) tiene un desbordamiento de b\u00fafer. Este controlador se usa, por ejemplo, en ciertos dispositivos ASUS."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://dfir.ru/2024/12/09/multiple-vulnerabilities-in-ami-file-system-drivers/",

22
CVE-2023/CVE-2023-03xx/CVE-2023-0368.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-0368",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:09.537",
"lastModified": "2024-11-21T07:37:03.647",
"lastModified": "2024-12-12T17:15:06.953",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

4
CVE-2023/CVE-2023-202xx/CVE-2023-20268.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2023-20268",
"sourceIdentifier": "ykramarz@cisco.com",
"published": "2023-09-27T18:15:11.827",
"lastModified": "2024-11-21T07:41:02.277",
"lastModified": "2024-12-12T18:15:21.377",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device.\r\n\r This vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic."
"value": "A vulnerability in the packet processing functionality of Cisco access point (AP) software could allow an unauthenticated, adjacent attacker to exhaust resources on an affected device. \r\n\r\nThis vulnerability is due to insufficient management of resources when handling certain types of traffic. An attacker could exploit this vulnerability by sending a series of specific wireless packets to an affected device. A successful exploit could allow the attacker to consume resources on an affected device. A sustained attack could lead to the disruption of the Control and Provisioning of Wireless Access Points (CAPWAP) tunnel and intermittent loss of wireless client traffic."
},
{
"lang": "es",

6
CVE-2023/CVE-2023-23xx/CVE-2023-2359.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2359",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.043",
"lastModified": "2024-11-21T07:58:27.257",
"lastModified": "2024-12-12T17:15:07.383",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -81,6 +81,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/a8350890-e6d4-4b04-a158-2b0ee3748e65/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

32
CVE-2023/CVE-2023-242xx/CVE-2023-24243.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-24243",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T17:15:11.763",
"lastModified": "2024-11-21T07:47:37.647",
"lastModified": "2024-12-12T17:15:07.160",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-24xx/CVE-2023-2401.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2401",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.153",
"lastModified": "2024-11-21T07:58:32.713",
"lastModified": "2024-12-12T17:15:07.527",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},

26
CVE-2023/CVE-2023-24xx/CVE-2023-2492.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2492",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.213",
"lastModified": "2024-11-21T07:58:43.150",
"lastModified": "2024-12-12T17:15:07.720",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -69,6 +89,10 @@
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/fa7c54c2-5653-4d3d-8163-f3d63272c050/",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

32
CVE-2023/CVE-2023-256xx/CVE-2023-25645.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25645",
"sourceIdentifier": "psirt@zte.com.cn",
"published": "2023-06-16T19:15:14.527",
"lastModified": "2024-11-21T07:49:51.510",
"lastModified": "2024-12-12T18:15:22.180",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.2
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-276"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
}
],
"configurations": [

8
CVE-2023/CVE-2023-283xx/CVE-2023-28365.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-28365",
"sourceIdentifier": "support@hackerone.com",
"published": "2023-07-01T00:15:10.197",
"lastModified": "2024-11-21T07:54:55.763",
"vulnStatus": "Modified",
"lastModified": "2024-12-12T18:54:11.327",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -57,9 +57,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:ui:unifi:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:ui:unifi_network_application:*:*:*:*:*:*:*:*",
"versionEndExcluding": "7.4.156",
"matchCriteriaId": "BF8036B7-CBD9-4038-8292-5F95A67D4538"
"matchCriteriaId": "482540A1-DFB5-4DA7-87D9-7E833E39B3D8"
}
]
},

22
CVE-2023/CVE-2023-28xx/CVE-2023-2899.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2899",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-06-19T11:15:10.867",
"lastModified": "2024-11-21T07:59:31.507",
"lastModified": "2024-12-12T17:15:08.030",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

32
CVE-2023/CVE-2023-304xx/CVE-2023-30453.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30453",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-16T16:15:09.313",
"lastModified": "2024-11-21T08:00:12.980",
"lastModified": "2024-12-12T18:15:22.400",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

9
CVE-2023/CVE-2023-344xx/CVE-2023-34454.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-34454",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-06-15T17:15:09.873",
"lastModified": "2024-11-21T08:07:17.357",
"lastModified": "2024-12-12T17:15:08.430",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -157,6 +157,13 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://github.com/xerial/snappy-java/security/advisories/GHSA-fjpj-2g6w-x25r",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Vendor Advisory"
]
}
]
}

128
CVE-2023/CVE-2023-524xx/CVE-2023-52487.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52487",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-11T18:15:16.520",
"lastModified": "2024-11-21T08:39:53.007",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:31:37.627",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,115 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net/mlx5e: corrigi\u00f3 el manejo de listas de flujos de pares. El cambio citado refactoriz\u00f3 mlx5e_tc_del_fdb_peer_flow() para borrar solo el indicador DUP cuando la lista de flujos de pares qued\u00f3 vac\u00eda. Sin embargo, si alg\u00fan usuario simult\u00e1neo tiene una referencia a un flujo de pares (por ejemplo, la tarea de actualizaci\u00f3n de la cola de trabajo del vecino est\u00e1 actualizando la entrada de encapsulaci\u00f3n principal del flujo de pares simult\u00e1neamente), entonces el flujo no se eliminar\u00e1 de la lista de pares y, consecutivamente, se activar\u00e1 el indicador DUP. permanecer configurado. Dado que mlx5e_tc_del_fdb_peers_flow() llama a mlx5e_tc_del_fdb_peer_flow() para cada \u00edndice de pares posible, el algoritmo intentar\u00e1 eliminar el flujo de las instancias de eswitch con las que nunca ha emparejado, lo que provocar\u00e1 una desreferencia del puntero NULL al intentar eliminar el encabezado de la lista de pares de flujo de peer_index que nunca se inicializ\u00f3. o una advertencia si la configuraci\u00f3n de depuraci\u00f3n de la lista est\u00e1 habilitada [0]. Solucione el problema eliminando siempre el flujo de pares de la lista, incluso cuando no publique la \u00faltima referencia al mismo. [0]: [3102.985806] ------------[ cortar aqu\u00ed ]------------ [ 3102.986223] list_del corrupci\u00f3n, ffff888139110698->el siguiente es NULL [ 3102.986757] ADVERTENCIA: CPU: 2 PID: 22109 en lib/list_debug.c:53 __list_del_entry_valid_or_report+0x4f/0xc0 [3102.987561] M\u00f3dulos vinculados en: act_ct nf_flow_table bonding act_tunnel_key act_mirred act_skbedit vxlan cls_matchall nfnetlink_cttimeout act_gact cl s_flower sch_ingress mlx5_vdpa vringh vhost_iotlb vdpa openvswitch nsh xt_MASQUERADE nf_conntrack_netlink nfnetlink iptable_nat xt_addrtype xt_conntrack nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcg ss oid_registry superposici\u00f3n rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm mlx5_ib ib_uverbs ib_core mlx5 _core [\u00faltima descarga: uni\u00f3n] [3102.991113] CPU: 2 PID: 22109 Comm: revalidator28 No contaminado 6.6.0-rc6+ #3 [ 3102.991695] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 01/04/2014 [ 3102.992605] RIP: 0010:__list_del_entry_valid_or_report+0x4 f/0xc0 [ 3102.993122] C\u00f3digo: 39 c2 74 56 48 8b 32 48 39 fe 75 62 48 8b 51 08 48 39 f2 75 73 b8 01 00 00 00 c3 48 89 fe 48 c7 c7 48 fd 0a 82 e8 41 0b anuncio ff <0f> 0b 31 c0 c3 48 89 fe 48 c7 c7 70 fd 0a 82 e8 2d 0b ad ff 0f 0b [ 3102.994615] RSP: 0018:ffff8881383e7710 EFLAGS: 00010286 [ 3102.995078] RAX: 000 0000000000000 RBX: 0000000000000002 RCX: 0000000000000000 [ 3102.995670] RDX: 0000000000000001 RSI: ffff88885f89b640 RDI: ffff88885f89b640 [ 3102.997188] Flujo DEL 00000000be367878 en el puerto 0 [ 3102.998594] RBP: dead000000000122 R08: 00000000000000000 R 09: c0000000ffffdfff [ 3102.999604] R10: 0000000000000008 R11: ffff8881383e7598 R12: muerto000000000100 [ 3103.000198] R13: 0000000000000002 R14 :ffff888139110000 R15: ffff888101901240 [ 3103.000790] FS: 00007f424cde4700(0000) GS:ffff88885f880000(0000) knlGS:00000000000000000 [ 3103.001486] CS: 0010 DS: 000 0 ES: 0000 CR0: 0000000080050033 [ 3103.001986] CR2: 00007fd42e8dcb70 CR3: 000000011e68a003 CR4: 0000000000370ea0 [ 3103.002596] DR0 : 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 3103.003190] DR3: 0000000000000000 DR6: 00000000ffe0ff0 DR7: 00000000000 00400 [ 3103.003787] Seguimiento de llamadas: [ 3103.004055] [ 3103.004297] ? __advertir+0x7d/0x130 [ 3103.004623] ? __list_del_entry_valid_or_report+0x4f/0xc0 [3103.005094] ? report_bug+0xf1/0x1c0 [3103.005439]? console_unlock+0x4a/0xd0 [3103.005806]? handle_bug+0x3f/0x70 [3103.006149]? exc_invalid_op+0x13/0x60 [3103.006531]? asm_exc_invalid_op+0x16/0x20 [3103.007430]? __list_del_entry_valid_or_report+0x4f/0xc0 [3103.007910] mlx5e_tc_del_fdb_peers_flow+0xcf/0x240 [mlx5_core] [3103.008463] mlx5e_tc_del_flow+0x46/0x270 truncado"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/74cec142f89bf85c6c99c5db957da9f663f9f16f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/d76fdd31f953ac5046555171620f2562715e9b71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/e24d6f5a7f2d95a98a46257a5a5a5381d572894f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/74cec142f89bf85c6c99c5db957da9f663f9f16f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/d76fdd31f953ac5046555171620f2562715e9b71",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e24d6f5a7f2d95a98a46257a5a5a5381d572894f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5",
"versionEndExcluding": "6.6.15",
"matchCriteriaId": "07EC9AC4-078E-4968-A31E-3F2E7BD842B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.3",
"matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/74cec142f89bf85c6c99c5db957da9f663f9f16f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d76fdd31f953ac5046555171620f2562715e9b71",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e24d6f5a7f2d95a98a46257a5a5a5381d572894f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/74cec142f89bf85c6c99c5db957da9f663f9f16f",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d76fdd31f953ac5046555171620f2562715e9b71",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e24d6f5a7f2d95a98a46257a5a5a5381d572894f",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

