admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-01-09T21:00:27.098894+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-01-09 21:03:50 +00:00
parent 97c04cf9e8
commit 9d3386f547
132 changed files with 8218 additions and 558 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
CVE-2016/CVE-2016-104xx/CVE-2016-10408.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2016-10408",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-26T14:15:17.053",
"lastModified": "2024-11-26T14:15:17.053",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:17:41.750",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,12 +69,162 @@
"value": "CWE-284"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C2632A-02F2-4C59-AF96-E2C77940360F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10A104D-951A-4FA9-938A-1324640A998D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:apq8037_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE0D211-0EF0-441A-9E10-3DE578811250"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:apq8037:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A594A57E-525C-451C-B3BA-567E0F757968"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd626_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D9043720-6B49-4305-BB4F-C88CCB6D89E9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd626:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FC8F19D3-F322-4CDC-83C5-A9F7F1777DAD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC508C49-0B76-43A8-B2AF-0F8EB989E238"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9665200-D306-4EEB-9F42-6C5963524179"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd821_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A54F4A3-19E3-4825-98C7-DA632D692A06"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd821:-:*:*:*:*:*:*:*",
"matchCriteriaId": "028CD81A-0D9D-40B0-9E2F-DC8689607B24"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

168
CVE-2017/CVE-2017-181xx/CVE-2017-18153.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-18153",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-26T09:15:04.783",
"lastModified": "2024-11-26T09:15:04.783",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:50:28.223",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "product-security@qualcomm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9
}
]
},
@ -51,10 +71,150 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:9206_lte_modem_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E2C2632A-02F2-4C59-AF96-E2C77940360F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:9206_lte_modem:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D10A104D-951A-4FA9-938A-1324640A998D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "6FEDA6CA-A0FD-4A72-B856-C8E65AC86902"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:apq8017:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8D29295A-7183-46BE-B4EE-F891D1C17ED9"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:ar6003_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D852D3BA-1A2E-4C98-B747-8DA14AC44B1F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:ar6003:-:*:*:*:*:*:*:*",
"matchCriteriaId": "140FD423-FAC4-4D2D-BCFF-511E0AE8CE95"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_630_mobile_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D382DEBB-A358-4EA6-84B9-CB3F9161A1F2"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_630_mobile:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B47A12A6-1DDF-453E-8590-1CA83234DB42"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:snapdragon_636_mobile_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4BA77F18-C031-476E-9552-2BA63152321D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:snapdragon_636_mobile:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F59E6158-B097-4209-AE0D-A97A512C0473"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

230
CVE-2017/CVE-2017-183xx/CVE-2017-18306.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-18306",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-26T14:15:17.430",
"lastModified": "2024-11-26T14:15:17.430",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:16:22.950",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,12 +69,216 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E077FC03-F86F-417A-A3E6-BC88CB85C6F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E016356C-94ED-4CDD-8351-97D265FE036E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E08016A2-E4FE-4E9C-A915-C66BE157AFB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "018452D0-007C-4740-B2AF-E5C8BBAC310F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFF35A3-1472-4665-9DAB-1ABC45C0D5B4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F930E9BF-C502-49C6-8BE8-9A711B89FA1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10C7CB-3B66-4F17-8146-6A85611E2BA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DA765F-53DE-4FB0-B825-6C11B3177641"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

230
CVE-2017/CVE-2017-183xx/CVE-2017-18307.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2017-18307",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-26T14:15:17.573",
"lastModified": "2024-11-26T14:15:17.573",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:14:33.500",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,12 +69,216 @@
"value": "CWE-200"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E077FC03-F86F-417A-A3E6-BC88CB85C6F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E016356C-94ED-4CDD-8351-97D265FE036E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E08016A2-E4FE-4E9C-A915-C66BE157AFB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "018452D0-007C-4740-B2AF-E5C8BBAC310F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFF35A3-1472-4665-9DAB-1ABC45C0D5B4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F930E9BF-C502-49C6-8BE8-9A711B89FA1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10C7CB-3B66-4F17-8146-6A85611E2BA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DA765F-53DE-4FB0-B825-6C11B3177641"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

639
CVE-2018/CVE-2018-119xx/CVE-2018-11922.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-11922",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-26T09:15:04.927",
"lastModified": "2024-11-26T09:15:04.927",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:43:44.987",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "product-security@qualcomm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -36,25 +36,654 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "product-security@qualcomm.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-16"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD1C359-C79B-4CE8-A192-5AA34D0BF05B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "716B747E-672C-4B95-9D8E-1262338E67EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35B7E25E-FA92-4C36-883C-CFF36F4B3507"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD99C6F-2444-4A5E-A517-0C8023DDF23D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:215_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A3667862-8469-4B33-9B2D-939EA07497E6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:215:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C8673678-1EAD-421D-8450-3BE522D75A5F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA80D57-3191-47CF-AD3F-9F2D64E443FE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB212-F01A-4CEB-8DB4-2E0CC2308CB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0986EF1-0974-488E-84C4-6880F876CE55"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08BA58-2EBC-4A22-85A4-2ECD54693B9B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27110478-4C08-49E6-BD53-8BAAD9D5BD65"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3664D302-D22A-4B25-B534-3097AE2F8573"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C56BC939-2FE8-4AB4-B638-35C83B224005"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E36C12E2-7064-41E6-B357-3F0E6E6D0A0F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8175FC2D-8B9C-4461-BEAE-E9C688E8A63B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_427:-:*:*:*:*:*:*:*",
"matchCriteriaId": "92CD09CE-75CC-418F-AB16-4685141BDE36"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5C66CC-B00C-4581-B8FB-0632232E480D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87F57247-08CD-473E-A517-F9E85BFC7BEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "55604764-FC96-451C-BB9B-9AD72EF5D245"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_435:-:*:*:*:*:*:*:*",
"matchCriteriaId": "71CEDACD-D22B-4CCD-93DA-B79CB74BDA22"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_439_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8DE3EA03-0373-4FEF-B1FC-123A8073520B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_439:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A64D3E69-0784-4DEA-96C1-2D41EAFA1906"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_429_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B11CE0F1-29BD-46E1-ACFE-D076192F138E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_429:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D205DB4E-68C2-4B13-8373-128870DF83D8"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_632_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F2126866-3B02-42B4-A57A-4EFF30848B55"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_632:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F832FE19-8D65-4779-B6F5-BD90BD131FD4"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0C10C7CB-3B66-4F17-8146-6A85611E2BA9"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B9DA765F-53DE-4FB0-B825-6C11B3177641"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sda660_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2326BD7-28A5-4244-8501-B109913E7AE6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sda660:-:*:*:*:*:*:*:*",
"matchCriteriaId": "532D244B-8B5A-4923-B7F1-9DC0A5FC0E9D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sdm439_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "84289E6D-DA2A-4D04-9DDA-E8C46DDDD056"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sdm439:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B56360-7AC3-410A-B7F8-1BE8514B3781"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A0CE1B23-6FE3-41C4-B264-C7A9E8BDBEC1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*",
"matchCriteriaId": "794BA13C-3C63-4695-AA45-676F85D904BE"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

