admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-21 17:41:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-25T21:04:53.213664+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-25 21:08:02 +00:00
parent 7c617f441e
commit 9d3fc4bf82
158 changed files with 11262 additions and 954 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
CVE-2014/CVE-2014-71xx/CVE-2014-7143.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2014-7143",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-11-12T14:15:11.157",
"lastModified": "2019-11-14T14:45:50.167",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +31,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
@ -45,13 +44,13 @@
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
@ -85,8 +84,8 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DACBAD4C-364B-4260-9C60-F11522076CF2"
"criteria": "cpe:2.3:a:twisted:twisted:14.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81F2683D-0839-42E9-958A-C19E0A6F293D"
}
]
}
@ -124,6 +123,37 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "http://www.openwall.com/lists/oss-security/2014/09/22/2",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-7143",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96135",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2014-7143",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

50
CVE-2016/CVE-2016-10001xx/CVE-2016-1000111.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2016-1000111",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-03-11T20:15:11.960",
"lastModified": "2020-03-13T20:04:35.520",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +31,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
@ -45,13 +44,13 @@
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"baseScore": 5.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 5.0
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
@ -85,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionEndExcluding": "16.3.1",
"matchCriteriaId": "EAB1F53F-5C2A-485E-9F3E-4F055D23B816"
"matchCriteriaId": "5FBB6152-73B6-47DF-A9E3-D53B998E875C"
}
]
}
@ -125,6 +124,37 @@
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2016-3090545.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://twistedmatrix.com/pipermail/twisted-web/2016-August/005268.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Vendor Advisory"
]
},
{
"url": "https://twistedmatrix.com/trac/ticket/8623",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://www.openwall.com/lists/oss-security/2016/07/18/6",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
}
]
}

715
CVE-2017/CVE-2017-97xx/CVE-2017-9711.json Normal file
View File

@ -0,0 +1,715 @@
{
"id": "CVE-2017-9711",
"sourceIdentifier": "product-security@qualcomm.com",
"published": "2024-11-22T10:15:03.387",
"lastModified": "2024-11-25T19:10:02.253",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "Certain unprivileged processes are able to perform IOCTL calls."
},
{
"lang": "es",
"value": "Ciertos procesos sin privilegios pueden realizar llamadas IOCTL."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "product-security@qualcomm.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-264"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A960B86A-C397-4ACB-AEE6-55F316D32949"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D79B8959-3D1E-4B48-9181-D75FE90AAF98"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A35FECFB-60AE-42A8-BCBB-FEA7D5826D49"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E9765187-8653-4D66-B230-B2CE862AC5C0"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7FD1C359-C79B-4CE8-A192-5AA34D0BF05B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*",
"matchCriteriaId": "716B747E-672C-4B95-9D8E-1262338E67EA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "35B7E25E-FA92-4C36-883C-CFF36F4B3507"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECD99C6F-2444-4A5E-A517-0C8023DDF23D"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FE28A59C-7AA6-4B85-84E8-07852B96108E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEE828B-09A7-4AC1-8134-491A7C87C118"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0FA80D57-3191-47CF-AD3F-9F2D64E443FE"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B2AFB212-F01A-4CEB-8DB4-2E0CC2308CB6"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0986EF1-0974-488E-84C4-6880F876CE55"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8C08BA58-2EBC-4A22-85A4-2ECD54693B9B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27110478-4C08-49E6-BD53-8BAAD9D5BD65"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*",
"matchCriteriaId": "3664D302-D22A-4B25-B534-3097AE2F8573"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C56BC939-2FE8-4AB4-B638-35C83B224005"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E36C12E2-7064-41E6-B357-3F0E6E6D0A0F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BE5C66CC-B00C-4581-B8FB-0632232E480D"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*",
"matchCriteriaId": "87F57247-08CD-473E-A517-F9E85BFC7BEA"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E07C621F-0BC0-40C1-9678-1AF6498AC487"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9C621A62-E346-406B-9D20-8FF6C2B0851F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "549E6F7E-A54F-423F-BD4A-A8FB97DBD39E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*",
"matchCriteriaId": "992C3835-7183-4D96-8647-DD9916880323"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A7B95CCC-37F1-4768-8D64-CA2028E93E03"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D1426161-4F7C-44B1-AA9E-EA661AA68947"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "ECF81213-DE2D-4C4B-99E8-71AFD87E92CD"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95E826EF-343B-47FA-AB54-F13E868CE6A7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D27A1760-8D1B-4172-B6CE-65C72332F103"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC5F96F1-D3FB-482B-A3C8-57BA4DE86D5E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06E0CC35-AC20-42D7-8FEA-CA4685E33E72"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2C4DED-2367-4736-A0AF-C8356F1271AD"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BC1650DB-FDF8-4BE5-9437-8ADA11A07116"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B51DD51F-4BDE-497B-89E5-551D10CF3442"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0752054B-2C29-4490-ADC8-29F82BAA17E6"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*",
"matchCriteriaId": "005038B5-BCB7-4A23-8562-ACEF6E156C1F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "95B4B4D4-0357-4E1D-9B72-635106D632CF"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2F992088-5E31-4625-8C3B-CE7F946C61F2"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E077FC03-F86F-417A-A3E6-BC88CB85C6F0"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E016356C-94ED-4CDD-8351-97D265FE036E"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E08016A2-E4FE-4E9C-A915-C66BE157AFB5"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*",
"matchCriteriaId": "018452D0-007C-4740-B2AF-E5C8BBAC310F"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1CFF35A3-1472-4665-9DAB-1ABC45C0D5B4"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F930E9BF-C502-49C6-8BE8-9A711B89FA1B"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0A2D2B3B-CB28-46AA-9117-A7FA371FDE80"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DE18BF66-B0DB-48BB-B43A-56F01821F5A3"
}
]
}
]
}
],
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html",
"source": "product-security@qualcomm.com",
"tags": [
"Vendor Advisory"
]
}
]
}

6
CVE-2019/CVE-2019-123xx/CVE-2019-12387.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-12387",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-06-10T12:29:00.287",
"lastModified": "2024-11-21T04:22:43.900",
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionEndExcluding": "19.2.1",
"matchCriteriaId": "B563D206-DF4A-4F09-90E1-971A8778E35B"
"matchCriteriaId": "1E158350-303B-4ECB-AF5F-E076C149980E"
}
]
}