221
CVE-2023/CVE-2023-524xx/CVE-2023-52491.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52491",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-11T18:15:16.807",
"lastModified": "2024-11-21T08:39:53.530",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:32:00.693",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,59 +15,180 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: medio: mtk-jpeg: Se corrigi\u00f3 el error de use-after-free debido al manejo de la ruta de error en mtk_jpeg_dec_device_run En mtk_jpeg_probe, &jpeg->job_timeout_work est\u00e1 vinculado con mtk_jpeg_job_timeout_work. En mtk_jpeg_dec_device_run, si ocurre un error en mtk_jpeg_set_dec_dst, finalmente iniciar\u00e1 el trabajador mientras marca el trabajo como finalizado invocando v4l2_m2m_job_finish. Hay dos m\u00e9todos para activar el error. Si eliminamos el m\u00f3dulo, llamar\u00e1 a mtk_jpeg_remove para realizar la limpieza. La secuencia posible es la siguiente, lo que provocar\u00e1 un error de use-after-free. CPU0 CPU1 mtk_jpeg_dec_... | empezar trabajador | |mtk_jpeg_job_timeout_work mtk_jpeg_remove | v4l2_m2m_release | kfree(m2m_dev); | | | v4l2_m2m_get_curr_priv | m2m_dev->curr_ctx //use Si cerramos el descriptor de archivo, que llamar\u00e1 a mtk_jpeg_release, tendr\u00e1 una secuencia similar. Corrija este error iniciando el trabajador de tiempo de espera solo si inici\u00f3 el trabajador jpegdec exitosamente. Entonces v4l2_m2m_job_finish solo se llamar\u00e1 en mtk_jpeg_job_timeout_work o mtk_jpeg_dec_device_run."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.12",
"versionEndExcluding": "5.10.210",
"matchCriteriaId": "FFC7FC62-DD78-4B12-9C6A-57C3E33A3410"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.149",
"matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.76",
"matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.15",
"matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.3",
"matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1b1036c60a37a30caf6759a90fe5ecd06ec35590",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/206c857dd17d4d026de85866f1b5f0969f2a109e",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43872f44eee6c6781fea1348b38885d8e78face9",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6e2f37022f0fc0893da4d85a0500c9d547fffd4c",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8254d54d00eb6cdb8367399c7f912eb8d354ecd7",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9fec4db7fff54d9b0306a332bab31eac47eeb5f6",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

220
CVE-2023/CVE-2023-524xx/CVE-2023-52498.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52498",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-11T18:15:17.130",
"lastModified": "2024-11-21T08:39:54.363",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:32:20.050",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,59 +15,179 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PM: suspensi\u00f3n: soluciona posibles bloqueos en el c\u00f3digo PM de todo el sistema central. Se informa que en situaciones de poca memoria, el c\u00f3digo central de reanudaci\u00f3n de todo el sistema se bloquea porque async_schedule_dev() ejecuta su el argumento funciona sincr\u00f3nicamente si no puede asignar memoria (y no solo en ese caso) y esa funci\u00f3n intenta adquirir un mutex que ya est\u00e1 retenido. La ejecuci\u00f3n de la funci\u00f3n de argumento sincr\u00f3nicamente desde dpm_async_fn() tambi\u00e9n puede ser problem\u00e1tica por razones de pedido (puede causar que la devoluci\u00f3n de llamada de curr\u00edculum de un dispositivo consumidor se invoque antes que la de un dispositivo proveedor requerido, por ejemplo). Solucione este problema cambiando el c\u00f3digo en cuesti\u00f3n para usar async_schedule_dev_nocall() para programar la ejecuci\u00f3n asincr\u00f3nica de las funciones de suspensi\u00f3n y reanudaci\u00f3n del dispositivo y para ejecutarlas directamente de forma sincr\u00f3nica si async_schedule_dev_nocall() devuelve falso."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"matchCriteriaId": "24443040-F8E0-445D-8395-40A94214526C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.149",
"matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.76",
"matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.15",
"matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.3",
"matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7839d0078e0d5e6cc2fa0b0dfbee71de74f1e557",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9bd3dce27b01c51295b60e1433e1dadfb16649f7",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a1d62c775b07213c73f81ae842424c74dd14b5f0",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e1c9d32c98309ae764893a481552d3f99d46cb34",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e681e29d1f59a04ef773296e4bebb17b1b79f8fe",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f46eb832389f162ad13cb780d0b8cde93641990d",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

289
CVE-2023/CVE-2023-525xx/CVE-2023-52599.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52599",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:10.210",
"lastModified": "2024-11-21T08:40:09.413",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:36:12.120",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,79 +15,228 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: jfs: corrige array-index-out-of-bounds en diNewExt [Informe Syz] UBSAN: array-index-out-of-bounds en fs/jfs/jfs_imap.c: \u00cdndice 2360:2 -878706688 est\u00e1 fuera de rango para el tipo 'struct iagctl[128]' CPU: 1 PID: 5065 Comm: syz-executor282 No contaminado 6.7.0-rc4-syzkaller-00009-gbee0e7762ad2 #0 Nombre de hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/11/2023 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c: 217 [en l\u00ednea] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 diNewExt+0x3cf3/0x4000 fs/jfs/jfs_imap.c:2360 diAllocExt fs/jfs/jfs_imap.c:1949 [en l\u00ednea] diAllocAG+0xbe8/0x1 e50 fs/ jfs/jfs_imap.c:1666 diAlloc+0x1d3/0x1760 fs/jfs/jfs_imap.c:1587 ialloc+0x8f/0x900 fs/jfs/jfs_inode.c:56 jfs_mkdir+0x1c5/0xb90 fs/jfs/namei.c:225 vfs_m kdir +0x2f1/0x4b0 fs/namei.c:4106 do_mkdirat+0x264/0x3a0 fs/namei.c:4129 __do_sys_mkdir fs/namei.c:4149 [en l\u00ednea] __se_sys_mkdir fs/namei.c:4147 [en l\u00ednea] __x64_sys_mkdir+0x 6e/0x80 fs/namei.c:4147 do_syscall_x64 arch/x86/entry/common.c:51 [en l\u00ednea] do_syscall_64+0x45/0x110 arch/x86/entry/common.c:82 Entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7fcb7e6a0b57 C\u00f3digo: ff ff 77 07 31 c0 c3 0f 1f 40 00 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd83023038 EFLAGS: 00000286 ORIG_RAX: 00000000000000053 RAX: ffffffffffffffda RBX: 0000000 0ffffffff RCX: 00007fcb7e6a0b57 RDX: 00000000000a1020 RSI: 00000000000001ff RDI: 0000000020000140 RBP: 0000000020000140 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000286 R12: 00007ffd830230d0 R13: 0000000000000000 R14 : 0000000000000000 R15: 0000000000000000 [An\u00e1lisis] Cuando el agstart es demasiado grande, puede causar un desbordamiento de agno. [Soluci\u00f3n] Despu\u00e9s de obtener agno, si el valor no es v\u00e1lido, salga del proceso posterior. Se modific\u00f3 la prueba de agno > MAXAG a agno >= MAXAG seg\u00fan el informe de Linux-next realizado por el robot de prueba del kernel (Dan Carpenter)."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"matchCriteriaId": "4B4E1A83-9957-4265-94C0-516374C8CCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.269",
"matchCriteriaId": "319545F3-D56C-4751-BEBF-0505478BBAE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.210",
"matchCriteriaId": "F5CB4CA6-A9A0-4AFD-9102-8CF94D708170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.149",
"matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.77",
"matchCriteriaId": "0FA28946-970D-4F4D-B759-4E77B28809B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.16",
"matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.4",
"matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3537f92cd22c672db97fae6997481e678ad14641",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/49f9637aafa6e63ba686c13cb8549bf5e6920402",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5a6660139195f5e2fbbda459eeecb8788f3885fe",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6996d43b14486f4a6655b10edc541ada1b580b4b",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6aa30020879042d46df9f747e4f0a486eea6fe98",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de6a91aed1e0b1a23e9c11e7d7557f088eeeb017",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e2b77d107b33bb31c8b1f5c4cb8f277b23728f1e",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f423528488e4f9606cef858eceea210bf1163f41",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

