From 9dc793f03ef6a2a3c4b6ae0e56e46ec044f756d3 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 6 Nov 2024 19:03:22 +0000 Subject: [PATCH] Auto-Update: 2024-11-06T19:00:21.748867+00:00 --- CVE-2020/CVE-2020-118xx/CVE-2020-11859.json | 4 +- CVE-2021/CVE-2021-471xx/CVE-2021-47126.json | 39 +- CVE-2021/CVE-2021-474xx/CVE-2021-47443.json | 27 +- CVE-2023/CVE-2023-209xx/CVE-2023-20918.json | 14 +- CVE-2023/CVE-2023-209xx/CVE-2023-20942.json | 14 +- CVE-2023/CVE-2023-212xx/CVE-2023-21238.json | 14 +- CVE-2023/CVE-2023-212xx/CVE-2023-21239.json | 14 +- CVE-2023/CVE-2023-212xx/CVE-2023-21246.json | 14 +- CVE-2023/CVE-2023-291xx/CVE-2023-29116.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29117.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29118.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29119.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29120.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29121.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29122.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29125.json | 8 +- CVE-2023/CVE-2023-291xx/CVE-2023-29126.json | 8 +- CVE-2023/CVE-2023-375xx/CVE-2023-37563.json | 12 +- CVE-2023/CVE-2023-458xx/CVE-2023-45860.json | 39 +- CVE-2023/CVE-2023-525xx/CVE-2023-52571.json | 27 +- CVE-2023/CVE-2023-526xx/CVE-2023-52687.json | 27 +- CVE-2023/CVE-2023-526xx/CVE-2023-52699.json | 27 +- CVE-2023/CVE-2023-528xx/CVE-2023-52862.json | 39 +- CVE-2024/CVE-2024-01xx/CVE-2024-0134.json | 8 +- CVE-2024/CVE-2024-100xx/CVE-2024-10020.json | 8 +- CVE-2024/CVE-2024-100xx/CVE-2024-10028.json | 8 +- CVE-2024/CVE-2024-100xx/CVE-2024-10081.json | 4 +- CVE-2024/CVE-2024-100xx/CVE-2024-10082.json | 4 +- CVE-2024/CVE-2024-100xx/CVE-2024-10084.json | 8 +- CVE-2024/CVE-2024-101xx/CVE-2024-10168.json | 4 +- CVE-2024/CVE-2024-101xx/CVE-2024-10186.json | 4 +- CVE-2024/CVE-2024-103xx/CVE-2024-10318.json | 100 ++++ CVE-2024/CVE-2024-105xx/CVE-2024-10501.json | 65 ++- CVE-2024/CVE-2024-105xx/CVE-2024-10502.json | 65 ++- CVE-2024/CVE-2024-105xx/CVE-2024-10535.json | 8 +- CVE-2024/CVE-2024-105xx/CVE-2024-10543.json | 8 +- CVE-2024/CVE-2024-106xx/CVE-2024-10647.json | 8 +- CVE-2024/CVE-2024-107xx/CVE-2024-10715.json | 4 +- CVE-2024/CVE-2024-107xx/CVE-2024-10751.json | 76 ++- CVE-2024/CVE-2024-107xx/CVE-2024-10753.json | 71 ++- CVE-2024/CVE-2024-108xx/CVE-2024-10826.json | 60 ++ CVE-2024/CVE-2024-108xx/CVE-2024-10827.json | 60 ++ CVE-2024/CVE-2024-109xx/CVE-2024-10914.json | 4 +- CVE-2024/CVE-2024-109xx/CVE-2024-10915.json | 4 +- CVE-2024/CVE-2024-109xx/CVE-2024-10916.json | 4 +- CVE-2024/CVE-2024-109xx/CVE-2024-10919.json | 4 +- CVE-2024/CVE-2024-109xx/CVE-2024-10920.json | 4 +- CVE-2024/CVE-2024-203xx/CVE-2024-20371.json | 56 ++ CVE-2024/CVE-2024-204xx/CVE-2024-20418.json | 56 ++ CVE-2024/CVE-2024-204xx/CVE-2024-20445.json | 56 ++ CVE-2024/CVE-2024-204xx/CVE-2024-20457.json | 56 ++ CVE-2024/CVE-2024-204xx/CVE-2024-20476.json | 56 ++ CVE-2024/CVE-2024-204xx/CVE-2024-20484.json | 56 ++ CVE-2024/CVE-2024-204xx/CVE-2024-20487.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20504.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20507.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20511.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20514.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20525.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20527.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20528.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20529.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20530.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20531.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20532.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20533.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20534.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20536.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20537.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20538.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20539.json | 56 ++ CVE-2024/CVE-2024-205xx/CVE-2024-20540.json | 56 ++ CVE-2024/CVE-2024-220xx/CVE-2024-22006.json | 27 +- CVE-2024/CVE-2024-227xx/CVE-2024-22778.json | 27 +- CVE-2024/CVE-2024-236xx/CVE-2024-23674.json | 39 +- CVE-2024/CVE-2024-268xx/CVE-2024-26857.json | 27 +- CVE-2024/CVE-2024-269xx/CVE-2024-26915.json | 27 +- CVE-2024/CVE-2024-274xx/CVE-2024-27435.json | 27 +- CVE-2024/CVE-2024-282xx/CVE-2024-28265.json | 43 +- CVE-2024/CVE-2024-346xx/CVE-2024-34673.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34674.