6
CVE-2019/CVE-2019-128xx/CVE-2019-12855.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2019-12855",
"sourceIdentifier": "cve@mitre.org",
"published": "2019-06-16T12:29:00.227",
"lastModified": "2024-11-21T04:23:43.553",
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionEndIncluding": "19.2.1",
"matchCriteriaId": "B70A4945-1C66-41BB-BA53-04C6366081F5"
"matchCriteriaId": "A7234F11-D648-42F4-823F-E4B8AF9461B4"
}
]
}

48
CVE-2019/CVE-2019-209xx/CVE-2019-20921.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2019-20921",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-09-30T18:15:18.007",
"lastModified": "2020-10-05T16:49:06.507",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T18:15:06.253",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +31,7 @@
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
@ -45,13 +44,13 @@
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"baseScore": 4.3,
"accessVector": "NETWORK",
"accessComplexity": "MEDIUM",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.3
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.6,
@ -110,6 +109,10 @@
"Third Party Advisory"
]
},
{
"url": "https://issues.jtl-software.de/issues/SHOP-7964",
"source": "cve@mitre.org"
},
{
"url": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457",
"source": "cve@mitre.org",
@ -123,6 +126,35 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/advisories/GHSA-9r7h-6639-v5mw",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/snapappointments/bootstrap-select/issues/2199",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://snyk.io/vuln/SNYK-JS-BOOTSTRAPSELECT-570457",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.npmjs.com/advisories/1522",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

6
CVE-2020/CVE-2020-101xx/CVE-2020-10108.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-10108",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-03-12T13:15:12.293",
"lastModified": "2024-11-21T04:54:49.883",
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionEndIncluding": "19.10.0",
"matchCriteriaId": "7E9923FC-A0E6-499A-A75A-83E9EAAFA09A"
"matchCriteriaId": "081EC898-8BF4-4069-9E4B-5C54F6ECC5A9"
}
]
}

6
CVE-2020/CVE-2020-101xx/CVE-2020-10109.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2020-10109",
"sourceIdentifier": "cve@mitre.org",
"published": "2020-03-12T13:15:12.370",
"lastModified": "2024-11-21T04:54:50.063",
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
@ -84,9 +84,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionEndIncluding": "19.10.0",
"matchCriteriaId": "7E9923FC-A0E6-499A-A75A-83E9EAAFA09A"
"matchCriteriaId": "081EC898-8BF4-4069-9E4B-5C54F6ECC5A9"
}
]
}

30
CVE-2020/CVE-2020-221xx/CVE-2020-22151.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2020-22151",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-07-03T21:15:09.240",
"lastModified": "2023-07-11T15:51:07.247",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T19:15:04.760",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -19,6 +18,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -26,9 +27,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
@ -45,6 +44,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"configurations": [
@ -73,6 +82,15 @@
"Issue Tracking",
"Vendor Advisory"
]
},
{
"url": "https://github.com/daylightstudio/FUEL-CMS/issues/551",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Vendor Advisory"
]
}
]
}

41
CVE-2021/CVE-2021-241xx/CVE-2021-24171.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2021-24171",
"sourceIdentifier": "contact@wpscan.com",
"published": "2021-04-05T19:15:15.857",
"lastModified": "2022-10-24T17:15:39.613",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T18:14:49.230",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +31,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
@ -45,13 +44,13 @@
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"baseScore": 7.5,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5
"availabilityImpact": "PARTIAL"
},
"baseSeverity": "HIGH",
"exploitabilityScore": 10.0,
@ -66,8 +65,8 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"source": "contact@wpscan.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -76,8 +75,8 @@
]
},
{
"source": "contact@wpscan.com",
"type": "Secondary",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
@ -95,9 +94,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:woocommerce:upload_files:*:*:*:*:*:wordpress:*:*",
"criteria": "cpe:2.3:a:vanquish:woocommerce_upload_files:*:*:*:*:*:wordpress:*:*",
"versionEndExcluding": "59.4",
"matchCriteriaId": "F831DE61-993F-4551-845C-07A1EFCF6386"
"matchCriteriaId": "4D755FA2-93D9-4FE2-BB9E-323398084C28"
}
]
}
@ -118,6 +117,20 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://wpscan.com/vulnerability/ed4288a1-f7e4-455f-b765-5ac343f87194",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://www.wordfence.com/blog/2021/03/critical-vulnerability-patched-in-woocommerce-upload-files/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

2343
CVE-2021/CVE-2021-302xx/CVE-2021-30299.json Normal file
View File

File diff suppressed because it is too large Load Diff

6
CVE-2022/CVE-2022-217xx/CVE-2022-21712.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-21712",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-02-07T22:15:08.587",
"lastModified": "2024-11-21T06:45:17.317",
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,10 +114,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionStartIncluding": "11.1.0",
"versionEndExcluding": "22.1.0",
"matchCriteriaId": "AB3625CB-8933-4E70-A2B4-C970732F9E43"
"matchCriteriaId": "D4767A5F-EF09-4130-8DAF-0A4DCBE0D1D3"
}
]
}

6
CVE-2022/CVE-2022-217xx/CVE-2022-21716.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-21716",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-03-03T21:15:07.747",
"lastModified": "2024-11-21T06:45:17.730",
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,10 +114,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionStartIncluding": "21.7.0",
"versionEndExcluding": "22.2.0",
"matchCriteriaId": "CCAC1EB4-978A-4D5E-8DE7-8726B18FD9F9"
"matchCriteriaId": "8C744C2C-D511-4F4F-AFC5-FF6D88E2DF26"
}
]
}

6
CVE-2022/CVE-2022-248xx/CVE-2022-24801.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-24801",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-04-04T18:15:07.933",
"lastModified": "2024-11-21T06:51:07.710",
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
@ -114,9 +114,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionEndExcluding": "22.4.0",
"matchCriteriaId": "6BE51A4E-B4B5-43AB-9C1A-46FC251C9BB6"
"matchCriteriaId": "541BD6DD-5A15-4333-93FF-51B1F4D6AADC"
}
]
}

93
CVE-2022/CVE-2022-393xx/CVE-2022-39348.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2022-39348",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-10-26T20:15:10.580",
"lastModified": "2023-03-08T01:07:01.430",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -17,32 +16,14 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -50,9 +31,27 @@
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
@ -62,7 +61,7 @@
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -94,10 +93,10 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionStartIncluding": "0.9.4",
"versionEndExcluding": "22.10.0",
"matchCriteriaId": "3353C73D-404F-4F2B-A6C3-3E00CF2CF875"
"matchCriteriaId": "5F189425-61DC-4B09-B387-6F7E6E536A0C"
}
]
}
@ -157,6 +156,44 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/twisted/twisted/commit/f2f5e81c03f14e253e85fe457e646130780db40b",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/twisted/twisted/commit/f49041bb67792506d85aeda9cf6157e92f8048f4",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://github.com/twisted/twisted/security/advisories/GHSA-vg46-2rrj-3647",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00038.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202301-02",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