289
CVE-2023/CVE-2023-526xx/CVE-2023-52600.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52600",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:10.497",
"lastModified": "2024-11-21T08:40:09.550",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:36:42.047",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,79 +15,228 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: jfs: corrige uaf en jfs_evict_inode Cuando falla la ejecuci\u00f3n de diMount(ipimap), se puede acceder al objeto ipimap que se ha liberado en diFreeSpecial(). La liberaci\u00f3n asincr\u00f3nica de ipimap ocurre cuando rcu_core() llama a jfs_free_node(). Por lo tanto, cuando falla diMount(ipimap), sbi->ipimap no debe inicializarse como ipimap."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"matchCriteriaId": "4B4E1A83-9957-4265-94C0-516374C8CCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.269",
"matchCriteriaId": "319545F3-D56C-4751-BEBF-0505478BBAE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.210",
"matchCriteriaId": "F5CB4CA6-A9A0-4AFD-9102-8CF94D708170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.149",
"matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.77",
"matchCriteriaId": "0FA28946-970D-4F4D-B759-4E77B28809B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.16",
"matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.4",
"matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1696d6d7d4a1b373e96428d0fe1166bd7c3c795e",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/32e8f2d95528d45828c613417cb2827d866cbdce",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/81b4249ef37297fb17ba102a524039a05c6c5d35",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8e44dc3f96e903815dab1d74fff8faafdc6feb61",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93df0a2a0b3cde2d7ab3a52ed46ea1d6d4aaba5f",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bacdaa04251382d7efd4f09f9a0686bfcc297e2e",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bc6ef64dbe71136f327d63b2b9071b828af2c2a8",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e0e1958f4c365e380b17ccb35617345b31ef7bf3",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

289
CVE-2023/CVE-2023-526xx/CVE-2023-52603.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52603",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:11.120",
"lastModified": "2024-11-21T08:40:10.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:36:56.997",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,79 +15,228 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: UBSAN: array-index-out-of-bounds en dtSplitRoot Syzkaller inform\u00f3 el siguiente problema: oop0: se detect\u00f3 un cambio de capacidad de 0 a 32768 UBSAN: array-index-out-of- l\u00edmites en fs/jfs/jfs_dtree.c:1971:9 \u00edndice -2 est\u00e1 fuera de rango para el tipo 'struct dtslot [128]' CPU: 0 PID: 3613 Comm: syz-executor270 No contaminado 6.0.0-syzkaller-09423- g493ffd6605b2 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 22/09/2022 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x1b1/0x28e lib/dump_stack.c: 106 ubsan_epilogue lib/ubsan.c:151 [en l\u00ednea] __ubsan_handle_out_of_bounds+0xdb/0x130 lib/ubsan.c:283 dtSplitRoot+0x8d8/0x1900 fs/jfs/jfs_dtree.c:1971 dtSplitUp fs/jfs/jfs_dtree.c:9 85 [en l\u00ednea ] dtInsert+0x1189/0x6b80 fs/jfs/jfs_dtree.c:863 jfs_mkdir+0x757/0xb00 fs/jfs/namei.c:270 vfs_mkdir+0x3b3/0x590 fs/namei.c:4013 do_mkdirat+0x279/0x550 f s/namei. c:4038 __do_sys_mkdirat fs/namei.c:4053 [en l\u00ednea] __se_sys_mkdirat fs/namei.c:4051 [en l\u00ednea] __x64_sys_mkdirat+0x85/0x90 fs/namei.c:4051 do_syscall_x64 arch/x86/entry/common.c:50 [ inline] do_syscall_64+0x3d/0xb0 arch/x86/entry/common.c:80 Entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fcdc0113fd9 C\u00f3digo: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 F7 48 89 D6 48 89 CA 4D 89 C2 4D 89 C8 4C 8B 4C 24 08 0F 05 <48> 3D 01 F0 FF FF 73 01 C3 48 C7 C1 C0 FF FF FF F7 D8 64 89 01 48 RSP: 002B: 00007ffeb8bc67d8 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 RAX: ffffffffffffffda RBX: 00000000000000000 RCX: 00007fcdc0113fd9 RDX: 00000000000000000 RSI: 0000000020000340 RDI: 0000000000000003 RBP: 00007fcdc00d37a0 R08: 0000000000000000 R09: 00007fcdc00d37a0 R10: 00005555559a72c0 R11: 0000000000000246 R12: 00000000f8008000 R13: 0000000000000000 R14: 00083878000000f8 R15 : 0000000000000000 El problema se produce cuando el valor de fsi es inferior a -1. La verificaci\u00f3n para romper el ciclo cuando el valor fsi se convierte en -1 est\u00e1 presente, pero syzbot pudo producir un valor menor que -1, lo que causa el error. Este parche simplemente agrega el cambio para los valores menores que 0. El parche se prueba a trav\u00e9s de syzbot."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"matchCriteriaId": "4B4E1A83-9957-4265-94C0-516374C8CCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.269",
"matchCriteriaId": "319545F3-D56C-4751-BEBF-0505478BBAE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.210",
"matchCriteriaId": "F5CB4CA6-A9A0-4AFD-9102-8CF94D708170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.149",
"matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.77",
"matchCriteriaId": "0FA28946-970D-4F4D-B759-4E77B28809B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.16",
"matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.4",
"matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/27e56f59bab5ddafbcfe69ad7a4a6ea1279c1b16",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6e2902ecc77e9760a9fc447f56d598383e2372d2",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7aa33854477d9c346f5560a1a1fcb3fe7783e2a8",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e30b52a2ea3d1e0aaee68096957cf90a2f4ec5af",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e4cbc857d75d4e22a1f75446e7480b1f305d8d60",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e4ce01c25ccbea02a09a5291c21749b1fc358e39",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/edff092a59260bf0b0a2eba219cb3da6372c2f9f",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fd3486a893778770557649fe28afa5e463d4ed07",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

289
CVE-2023/CVE-2023-526xx/CVE-2023-52604.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52604",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:11.347",
"lastModified": "2024-11-21T08:40:10.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:49:20.820",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,79 +15,228 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: FS:JFS:UBSAN:array-index-out-of-bounds en dbAdjTree Syzkaller inform\u00f3 el siguiente problema: UBSAN: array-index-out-of-bounds en fs/jfs /jfs_dmap.c:2867:6 el \u00edndice 196694 est\u00e1 fuera del rango para el tipo 's8[1365]' (tambi\u00e9n conocido como 'car\u00e1cter firmado[1365]') CPU: 1 PID: 109 Comm: jfsCommit No contaminado 6.6.0-rc3-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/08/2023 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [en l\u00ednea] __ubsan_handle_out_of_bounds+0x11c/0x150 lib/ubsan.c:348 dbAdjTree+0x474/0x4f0 fs/jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs _dmap.c: 2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [en l\u00ednea] dbFree+0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/j fs /jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [en l\u00ednea] jfs_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x3 70 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:304 ============== ==================================================== ================ P\u00e1nico del kernel: no se sincroniza: UBSAN: p\u00e1nico_on_warn configurado... CPU: 1 PID: 109 Comm: jfsCommit No contaminado 6.6.0-rc3-syzkaller #0 Hardware nombre: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/08/2023 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x1e7/0x2d0 lib/dump_stack.c:106 p\u00e1nico+0x30f /0x770 Kernel/Panic.C: 340 check_panic_on_warn+0x82/0xa0 kernel/Panic.c: 236 UBSAN_EPILOGO LIB/UBSAN.C: 223 [Inline] __ubsan_handle_out_of_bounds+0x13c/0x150 LIB/UB/UBSAN.C: 4F0 FS /jfs/jfs_dmap.c:2867 dbJoin+0x210/0x2d0 fs/jfs/jfs_dmap.c:2834 dbFreeBits+0x4eb/0xda0 fs/jfs/jfs_dmap.c:2331 dbFreeDmap fs/jfs/jfs_dmap.c:2080 [en l\u00ednea] dbFree +0x343/0x650 fs/jfs/jfs_dmap.c:402 txFreeMap+0x798/0xd50 fs/jfs/jfs_txnmgr.c:2534 txUpdateMap+0x342/0x9e0 txLazyCommit fs/jfs/jfs_txnmgr.c:2664 [en l\u00ednea] jf s_lazycommit+0x47a/0xb70 fs/jfs/jfs_txnmgr.c:2732 kthread+0x2d3/0x370 kernel/kthread.c:388 ret_from_fork+0x48/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64. S:304 Desplazamiento del kernel: deshabilitado Reinicio en 86400 segundos. El problema se produce cuando el valor de lp se vuelve mayor que CTLTREESIZE, que es el tama\u00f1o m\u00e1ximo de stree. Agregar una verificaci\u00f3n simple resuelve este problema. Dave: Como la funci\u00f3n devuelve un valor nulo, un buen manejo de errores requerir\u00eda una reorganizaci\u00f3n del c\u00f3digo m\u00e1s intrusiva, as\u00ed que modifiqu\u00e9 el parche de Osama en use WARN_ON_ONCE por falta de una opci\u00f3n m\u00e1s limpia. El parche se prueba mediante syzbot."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-129"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.307",
"matchCriteriaId": "4B4E1A83-9957-4265-94C0-516374C8CCFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.269",
"matchCriteriaId": "319545F3-D56C-4751-BEBF-0505478BBAE8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.210",
"matchCriteriaId": "F5CB4CA6-A9A0-4AFD-9102-8CF94D708170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.149",
"matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.77",
"matchCriteriaId": "0FA28946-970D-4F4D-B759-4E77B28809B5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.16",
"matchCriteriaId": "A5007D6A-4B58-423A-8A3A-A1A656A263C8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.4",
"matchCriteriaId": "848BC44C-9D25-4557-A50A-4B8BF310FA78"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/42f433785f108893de0dd5260bafb85d7d51db03",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/59342822276f753e49d27ef5eebffbba990572b9",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6a44065dd604972ec1fbcccbdc4a70d266a89cdd",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6fe8b702125aeee6ce83f20092a2341446704e7b",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9862ec7ac1cbc6eb5ee4a045b5d5b8edbb2f7e68",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/98f9537fe61b8382b3cc5dd97347531698517c56",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de34de6e57bbbc868e4fcf9e98c76b3587cabb0b",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e3e95c6850661c77e6dab079d9b5374a618ebb15",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