654
CVE-2018/CVE-2018-119xx/CVE-2018-11952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-11952",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-26T09:15:05.073",
"lastModified": "2024-11-26T09:15:05.073",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:39:50.313",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "product-security@qualcomm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -51,10 +71,636 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD1C359-C79B-4CE8-A192-5AA34D0BF05B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "716B747E-672C-4B95-9D8E-1262338E67EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35B7E25E-FA92-4C36-883C-CFF36F4B3507"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD99C6F-2444-4A5E-A517-0C8023DDF23D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE28A59C-7AA6-4B85-84E8-07852B96108E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE828B-09A7-4AC1-8134-491A7C87C118"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA80D57-3191-47CF-AD3F-9F2D64E443FE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB212-F01A-4CEB-8DB4-2E0CC2308CB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0986EF1-0974-488E-84C4-6880F876CE55"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08BA58-2EBC-4A22-85A4-2ECD54693B9B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27110478-4C08-49E6-BD53-8BAAD9D5BD65"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3664D302-D22A-4B25-B534-3097AE2F8573"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C56BC939-2FE8-4AB4-B638-35C83B224005"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E36C12E2-7064-41E6-B357-3F0E6E6D0A0F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5C66CC-B00C-4581-B8FB-0632232E480D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87F57247-08CD-473E-A517-F9E85BFC7BEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "549E6F7E-A54F-423F-BD4A-A8FB97DBD39E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "992C3835-7183-4D96-8647-DD9916880323"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B95CCC-37F1-4768-8D64-CA2028E93E03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1426161-4F7C-44B1-AA9E-EA661AA68947"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF81213-DE2D-4C4B-99E8-71AFD87E92CD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95E826EF-343B-47FA-AB54-F13E868CE6A7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27A1760-8D1B-4172-B6CE-65C72332F103"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5F96F1-D3FB-482B-A3C8-57BA4DE86D5E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1650DB-FDF8-4BE5-9437-8ADA11A07116"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B51DD51F-4BDE-497B-89E5-551D10CF3442"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0752054B-2C29-4490-ADC8-29F82BAA17E6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*",
"matchCriteriaId": "005038B5-BCB7-4A23-8562-ACEF6E156C1F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B4B4D4-0357-4E1D-9B72-635106D632CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F992088-5E31-4625-8C3B-CE7F946C61F2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E077FC03-F86F-417A-A3E6-BC88CB85C6F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E016356C-94ED-4CDD-8351-97D265FE036E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E08016A2-E4FE-4E9C-A915-C66BE157AFB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "018452D0-007C-4740-B2AF-E5C8BBAC310F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFF35A3-1472-4665-9DAB-1ABC45C0D5B4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F930E9BF-C502-49C6-8BE8-9A711B89FA1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

662
CVE-2018/CVE-2018-58xx/CVE-2018-5852.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2018-5852",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-26T14:15:17.970",
"lastModified": "2024-11-26T14:15:17.970",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T19:53:39.003",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,12 +69,648 @@
"value": "CWE-126"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-191"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD1C359-C79B-4CE8-A192-5AA34D0BF05B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "716B747E-672C-4B95-9D8E-1262338E67EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35B7E25E-FA92-4C36-883C-CFF36F4B3507"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD99C6F-2444-4A5E-A517-0C8023DDF23D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE28A59C-7AA6-4B85-84E8-07852B96108E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE828B-09A7-4AC1-8134-491A7C87C118"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA80D57-3191-47CF-AD3F-9F2D64E443FE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB212-F01A-4CEB-8DB4-2E0CC2308CB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0986EF1-0974-488E-84C4-6880F876CE55"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08BA58-2EBC-4A22-85A4-2ECD54693B9B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27110478-4C08-49E6-BD53-8BAAD9D5BD65"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3664D302-D22A-4B25-B534-3097AE2F8573"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C56BC939-2FE8-4AB4-B638-35C83B224005"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E36C12E2-7064-41E6-B357-3F0E6E6D0A0F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5C66CC-B00C-4581-B8FB-0632232E480D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87F57247-08CD-473E-A517-F9E85BFC7BEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "549E6F7E-A54F-423F-BD4A-A8FB97DBD39E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "992C3835-7183-4D96-8647-DD9916880323"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B95CCC-37F1-4768-8D64-CA2028E93E03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1426161-4F7C-44B1-AA9E-EA661AA68947"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF81213-DE2D-4C4B-99E8-71AFD87E92CD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95E826EF-343B-47FA-AB54-F13E868CE6A7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27A1760-8D1B-4172-B6CE-65C72332F103"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5F96F1-D3FB-482B-A3C8-57BA4DE86D5E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1650DB-FDF8-4BE5-9437-8ADA11A07116"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B51DD51F-4BDE-497B-89E5-551D10CF3442"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0752054B-2C29-4490-ADC8-29F82BAA17E6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*",
"matchCriteriaId": "005038B5-BCB7-4A23-8562-ACEF6E156C1F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B4B4D4-0357-4E1D-9B72-635106D632CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F992088-5E31-4625-8C3B-CE7F946C61F2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E077FC03-F86F-417A-A3E6-BC88CB85C6F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E016356C-94ED-4CDD-8351-97D265FE036E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E08016A2-E4FE-4E9C-A915-C66BE157AFB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "018452D0-007C-4740-B2AF-E5C8BBAC310F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFF35A3-1472-4665-9DAB-1ABC45C0D5B4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F930E9BF-C502-49C6-8BE8-9A711B89FA1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html",
"source": "product-security@qualcomm.com"
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