8
CVE-2023/CVE-2023-262xx/CVE-2023-26280.json
View File

@ -2,19 +2,19 @@
"id": "CVE-2023-26280",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-11-25T16:15:06.243",
"lastModified": "2024-11-25T16:15:06.243",
"lastModified": "2024-11-25T19:15:06.987",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "IBM Jazz Foundation 7.0.2 and 7.0.3\n\n\u00a0could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control."
"value": "IBM Jazz Foundation 7.0.2 and 7.0.3\u00a0could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
@ -37,7 +37,7 @@
"weaknesses": [
{
"source": "psirt@us.ibm.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

4
CVE-2023/CVE-2023-284xx/CVE-2023-28461.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-28461",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-03-15T23:15:10.070",
"lastModified": "2024-11-25T16:15:07.803",
"lastModified": "2024-11-25T18:15:09.090",
"vulnStatus": "Modified",
"descriptions": [
{
@ -71,7 +71,7 @@
"description": [
{
"lang": "en",
"value": "CWE-862"
"value": "CWE-306"
}
]
}

69
CVE-2023/CVE-2023-461xx/CVE-2023-46137.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2023-46137",
"sourceIdentifier": "security-advisories@github.com",
"published": "2023-10-25T21:15:10.237",
"lastModified": "2023-11-02T15:57:53.777",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T18:12:24.673",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -17,32 +16,14 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -50,9 +31,27 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
@ -61,8 +60,8 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -71,8 +70,8 @@
]
},
{
"source": "security-advisories@github.com",
"type": "Secondary",
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
@ -90,9 +89,9 @@
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:twistedmatrix:twisted:*:*:*:*:*:*:*:*",
"criteria": "cpe:2.3:a:twisted:twisted:*:*:*:*:*:*:*:*",
"versionEndIncluding": "22.8.0",
"matchCriteriaId": "40A991C8-3D50-4216-99C2-A5FC733D28D0"
"matchCriteriaId": "1CEAFE1B-0546-4D6D-AAB6-2EE69DEA1353"
}
]
}
@ -107,6 +106,14 @@
"Exploit",
"Vendor Advisory"
]
},
{
"url": "https://github.com/twisted/twisted/security/advisories/GHSA-xc8x-vp79-p3wm",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}

32
CVE-2023/CVE-2023-63xx/CVE-2023-6363.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2023-6363",
"sourceIdentifier": "arm-security@arm.com",
"published": "2024-05-03T14:15:10.730",
"lastModified": "2024-05-03T14:17:53.690",
"lastModified": "2024-11-25T18:15:09.670",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,30 @@
"value": "Vulnerabilidad de Use After Free en Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU Architecture Kernel Driver permite a un usuario local sin privilegios realizar operaciones de procesamiento de memoria GPU inadecuadas. Si el usuario prepara cuidadosamente la memoria del sistema, esto a su vez podr\u00eda darle acceso a la memoria ya liberada. Este problema afecta al controlador del kernel de GPU Valhall: desde r41p0 hasta r47p0; Controlador de kernel de arquitectura de GPU Arm de quinta generaci\u00f3n: desde r41p0 hasta r47p0."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.5,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "arm-security@arm.com",
@ -32,6 +54,10 @@
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "arm-security@arm.com"
},
{
"url": "https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

56
CVE-2023/CVE-2023-70xx/CVE-2023-7013.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2023-7013",
"sourceIdentifier": "chrome-cve-admin@google.com",
"published": "2024-07-16T23:15:11.340",
"lastModified": "2024-11-05T15:57:00.397",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T19:15:07.563",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,12 +31,30 @@
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
@ -49,6 +68,16 @@
"value": "CWE-1021"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1021"
}
]
}
],
"configurations": [
@ -84,6 +113,21 @@
"Exploit",
"Issue Tracking"
]
},
{
"url": "https://chromereleases.googleblog.com/2023/10/stable-channel-update-for-desktop_31.html",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
]
},
{
"url": "https://issues.chromium.org/issues/40071326",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
]
}
]
}

21
CVE-2024/CVE-2024-03xx/CVE-2024-0353.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-0353",
"sourceIdentifier": "security@eset.com",
"published": "2024-02-15T08:15:46.023",
"lastModified": "2024-02-15T14:28:31.380",
"lastModified": "2024-11-25T19:15:07.917",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -30,9 +31,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
@ -55,6 +54,18 @@
{
"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed",
"source": "security@eset.com"
},
{
"url": "https://packetstormsecurity.com/files/179495/ESET-NOD32-Antivirus-17.2.7.0-Unquoted-Service-Path.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://packetstormsecurity.com/files/182464/ESET-NOD32-Antivirus-18.0.12.0-Unquoted-Service-Path.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

27
CVE-2024/CVE-2024-107xx/CVE-2024-10710.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-10710",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-11-25T06:15:05.960",
"lastModified": "2024-11-25T06:15:05.960",
"lastModified": "2024-11-25T17:15:11.747",
"vulnStatus": "Received",
"descriptions": [
{
@ -10,7 +10,30 @@
"value": "The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N",
"baseScore": 3.5,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 2.5
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/165ab698-c8b5-4412-a621-c5365d621fc5/",

68
CVE-2024/CVE-2024-115xx/CVE-2024-11514.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11514",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:09.693",
"lastModified": "2024-11-22T21:15:09.693",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:57:28.103",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23975."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en mont\u00f3n en el an\u00e1lisis de archivos ECW de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos ECW. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en mont\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-23975."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,48 @@
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1599/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

58
CVE-2024/CVE-2024-115xx/CVE-2024-11515.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11515",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:09.803",
"lastModified": "2024-11-22T21:15:09.803",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:57:23.373",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24010."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos JPM de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JPM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24010."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1598/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

68
CVE-2024/CVE-2024-115xx/CVE-2024-11516.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11516",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:09.910",
"lastModified": "2024-11-22T21:15:09.910",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:57:19.670",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24011."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en mont\u00f3n en el an\u00e1lisis de archivos JPM de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JPM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en mont\u00f3n. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24011."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,48 @@
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1600/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