58
CVE-2024/CVE-2024-109xx/CVE-2024-10922.json
View File

@ -2,63 +2,15 @@
"id": "CVE-2024-10922",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-07T02:15:02.847",
"lastModified": "2024-11-08T19:01:25.633",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T18:15:22.627",
"vulnStatus": "Rejected",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Featured Posts Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.25. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."
},
{
"lang": "es",
"value": "El complemento Featured Posts Scroll para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 1.25 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de un nonce en una funci\u00f3n. Esto permite que atacantes no autenticados actualicen configuraciones e inyecten scripts web maliciosos a trav\u00e9s de una solicitud falsificada, siempre que puedan enga\u00f1ar al administrador de un sitio para que realice una acci\u00f3n como hacer clic en un enlace."
"value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-51647. Reason: This candidate is a reservation duplicate of CVE-2024-51647. Notes: All CVE users should reference CVE-2024-51647 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/vulnerability/featured-posts-scroll/wordpress-featured-posts-scroll-plugin-1-25-csrf-to-stored-cross-site-scripting-xss-vulnerability",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4196b8d1-23a7-4b90-8e6b-f51849d44f9c?source=cve",
"source": "security@wordfence.com"
}
]
"metrics": {},
"references": []
}

43
CVE-2024/CVE-2024-123xx/CVE-2024-12381.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-12381",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-12-12T01:40:28.630",
"lastModified": "2024-12-12T01:40:28.630",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:22.720",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "La confusi\u00f3n de tipos en la versi\u00f3n 8 de Google Chrome anterior a la 131.0.6778.139 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
@ -22,6 +49,16 @@
"value": "CWE-843"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [

43
CVE-2024/CVE-2024-123xx/CVE-2024-12382.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-12382",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-12-12T01:40:28.737",
"lastModified": "2024-12-12T01:40:28.737",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:22.970",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
},
{
"lang": "es",
"value": "Use after free en Translate en Google Chrome anterior a la versi\u00f3n 131.0.6778.139 permit\u00eda a un atacante remoto explotar potencialmente la corrupci\u00f3n del mont\u00f3n a trav\u00e9s de una p\u00e1gina HTML manipulada. (Gravedad de seguridad de Chromium: Alta)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "chrome-cve-admin@google.com",
@ -22,6 +49,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"references": [

87
CVE-2024/CVE-2024-124xx/CVE-2024-12484.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-12484",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-12T01:40:29.763",
"lastModified": "2024-12-12T01:40:29.763",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:34:08.900",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Codezips Technical Discussion Forum 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /signuppost.php. La manipulaci\u00f3n del argumento Username conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Tambi\u00e9n pueden verse afectados otros par\u00e1metros."
}
],
"metrics": {
@ -76,6 +80,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,22 +144,55 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/LiChaser/CVE/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://vuldb.com/?ctiid.287866",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.287866",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.459076",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:codezips:technical_discussion_forum:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5017D4AF-3D5E-471F-BB1A-6482627AD817"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/LiChaser/CVE/",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.287866",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.287866",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.459076",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

98
CVE-2024/CVE-2024-124xx/CVE-2024-12485.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-12485",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-12T01:40:29.920",
"lastModified": "2024-12-12T01:40:29.920",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:34:50.310",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como cr\u00edtica, en code-projects Online Class and Exam Scheduling System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /pages/department.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -76,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,26 +144,62 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?ctiid.287867",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.287867",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.459077",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6816A95B-5961-49BE-9638-D735C9286FD4"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_department_php.docx",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.287867",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.287867",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.459077",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

98
CVE-2024/CVE-2024-124xx/CVE-2024-12486.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-12486",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-12T01:40:30.120",
"lastModified": "2024-12-12T01:40:30.120",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:35:29.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Online Class and Exam Scheduling System 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /pages/rank_update.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -76,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,26 +144,62 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?ctiid.287868",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.287868",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.459081",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6816A95B-5961-49BE-9638-D735C9286FD4"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_rank_update_php.docx",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.287868",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.287868",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.459081",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

98
CVE-2024/CVE-2024-124xx/CVE-2024-12487.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-12487",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-12T01:40:30.270",
"lastModified": "2024-12-12T01:40:30.270",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:36:03.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Online Class and Exam Scheduling System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /pages/room_update.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -76,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,26 +144,62 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?ctiid.287869",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.287869",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.459083",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6816A95B-5961-49BE-9638-D735C9286FD4"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_room_update_php.docx",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.287869",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.287869",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.459083",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

107
CVE-2024/CVE-2024-124xx/CVE-2024-12488.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-12488",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-12T01:40:30.413",
"lastModified": "2024-12-12T01:40:30.413",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:37:05.537",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en code-projects Online Class and Exam Scheduling System 1.0 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo /pages/subject_update.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -76,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -107,7 +131,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -120,26 +144,69 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?ctiid.287870",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.287870",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.459097",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6816A95B-5961-49BE-9638-D735C9286FD4"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.287870",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://vuldb.com/?id.287870",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.459097",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_subject_update_php%20.docx",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Exploit",
"Third Party Advisory"
]
}
]
}

98
CVE-2024/CVE-2024-124xx/CVE-2024-12489.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-12489",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-12T01:40:30.560",
"lastModified": "2024-12-12T01:40:30.560",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:38:15.650",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "es",
"value": "Se ha encontrado una vulnerabilidad en code-projects Online Class and Exam Scheduling System 1.0. Se ha clasificado como cr\u00edtica. Afecta a una parte desconocida del archivo /pages/term.php. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
}
],
"metrics": {
@ -76,6 +80,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -120,26 +144,62 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com"
},
"nodes": [
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?ctiid.287871",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.287871",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.459113",
"source": "cna@vuldb.com"
"vulnerable": true,
"criteria": "cpe:2.3:a:fabian:online_class_and_exam_scheduling_system:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6816A95B-5961-49BE-9638-D735C9286FD4"
}
]
}
]
}
],
"references": [
{
"url": "https://code-projects.org/",
"source": "cna@vuldb.com",
"tags": [
"Product"
]
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_term_php%20.docx",
"source": "cna@vuldb.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
},
{
"url": "https://vuldb.com/?ctiid.287871",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.287871",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?submit.459113",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

14
CVE-2024/CVE-2024-124xx/CVE-2024-12490.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-12490",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-12-12T02:15:21.530",
"lastModified": "2024-12-12T02:15:21.530",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:15:09.233",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teacher_save.php. The manipulation of the argument salut leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well."
},
{
"lang": "es",
"value": " Se ha encontrado una vulnerabilidad en code-projects Online Class and Exam Scheduling System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /pages/teacher_save.php. La manipulaci\u00f3n del argumento salut conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Tambi\u00e9n pueden verse afectados otros par\u00e1metros."
}
],
"metrics": {
@ -107,7 +111,7 @@
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -140,6 +144,10 @@
{
"url": "https://vuldb.com/?submit.459116",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/bjtyyy/CVE/blob/main/Online%20Class%20and%20Exam%20Scheduling%20System_teacher_save_php.docx",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

84
CVE-2024/CVE-2024-15xx/CVE-2024-1541.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-1541",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-13T16:15:24.600",
"lastModified": "2024-11-21T08:50:47.300",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:51:27.017",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,33 +36,101 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:kadencewp:gutenberg_blocks_with_ai:*:*:*:*:*:wordpress:*:*",
"versionEndIncluding": "3.2.23",
"matchCriteriaId": "E59229A2-4526-4C14-96C9-ACE8BC3C928C"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.2.21/includes/blocks/class-kadence-blocks-advanced-heading-block.php#L418",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041366%40kadence-blocks%2Ftrunk&old=3036979%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0913632-85c5-4835-b606-4eca51df2496?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.2.21/includes/blocks/class-kadence-blocks-advanced-heading-block.php#L418",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041366%40kadence-blocks%2Ftrunk&old=3036979%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail=",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d0913632-85c5-4835-b606-4eca51df2496?source=cve",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

22
CVE-2024/CVE-2024-207xx/CVE-2024-20754.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20754",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:07.897",
"lastModified": "2024-12-04T21:55:42.963",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T17:15:09.433",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,27 +19,27 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 7.5,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

22
CVE-2024/CVE-2024-207xx/CVE-2024-20767.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-20767",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T12:15:06.870",
"lastModified": "2024-12-04T22:15:59.953",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T17:15:09.630",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction."
"value": "ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. An attacker could leverage this vulnerability to access or modify restricted files. Exploitation of this issue does not require user interaction. Exploitation of this issue requires the admin panel be exposed to the internet."
},
{
"lang": "es",
@ -19,27 +19,27 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 8.2,
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
"exploitabilityScore": 2.2,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",

84
CVE-2024/CVE-2024-235xx/CVE-2024-23537.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23537",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-29T15:15:10.253",
"lastModified": "2024-11-21T08:57:54.870",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T18:09:25.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,32 +69,80 @@
"value": "CWE-269"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "17C02E41-0ACE-4D3E-A187-7B0B7AB5DB3B"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/fq1ns4nprw2vqpkwwj9sw45jkwxmt9f1",
"source": "security@apache.org"
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/fq1ns4nprw2vqpkwwj9sw45jkwxmt9f1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