131
CVE-2021/CVE-2021-470xx/CVE-2021-47016.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47016",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.307",
"lastModified": "2024-11-21T06:35:11.787",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T19:52:27.117",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,47 +15,152 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: m68k: mvme147,mvme16x: No borre los bits de configuraci\u00f3n del temporizador PCC. No borre los bits de configuraci\u00f3n del temporizador 1 al borrar el indicador de interrupci\u00f3n y el desbordamiento del contador. Como inform\u00f3 Michael, \"Esto da como resultado que no se entreguen interrupciones del temporizador despu\u00e9s de la primera. Luego, la inicializaci\u00f3n se bloquea en calibrate_delay porque el contador de santiam\u00e9n no se actualiza\". En mvme16x, habilite el temporizador despu\u00e9s de solicitar irq, de acuerdo con mvme147."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2",
"versionEndExcluding": "5.4.119",
"matchCriteriaId": "459F61B2-E7E5-43BE-8A31-15469C31F827"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.37",
"matchCriteriaId": "7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.11.21",
"matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.12.4",
"matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1dfb26df15fc7036a74221d43de7427f74293dae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43262178c043032e7c42d00de44c818ba05f9967",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5d34225169346cab5145978d153b9ce90e9ace21",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/73fdeb612d25b5e105c219e05434285a45d23576",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f6a90818a32058fca62cda3a2027a6a2364e1878",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1dfb26df15fc7036a74221d43de7427f74293dae",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43262178c043032e7c42d00de44c818ba05f9967",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5d34225169346cab5145978d153b9ce90e9ace21",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/73fdeb612d25b5e105c219e05434285a45d23576",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f6a90818a32058fca62cda3a2027a6a2364e1878",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

97
CVE-2021/CVE-2021-470xx/CVE-2021-47037.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47037",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-28T09:15:39.847",
"lastModified": "2024-11-21T06:35:14.347",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T19:47:04.127",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,110 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: q6afe-clocks: correcci\u00f3n de reprobaci\u00f3n del controlador El controlador Q6afe-clocks puede ser reprobado. Por ejemplo, si los servicios APR se reinician despu\u00e9s de la falla del firmware. Sin embargo, actualmente el controlador Q6afe-clocks fallar\u00e1 porque hw.init se borrar\u00e1 durante la primera llamada a _probe. Vuelva a escribir el controlador para completar los datos del reloj en tiempo de ejecuci\u00f3n en lugar de utilizar una gran variedad de relojes est\u00e1ticos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.11.21",
"matchCriteriaId": "3EB79796-821C-45D2-8CF3-E0C6CF51F586"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.12.4",
"matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/62413972f5266568848a36fd15160397b211fa74",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6893df3753beafa5f7351228a9dd8157a57d7492",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/96fadf7e8ff49fdb74754801228942b67c3eeebd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/62413972f5266568848a36fd15160397b211fa74",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6893df3753beafa5f7351228a9dd8157a57d7492",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/96fadf7e8ff49fdb74754801228942b67c3eeebd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

182
CVE-2021/CVE-2021-470xx/CVE-2021-47056.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47056",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.530",
"lastModified": "2024-11-21T06:35:16.687",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T19:45:48.107",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,71 +15,215 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: qat - ADF_STATUS_PF_RUNNING debe configurarse despu\u00e9s de adf_dev_init ADF_STATUS_PF_RUNNING es (solo) usado y verificado por adf_vf2pf_shutdown() antes de llamar a adf_iov_putmsg()->mutex_lock(vf2pf_lock), sin embargo, vf2pf_lock es inicializado en adf_dev_init(), que puede fallar y cuando falla, vf2pf_lock no se inicializa o se destruye, un uso posterior de vf2pf_lock causar\u00e1 problemas. Para solucionar este problema, establezca este indicador solo si adf_dev_init() devuelve 0. [7.178404] ERROR: KASAN: acceso a memoria de usuario en __mutex_lock.isra.0+0x1ac/0x7c0 [7.180345] Seguimiento de llamadas: [7.182576] mutex_lock+0xc9 /0xd0 [ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat] [ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat] [ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat] [7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf]"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-908"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.7",
"versionEndExcluding": "4.9.269",
"matchCriteriaId": "BE2A530A-768D-4D74-B4DB-C76E09C2042F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.233",
"matchCriteriaId": "4836AF17-022D-49D0-9A8A-AF66FE8DCEB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.191",
"matchCriteriaId": "5B6E6817-19A8-4C0A-8807-71DA48CF9191"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.119",
"matchCriteriaId": "E07BA880-1043-4674-AC45-266B3B4A44C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.37",
"matchCriteriaId": "7A4CF5D6-ACBA-4980-ABFD-3D7A53B5BB4E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.11.21",
"matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.12.4",
"matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/05ec8192ee4bfdf2a8894a68350dac9f1a155fa6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/09d16cee6285d37cc76311c29add6d97a7e4acda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1ea500ce6f7c9106e4a561d28e69215f3d451818",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1f50392650ae794a1aea41c213c6a3e1c824413c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/20fd40fc6f2c2b41dc6f637f88d494b14e9c21f1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/446045cf682af12d9294765f6c46084b374b5654",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f4c4e07140687f42bfa40e091bb4a55d7960ce4d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/05ec8192ee4bfdf2a8894a68350dac9f1a155fa6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/09d16cee6285d37cc76311c29add6d97a7e4acda",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1ea500ce6f7c9106e4a561d28e69215f3d451818",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/1f50392650ae794a1aea41c213c6a3e1c824413c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/20fd40fc6f2c2b41dc6f637f88d494b14e9c21f1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/446045cf682af12d9294765f6c46084b374b5654",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8609f5cfdc872fc3a462efa6a3eca5cb1e2f6446",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f4c4e07140687f42bfa40e091bb4a55d7960ce4d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