58
CVE-2024/CVE-2024-115xx/CVE-2024-11517.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11517",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:10.020",
"lastModified": "2024-11-22T21:15:10.020",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:57:16.330",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24118."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos JPM de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos JPM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24118."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,36 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1597/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

68
CVE-2024/CVE-2024-115xx/CVE-2024-11518.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11518",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:10.130",
"lastModified": "2024-11-22T21:15:10.130",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:57:12.937",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView RLE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of RLE files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24444."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por desbordamiento de b\u00fafer basado en mont\u00f3n en el an\u00e1lisis de archivos RLE de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos RLE. El problema es el resultado de la falta de una validaci\u00f3n adecuada de la longitud de los datos proporcionados por el usuario antes de copiarlos a un b\u00fafer basado en mont\u00f3n de longitud fija. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24444."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,48 @@
"value": "CWE-122"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1596/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11520.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11520",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:10.360",
"lastModified": "2024-11-22T21:15:10.360",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:57:06.950",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24488."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos ARW de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos ARW. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24488."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1580/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11521.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11521",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:10.480",
"lastModified": "2024-11-22T21:15:10.480",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:57:04.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DJVU files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24578."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo mediante el uso y la liberaci\u00f3n del an\u00e1lisis de archivos DJVU de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DJVU. El problema es el resultado de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones en el objeto. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24578."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1579/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11522.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11522",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:10.597",
"lastModified": "2024-11-22T21:15:10.597",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:57:02.447",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24595."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24595."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1590/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-115xx/CVE-2024-11523.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11523",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:10.710",
"lastModified": "2024-11-22T21:15:10.710",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:56:56.057",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24597."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24597."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,48 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1592/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

68
CVE-2024/CVE-2024-115xx/CVE-2024-11524.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11524",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:10.817",
"lastModified": "2024-11-22T21:15:10.817",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:56:54.067",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24598."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24598."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,48 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1593/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11525.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11525",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:10.923",
"lastModified": "2024-11-22T21:15:10.923",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:56:51.587",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24599."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones en el objeto. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24599."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1591/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11526.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11526",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:11.033",
"lastModified": "2024-11-22T21:15:11.033",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:56:47.030",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24600."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos CGM de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos CGM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24600."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1539/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11527.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11527",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:11.140",
"lastModified": "2024-11-22T21:15:11.140",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:56:40.680",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24601."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DWG de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24601."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1538/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11529.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11529",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:11.360",
"lastModified": "2024-11-22T21:15:11.360",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:56:38.437",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24604."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DWG de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24604."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1537/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11530.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11530",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:11.470",
"lastModified": "2024-11-22T21:15:11.470",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:56:27.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24605."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos CGM de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos CGM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24605."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1536/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11531.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11531",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:11.580",
"lastModified": "2024-11-22T21:15:11.580",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:56:20.460",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24606."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos CGM de IrfanView que no se encuentra dentro de los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos CGM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24606."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1535/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11532.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11532",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:11.690",
"lastModified": "2024-11-22T21:15:11.690",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:49:00.830",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24615."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24615."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1587/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11533.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11533",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:11.800",
"lastModified": "2024-11-22T21:15:11.800",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:48:20.877",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24616."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24616."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1586/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11534.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11534",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:11.903",
"lastModified": "2024-11-22T21:15:11.903",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:48:13.973",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24617."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que permite que los atacantes remotos ejecuten c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Para explotar esta vulnerabilidad, se requiere la interacci\u00f3n del usuario, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24617."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1585/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11535.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11535",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.017",
"lastModified": "2024-11-22T21:15:12.017",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:48:00.143",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24618."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24618."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1584/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11536.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11536",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.127",
"lastModified": "2024-11-22T21:15:12.127",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:47:55.503",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24619."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24619."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1583/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11537.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11537",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.243",
"lastModified": "2024-11-22T21:15:12.243",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:47:49.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24620."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24620."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1582/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11538.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11538",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.353",
"lastModified": "2024-11-22T21:15:12.353",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:47:23.300",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24629."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24629."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1588/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11539.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11539",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.463",
"lastModified": "2024-11-22T21:15:12.463",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:46:33.847",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24699."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24699."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1553/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11540.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11540",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.583",
"lastModified": "2024-11-22T21:15:12.583",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:46:13.237",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24700."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24700."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1551/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11541.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11541",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.697",
"lastModified": "2024-11-22T21:15:12.697",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:46:03.037",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24702."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24702."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1552/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11542.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11542",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.810",
"lastModified": "2024-11-22T21:15:12.810",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:45:57.473",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24703."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24703."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1550/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11543.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11543",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:12.927",
"lastModified": "2024-11-22T21:15:12.927",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:44:09.843",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24704."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24704."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1548/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11544.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11544",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.047",
"lastModified": "2024-11-22T21:15:13.047",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:44:03.563",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24707."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24707."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1541/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11545.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11545",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.183",
"lastModified": "2024-11-22T21:15:13.183",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:43:57.310",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24709."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de validaci\u00f3n de la existencia de un objeto antes de realizar operaciones en el objeto. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24709."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1542/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11546.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11546",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.310",
"lastModified": "2024-11-22T21:15:13.310",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:43:36.980",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24714."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24714."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1543/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11547.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11547",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.420",
"lastModified": "2024-11-22T21:15:13.420",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:43:31.837",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24732."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DWG de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24732."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1544/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11548.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11548",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.537",
"lastModified": "2024-11-22T21:15:13.537",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:43:25.887",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24745."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DWG de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24745."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1545/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11549.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11549",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.647",
"lastModified": "2024-11-22T21:15:13.647",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:43:19.760",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24746."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24746."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1547/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11550.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11550",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.763",
"lastModified": "2024-11-22T21:15:13.763",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:43:04.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24748."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24748."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1540/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11551.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11551",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.877",
"lastModified": "2024-11-22T21:15:13.877",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:42:58.463",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24749."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24749."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1549/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11552.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11552",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:13.980",
"lastModified": "2024-11-22T21:15:13.980",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:42:53.387",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24751."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24751."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1546/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