104
CVE-2024/CVE-2024-235xx/CVE-2024-23538.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23538",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-29T15:15:10.543",
"lastModified": "2024-11-21T08:57:55.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T18:09:28.513",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 6.0
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -51,30 +71,68 @@
]
}
],
"references": [
"configurations": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/2",
"source": "security@apache.org"
},
"nodes": [
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "security@apache.org"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs",
"source": "security@apache.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "17C02E41-0ACE-4D3E-A187-7B0B7AB5DB3B"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/2",
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/2",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/by32w2dylzgbqm5940x3wj7519wolqxs",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

104
CVE-2024/CVE-2024-235xx/CVE-2024-23539.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23539",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-29T15:15:10.803",
"lastModified": "2024-11-21T08:57:55.143",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T18:09:38.490",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.5
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -51,30 +71,68 @@
]
}
],
"references": [
"configurations": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/3",
"source": "security@apache.org"
},
"nodes": [
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "security@apache.org"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://lists.apache.org/thread/g8sv1gnjv716lx2h89jbvjdgtrrjmy7h",
"source": "security@apache.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/3",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.apache.org/thread/g8sv1gnjv716lx2h89jbvjdgtrrjmy7h",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"vulnerable": true,
"criteria": "cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.9.0",
"matchCriteriaId": "17C02E41-0ACE-4D3E-A187-7B0B7AB5DB3B"
}
]
}
]
}
],
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/3",
"source": "security@apache.org",
"tags": [
"Mailing List"
]
},
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "security@apache.org",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/g8sv1gnjv716lx2h89jbvjdgtrrjmy7h",
"source": "security@apache.org",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/03/29/3",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://cwiki.apache.org/confluence/display/FINERACT/Apache+Fineract+Security+Report",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://lists.apache.org/thread/g8sv1gnjv716lx2h89jbvjdgtrrjmy7h",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
}
]
}

106
CVE-2024/CVE-2024-24xx/CVE-2024-2434.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2434",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-04-25T11:15:45.870",
"lastModified": "2024-11-21T09:09:44.937",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:54:50.840",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 4.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
@ -49,24 +69,98 @@
"value": "CWE-22"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.9.0",
"versionEndExcluding": "16.9.6",
"matchCriteriaId": "7029AA65-DD2A-4F64-B188-104801D4529F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.9.0",
"versionEndExcluding": "16.9.6",
"matchCriteriaId": "BB41F724-FD21-447E-81FC-D7362A759023"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.10.0",
"versionEndExcluding": "16.10.4",
"matchCriteriaId": "A56BDD5E-E19A-4C96-BFA1-0C9C714BC1DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.10.0",
"versionEndExcluding": "16.10.4",
"matchCriteriaId": "4DFA9764-53C9-46A5-904A-109E64CF5942"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:community:*:*:*",
"matchCriteriaId": "DBAF6CB8-EEBE-4F61-9B80-165C351748E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BEF58721-8679-4EA5-A353-4ED035241169"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/450303",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://hackerone.com/reports/2401952",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/450303",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://hackerone.com/reports/2401952",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
]
}
]
}

6
CVE-2024/CVE-2024-260xx/CVE-2024-26050.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-26050",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:13.263",
"lastModified": "2024-12-03T14:32:40.333",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T17:15:09.840",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim\u2019s browser when they browse to the page containing the vulnerable field."
},
{
"lang": "es",

22
CVE-2024/CVE-2024-260xx/CVE-2024-26051.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26051",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:13.547",
"lastModified": "2024-12-03T16:25:37.877",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:23.183",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,27 +19,27 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N",
"baseScore": 3.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 1.4
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",

12
CVE-2024/CVE-2024-261xx/CVE-2024-26119.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-26119",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-03-18T18:15:19.000",
"lastModified": "2024-12-03T22:16:51.783",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:23.370",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction."
"value": "Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to gain access to sensitive information which could be used to further compromise the system or user's privacy. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
@ -62,17 +62,17 @@
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

226
CVE-2024/CVE-2024-266xx/CVE-2024-26610.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26610",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-11T18:15:19.067",
"lastModified": "2024-11-21T09:02:39.360",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:31:47.210",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,59 +15,185 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: wifi: iwlwifi: corrige una corrupci\u00f3n de memoria iwl_fw_ini_trigger_tlv::data es un puntero a un __le32, lo que significa que si copiamos a iwl_fw_ini_trigger_tlv::data + offset mientras el offset est\u00e1 en bytes, escribiremos m\u00e1s all\u00e1 del b\u00fafer."
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.210",
"matchCriteriaId": "F5CB4CA6-A9A0-4AFD-9102-8CF94D708170"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.149",
"matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.76",
"matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.15",
"matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.3",
"matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

162
CVE-2024/CVE-2024-266xx/CVE-2024-26626.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26626",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-06T07:15:12.810",
"lastModified": "2024-11-21T09:02:43.023",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:26:08.137",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,141 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ipmr: corrige el p\u00e1nico del kernel al reenviar paquetes mcast El stacktrace fue: [86.305548] ERROR: desreferencia del puntero NULL del kernel, direcci\u00f3n: 0000000000000092 [86.306815] #PF: acceso de lectura del supervisor en modo kernel [ 86.307717] #PF: error_code(0x0000) - p\u00e1gina no presente [ 86.308624] PGD 0 P4D 0 [ 86.309091] Ups: 0000 [#1] PREEMPT SMP NOPTI [ 86.309883] CPU: 2 PID: 3139 Comm: pimd Contaminado: GU 6.8.0-6wind-knet #1 [ 86.311027] Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org 01/04/2014 [ 86.312728] RIP: 0010:ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985) [86.313399] C\u00f3digo: f9 1f 0f 87 85 03 00 00 48 8d 04 5b 48 8d 04 83 49 8d 44 c 5 00 48 8b 40 70 48 39 c2 0f 84 d9 00 00 00 49 8b 46 58 48 83 e0 fe <80> b8 92 00 00 00 00 0f 84 55 ff ff 49 83 47 38 01 45 85 e4 0f [ 86.316565] RSP : 0018:ffffad21c0583ae0 EFLAGS: 00010246 [ 86.317497] RAX: 0000000000000000 RBX: 00000000000000000 RCX: 00000000000000000 [ 86.318596] RDX: ff ff9559cb46c000 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.319627] RBP: ffffad21c0583b30 R08: 00000000000000000 R09: 00000000000000000 [ 86.320650] R10: 0000000000000000 R11 : 0000000000000000 R12: 00000000000000001 [ 86.321672] R13: ffff9559c093a000 R14: ffff9559cc00b800 R15: ffff9559c09c1d80 [ 86.322873] FS: 0 0007f85db661980(0000) GS:ffff955a79d00000(0000) knlGS:0000000000000000 [ 86.324291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [86.325314] CR2: 0000000000000092 CR3: 000000002f13a000 CR4: 0000000000350ef0 [86.326589] Seguimiento de llamadas: [86.327036] [86.327434] ? show_regs (/build/work/knet/arch/x86/kernel/dumpstack.c:479) [86.328049]? __die (/build/work/knet/arch/x86/kernel/dumpstack.c:421 /build/work/knet/arch/x86/kernel/dumpstack.c:434) [86.328508] ? page_fault_oops (/build/work/knet/arch/x86/mm/fault.c:707) [86.329107]? do_user_addr_fault (/build/work/knet/arch/x86/mm/fault.c:1264) [86.329756]? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [86.330350]? __irq_work_queue_local (/build/work/knet/kernel/irq_work.c:111 (discriminador 1)) [86.331013]? exc_page_fault (/build/work/knet/./arch/x86/include/asm/paravirt.h:693 /build/work/knet/arch/x86/mm/fault.c:1515 /build/work/knet/arch /x86/mm/fault.c:1563) [86.331702]? asm_exc_page_fault (/build/work/knet/./arch/x86/include/asm/idtentry.h:570) [86.332468]? ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985) [86.333183]? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.333920] ipmr_mfc_add (/build/work/knet/./include/linux/rcupdate.h:782 /build/work/knet /net/ipv4/ipmr.c:1009 /build/work/knet/net/ipv4/ipmr.c:1273) [86.334583]? __pfx_ipmr_hash_cmp (/build/work/knet/net/ipv4/ipmr.c:363) [ 86.335357] ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470) [ 86.336135] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [86.336854]? ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470) [ 86.337679] do_ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:944) [ 86.338408] ? __pfx_unix_stream_read_actor (/build/work/knet/net/unix/af_unix.c:2862) [86.339232]? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [86.339809]? aa_sk_perm (/build/work/knet/security/apparmor/include/cred.h:153 /build/work/knet/security/apparmor/net.c:181) [ 86.340342] ip_setsockopt (/build/work/knet/net /ipv4/ip_sockglue.c:1415) [86.340859] raw_setsockopt (/build/work/knet/net/ipv4/raw.c:836) [86.341408] ? security_socket_setsockopt (/build/work/knet/security/security.c:4561 (discriminador 13)) [ 86.342116] sock_common_setsockopt (/build/work/knet/net/core/sock.c:3716) [ 86.342747] do_sock_setsockopt (/build /work/knet/net/socket.c:2313) [ 86.343363] __sys_setsockopt (/build/work/knet/./include/linux/file.h:32 /build/work/kn ---truncado---"
}
],
"metrics": {},
"references": [
"metrics": {
"cvssMetricV31": [
{
"url": "https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
{
"url": "https://git.kernel.org/stable/c/d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"url": "https://git.kernel.org/stable/c/dcaafdba6c6162bb49f1192850bc3bbc3707738c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://git.kernel.org/stable/c/e622502c310f1069fd9f41cd38210553115f610a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/dcaafdba6c6162bb49f1192850bc3bbc3707738c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e622502c310f1069fd9f41cd38210553115f610a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.75",
"versionEndExcluding": "6.1.77",
"matchCriteriaId": "B14CDB16-40FB-48ED-B419-C46BCE9744D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.14",
"versionEndExcluding": "6.6.16",
"matchCriteriaId": "A8F984E4-A8D4-410D-81DE-CA4AEC78C611"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.2",
"versionEndExcluding": "6.7.4",
"matchCriteriaId": "E7936827-35D9-460F-84DD-764189EF1243"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dcaafdba6c6162bb49f1192850bc3bbc3707738c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e622502c310f1069fd9f41cd38210553115f610a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/dcaafdba6c6162bb49f1192850bc3bbc3707738c",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/e622502c310f1069fd9f41cd38210553115f610a",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2703.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2703",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T16:15:08.310",
"lastModified": "2024-11-21T09:10:19.887",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:26:40.867",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBE5E26-7967-4FDD-A29F-7740B29C4B8E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetDeviceName_mac.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257454",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257454",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetDeviceName_mac.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257454",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257454",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2704.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2704",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T16:15:08.640",
"lastModified": "2024-11-21T09:10:20.030",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:27:11.390",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBE5E26-7967-4FDD-A29F-7740B29C4B8E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetFirewallCfg.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257455",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257455",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetFirewallCfg.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257455",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257455",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2705.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2705",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T17:15:07.750",
"lastModified": "2024-11-21T09:10:20.167",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:27:35.747",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D74EB31-E01D-439E-AAEC-BF0D4965A097"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257456",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257456",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257456",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257456",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2706.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2706",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T17:15:07.983",
"lastModified": "2024-11-21T09:10:20.310",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:27:56.637",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBE5E26-7967-4FDD-A29F-7740B29C4B8E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWifiWpsStart.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257457",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257457",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWifiWpsStart.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257457",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257457",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