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34675.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34676.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34677.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34678.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34679.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34680.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34681.json | 8 +- CVE-2024/CVE-2024-346xx/CVE-2024-34682.json | 8 +- CVE-2024/CVE-2024-351xx/CVE-2024-35146.json | 4 +- CVE-2024/CVE-2024-360xx/CVE-2024-36050.json | 27 +- CVE-2024/CVE-2024-369xx/CVE-2024-36944.json | 27 +- CVE-2024/CVE-2024-384xx/CVE-2024-38449.json | 39 +- CVE-2024/CVE-2024-385xx/CVE-2024-38544.json | 27 +- CVE-2024/CVE-2024-385xx/CVE-2024-38593.json | 27 +- CVE-2024/CVE-2024-411xx/CVE-2024-41141.json | 39 +- CVE-2024/CVE-2024-425xx/CVE-2024-42509.json | 4 +- CVE-2024/CVE-2024-439xx/CVE-2024-43924.json | 47 +- CVE-2024/CVE-2024-451xx/CVE-2024-45164.json | 34 +- CVE-2024/CVE-2024-451xx/CVE-2024-45184.json | 39 +- CVE-2024/CVE-2024-457xx/CVE-2024-45785.json | 58 +- CVE-2024/CVE-2024-471xx/CVE-2024-47158.json | 59 +- CVE-2024/CVE-2024-474xx/CVE-2024-47460.json | 4 +- CVE-2024/CVE-2024-474xx/CVE-2024-47461.json | 4 +- CVE-2024/CVE-2024-474xx/CVE-2024-47462.json | 4 +- CVE-2024/CVE-2024-474xx/CVE-2024-47463.json | 4 +- CVE-2024/CVE-2024-474xx/CVE-2024-47464.json | 4 +- CVE-2024/CVE-2024-479xx/CVE-2024-47972.json | 14 +- CVE-2024/CVE-2024-481xx/CVE-2024-48176.json | 4 +- CVE-2024/CVE-2024-483xx/CVE-2024-48312.json | 8 +- CVE-2024/CVE-2024-487xx/CVE-2024-48746.json | 41 +- CVE-2024/CVE-2024-493xx/CVE-2024-49368.json | 307 +++++++++- CVE-2024/CVE-2024-493xx/CVE-2024-49377.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49401.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49402.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49403.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49404.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49405.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49406.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49407.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49408.json | 8 +- CVE-2024/CVE-2024-494xx/CVE-2024-49409.json | 8 +- CVE-2024/CVE-2024-495xx/CVE-2024-49522.json | 8 +- CVE-2024/CVE-2024-497xx/CVE-2024-49772.json | 8 +- CVE-2024/CVE-2024-497xx/CVE-2024-49773.json | 8 +- CVE-2024/CVE-2024-497xx/CVE-2024-49774.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50089.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50090.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50091.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50092.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50093.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50094.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50095.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50096.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50097.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50098.json | 8 +- CVE-2024/CVE-2024-500xx/CVE-2024-50099.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50100.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50101.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50102.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50103.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50104.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50105.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50106.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50107.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50108.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50109.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50110.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50111.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50112.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50113.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50114.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50115.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50116.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50117.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50118.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50119.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50120.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50121.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50122.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50123.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50124.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50125.