114
CVE-2021/CVE-2021-470xx/CVE-2021-47066.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47066",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.057",
"lastModified": "2024-11-21T06:35:18.120",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T19:44:50.610",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,131 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: async_xor: aumenta src_offs al eliminar la p\u00e1gina de destino. Ahora admitimos compartir una p\u00e1gina si PAGE_SIZE no tiene el mismo tama\u00f1o de banda. Para respaldar esto, debe admitir el c\u00e1lculo del valor xor con diferentes compensaciones para cada r5dev. Se utiliza una matriz de desplazamiento para registrar esos desplazamientos. En el modo RMW, la p\u00e1gina de paridad se utiliza como p\u00e1gina de origen. Establece ASYNC_TX_XOR_DROP_DST antes de calcular el valor xor en ops_run_prexor5. Por lo tanto, es necesario agregar src_list y src_offs al mismo tiempo. Ahora s\u00f3lo necesita src_list. Entonces el valor xor que se calcula es incorrecto. Puede causar problemas de corrupci\u00f3n de datos. Puedo reproducir este problema al 100% en una m\u00e1quina POWER8. Los pasos son: mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G mkfs.xfs /dev/md0 mount /dev/md0 /mnt/test mount: /mnt/test: la llamada al sistema mount(2) fall\u00f3: la estructura necesita limpieza."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "5.10.37",
"matchCriteriaId": "4E433B72-3E3A-435E-9A66-80D28868BDF2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.11.21",
"matchCriteriaId": "8CBB94EC-EC33-4464-99C5-03E5542715F0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.12.4",
"matchCriteriaId": "D8C7052F-1B7B-4327-9C2B-84EBF3243838"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/29ffa50f33de824b5491f8239c88c4a0efdd03af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/53f8208e11abd6dde9480dfcb97fecdb1bc2ac18",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cab2e8e5997b592fdb7d02cf2387b4b8e3057174",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/29ffa50f33de824b5491f8239c88c4a0efdd03af",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/53f8208e11abd6dde9480dfcb97fecdb1bc2ac18",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cab2e8e5997b592fdb7d02cf2387b4b8e3057174",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ceaf2966ab082bbc4d26516f97b3ca8a676e2af8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

90
CVE-2021/CVE-2021-470xx/CVE-2021-47072.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47072",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-01T22:15:47.010",
"lastModified": "2024-11-21T06:35:20.567",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T19:42:34.897",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,99 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: btrfs: corrige las dentries eliminadas que a\u00fan existen despu\u00e9s de sincronizar el registro. Cuando movemos un inodo de un directorio a otro y tanto el inodo como su directorio principal anterior se registraron antes, se supone que no tener la dentry del padre anterior si tenemos un corte de energ\u00eda despu\u00e9s de sincronizar el registro. Se supone que s\u00f3lo existe el nuevo dentry. En general, esto funciona correctamente, sin embargo, hay un escenario en el que esto no funciona actualmente, porque el padre antiguo del archivo/directorio que se movi\u00f3 no tiene autoridad para un rango que incluye el \u00edndice de directorio y las claves de elemento de directorio del dentry anterior. Este caso se explica mejor con el siguiente ejemplo y reproductor: # La prueba requiere un dise\u00f1o muy espec\u00edfico de claves y elementos en el \u00e1rbol # fs/subvolume para activar el error. Por eso queremos asegurarnos de que # en cualquier plataforma en la que estemos, tengamos el mismo tama\u00f1o de hoja/nodo. # # Actualmente en btrfs el tama\u00f1o del nodo/hoja no puede ser menor que el tama\u00f1o de la p\u00e1gina # (pero puede ser mayor que el tama\u00f1o de la p\u00e1gina). Por lo tanto, utilice el mayor tama\u00f1o de nodo/hoja admitido (64K). $ mkfs.btrfs -f -n 65536 /dev/sdc $ mount /dev/sdc /mnt # \"testdir\" is inode 257. $ mkdir /mnt/testdir $ chmod 755 /mnt/testdir # Create several empty files to have the directory \"testdir\" with its # items spread over several leaves (7 in this case). $ for ((i = 1; i <= 1200; i++)); do echo -n > /mnt/testdir/file$i done # Create our test directory \"dira\", inode number 1458, which gets all # its items in leaf 7. # # The BTRFS_DIR_ITEM_KEY item for inode 257 (\"testdir\") that points to # the entry named \"dira\" is in leaf 2, while the BTRFS_DIR_INDEX_KEY # item that points to that entry is in leaf 3. # # For this particular filesystem node size (64K), file count and file # names, we endup with the directory entry items from inode 257 in # leaves 2 and 3, as previously mentioned - what matters for triggering # the bug exercised by this test case is that those items are not placed # in leaf 1, they must be placed in a leaf different from the one # containing the inode item for inode 257. # # The corresponding BTRFS_DIR_ITEM_KEY and BTRFS_DIR_INDEX_KEY items for # the parent inode (257) are the following: # # item 460 key (257 DIR_ITEM 3724298081) itemoff 48344 itemsize 34 # location key (1458 INODE_ITEM 0) type DIR # transid 6 data_len 0 name_len 4 # name: dira # # and: # # item 771 key (257 DIR_INDEX 1202) itemoff 36673 itemsize 34 # location key (1458 INODE_ITEM 0) type DIR # transid 6 data_len 0 name_len 4 # name: dira $ mkdir /mnt/testdir/dira # Make sure everything done so far is durably persisted. $ sync # Now do a change to inode 257 (\"testdir\") that does not result in # COWing leaves 2 and 3 - the leaves that contain the directory items # pointing to inode 1458 (directory \"dira\"). # # Changing permissions, the owner/group, updating or adding a xattr, # etc, will not change (COW) leaves 2 and 3. So for the sake of # simplicity change the permissions of inode 257, which results in # updating its inode item and therefore change (COW) only leaf 1. $ chmod 700 /mnt/testdir # Now fsync directory inode 257. # # Since only the first leaf was changed/COWed, we log the inode item of # inode 257 and only the dentries found in the first leaf, all have a # key type of BTRFS_DIR_ITEM_KEY, and no keys of type # BTRFS_DIR_INDEX_KEY, because they sort after the former type and none # exist in the first leaf. # # We also log 3 items that represent ranges for dir items and dir # indexes for which the log is authoritative: # # 1) a key of type BTRFS_DIR_LOG_ITEM_KEY, which indicates the log is # authoritative for all BTRFS_DIR_ITEM_KEY keys that have an offset # in the range [0, 2285968570] (the offset here is th ---truncated--- "
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.12",
"versionEndExcluding": "5.12.7",
"matchCriteriaId": "13460FFE-8AA9-4F1C-963C-30982D8858D1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc1:*:*:*:*:*:*",
"matchCriteriaId": "0CBAD0FC-C281-4666-AB2F-F8E6E1165DF7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13:rc2:*:*:*:*:*:*",
"matchCriteriaId": "96AC23B2-D46A-49D9-8203-8E1BEDCA8532"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/54a40fc3a1da21b52dbf19f72fdc27a2ec740760",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6d0924c5b742036b4f20a0ffdf2b6cf3f963f5f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/54a40fc3a1da21b52dbf19f72fdc27a2ec740760",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6d0924c5b742036b4f20a0ffdf2b6cf3f963f5f6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