115
CVE-2024/CVE-2024-27xx/CVE-2024-2707.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2707",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T17:15:08.243",
"lastModified": "2024-11-21T09:10:20.450",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:28:32.270",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -76,30 +96,81 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md",
"source": "cna@vuldb.com"
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC"
}
]
},
{
"url": "https://vuldb.com/?ctiid.257458",
"source": "cna@vuldb.com"
},
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"url": "https://vuldb.com/?id.257458",
"source": "cna@vuldb.com"
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://vuldb.com/?ctiid.257458",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://vuldb.com/?id.257458",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBE5E26-7967-4FDD-A29F-7740B29C4B8E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md",
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257458",
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257458",
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257458",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257458",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2708.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2708",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T18:15:10.843",
"lastModified": "2024-11-21T09:10:20.580",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:29:07.680",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBE5E26-7967-4FDD-A29F-7740B29C4B8E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257459",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257459",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257459",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257459",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2709.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2709",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T18:15:11.387",
"lastModified": "2024-11-21T09:10:20.717",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:29:29.930",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBE5E26-7967-4FDD-A29F-7740B29C4B8E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/fromSetRouteStatic.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257460",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257460",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/fromSetRouteStatic.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257460",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257460",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2710.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2710",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T18:15:11.907",
"lastModified": "2024-11-21T09:10:20.860",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:30:23.267",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0F101E88-BEA9-4017-9048-860DF3D1BBBC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CDBE5E26-7967-4FDD-A29F-7740B29C4B8E"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/setSchedWifi_start.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257461",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257461",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/setSchedWifi_start.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257461",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257461",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2711.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2711",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-20T18:15:12.440",
"lastModified": "2024-11-21T09:10:21.020",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:30:41.927",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2AFD04-833D-4085-BAD6-32A2715FA785"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D74EB31-E01D-439E-AAEC-BF0D4965A097"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/addWifiMacFilter_deviceMac.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257462",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257462",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/addWifiMacFilter_deviceMac.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257462",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257462",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2763.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2763",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-21T21:15:10.790",
"lastModified": "2024-11-21T09:10:27.800",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:31:50.877",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2AFD04-833D-4085-BAD6-32A2715FA785"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D74EB31-E01D-439E-AAEC-BF0D4965A097"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetCfm.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257600",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257600",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetCfm.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257600",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257600",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

97
CVE-2024/CVE-2024-27xx/CVE-2024-2764.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2764",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-21T21:15:11.177",
"lastModified": "2024-11-21T09:10:27.930",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:32:10.783",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
],
"cvssMetricV2": [
@ -74,32 +94,93 @@
"value": "CWE-121"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:tenda:ac10u_firmware:15.03.06.48:*:*:*:*:*:*:*",
"matchCriteriaId": "1C2AFD04-833D-4085-BAD6-32A2715FA785"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:tenda:ac10u:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6D74EB31-E01D-439E-AAEC-BF0D4965A097"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257601",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257601",
"source": "cna@vuldb.com"
"source": "cna@vuldb.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
]
},
{
"url": "https://vuldb.com/?ctiid.257601",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required",
"VDB Entry"
]
},
{
"url": "https://vuldb.com/?id.257601",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

33
CVE-2024/CVE-2024-281xx/CVE-2024-28139.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-28139",
"sourceIdentifier": "551230f0-3615-47bd-b7cc-93e92e730bbf",
"published": "2024-12-11T16:15:09.930",
"lastModified": "2024-12-11T16:15:09.930",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:15:10.010",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future."
},
{
"lang": "es",
"value": "El usuario www-data puede elevar sus privilegios porque sudo est\u00e1 configurado para permitir la ejecuci\u00f3n del comando mount como superusuario sin contrase\u00f1a. Por lo tanto, los privilegios se pueden escalar al usuario ra\u00edz. El proveedor ha aceptado el riesgo y no se solucionar\u00e1 en el futuro cercano."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "551230f0-3615-47bd-b7cc-93e92e730bbf",

104
CVE-2024/CVE-2024-28xx/CVE-2024-2829.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2829",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-04-25T11:15:46.057",
"lastModified": "2024-11-21T09:10:37.657",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:32:37.870",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,24 +69,96 @@
"value": "CWE-1333"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-1333"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "12.5.0",
"versionEndExcluding": "16.9.6",
"matchCriteriaId": "534FACFA-F0A4-4884-B22A-15B720D22673"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "12.5.0",
"versionEndExcluding": "16.9.6",
"matchCriteriaId": "0BF12163-213C-4FAD-BA38-F31C777C3A95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.10.0",
"versionEndExcluding": "16.10.4",
"matchCriteriaId": "A56BDD5E-E19A-4C96-BFA1-0C9C714BC1DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.10.0",
"versionEndExcluding": "16.10.4",
"matchCriteriaId": "4DFA9764-53C9-46A5-904A-109E64CF5942"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:community:*:*:*",
"matchCriteriaId": "DBAF6CB8-EEBE-4F61-9B80-165C351748E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BEF58721-8679-4EA5-A353-4ED035241169"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451456",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2416728",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Permissions Required"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/451456",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
},
{
"url": "https://hackerone.com/reports/2416728",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
]
}
]
}

14
CVE-2024/CVE-2024-302xx/CVE-2024-30281.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30281",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-05-16T09:15:11.007",
"lastModified": "2024-12-04T16:37:57.617",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:23.590",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,10 +19,10 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
@ -30,8 +30,8 @@
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
@ -39,7 +39,7 @@
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",

18
CVE-2024/CVE-2024-303xx/CVE-2024-30314.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-30314",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-05-16T12:15:13.280",
"lastModified": "2024-12-03T14:33:44.160",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:23.800",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,27 +19,27 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"baseScore": 8.2,
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.8
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",

21
CVE-2024/CVE-2024-316xx/CVE-2024-31670.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-31670",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-12T18:15:23.977",
"lastModified": "2024-12-12T18:15:23.977",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/rizinorg/rizin/commit/75bac3088b2ec173e22d4be9d525ceacc987cf02",
"source": "cve@mitre.org"
}
]
}

63
CVE-2024/CVE-2024-336xx/CVE-2024-33612.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33612",
"sourceIdentifier": "f5sirt@f5.com",
"published": "2024-05-08T15:15:11.113",
"lastModified": "2024-11-21T09:17:15.097",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T18:59:00.883",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.6,
"impactScore": 5.2
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
"baseScore": 8.0,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 5.8
}
]
},
@ -49,16 +69,51 @@
"value": "CWE-295"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:f5:big-ip_next_central_manager:*:*:*:*:*:*:*:*",
"versionStartIncluding": "20.0.1",
"versionEndExcluding": "20.2.0",
"matchCriteriaId": "6374E209-0433-4CFF-A5C7-A9DA884F3E31"
}
]
}
]
}
],
"references": [
{
"url": "https://my.f5.com/manage/s/article/K000139012",
"source": "f5sirt@f5.com"
"source": "f5sirt@f5.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://my.f5.com/manage/s/article/K000139012",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}