68
CVE-2024/CVE-2024-115xx/CVE-2024-11553.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11553",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:14.087",
"lastModified": "2024-11-22T21:15:14.087",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:46:34.697",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24752."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24752."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,48 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1554/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11554.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11554",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:14.197",
"lastModified": "2024-11-22T21:15:14.197",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:41:46.223",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24754."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DWG de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DWG. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un objeto asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24754."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1581/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11555.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11555",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:14.330",
"lastModified": "2024-11-22T21:15:14.330",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:41:43.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24780."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto fuera de los l\u00edmites en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una escritura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24780."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1559/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11556.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11556",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:14.470",
"lastModified": "2024-11-22T21:15:14.470",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:16:55.420",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24795."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24795."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1562/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11557.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11557",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:14.593",
"lastModified": "2024-11-22T21:15:14.593",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:51:46.153",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24807."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24807."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1561/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11558.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11558",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:14.700",
"lastModified": "2024-11-22T21:15:14.700",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:52:29.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24808."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24808."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1560/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11565.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11565",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:15.483",
"lastModified": "2024-11-22T21:15:15.483",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:50:52.400",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24866."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos CGM de IrfanView que permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Para explotar esta vulnerabilidad, se requiere la interacci\u00f3n del usuario, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos CGM. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24866."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1567/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

57
CVE-2024/CVE-2024-115xx/CVE-2024-11571.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11571",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:16.133",
"lastModified": "2024-11-22T21:15:16.133",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:53:28.710",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24895."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n de c\u00f3digo remoto en el an\u00e1lisis de archivos DXF de IrfanView que excede los l\u00edmites de lectura. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede resultar en una lectura m\u00e1s all\u00e1 del final de un b\u00fafer asignado. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24895."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -46,10 +72,35 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1566/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11572.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11572",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:16.247",
"lastModified": "2024-11-22T21:15:16.247",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:53:24.493",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24897."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24897."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1570/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11573.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11573",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:16.360",
"lastModified": "2024-11-22T21:15:16.360",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:53:19.637",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24898."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24898."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1565/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11574.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11574",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:16.470",
"lastModified": "2024-11-22T21:15:16.470",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:53:09.717",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24900."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24900."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1573/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

67
CVE-2024/CVE-2024-115xx/CVE-2024-11575.json
View File

@ -2,15 +2,41 @@
"id": "CVE-2024-11575",
"sourceIdentifier": "zdi-disclosures@trendmicro.com",
"published": "2024-11-22T21:15:16.587",
"lastModified": "2024-11-22T21:15:16.587",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:52:56.080",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.\n\nThe specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24901."
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo por corrupci\u00f3n de memoria en el an\u00e1lisis de archivos DXF de IrfanView. Esta vulnerabilidad permite a atacantes remotos ejecutar c\u00f3digo arbitrario en las instalaciones afectadas de IrfanView. Se requiere la interacci\u00f3n del usuario para explotar esta vulnerabilidad, ya que el objetivo debe visitar una p\u00e1gina maliciosa o abrir un archivo malicioso. La falla espec\u00edfica existe en el an\u00e1lisis de archivos DXF. El problema es el resultado de la falta de una validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que puede provocar una condici\u00f3n de corrupci\u00f3n de memoria. Un atacante puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo en el contexto del proceso actual. Era ZDI-CAN-24901."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
],
"cvssMetricV30": [
{
"source": "zdi-disclosures@trendmicro.com",
@ -44,12 +70,47 @@
"value": "CWE-119"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x64:*",
"matchCriteriaId": "7F076F00-B5F1-43C4-98BF-698547ACB944"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:irfanview:irfanview:4.67:*:*:*:*:*:x86:*",
"matchCriteriaId": "B0436B8F-048F-4967-BDDD-D1AA07A1CB98"
}
]
}
]
}
],
"references": [
{
"url": "https://www.zerodayinitiative.com/advisories/ZDI-24-1569/",
"source": "zdi-disclosures@trendmicro.com"
"source": "zdi-disclosures@trendmicro.com",
"tags": [
"Third Party Advisory"
]
}
]
}

20
CVE-2024/CVE-2024-115xx/CVE-2024-11586.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-11586",
"sourceIdentifier": "security@ubuntu.com",
"published": "2024-11-23T03:15:07.740",
"lastModified": "2024-11-23T03:15:07.740",
"vulnStatus": "Received",
"lastModified": "2024-11-25T18:15:10.123",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected."
},
{
"lang": "es",
"value": "La implementaci\u00f3n de pulseaudio de Ubuntu puede verse bloqueada por un programa malicioso si se conecta un auricular Bluetooth."
}
],
"metrics": {
@ -34,6 +38,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-404"
}
]
}
],
"references": [
{
"url": "https://bugs.launchpad.net/ubuntu/+source/pulseaudio/+bug/2078822",

27
CVE-2024/CVE-2024-116xx/CVE-2024-11671.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11671",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-11-25T15:15:07.040",
"lastModified": "2024-11-25T15:15:07.040",
"lastModified": "2024-11-25T17:15:11.930",
"vulnStatus": "Received",
"descriptions": [
{
@ -10,7 +10,30 @@
"value": "Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@devolutions.net",

27
CVE-2024/CVE-2024-116xx/CVE-2024-11672.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-11672",
"sourceIdentifier": "security@devolutions.net",
"published": "2024-11-25T15:15:07.180",
"lastModified": "2024-11-25T15:15:07.180",
"lastModified": "2024-11-25T17:15:12.110",
"vulnStatus": "Received",
"descriptions": [
{
@ -10,7 +10,30 @@
"value": "Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the \"Add\" permission via the import in vault feature."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security@devolutions.net",

135
CVE-2024/CVE-2024-237xx/CVE-2024-23787.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-23787",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-02-14T10:15:08.780",
"lastModified": "2024-08-13T14:35:10.747",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"lastModified": "2024-11-25T18:54:34.530",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -17,12 +16,34 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +51,7 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
@ -40,6 +59,16 @@
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
@ -51,18 +80,106 @@
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:jh-rvb1_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "b0.1.9.1",
"matchCriteriaId": "B7EC16DF-21FB-473F-8F62-DDBF1C149A9B"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:jh-rvb1:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27ED2F7C-C3F1-41AA-81DA-3CD5C3B83F88"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:sharp:jh-rv11_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "b0.1.9.1",
"matchCriteriaId": "E0A2340C-A0BC-4DD5-A120-F7041D76D776"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:sharp:jh-rv11:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9CF83BDB-56B1-4E80-91C3-AFAA96A0C25C"
}
]
}
]
}
],
"references": [
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/",
"source": "vultures@jpcert.or.jp"
"source": "vultures@jpcert.or.jp",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://jvn.jp/en/vu/JVNVU94591337/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-242xx/CVE-2024-24256.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-24256",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-15T08:15:46.410",
"lastModified": "2024-02-15T14:28:31.380",
"lastModified": "2024-11-25T18:15:10.727",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,11 +14,50 @@
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en la plataforma de integraci\u00f3n de informaci\u00f3n empresarial espacio-temporal de Yonyou v.9.0 y anteriores permite a un atacante obtener informaci\u00f3n confidencial a trav\u00e9s del par\u00e1metro gwbhAIM en saveMove.jsp en el directorio hr_position."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.5,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/l8l1/killl.github.io/blob/main/3.md",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/l8l1/killl.github.io/blob/main/3.md",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