22
CVE-2022/CVE-2022-46xx/CVE-2022-4676.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4676",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.307",
"lastModified": "2024-11-21T07:35:42.953",
"lastModified": "2025-01-09T20:15:28.163",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

146
CVE-2022/CVE-2022-490xx/CVE-2022-49035.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2022-49035",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2025-01-02T15:15:18.807",
"lastModified": "2025-01-02T15:15:18.807",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:22:11.780",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,163 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: s5p_cec: limit msg.len a CEC_MAX_MSG_SIZE Espero que el hardware haya limitado esto a 16, pero en caso de que no sea as\u00ed, verifique este caso especial."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.9.333",
"matchCriteriaId": "BD342BE3-BDB3-4031-9F0B-DE4F90246387"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.299",
"matchCriteriaId": "2FE9A829-20E8-4929-AE9B-02761322A926"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.265",
"matchCriteriaId": "ABED5D97-9B16-4CF6-86E3-D5F5C4358E35"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.224",
"matchCriteriaId": "1D67A077-EB45-4ADE-94CD-F9A76F6C319C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.154",
"matchCriteriaId": "475D097C-AB5A-4CF5-899F-413077854ABD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.78",
"matchCriteriaId": "AB8B27B9-B41B-42D5-AE67-0A89A8A8EEB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.0.8",
"matchCriteriaId": "EC9A754E-625D-42F3-87A7-960D643E2867"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E7E331DA-1FB0-4DEC-91AC-7DA69D461C11"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1609231f86760c1f6a429de7913dd795b9faa08c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2654e785bd4aa2439cdffbe7dc1ea30a0eddbfe4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4a449430ecfb199b99ba58af63c467eb53500b39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7ccb40f26cbefa1c6dfd3418bea54c9518cdbd8a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93f65ce036863893c164ca410938e0968964b26c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a2728bf9b6c65e46468c763e3dab7e04839d4e11",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cbfa26936f318b16ccf9ca31b8e8b30c0dc087bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fc0f76dd5f116fa9291327024dda392f8b4e849c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
}
]
}

22
CVE-2023/CVE-2023-20xx/CVE-2023-2023.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-2023",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-05-30T08:15:09.787",
"lastModified": "2024-11-21T07:57:46.780",
"lastModified": "2025-01-09T19:15:16.547",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

32
CVE-2023/CVE-2023-239xx/CVE-2023-23952.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23952",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-06-01T01:15:17.687",
"lastModified": "2024-11-21T07:47:10.047",
"lastModified": "2025-01-09T20:15:29.153",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-239xx/CVE-2023-23953.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23953",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-06-01T01:15:17.747",
"lastModified": "2024-11-21T07:47:10.157",
"lastModified": "2025-01-09T20:15:29.363",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},

32
CVE-2023/CVE-2023-239xx/CVE-2023-23954.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23954",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-06-01T01:15:17.783",
"lastModified": "2024-11-21T07:47:10.267",
"lastModified": "2025-01-09T20:15:29.527",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-239xx/CVE-2023-23955.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23955",
"sourceIdentifier": "secure@symantec.com",
"published": "2023-06-01T01:15:17.820",
"lastModified": "2024-11-21T07:47:10.373",
"lastModified": "2025-01-09T20:15:29.697",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

40
CVE-2023/CVE-2023-257xx/CVE-2023-25737.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25737",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.323",
"lastModified": "2024-11-21T07:50:02.873",
"lastModified": "2025-01-09T20:15:30.067",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-704"
}
]
}
],
"configurations": [
@ -135,6 +165,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811464",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Permissions Required"
]
}
]
}

40
CVE-2023/CVE-2023-257xx/CVE-2023-25738.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25738",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.367",
"lastModified": "2024-11-21T07:50:03.007",
"lastModified": "2025-01-09T20:15:30.277",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
@ -147,6 +177,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811852",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Permissions Required"
]
}
]
}

40
CVE-2023/CVE-2023-257xx/CVE-2023-25739.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25739",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.417",
"lastModified": "2024-11-21T07:50:03.150",
"lastModified": "2025-01-09T20:15:30.483",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-416"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
@ -135,6 +165,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1811939",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Permissions Required"
]
}
]
}