96
CVE-2024/CVE-2024-40xx/CVE-2024-4006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-4006",
"sourceIdentifier": "cve@gitlab.com",
"published": "2024-04-25T14:15:09.667",
"lastModified": "2024-11-21T09:42:01.093",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2024-12-12T17:10:26.743",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -49,16 +69,84 @@
"value": "CWE-863"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.7.0",
"versionEndExcluding": "16.9.6",
"matchCriteriaId": "C4191F1B-8E54-4667-AEA6-B1D779251966"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.7.0",
"versionEndExcluding": "16.9.6",
"matchCriteriaId": "25926890-C356-467C-9478-33FF423207C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*",
"versionStartIncluding": "16.10.0",
"versionEndExcluding": "16.10.4",
"matchCriteriaId": "A56BDD5E-E19A-4C96-BFA1-0C9C714BC1DF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "16.10.0",
"versionEndExcluding": "16.10.4",
"matchCriteriaId": "4DFA9764-53C9-46A5-904A-109E64CF5942"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:community:*:*:*",
"matchCriteriaId": "DBAF6CB8-EEBE-4F61-9B80-165C351748E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:gitlab:gitlab:16.11.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "BEF58721-8679-4EA5-A353-4ED035241169"
}
]
}
]
}
],
"references": [
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/455805",
"source": "cve@gitlab.com"
"source": "cve@gitlab.com",
"tags": [
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://gitlab.com/gitlab-org/gitlab/-/issues/455805",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

16
CVE-2024/CVE-2024-418xx/CVE-2024-41836.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-41836",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-07-23T12:15:10.240",
"lastModified": "2024-12-02T22:17:28.253",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:24.127",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
"value": "InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
@ -19,10 +19,10 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
@ -30,16 +30,16 @@
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",

6
CVE-2024/CVE-2024-418xx/CVE-2024-41871.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-41871",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-09-13T07:15:04.097",
"lastModified": "2024-09-16T10:36:14.100",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:24.320",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
"value": "Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",

179
CVE-2024/CVE-2024-442xx/CVE-2024-44240.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44240",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.107",
"lastModified": "2024-10-29T20:35:28.870",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T18:28:02.370",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,34 +59,137 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://support.apple.com/en-us/121565",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121566",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121567",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121569",
"source": "product-security@apple.com"
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.1",
"matchCriteriaId": "F42291CA-6AC4-4F11-AC23-B3FE25139483"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0",
"versionEndExcluding": "18.1",
"matchCriteriaId": "C1AEAF56-49F9-4F1F-993C-97ECD7BDA012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionEndExcluding": "17.7.1",
"matchCriteriaId": "468FFF6F-879C-4AF4-BC42-6A1AA30441C3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"versionStartIncluding": "18.0",
"versionEndExcluding": "18.1",
"matchCriteriaId": "748B3415-F0B7-4677-B6C7-3EC7CFA8CCA5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "18.1",
"matchCriteriaId": "5D57FCAE-9B33-4532-BC69-BC3D35719EDB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:visionos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "2.1",
"matchCriteriaId": "15E4723D-CD2B-4486-A69C-27F843844A80"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"versionEndExcluding": "11.1",
"matchCriteriaId": "5DB9A303-7D3D-4167-9F28-64AA4B1EC0E1"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121563",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121565",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121566",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121567",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121569",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-442xx/CVE-2024-44242.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-44242",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-12-12T02:15:23.950",
"lastModified": "2024-12-12T02:15:23.950",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:15:10.190",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware."
},
{
"lang": "es",
"value": "El problema se solucion\u00f3 con comprobaciones de los l\u00edmites mejoradas. Este problema se solucion\u00f3 en iOS 18.1 y iPadOS 18.1. Un atacante podr\u00eda provocar la finalizaci\u00f3n inesperada del sistema o la ejecuci\u00f3n de c\u00f3digo arbitrario en el firmware DCP."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121563",

80
CVE-2024/CVE-2024-442xx/CVE-2024-44256.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44256",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.177",
"lastModified": "2024-10-29T20:35:29.053",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T18:28:33.040",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,14 +59,58 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-442xx/CVE-2024-44257.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44257",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.243",
"lastModified": "2024-10-29T20:35:29.240",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T18:28:58.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,46 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-442xx/CVE-2024-44260.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44260",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.313",
"lastModified": "2024-10-29T21:35:17.343",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T18:19:21.727",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,14 +59,58 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-442xx/CVE-2024-44283.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44283",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.380",
"lastModified": "2024-10-29T21:35:19.207",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T18:19:40.833",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,46 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

80
CVE-2024/CVE-2024-442xx/CVE-2024-44295.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44295",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T22:15:03.453",
"lastModified": "2024-10-29T21:35:21.523",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T18:21:21.147",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -39,14 +59,58 @@
}
]
},
"references": [
"weaknesses": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
},
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

76
CVE-2024/CVE-2024-443xx/CVE-2024-44301.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-44301",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-10-28T21:15:08.977",
"lastModified": "2024-10-30T19:35:22.447",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2024-12-12T18:06:12.680",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -17,6 +17,26 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -40,6 +60,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,14 +81,46 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "13.0",
"versionEndExcluding": "13.7.1",
"matchCriteriaId": "FD0D09F7-8683-476D-8D27-0C49A55D9938"
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com"
"vulnerable": true,
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"versionStartIncluding": "14.0",
"versionEndExcluding": "14.7.1",
"matchCriteriaId": "901D36FD-C5D9-428D-BE13-662AC380C9AE"
}
]
}
]
}
],
"references": [
{
"url": "https://support.apple.com/en-us/121568",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://support.apple.com/en-us/121570",
"source": "product-security@apple.com",
"tags": [
"Vendor Advisory"
]
}
]
}

26
CVE-2024/CVE-2024-451xx/CVE-2024-45119.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-45119",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-10-10T10:15:04.563",
"lastModified": "2024-10-10T21:37:39.153",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:24.473",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs and have a low impact on both confidentiality and integrity. Exploitation of this issue does not require user interaction and scope is changed."
"value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. An admin-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",
@ -19,27 +19,27 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
"baseScore": 5.5,
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -62,7 +62,7 @@
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

20
CVE-2024/CVE-2024-451xx/CVE-2024-45120.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-45120",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-10-10T10:15:04.787",
"lastModified": "2024-10-10T21:37:20.763",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:24.710",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,14 +19,14 @@
"cvssMetricV31": [
{
"source": "psirt@adobe.com",
"type": "Secondary",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
@ -34,12 +34,12 @@
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"exploitabilityScore": 1.6,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N",
@ -62,7 +62,7 @@
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

6
CVE-2024/CVE-2024-451xx/CVE-2024-45149.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-45149",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-10-10T10:15:08.170",
"lastModified": "2024-10-11T22:12:25.263",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:24.910",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction."
"value": "Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on confidentiality. Exploitation of this issue does not require user interaction."
},
{
"lang": "es",

33
CVE-2024/CVE-2024-453xx/CVE-2024-45337.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2024-45337",
"sourceIdentifier": "security@golang.org",
"published": "2024-12-12T02:02:07.970",
"lastModified": "2024-12-12T02:15:24.673",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:25.067",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass."
},
{
"lang": "es",
"value": " Las aplicaciones y bibliotecas que hacen un mal uso de la devoluci\u00f3n de llamada ServerConfig.PublicKeyCallback pueden ser susceptibles a una omisi\u00f3n de autorizaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909",

14
CVE-2024/CVE-2024-454xx/CVE-2024-45404.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-45404",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-12-12T02:02:09.530",
"lastModified": "2024-12-12T02:02:09.530",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:15:10.350",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available."
},
{
"lang": "es",
"value": "OpenCTI es una plataforma de inteligencia de amenazas cibern\u00e9ticas de c\u00f3digo abierto. En versiones anteriores a la 6.2.18, debido a que no existe la funci\u00f3n para limitar la tasa de OTP, un atacante con credenciales v\u00e1lidas o un usuario malintencionado que cometa fraude interno puede vulnerar la autenticaci\u00f3n de dos factores y secuestrar la cuenta. Esto se debe a que la mutaci\u00f3n otpLogin no implementa la limitaci\u00f3n de la tasa de contrase\u00f1as de un solo uso. Al momento de la publicaci\u00f3n, se desconoce si hay un parche disponible."
}
],
"metrics": {
@ -38,7 +42,7 @@
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,6 +55,10 @@
{
"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-hg56-r6hh-56j7",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-hg56-r6hh-56j7",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

4
CVE-2024/CVE-2024-457xx/CVE-2024-45772.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-45772",
"sourceIdentifier": "security@apache.org",
"published": "2024-09-30T09:15:02.670",
"lastModified": "2024-11-21T09:38:04.893",
"lastModified": "2024-12-12T17:15:10.457",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.\n\nThis issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.\nThe deprecated org.apache.lucene.replicator.http package is affected.\nThe org.apache.lucene.replicator.nrt package is not affected.\n\nUsers are recommended to upgrade to version 9.12.0, which fixes the issue.\n\nJava serialization filters (such as\u00a0-Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality."
"value": "Deserialization of Untrusted Data vulnerability in Apache Lucene Replicator.\n\nThis issue affects Apache Lucene's replicator module: from 4.4.0 before 9.12.0.\nThe deprecated org.apache.lucene.replicator.http package is affected.\nThe org.apache.lucene.replicator.nrt package is not affected.\n\nUsers are recommended to upgrade to version 9.12.0, which fixes the issue.\n\n The deserialization can only be triggered if users actively deploy an network-accessible implementation and a corresponding client using a HTTP library that uses the API (e.g., a custom servlet and HTTPClient). Java serialization filters (such as\u00a0-Djdk.serialFilter='!*' on the commandline) can mitigate the issue on vulnerable versions without impacting functionality."
},
{
"lang": "es",

56
CVE-2024/CVE-2024-472xx/CVE-2024-47238.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-47238",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-12-12T18:15:25.250",
"lastModified": "2024-12-12T18:15:25.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227595/dsa-2024-355",
"source": "security_alert@emc.com"
}
]
}