52
CVE-2024/CVE-2024-260xx/CVE-2024-26019.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-26019",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-11T03:15:09.767",
"lastModified": "2024-04-11T12:47:44.137",
"lastModified": "2024-11-25T19:15:08.683",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "Ninja Forms anterior a 3.8.1 contiene una vulnerabilidad de cross-site scripting en el procesamiento de env\u00edos. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web utilizando el producto."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/jp/JVN50361500/",
@ -28,6 +62,18 @@
{
"url": "https://wordpress.org/plugins/ninja-forms/",
"source": "vultures@jpcert.or.jp"
},
{
"url": "https://jvn.jp/en/jp/JVN50361500/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://ninjaforms.com/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://wordpress.org/plugins/ninja-forms/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

44
CVE-2024/CVE-2024-264xx/CVE-2024-26465.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-26465",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T16:27:59.730",
"lastModified": "2024-02-26T16:32:25.577",
"lastModified": "2024-11-25T19:15:08.960",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,11 +14,50 @@
"value": "Una vulnerabilidad de cross-site scripting (XSS) basada en DOM en el componente /beep/Beep.Instrument.js de stewdio beep.js antes de el commit ef22ad7 permite a los atacantes ejecutar Javascript arbitrario mediante el env\u00edo de una URL manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://gist.github.com/cd80/89527424f733b2b82de876e02d163150",
"source": "cve@mitre.org"
},
{
"url": "https://gist.github.com/cd80/89527424f733b2b82de876e02d163150",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

44
CVE-2024/CVE-2024-291xx/CVE-2024-29166.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-29166",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:15:33.513",
"lastModified": "2024-05-14T16:13:02.773",
"lastModified": "2024-11-25T18:15:10.983",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,11 +14,50 @@
"value": "HDF5 hasta 1.14.3 contiene un desbordamiento del b\u00fafer en H5O__linfo_decode, lo que provoca la corrupci\u00f3n del puntero de instrucci\u00f3n y provoca denegaci\u00f3n de servicio o posible ejecuci\u00f3n de c\u00f3digo."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/",
"source": "cve@mitre.org"
},
{
"url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

61
CVE-2024/CVE-2024-301xx/CVE-2024-30122.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-30122",
"sourceIdentifier": "psirt@hcl.com",
"published": "2024-10-23T15:15:30.390",
"lastModified": "2024-11-06T22:33:46.797",
"vulnStatus": "Analyzed",
"cveTags": [],
"lastModified": "2024-11-25T18:15:11.213",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -17,32 +16,14 @@
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{
"source": "psirt@hcl.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 5.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
@ -50,12 +31,30 @@
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
"availabilityImpact": "LOW"
},
"exploitabilityScore": 1.6,
"impactScore": 3.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
@ -69,6 +68,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

59
CVE-2024/CVE-2024-324xx/CVE-2024-32468.json Normal file
View File

@ -0,0 +1,59 @@
{
"id": "CVE-2024-32468",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-25T19:15:09.510",
"lastModified": "2024-11-25T19:15:09.510",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. 2.) XSS via property, method and enum names, `deno_doc` did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/denoland/deno/security/advisories/GHSA-qqwr-j9mm-fhw6",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/denoland/deno_doc/blob/dc556c848831d7ae48f3eff2ababc6e75eb6b73e/src/html/templates/pages/search.js#L120-L144",
"source": "security-advisories@github.com"
}
]
}

44
CVE-2024/CVE-2024-336xx/CVE-2024-33667.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-33667",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-26T01:15:46.250",
"lastModified": "2024-04-26T12:58:17.720",
"lastModified": "2024-11-25T19:15:09.713",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,11 +14,50 @@
"value": "Se descubri\u00f3 un problema en Zammad antes de la versi\u00f3n 6.3.0. Un agente autenticado podr\u00eda realizar un ataque remoto de denegaci\u00f3n de servicio llamando a un endpoint que acepte un nombre de m\u00e9todo gen\u00e9rico, que no se haya sanitizado adecuadamente con una lista de permitidos."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://zammad.com/en/advisories/zaa-2024-03",
"source": "cve@mitre.org"
},
{
"url": "https://zammad.com/en/advisories/zaa-2024-03",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

44
CVE-2024/CVE-2024-338xx/CVE-2024-33876.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-33876",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:38:10.250",
"lastModified": "2024-05-14T16:12:23.490",
"lastModified": "2024-11-25T18:15:11.537",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,11 +14,50 @@
"value": "La librer\u00eda HDF5 hasta 1.14.3 tiene un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en H5S__point_deserialize en H5Spoint.c."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.4,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-120"
}
]
}
],
"references": [
{
"url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/",
"source": "cve@mitre.org"
},
{
"url": "https://www.hdfgroup.org/2024/05/new-hdf5-cve-issues-fixed-in-1-14-4/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

40
CVE-2024/CVE-2024-345xx/CVE-2024-34535.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-34535",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-10-03T18:15:04.693",
"lastModified": "2024-10-04T13:50:43.727",
"lastModified": "2024-11-25T18:15:11.763",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "En Mastodon 4.1.6, la limitaci\u00f3n de velocidad del endpoint de la API se puede evitar configurando un encabezado de solicitud HTTP manipulado espec\u00edficamente."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:L/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://github.com/mastodon/mastodon/security/advisories/GHSA-q3rg-xx5v-4mxh",