40
CVE-2023/CVE-2023-257xx/CVE-2023-25740.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25740",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.480",
"lastModified": "2024-11-21T07:50:03.283",
"lastModified": "2025-01-09T20:15:30.670",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-522"
}
]
}
],
"configurations": [
@ -95,6 +125,14 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1812354",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Permissions Required"
]
}
]
}

32
CVE-2023/CVE-2023-257xx/CVE-2023-25741.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25741",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.537",
"lastModified": "2024-11-21T07:50:03.403",
"lastModified": "2025-01-09T20:15:30.880",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-203"
}
]
}
],
"configurations": [

36
CVE-2023/CVE-2023-257xx/CVE-2023-25745.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25745",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.723",
"lastModified": "2024-11-21T07:50:03.910",
"lastModified": "2025-01-09T20:15:31.067",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
@ -95,6 +125,10 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804998",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"
}
]
}

32
CVE-2023/CVE-2023-257xx/CVE-2023-25746.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25746",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.767",
"lastModified": "2024-11-21T07:50:04.013",
"lastModified": "2025-01-09T20:15:31.250",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

41
CVE-2023/CVE-2023-257xx/CVE-2023-25748.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25748",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.817",
"lastModified": "2024-11-21T07:50:04.250",
"lastModified": "2025-01-09T19:15:14.810",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
@ -97,6 +127,15 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1798798",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-257xx/CVE-2023-25749.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25749",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.860",
"lastModified": "2024-11-21T07:50:04.370",
"lastModified": "2025-01-09T19:15:15.763",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"configurations": [

41
CVE-2023/CVE-2023-257xx/CVE-2023-25750.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-25750",
"sourceIdentifier": "security@mozilla.org",
"published": "2023-06-02T17:15:11.903",
"lastModified": "2024-11-21T07:50:04.483",
"lastModified": "2025-01-09T19:15:15.930",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-668"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [
@ -97,6 +127,15 @@
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1814733",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Issue Tracking",
"Permissions Required",
"Vendor Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-268xx/CVE-2023-26842.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-26842",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T14:15:10.067",
"lastModified": "2024-11-21T07:51:59.560",
"lastModified": "2025-01-09T20:15:31.650",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-276xx/CVE-2023-27639.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27639",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T21:15:09.260",
"lastModified": "2024-11-21T07:53:19.347",
"lastModified": "2025-01-09T20:15:31.873",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-277xx/CVE-2023-27744.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27744",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T04:15:49.577",
"lastModified": "2024-11-21T07:53:24.807",
"lastModified": "2025-01-09T19:15:16.110",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-277xx/CVE-2023-27745.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-27745",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T04:15:49.687",
"lastModified": "2024-11-21T07:53:24.970",
"lastModified": "2025-01-09T19:15:16.340",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-346"
}
]
}
],
"configurations": [

22
CVE-2023/CVE-2023-281xx/CVE-2023-28147.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28147",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-02T00:15:09.620",
"lastModified": "2024-11-21T07:54:29.153",
"lastModified": "2025-01-09T20:15:32.090",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},

32
CVE-2023/CVE-2023-286xx/CVE-2023-28657.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28657",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.597",
"lastModified": "2024-11-21T07:55:45.217",
"lastModified": "2025-01-09T20:15:32.300",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "NVD-CWE-Other"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-287xx/CVE-2023-28713.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28713",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.637",
"lastModified": "2024-11-21T07:55:51.570",
"lastModified": "2025-01-09T20:15:32.550",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-312"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-312"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-288xx/CVE-2023-28824.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28824",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.673",
"lastModified": "2024-11-21T07:56:05.187",
"lastModified": "2025-01-09T20:15:32.740",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-289xx/CVE-2023-28937.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28937",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.717",
"lastModified": "2024-11-21T07:56:16.013",
"lastModified": "2025-01-09T20:15:32.920",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-798"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-291xx/CVE-2023-29154.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29154",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.760",
"lastModified": "2024-11-21T07:56:37.563",
"lastModified": "2025-01-09T20:15:33.140",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-291xx/CVE-2023-29159.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-29159",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-06-01T02:15:09.803",
"lastModified": "2024-11-21T07:56:38.187",
"lastModified": "2025-01-09T20:15:33.313",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-334xx/CVE-2023-33486.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33486",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-05-31T13:15:09.697",
"lastModified": "2024-11-21T08:05:38.160",
"lastModified": "2025-01-09T19:15:16.783",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -32,6 +32,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -45,6 +65,16 @@
"value": "CWE-77"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-335xx/CVE-2023-33551.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-33551",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-06-01T15:15:09.050",
"lastModified": "2024-11-21T08:05:42.157",
"lastModified": "2025-01-09T19:15:16.993",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

6
CVE-2023/CVE-2023-363xx/CVE-2023-36361.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-36361",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-05T16:15:07.567",
"lastModified": "2024-11-21T08:09:35.950",
"lastModified": "2025-01-09T20:15:33.733",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -90,6 +90,10 @@
"Third Party Advisory"
]
},
{
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-36361",
"source": "cve@mitre.org"
},
{
"url": "http://audimex.com",
"source": "af854a3a-2127-422b-91ae-364da2661108",

6
CVE-2023/CVE-2023-459xx/CVE-2023-45911.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45911",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-18T18:15:09.107",
"lastModified": "2024-11-21T08:27:36.763",
"lastModified": "2025-01-09T20:15:34.043",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -104,6 +104,10 @@
}
],
"references": [
{
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45911",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/auth_bypass.txt",
"source": "cve@mitre.org",

6
CVE-2023/CVE-2023-459xx/CVE-2023-45912.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-45912",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-10-18T18:15:09.153",
"lastModified": "2024-11-21T08:27:36.980",
"lastModified": "2025-01-09T20:15:34.257",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -74,6 +74,10 @@
}
],
"references": [
{
"url": "https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2023-45912",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/PostalBlab/Vulnerabilities/blob/main/ComScale/file_access.txt",
"source": "cve@mitre.org",