43
CVE-2024/CVE-2024-529xx/CVE-2024-52999.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-52999",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-12-10T22:15:23.547",
"lastModified": "2024-12-10T22:15:23.547",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:52:43.880",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 1.14.1 y anteriores de Substance3D - Modeler se ven afectadas por una vulnerabilidad de desbordamiento de b\u00fafer basado en el mont\u00f3n que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -38,19 +42,50 @@
"weaknesses": [
{
"source": "psirt@adobe.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.14.1",
"matchCriteriaId": "EBD3683C-D9A5-45EC-BF8F-CE9720A9F64B"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com"
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

35
CVE-2024/CVE-2024-530xx/CVE-2024-53000.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-53000",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-12-10T22:15:23.693",
"lastModified": "2024-12-10T22:15:23.693",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:49:40.543",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 1.14.1 y anteriores de Substance3D - Modeler se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -47,10 +51,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.14.1",
"matchCriteriaId": "EBD3683C-D9A5-45EC-BF8F-CE9720A9F64B"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

35
CVE-2024/CVE-2024-530xx/CVE-2024-53001.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-53001",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-12-10T22:15:23.837",
"lastModified": "2024-12-10T22:15:23.837",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:35:34.220",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 1.14.1 y anteriores de Substance3D - Modeler se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -47,10 +51,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.14.1",
"matchCriteriaId": "EBD3683C-D9A5-45EC-BF8F-CE9720A9F64B"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

35
CVE-2024/CVE-2024-530xx/CVE-2024-53002.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-53002",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-12-10T22:15:24.000",
"lastModified": "2024-12-10T22:15:24.000",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:34:42.387",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 1.14.1 y anteriores de Substance3D - Modeler se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -47,10 +51,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.14.1",
"matchCriteriaId": "EBD3683C-D9A5-45EC-BF8F-CE9720A9F64B"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

35
CVE-2024/CVE-2024-530xx/CVE-2024-53003.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-53003",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-12-10T22:15:24.140",
"lastModified": "2024-12-10T22:15:24.140",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:33:19.607",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 1.14.1 y anteriores de Substance3D - Modeler se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -47,10 +51,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.14.1",
"matchCriteriaId": "EBD3683C-D9A5-45EC-BF8F-CE9720A9F64B"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

35
CVE-2024/CVE-2024-530xx/CVE-2024-53004.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-53004",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-12-10T22:15:24.287",
"lastModified": "2024-12-10T22:15:24.287",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:30:46.870",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 1.14.1 y anteriores de Substance3D - Modeler se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -47,10 +51,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.14.1",
"matchCriteriaId": "EBD3683C-D9A5-45EC-BF8F-CE9720A9F64B"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

35
CVE-2024/CVE-2024-530xx/CVE-2024-53005.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-53005",
"sourceIdentifier": "psirt@adobe.com",
"published": "2024-12-10T22:15:24.463",
"lastModified": "2024-12-10T22:15:24.463",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:25:58.717",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file."
},
{
"lang": "es",
"value": "Las versiones 1.14.1 y anteriores de Substance3D - Modeler se ven afectadas por una vulnerabilidad de lectura fuera de los l\u00edmites que podr\u00eda provocar la divulgaci\u00f3n de memoria confidencial. Un atacante podr\u00eda aprovechar esta vulnerabilidad para eludir mitigaciones como ASLR. La explotaci\u00f3n de este problema requiere la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso."
}
],
"metrics": {
@ -47,10 +51,31 @@
]
}
],
"references": [
"configurations": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com"
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_modeler:*:*:*:*:*:*:*:*",
"versionEndIncluding": "1.14.1",
"matchCriteriaId": "EBD3683C-D9A5-45EC-BF8F-CE9720A9F64B"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d-modeler/apsb24-102.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
}
]
}

45
CVE-2024/CVE-2024-545xx/CVE-2024-54501.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54501",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-12-12T02:15:30.863",
"lastModified": "2024-12-12T02:15:30.863",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:15:10.837",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service."
},
{
"lang": "es",
"value": " El problema se solucion\u00f3 con comprobaciones mejoradas. Este problema se solucion\u00f3 en iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 y iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. El procesamiento de un archivo manipulado con fines malintencionados puede provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121837",

45
CVE-2024/CVE-2024-545xx/CVE-2024-54524.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54524",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-12-12T02:15:31.803",
"lastModified": "2024-12-12T02:15:31.803",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:15:11.020",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files."
},
{
"lang": "es",
"value": " Se solucion\u00f3 un problema de l\u00f3gica mejorando el manejo de archivos. Este problema se solucion\u00f3 en macOS Sequoia 15.2. Una aplicaci\u00f3n maliciosa podr\u00eda acceder a archivos arbitrarios."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://support.apple.com/en-us/121839",

21
CVE-2024/CVE-2024-548xx/CVE-2024-54810.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-54810",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-12T18:15:25.423",
"lastModified": "2024-12-12T18:15:25.423",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Pre-School%20Enrollment/SQL%20Injection%20pre-school%20pa.pdf",
"source": "cve@mitre.org"
}
]
}

41
CVE-2024/CVE-2024-548xx/CVE-2024-54842.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54842",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-12T15:15:17.393",
"lastModified": "2024-12-12T15:15:17.393",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:25.580",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/achchhelalchauhan/phpgurukul/blob/main/SQL%20injection%20ONHP-forgetpass-mobileno.pdf",

45
CVE-2024/CVE-2024-549xx/CVE-2024-54918.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54918",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T19:15:15.707",
"lastModified": "2024-12-09T19:15:15.707",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:25.790",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php."
},
{
"lang": "es",
"value": "Kashipara E-Learning Management System v1.0 es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo a trav\u00e9s de la carga de archivos en /teacher_avatar.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/RCE%20by%20File%20Upload%20-%20Update%20Avatar.pdf",

34
CVE-2024/CVE-2024-549xx/CVE-2024-54922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54922",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T18:15:24.153",
"lastModified": "2024-12-11T17:23:39.127",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:26.013",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

45
CVE-2024/CVE-2024-549xx/CVE-2024-54925.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54925",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T19:15:16.350",
"lastModified": "2024-12-09T19:15:16.350",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:26.240",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una inyecci\u00f3n SQL en /remove_sent_message.php en kashipara E-learning Management System v1.0, que permite a atacantes remotos ejecutar comandos SQL arbitrarios para obtener acceso no autorizado a la base de datos a trav\u00e9s del par\u00e1metro id."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20remove_sent_message.pdf",

34
CVE-2024/CVE-2024-549xx/CVE-2024-54930.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54930",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T18:15:24.267",
"lastModified": "2024-12-11T17:20:32.780",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:26.440",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

45
CVE-2024/CVE-2024-549xx/CVE-2024-54932.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54932",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T19:15:16.777",
"lastModified": "2024-12-09T19:15:16.777",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:26.673",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php."
},
{
"lang": "es",
"value": "Kashipara E-Learning Management System v1.0 es vulnerable a la inyecci\u00f3n SQL en /admin/delete_department.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20delete%20department.pdf",

34
CVE-2024/CVE-2024-549xx/CVE-2024-54933.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-54933",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T18:15:24.387",
"lastModified": "2024-12-11T17:19:32.987",
"vulnStatus": "Analyzed",
"lastModified": "2024-12-12T18:15:26.893",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

45
CVE-2024/CVE-2024-549xx/CVE-2024-54934.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-54934",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T19:15:16.887",
"lastModified": "2024-12-09T19:15:16.887",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:27.153",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php."
},
{
"lang": "es",
"value": "Kashipara E-learning Management System v1.0 es vulnerable a la inyecci\u00f3n SQL en /admin/delete_class.php."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20delete%20class.pdf",

41
CVE-2024/CVE-2024-550xx/CVE-2024-55099.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-55099",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-12T16:15:57.043",
"lastModified": "2024-12-12T16:15:57.043",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:27.340",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -11,7 +11,42 @@
"value": "A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/achchhelalchauhan/phpgurukul/blob/main/SQL%20injection%20ONHP-username.pdf",

45
CVE-2024/CVE-2024-555xx/CVE-2024-55578.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55578",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-09T03:15:04.530",
"lastModified": "2024-12-09T03:15:04.530",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:27.533",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files."
},
{
"lang": "es",
"value": "Zammad anterior a 6.4.1 coloca datos confidenciales (como auth_microsoft_office365_credentials y application_secret) en archivos de registro."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://zammad.com/en/advisories/zaa-2024-05",

45
CVE-2024/CVE-2024-555xx/CVE-2024-55587.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-55587",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-12-12T02:08:22.413",
"lastModified": "2024-12-12T02:08:22.413",
"vulnStatus": "Received",
"lastModified": "2024-12-12T17:15:11.197",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract."
},
{
"lang": "es",
"value": " python-libarchive hasta 4.2.1 permite directory traversal (para crear archivos) en extract en zip.py para ZipFile.extractall y ZipFile.extract."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/smartfile/python-libarchive/blob/c7677411bfc4ab5701d343bc6ebd9e35c990e80e/libarchive/zip.py#L107",

10
CVE-2024/CVE-2024-556xx/CVE-2024-55633.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-55633",
"sourceIdentifier": "security@apache.org",
"published": "2024-12-12T15:15:17.600",
"lastModified": "2024-12-12T15:15:17.600",
"vulnStatus": "Received",
"lastModified": "2024-12-12T18:15:27.733",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
@ -60,7 +60,7 @@
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -73,6 +73,10 @@
{
"url": "https://lists.apache.org/thread/bwmd17fcvljt9q4cgctp4v09zh3qs7fb",
"source": "security@apache.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/12/1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

Some files were not shown because too many files have changed in this diff Show More