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50126.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50127.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50128.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50129.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50130.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50131.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50132.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50133.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50134.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50135.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50136.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50137.json | 8 +- CVE-2024/CVE-2024-501xx/CVE-2024-50138.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50315.json | 16 + CVE-2024/CVE-2024-503xx/CVE-2024-50332.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50333.json | 8 +- CVE-2024/CVE-2024-503xx/CVE-2024-50335.json | 8 +- CVE-2024/CVE-2024-505xx/CVE-2024-50526.json | 51 +- CVE-2024/CVE-2024-505xx/CVE-2024-50527.json | 61 +- CVE-2024/CVE-2024-505xx/CVE-2024-50528.json | 63 ++- CVE-2024/CVE-2024-505xx/CVE-2024-50529.json | 51 +- CVE-2024/CVE-2024-505xx/CVE-2024-50530.json | 51 +- CVE-2024/CVE-2024-506xx/CVE-2024-50637.json | 29 + CVE-2024/CVE-2024-511xx/CVE-2024-51115.json | 41 +- CVE-2024/CVE-2024-511xx/CVE-2024-51116.json | 45 +- CVE-2024/CVE-2024-511xx/CVE-2024-51132.json | 8 +- CVE-2024/CVE-2024-512xx/CVE-2024-51240.json | 8 +- CVE-2024/CVE-2024-513xx/CVE-2024-51358.json | 4 +- CVE-2024/CVE-2024-513xx/CVE-2024-51362.json | 8 +- CVE-2024/CVE-2024-513xx/CVE-2024-51379.json | 45 +- CVE-2024/CVE-2024-513xx/CVE-2024-51380.json | 45 +- CVE-2024/CVE-2024-513xx/CVE-2024-51381.json | 45 +- CVE-2024/CVE-2024-513xx/CVE-2024-51382.json | 45 +- CVE-2024/CVE-2024-514xx/CVE-2024-51493.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51735.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51739.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51740.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51745.json | 10 +- CVE-2024/CVE-2024-517xx/CVE-2024-51746.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51752.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51753.json | 8 +- CVE-2024/CVE-2024-517xx/CVE-2024-51756.json | 10 +- CVE-2024/CVE-2024-517xx/CVE-2024-51774.json | 38 +- CVE-2024/CVE-2024-520xx/CVE-2024-52043.json | 4 +- CVE-2024/CVE-2024-66xx/CVE-2024-6626.json | 8 +- CVE-2024/CVE-2024-68xx/CVE-2024-6861.json | 4 +- CVE-2024/CVE-2024-78xx/CVE-2024-7879.json | 4 +- CVE-2024/CVE-2024-79xx/CVE-2024-7995.json | 8 +- CVE-2024/CVE-2024-83xx/CVE-2024-8323.json | 4 +- CVE-2024/CVE-2024-86xx/CVE-2024-8614.json | 4 +- CVE-2024/CVE-2024-86xx/CVE-2024-8615.json | 4 +- CVE-2024/CVE-2024-91xx/CVE-2024-9109.json | 37 +- CVE-2024/CVE-2024-93xx/CVE-2024-9307.json | 8 +- CVE-2024/CVE-2024-95xx/CVE-2024-9579.json | 8 +- CVE-2024/CVE-2024-96xx/CVE-2024-9681.json | 29 +- CVE-2024/CVE-2024-98xx/CVE-2024-9883.json | 64 ++- CVE-2024/CVE-2024-99xx/CVE-2024-9902.json | 4 +- CVE-2024/CVE-2024-99xx/CVE-2024-9934.json | 4 +- CVE-2024/CVE-2024-99xx/CVE-2024-9936.json | 39 +- CVE-2024/CVE-2024-99xx/CVE-2024-9946.json | 8 +- README.md | 92 +-- _state.csv | 596 ++++++++++---------- 225 files changed, 4946 insertions(+), 747 deletions(-) create mode 100644 CVE-2024/CVE-2024-103xx/CVE-2024-10318.json create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10826.json create mode 100644 CVE-2024/CVE-2024-108xx/CVE-2024-10827.json create mode 100644 CVE-2024/CVE-2024-203xx/CVE-2024-20371.json create mode 100644 CVE-2024/CVE-2024-204xx/CVE-2024-20418.json create mode 100644 CVE-2024/CVE-2024-204xx/CVE-2024-20445.json create mode 100644 CVE-2024/CVE-2024-204xx/CVE-2024-20457.json create mode 100644 CVE-2024/CVE-2024-204xx/CVE-2024-20476.json create mode 100644 CVE-2024/CVE-2024-204xx/CVE-2024-20484.json create mode 100644 CVE-2024/CVE-2024-204xx/CVE-2024-20487.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20504.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20507.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20511.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20514.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20525.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20527.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20528.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20529.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20530.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20531.