100
CVE-2024/CVE-2024-347xx/CVE-2024-34742.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-34742",
"sourceIdentifier": "security@android.com",
"published": "2024-08-15T22:15:06.890",
"lastModified": "2024-08-19T13:00:23.117",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"lastModified": "2024-11-25T18:15:11.980",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -15,15 +14,104 @@
"value": " En shouldWrite de OwnersData.java, existe un posible caso l\u00edmite que impide que las pol\u00edticas de MDM persistan debido a un error l\u00f3gico en el c\u00f3digo. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D"
}
]
}
]
}
],
"references": [
{
"url": "https://android.googlesource.com/platform/frameworks/base/+/688e5c3012eb0a4ea88361588cf5026c10e4a42c",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch"
]
},
{
"url": "https://source.android.com/security/bulletin/2024-08-01",
"source": "security@android.com"
"source": "security@android.com",
"tags": [
"Patch",
"Vendor Advisory"
]
}
]
}

48
CVE-2024/CVE-2024-360xx/CVE-2024-36043.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-36043",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-18T20:15:15.903",
"lastModified": "2024-05-20T13:00:04.957",
"lastModified": "2024-11-25T18:15:12.213",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": " question_image.ts en SurveyJS Form Library anterior a 1.10.4 permite contentMode=youtube XSS a trav\u00e9s de la propiedad imageLink."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/surveyjs/survey-library/commit/b25fbf0efd4486dc55f836240bebc2305803b96d",
@ -24,6 +58,14 @@
{
"url": "https://github.com/surveyjs/survey-library/issues/8286",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/surveyjs/survey-library/commit/b25fbf0efd4486dc55f836240bebc2305803b96d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://github.com/surveyjs/survey-library/issues/8286",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

42
CVE-2024/CVE-2024-363xx/CVE-2024-36387.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-36387",
"sourceIdentifier": "security@apache.org",
"published": "2024-07-01T19:15:03.497",
"lastModified": "2024-07-12T14:15:11.670",
"lastModified": "2024-11-25T18:15:12.440",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,11 +14,34 @@
"value": "Ofrecer actualizaciones del protocolo WebSocket a trav\u00e9s de una conexi\u00f3n HTTP/2 podr\u00eda provocar una desreferencia del puntero nulo, lo que provocar\u00eda una falla del proceso del servidor y degradar\u00eda el rendimiento."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -36,6 +58,18 @@
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"source": "security@apache.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/01/4",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://httpd.apache.org/security/vulnerabilities_24.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240712-0001/",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

86
CVE-2024/CVE-2024-371xx/CVE-2024-37125.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-37125",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-26T17:15:03.400",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"lastModified": "2024-11-25T18:30:46.117",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -30,9 +31,27 @@
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
@ -42,19 +61,72 @@
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.3.0",
"versionEndExcluding": "10.5.3.11",
"matchCriteriaId": "0FD48013-CCE5-4E3C-ADA5-D00A72C2E599"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.4.0",
"versionEndExcluding": "10.5.4.12",
"matchCriteriaId": "6885B762-E718-4691-8E09-2A7FC2B6B454"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.5.0",
"versionEndExcluding": "10.5.5.11",
"matchCriteriaId": "47A5BFE6-63B4-441B-95AD-D53CEAD638C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.6.0",
"versionEndExcluding": "10.5.6.4",
"matchCriteriaId": "7863BC08-9CB1-4269-A490-717834BD3B40"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228976/dsa-2024-274-security-update-for-dell-networking-os10-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

53
CVE-2024/CVE-2024-383xx/CVE-2024-38305.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-38305",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-08-21T03:15:05.020",
"lastModified": "2024-08-21T12:30:33.697",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"lastModified": "2024-11-25T18:16:27.450",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
@ -30,9 +31,27 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.3,
"baseSeverity": "HIGH"
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.3,
"impactScore": 5.9
@ -42,7 +61,7 @@
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +70,30 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:dell:supportassist_for_home_pcs:4.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E7575841-D1CE-43F7-9687-28F9C1C5E70C"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000227899/dsa-2024-312-security-update-for-dell-supportassist-for-home-pcs-installer-file-local-privilege-escalation-vulnerability",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

60
CVE-2024/CVE-2024-394xx/CVE-2024-39490.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-39490",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-07-10T08:15:11.203",
"lastModified": "2024-07-11T13:05:54.930",
"lastModified": "2024-11-25T20:15:06.600",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: ipv6: sr: corrige la versi\u00f3n faltante de sk_buff en seg6_input_core La funci\u00f3n seg6_input() es responsable de agregar el SRH a un paquete, delegando la operaci\u00f3n al seg6_input_core(). Esta funci\u00f3n utiliza skb_cow_head() para garantizar que haya suficiente espacio libre en sk_buff para acomodar el encabezado de la capa de enlace. En caso de que la funci\u00f3n skb_cow_header() falle, seg6_input_core() detecta el error pero no libera sk_buff, lo que provocar\u00e1 una p\u00e9rdida de memoria. Este problema se introdujo en el commit af3b5158b89d (\"ipv6: sr: corrige el ERROR debido a un espacio libre demasiado peque\u00f1o despu\u00e9s de la inserci\u00f3n de SRH\") y persiste incluso despu\u00e9s de el commit 7a3f5b0de364 (\"netfilter: agregue enlaces de netfilter al plano de datos SRv6\"), donde todo el seg6_input( ) el c\u00f3digo fue refactorizado para lidiar con los ganchos de netfilter. El parche propuesto aborda la p\u00e9rdida de memoria identificada al requerir que la funci\u00f3n seg6_input_core() libere sk_buff en caso de que skb_cow_head() falle."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/5447f9708d9e4c17a647b16a9cb29e9e02820bd9",
@ -36,6 +70,26 @@
{
"url": "https://git.kernel.org/stable/c/f5fec1588642e415a3d72e02140160661b303940",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/5447f9708d9e4c17a647b16a9cb29e9e02820bd9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/8f1fc3b86eaea70be6abcae2e9aa7e7b99453864",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/e8688218e38111ace457509d8f0cad75f79c1a7a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/f4df8c7670a73752201cbde215254598efdf6ce8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://git.kernel.org/stable/c/f5fec1588642e415a3d72e02140160661b303940",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