79
CVE-2023/CVE-2023-524xx/CVE-2023-52485.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52485",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T15:15:07.397",
"lastModified": "2024-11-21T08:39:52.737",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:20:59.593",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,88 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: activa DMCUB antes de enviar un comando [Por qu\u00e9] Podemos quedarnos quietos intentando enviar comandos cuando DMCUB no est\u00e1 encendido. [C\u00f3mo] Para funciones que se ejecutan dentro de un contexto de DC o bloqueo de DC, podemos ajustar las llamadas directas a dm_execute_dmub_cmd/list con c\u00f3digo que salga de las optimizaciones de energ\u00eda inactivas y se vuelva a permitir una vez que hayamos terminado con el env\u00edo del comando en caso de \u00e9xito. Para env\u00edos directos de DM, el DM deber\u00e1 gestionar la secuencia de entrada/salida manualmente. No podemos invocar un comando DMCUB directamente dentro del asistente de ejecuci\u00f3n de DM o podemos bloquearnos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.7.3",
"matchCriteriaId": "F13B1885-F67C-4943-BD88-9B68D2C3FF83"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/303197775a97416b62d4da69280d0c120a20e009",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8892780834ae294bc3697c7d0e056d7743900b39",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

165
CVE-2023/CVE-2023-524xx/CVE-2023-52497.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52497",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-01T14:15:53.273",
"lastModified": "2024-11-21T08:39:54.233",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:20:02.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,63 +15,194 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: corrige la descompresi\u00f3n in situ de lz4 Actualmente, EROFS puede asignar otro b\u00fafer comprimido para la descompresi\u00f3n in situ, que se utiliz\u00f3 para manejar los casos en que algunas p\u00e1ginas de datos comprimidos en realidad no est\u00e1n in situ I/ o. Sin embargo, como la mayor\u00eda de los algoritmos LZ77 simples, LZ4 espera que los datos comprimidos est\u00e9n organizados al final del buffer descomprimido y usa expl\u00edcitamente memmove() para manejar la superposici\u00f3n: ________________________________________________________ |_ direcci\u00f3n de descompresi\u00f3n --> ____ |_ datos comprimidos _| Aunque EROFS organiza los datos comprimidos de esta manera, normalmente asigna dos buffers virtuales individuales, por lo que el orden relativo es incierto. Anteriormente, apenas se observaba ya que LZ4 solo usa memmove() para literales cortos superpuestos y las implementaciones de memmove x86/arm64 parecen cubrirlo por completo y no tienen este problema. Juhyung inform\u00f3 que se pueden encontrar da\u00f1os en los datos EROFS en un nuevo procesador Intel x86. Despu\u00e9s de algunos an\u00e1lisis, parece que los procesadores x86 recientes con la nueva caracter\u00edstica FSRM exponen este problema con \"rep movsb\". Por ahora, usemos estrictamente el b\u00fafer descomprimido para la descompresi\u00f3n in situ de lz4. M\u00e1s adelante, como mejora \u00fatil, podr\u00edamos intentar unir estos dos buffers en el orden correcto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.3",
"versionEndExcluding": "5.4.285",
"matchCriteriaId": "6B9DFA1E-13AA-4825-AB77-27381BDF4E28"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.211",
"matchCriteriaId": "7DDA4DCF-671D-415D-94DF-6E3C77DF0704"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.150",
"matchCriteriaId": "CB6C60DE-9E0C-46C5-904D-D4F4031F8E95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.76",
"matchCriteriaId": "32F0FEB3-5FE1-4400-A56D-886F09BE872E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.15",
"matchCriteriaId": "87C718CB-AE3D-4B07-B4D9-BFF64183C468"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.3",
"matchCriteriaId": "58FD5308-148A-40D3-B36A-0CA6B434A8BF"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/33bf23c9940dbd3a22aad7f0cda4c84ed5701847",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9ff2d260b25df6fe1341a79113d88fecf6bd553e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bffc4cc334c5bb31ded54bc3cfd651735a3cb79e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f36d200a80a3ca025532ed60dd1ac21b620e14ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/33bf23c9940dbd3a22aad7f0cda4c84ed5701847",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bffc4cc334c5bb31ded54bc3cfd651735a3cb79e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f36d200a80a3ca025532ed60dd1ac21b620e14ae",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

60
CVE-2024/CVE-2024-102xx/CVE-2024-10215.json Normal file
View File

@ -0,0 +1,60 @@
{
"id": "CVE-2024-10215",
"sourceIdentifier": "security@wordfence.com",
"published": "2025-01-09T20:15:34.410",
"lastModified": "2025-01-09T20:15:34.410",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security@wordfence.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://documentation.iqonic.design/wpbookit/versions/change-log",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d23a2b9-8476-4564-a5de-5e6cfc38ce68?source=cve",
"source": "security@wordfence.com"
}
]
}

54
CVE-2024/CVE-2024-103xx/CVE-2024-10308.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10308",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-11-26T11:15:16.920",
"lastModified": "2024-11-26T11:15:16.920",
"vulnStatus": "Awaiting Analysis",
"lastModified": "2025-01-09T20:30:43.060",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.1,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -51,14 +71,38 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:jegtheme:jeg_elementor_kit:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "2.6.10",
"matchCriteriaId": "12FCEC0D-1905-44CB-8B66-A6EBCAD42E15"
}
]
}
]
}
],
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3193980/jeg-elementor-kit",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Patch"
]
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/98aed079-672c-43bb-a5eb-faf8ffc04b71?source=cve",
"source": "security@wordfence.com"
"source": "security@wordfence.com",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2024/CVE-2024-116xx/CVE-2024-11614.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11614",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-12-18T09:15:06.660",
"lastModified": "2025-01-09T17:15:10.980",
"lastModified": "2025-01-09T19:15:17.283",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -64,6 +64,10 @@
"url": "https://access.redhat.com/errata/RHSA-2025:0210",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0211",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:0220",
"source": "secalert@redhat.com"