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20532.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20533.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20534.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20536.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20537.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20538.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20539.json create mode 100644 CVE-2024/CVE-2024-205xx/CVE-2024-20540.json create mode 100644 CVE-2024/CVE-2024-503xx/CVE-2024-50315.json create mode 100644 CVE-2024/CVE-2024-506xx/CVE-2024-50637.json diff --git a/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json b/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json index 24e5fc760c1..713c8412a05 100644 --- a/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json +++ b/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json @@ -2,8 +2,8 @@ "id": "CVE-2020-11859", "sourceIdentifier": "security@opentext.com", "published": "2024-11-06T14:15:04.963", - "lastModified": "2024-11-06T14:15:04.963", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2021/CVE-2021-471xx/CVE-2021-47126.json b/CVE-2021/CVE-2021-471xx/CVE-2021-47126.json index 7c2cb1ecef0..5ff0c1ac92f 100644 --- a/CVE-2021/CVE-2021-471xx/CVE-2021-47126.json +++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47126.json @@ -2,7 +2,7 @@ "id": "CVE-2021-47126", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-15T21:15:07.357", - "lastModified": "2024-03-17T22:38:29.433", + "lastModified": "2024-11-06T17:35:01.970", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: Correcci\u00f3n KASAN: slab-out-of-bounds Leer en fib6_nh_flush_exceptions Reportado por syzbot: HEAD commit: 90c911ad Merge tag 'fixes' de git://git.kernel.org /pub/scm.. \u00e1rbol git: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git enlace del panel maestro: https://syzkaller.appspot.com/bug? extid=123aa35098fd3c000eb7 compilador: Debian clang versi\u00f3n 11.0.1-2 ===================================== ============================= ERROR: KASAN: losa fuera de los l\u00edmites en fib6_nh_get_excptn_bucket net/ipv6/route.c: 1604 [en l\u00ednea] ERROR: KASAN: losa fuera de los l\u00edmites en fib6_nh_flush_exceptions+0xbd/0x360 net/ipv6/route.c:1732 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880145c78f8 por la tarea syz-executor.4/17760 CPU: 0 PID : 17760 Comm: syz-executor.4 No contaminado 5.12.0-rc8-syzkaller #0 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:79 [en l\u00ednea] dump_stack+0x202/0x31e lib/dump_stack.c:120 print_address_description +0x5f/0x3b0 mm/kasan/report.c:232 __kasan_report mm/kasan/report.c:399 [en l\u00ednea] kasan_report+0x15c/0x200 mm/kasan/report.c:416 fib6_nh_get_excptn_bucket net/ipv6/route.c:1604 [en l\u00ednea] fib6_nh_flush_exceptions+0xbd/0x360 net/ipv6/route.c:1732 fib6_nh_release+0x9a/0x430 net/ipv6/route.c:3536 fib6_info_destroy_rcu+0xcb/0x1c0 net/ipv6/ip6_fib.c:174 rcu_do_batch kernel /rcu/ tree.c:2559 [en l\u00ednea] rcu_core+0x8f6/0x1450 kernel/rcu/tree.c:2794 __do_softirq+0x372/0x7a6 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [en l\u00ednea] __irq_exit_rcu+0x22c/0x260 kernel/softirq.c:422 irq_exit_rcu+0x5/0x20 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1100 asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/ include/asm/idtentry.h:632 RIP: 0010:lock_acquire+0x1f6/0x720 kernel/locking/lockdep.c:5515 C\u00f3digo: f6 84 24 a1 00 00 00 02 0f 85 8d 02 00 00 f7 c3 00 02 00 00 49 bd 00 00 00 00 00 fc ff df 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 4b c7 44 3d 09 00 00 00 00 43 c7 44 3d RSP: 0018:ffffc90009e06560 EFLAGS: 00000206 RAX: 1ffff920013c0cc0 RBX: 0000000000000246 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000 000000 RBP: ffffc90009e066e0 R08: dffffc0000000000 R09: ffffbfff1f992b1 R10: ffffbfff1f992b1 R11: 00000000000000000 R12: 0000000000000000 R13: dffff c0000000000 R14: 0000000000000000 R15: 1ffff920013c0cb4 rcu_lock_acquire+ 0x2a/0x30 include/linux/rcupdate.h:267 rcu_read_lock include/linux/rcupdate.h:656 [en l\u00ednea] ext4_get_group_info+0xea/0x340 fs/ext4/ext4.h:3231 text4_mb_prefetch+0x123/0x5d0 fs/ext4/mballoc. c:2212 ext4_mb_regular_allocator+0x8a5/0x28f0 fs/ext4/mballoc.c:2379 ext4_mb_new_blocks+0xc6e/0x24f0 fs/ext4/mballoc.c:4982 ext4_ext_map_blocks+0x2be3/0x7210 fs/ext4/extents.c :4238 text4_map_blocks+0xab3/0x1cb0 fs/ext4/inode.c:638 text4_getblk+0x187/0x6c0 fs/ext4/inode.c:848 text4_bread+0x2a/0x1c0 fs/ext4/inode.c:900 text4_append+0x1a4/0x360 fs/ext4/namei.c: 67 