78
CVE-2024/CVE-2024-395xx/CVE-2024-39577.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-39577",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-09-26T18:15:05.717",
"lastModified": "2024-09-30T12:46:20.237",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"lastModified": "2024-11-25T18:20:36.807",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
@ -30,19 +31,37 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",
@ -51,10 +70,53 @@
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.3.0",
"versionEndExcluding": "10.5.3.11",
"matchCriteriaId": "0FD48013-CCE5-4E3C-ADA5-D00A72C2E599"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.4.0",
"versionEndExcluding": "10.5.4.12",
"matchCriteriaId": "6885B762-E718-4691-8E09-2A7FC2B6B454"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.5.0",
"versionEndExcluding": "10.5.5.11",
"matchCriteriaId": "47A5BFE6-63B4-441B-95AD-D53CEAD638C1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:dell:smartfabric_os10:*:*:*:*:*:*:*:*",
"versionStartIncluding": "10.5.6.0",
"versionEndExcluding": "10.5.6.4",
"matchCriteriaId": "7863BC08-9CB1-4269-A490-717834BD3B40"
}
]
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000228976/dsa-2024-274-security-update-for-dell-networking-os10-vulnerabilities",
"source": "security_alert@emc.com"
"source": "security_alert@emc.com",
"tags": [
"Vendor Advisory"
]
}
]
}

40
CVE-2024/CVE-2024-404xx/CVE-2024-40404.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-40404",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-13T23:15:03.867",
"lastModified": "2024-11-15T13:58:08.913",
"lastModified": "2024-11-25T20:15:06.890",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "Se descubri\u00f3 que Cybele Software Thinfinity Workspace anterior a v7.0.2.113 conten\u00eda un problema de control de acceso en el endpoint de API donde se establecen las conexiones Web Sockets."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/",

40
CVE-2024/CVE-2024-404xx/CVE-2024-40405.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-40405",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-13T23:15:03.930",
"lastModified": "2024-11-15T13:58:08.913",
"lastModified": "2024-11-25T20:15:07.150",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "El control de acceso incorrecto en Cybele Software Thinfinity Workspace anterior a v7.0.3.109 permite a los atacantes obtener acceso a un agente secundario a trav\u00e9s de una solicitud manipulada espec\u00edficamente para ello."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/",

28
CVE-2024/CVE-2024-404xx/CVE-2024-40407.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-40407",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-13T23:15:03.993",
"lastModified": "2024-11-15T13:58:08.913",
"lastModified": "2024-11-25T20:15:07.383",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,30 @@
"value": "Una divulgaci\u00f3n de ruta completa en Cybele Software Thinfinity Workspace anterior a v7.0.2.113 permite a los atacantes obtener la ruta ra\u00edz de la aplicaci\u00f3n a trav\u00e9s de vectores no especificados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"references": [
{
"url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/",

40
CVE-2024/CVE-2024-404xx/CVE-2024-40408.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-40408",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-13T23:15:04.060",
"lastModified": "2024-11-15T13:58:08.913",
"lastModified": "2024-11-25T20:15:07.617",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "Se descubri\u00f3 que la versi\u00f3n anterior a v7.0.2.113 de Cybele Software Thinfinity Workspace conten\u00eda un problema de control de acceso en la secci\u00f3n Crear perfil. Esta vulnerabilidad permite a los atacantes crear perfiles de usuario arbitrarios con privilegios elevados."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 3.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-306"
}
]
}
],
"references": [
{
"url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/",

40
CVE-2024/CVE-2024-404xx/CVE-2024-40410.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-40410",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-13T23:15:04.137",
"lastModified": "2024-11-15T13:58:08.913",
"lastModified": "2024-11-25T20:15:07.830",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "Se descubri\u00f3 que Cybele Software Thinfinity Workspace anterior a v7.0.2.113 conten\u00eda una clave criptogr\u00e1fica codificada utilizada para el cifrado."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://blog.cybelesoft.com/thinfinity-workspace-security-bulletin-nov-2024/",

40
CVE-2024/CVE-2024-445xx/CVE-2024-44575.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-44575",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-11T17:15:13.820",
"lastModified": "2024-09-12T12:35:54.013",
"lastModified": "2024-11-25T18:15:12.667",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "RELY-PCIe v22.2.1 a v23.1.0 no establece el atributo Seguro para cookies confidenciales en sesiones HTTPS, lo que podr\u00eda provocar que el agente de usuario env\u00ede esas cookies en texto plano a trav\u00e9s de una sesi\u00f3n HTTP."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.7,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
],
"references": [
{
"url": "http://system-on-chip.com",

40
CVE-2024/CVE-2024-452xx/CVE-2024-45201.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-45201",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-08-22T20:15:10.063",
"lastModified": "2024-08-23T16:18:28.547",
"lastModified": "2024-11-25T19:15:10.473",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "Se descubri\u00f3 un problema en llama_index antes del 0.10.38. download/integration.py incluye una llamada ejecutiva para importar {cls_name}."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"references": [
{
"url": "https://github.com/run-llama/llama_index/compare/v0.10.37...v0.10.38",

76
CVE-2024/CVE-2024-453xx/CVE-2024-45348.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-45348",
"sourceIdentifier": "security@xiaomi.com",
"published": "2024-09-23T09:15:02.960",
"lastModified": "2024-09-26T13:32:55.343",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"lastModified": "2024-11-25T17:14:11.713",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
@ -23,6 +22,8 @@
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
@ -30,12 +31,30 @@
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
@ -49,12 +68,55 @@
"value": "CWE-77"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
}
],
"configurations": [
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:mi:ax9000_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.0.174",
"matchCriteriaId": "7688CC6F-000D-4B68-B806-EBDF2ABDCF61"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:mi:ax9000:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A5F71A5A-A7D4-4218-B371-25BE040BB320"
}
]
}
]
}
],
"references": [
{
"url": "https://trust.mi.com/zh-CN/misrc/bulletins/advisory?cveId=547",
"source": "security@xiaomi.com"
"source": "security@xiaomi.com",
"tags": [
"Vendor Advisory"
]
}
]
}

44
CVE-2024/CVE-2024-457xx/CVE-2024-45751.json
View File

@ -2,9 +2,8 @@
"id": "CVE-2024-45751",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-09-06T05:15:13.840",
"lastModified": "2024-09-10T12:15:01.857",
"lastModified": "2024-11-25T20:15:08.047",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
@ -15,7 +14,42 @@
"value": "tgt (tambi\u00e9n conocido como Linux Target Framework) antes de la versi\u00f3n 1.0.93 intenta lograr entrop\u00eda llamando a rand sin srand. La semilla PRNG siempre es 1 y, por lo tanto, la secuencia de desaf\u00edos siempre es id\u00e9ntica."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-338"
}
]
}
],
"references": [
{
"url": "https://github.com/fujita/tgt/compare/v1.0.92...v1.0.93",
@ -28,6 +62,10 @@
{
"url": "https://www.openwall.com/lists/oss-security/2024/09/07/2",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/09/07/2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

Some files were not shown because too many files have changed in this diff Show More