33
CVE-2024/CVE-2024-132xx/CVE-2024-13237.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13237",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:17.437",
"lastModified": "2025-01-09T19:15:17.437",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-001",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13238.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13238",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:17.557",
"lastModified": "2025-01-09T19:15:17.557",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-002",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13239.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13239",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:17.663",
"lastModified": "2025-01-09T19:15:17.663",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1390"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-003",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13240.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13240",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:17.780",
"lastModified": "2025-01-09T19:15:17.780",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-004",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13241.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13241",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:17.910",
"lastModified": "2025-01-09T19:15:17.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-005",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13242.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13242",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.033",
"lastModified": "2025-01-09T19:15:18.033",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-749"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-006",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13243.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13243",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.140",
"lastModified": "2025-01-09T19:15:18.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-007",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13244.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13244",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.250",
"lastModified": "2025-01-09T19:15:18.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-008",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13245.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13245",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.370",
"lastModified": "2025-01-09T19:15:18.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-009",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13246.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13246",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.497",
"lastModified": "2025-01-09T19:15:18.497",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-282"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-010",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13247.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13247",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.610",
"lastModified": "2025-01-09T19:15:18.610",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-011",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13248.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13248",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.730",
"lastModified": "2025-01-09T19:15:18.730",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-012",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13249.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13249",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.857",
"lastModified": "2025-01-09T19:15:18.857",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-282"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-013",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13250.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13250",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:18.980",
"lastModified": "2025-01-09T19:15:18.980",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-014",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13251.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13251",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.093",
"lastModified": "2025-01-09T19:15:19.093",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-266"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-015",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13252.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13252",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.207",
"lastModified": "2025-01-09T19:15:19.207",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-016",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13253.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13253",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.317",
"lastModified": "2025-01-09T19:15:19.317",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-017",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13254.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13254",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.437",
"lastModified": "2025-01-09T19:15:19.437",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-018",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13255.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13255",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.540",
"lastModified": "2025-01-09T19:15:19.540",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-202"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-019",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13256.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13256",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.660",
"lastModified": "2025-01-09T19:15:19.660",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1220"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-020",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13257.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13257",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.773",
"lastModified": "2025-01-09T19:15:19.773",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-021",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13258.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13258",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.887",
"lastModified": "2025-01-09T19:15:19.887",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-022",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13259.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13259",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T19:15:19.997",
"lastModified": "2025-01-09T19:15:19.997",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-023",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13260.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13260",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:34.650",
"lastModified": "2025-01-09T20:15:34.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-024",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13261.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13261",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:34.763",
"lastModified": "2025-01-09T20:15:34.763",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-025",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13262.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13262",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:34.890",
"lastModified": "2025-01-09T20:15:34.890",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-026",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13263.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13263",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.007",
"lastModified": "2025-01-09T20:15:35.007",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-96"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-027",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13264.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13264",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.117",
"lastModified": "2025-01-09T20:15:35.117",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-96"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-028",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13265.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13265",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.230",
"lastModified": "2025-01-09T20:15:35.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-96"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-029",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13266.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13266",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.350",
"lastModified": "2025-01-09T20:15:35.350",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-030",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13267.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13267",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.470",
"lastModified": "2025-01-09T20:15:35.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-96"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-031",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13268.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13268",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.577",
"lastModified": "2025-01-09T20:15:35.577",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-96"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-032",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13269.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13269",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.687",
"lastModified": "2025-01-09T20:15:35.687",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-033",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13270.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13270",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.790",
"lastModified": "2025-01-09T20:15:35.790",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-034",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13271.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13271",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:35.910",
"lastModified": "2025-01-09T20:15:35.910",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-035",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13272.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13272",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.027",
"lastModified": "2025-01-09T20:15:36.027",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1220"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-036",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13273.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13273",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.137",
"lastModified": "2025-01-09T20:15:36.137",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-037",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13274.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13274",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.250",
"lastModified": "2025-01-09T20:15:36.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-799"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-038",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13275.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13275",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.367",
"lastModified": "2025-01-09T20:15:36.367",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-039",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13276.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13276",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.487",
"lastModified": "2025-01-09T20:15:36.487",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-201"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-040",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13277.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13277",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.593",
"lastModified": "2025-01-09T20:15:36.593",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-041",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13278.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13278",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.697",
"lastModified": "2025-01-09T20:15:36.697",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-042",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13279.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13279",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.803",
"lastModified": "2025-01-09T20:15:36.803",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-043",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13280.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13280",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:36.913",
"lastModified": "2025-01-09T20:15:36.913",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-613"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-044",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13281.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13281",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:37.017",
"lastModified": "2025-01-09T20:15:37.017",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-045",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13282.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13282",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:37.133",
"lastModified": "2025-01-09T20:15:37.133",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-046",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13283.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13283",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:37.230",
"lastModified": "2025-01-09T20:15:37.230",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-047",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13284.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13284",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:37.343",
"lastModified": "2025-01-09T20:15:37.343",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-048",
"source": "mlhess@drupal.org"
}
]
}

21
CVE-2024/CVE-2024-132xx/CVE-2024-13285.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-13285",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:37.470",
"lastModified": "2025-01-09T20:15:37.470",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*."
}
],
"metrics": {},
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-049",
"source": "mlhess@drupal.org"
}
]
}

33
CVE-2024/CVE-2024-132xx/CVE-2024-13286.json Normal file
View File

@ -0,0 +1,33 @@
{
"id": "CVE-2024-13286",
"sourceIdentifier": "mlhess@drupal.org",
"published": "2025-01-09T20:15:37.563",
"lastModified": "2025-01-09T20:15:37.563",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2."
}
],
"metrics": {},
"weaknesses": [
{
"source": "mlhess@drupal.org",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.drupal.org/sa-contrib-2024-050",
"source": "mlhess@drupal.org"
}
]
}

Some files were not shown because too many files have changed in this diff Show More