ext4_init_new_dir+0x337/0xa10 fs/ext4/namei.c:2768 ext4_mkdir+0x4b8/0xc00 fs/ext4/namei.c:2814 vfs_mkdir+0x45b/0x640 fs/namei.c:3819 ovl_do_mkdir fs/overlayfs/over layfs.h: 161 [en l\u00ednea] ovl_mkdir_real+0x53/0x1a0 fs/overlayfs/dir.c:146 ovl_create_real+0x280/0x490 fs/overlayfs/dir.c:193 ovl_workdir_create+0x425/0x600 fs/overlayfs/super.c:788 ovl_make_workdir+0 fijo/ 0x1140 fs/overlayfs/super.c:1355 ovl_get_workdir fs/overlayfs/super.c:1492 [en l\u00ednea] ovl_fill_super+0x39ee/0x5370 fs/overlayfs/super.c:2035 mount_nodev+0x52/0xe0 fs/super.c:1413 Legacy_get_tree +0xea/0x180 fs/fs_context.c:592 vfs_get_tree+0x86/0x270 fs/super.c:1497 do_new_mount fs/namespace.c:2903 [en l\u00ednea] path_mount+0x196f/0x2be0 fs/namespace.c:3233 do_mount fs/namespace .c:3246 [en l\u00ednea]---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/09870235827451409ff546b073d754a19fd17e2e", diff --git a/CVE-2021/CVE-2021-474xx/CVE-2021-47443.json b/CVE-2021/CVE-2021-474xx/CVE-2021-47443.json index 7f25328a298..77015950434 100644 --- a/CVE-2021/CVE-2021-474xx/CVE-2021-47443.json +++ b/CVE-2021/CVE-2021-474xx/CVE-2021-47443.json @@ -2,7 +2,7 @@ "id": "CVE-2021-47443", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-22T07:15:09.570", - "lastModified": "2024-05-22T12:46:53.887", + "lastModified": "2024-11-06T17:35:03.030", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: NFC: digital: corrige una posible p\u00e9rdida de memoria en digital_tg_listen_mdaa() Los 'params' se asignan en digital_tg_listen_mdaa(), pero no est\u00e1n libres cuando falla digital_send_cmd(), lo que provocar\u00e1 una p\u00e9rdida de memoria. Solucionelo liberando 'params' si falla la devoluci\u00f3n de digital_send_cmd()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/3f2960b39f22e26cf8addae93c3f5884d1c183c9", diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json index bd72f595bc0..0b6ed317fa7 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20918", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.317", - "lastModified": "2023-07-25T18:02:46.967", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-06T17:35:20.907", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json b/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json index c6e4eab7020..6db6d375732 100644 --- a/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json +++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json @@ -2,8 +2,8 @@ "id": "CVE-2023-20942", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.363", - "lastModified": "2023-07-25T17:42:56.930", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-06T17:35:21.643", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json index ebedfe0299a..e7ee37f7125 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21238", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.457", - "lastModified": "2023-07-25T18:01:59.637", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-06T17:35:22.390", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json index 649a954940f..6fb416a5fc0 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21239", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.503", - "lastModified": "2023-07-25T18:02:14.360", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-06T17:35:23.130", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "NVD-CWE-Other" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json index 3f8020cde29..f31e4196151 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21246", "sourceIdentifier": "security@android.com", "published": "2023-07-13T00:15:23.727", - "lastModified": "2023-07-25T16:16:17.067", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-06T18:35:00.933", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -45,6 +45,16 @@ "value": "CWE-754" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-273" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29116.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29116.json index 3b020a9f75c..fe1ba58fa27 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29116.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29116.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29116", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:15.307", - "lastModified": "2024-11-05T16:15:15.307", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained." + }, + { + "lang": "es", + "value": " En determinadas condiciones, a trav\u00e9s de una solicitud dirigida a la aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X, se podr\u00eda obtener informaci\u00f3n como la versi\u00f3n del sistema operativo Waybox o detalles de configuraci\u00f3n del servicio." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29117.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29117.json index 6a9e7ccab19..c70a3357a02 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29117.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29117.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29117", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:15.543", - "lastModified": "2024-11-05T16:15:15.543", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Waybox Enel X web management API authentication could be bypassed and provide administrator\u2019s privileges over the Waybox system." + }, + { + "lang": "es", + "value": " La autenticaci\u00f3n de la API de gesti\u00f3n web de Waybox Enel X podr\u00eda omitirse y proporcionar privilegios de administrador sobre el sistema Waybox." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29118.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29118.json index 9f26afd4e6e..b8ec8a1a53a 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29118.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29118.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29118", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:15.760", - "lastModified": "2024-11-05T16:15:15.760", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Waybox Enel X web management application could execute arbitrary requests on the internal database via\u00a0/admin/versions.php." + }, + { + "lang": "es", + "value": " La aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X podr\u00eda ejecutar solicitudes arbitrarias en la base de datos interna a trav\u00e9s de /admin/versions.php." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29119.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29119.json index ce296c2d37a..ded1fa7e9d2 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29119.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29119.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29119", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:15.983", - "lastModified": "2024-11-05T16:15:15.983", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Waybox Enel X web management application could execute arbitrary requests on the internal database via\u00a0/admin/dbstore.php." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X podr\u00eda ejecutar solicitudes arbitrarias en la base de datos interna a trav\u00e9s de /admin/dbstore.php." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29120.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29120.json index c6b6c9c7841..71cfcecfa94 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29120.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29120.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29120", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:16.190", - "lastModified": "2024-11-05T16:15:16.190", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator\u2019s privileges over the Waybox system." + }, + { + "lang": "es", + "value": " La aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X podr\u00eda usarse para ejecutar comandos arbitrarios del sistema operativo y proporcionar privilegios de administrador sobre el sistema Waybox." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29121.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29121.json index bfb81f54ad8..7e6bad46526 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29121.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29121.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29121", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:16.377", - "lastModified": "2024-11-05T16:15:16.377", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Waybox Enel TCF Agent service could be used to get administrator\u2019s privileges over the Waybox system." + }, + { + "lang": "es", + "value": " El servicio Waybox Enel TCF Agent se puede utilizar para obtener privilegios de administrador en el sistema Waybox." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29122.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29122.json index 6ff873c499f..ce3f49a8912 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29122.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29122.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29122", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:16.577", - "lastModified": "2024-11-05T16:15:16.577", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Under certain conditions, access to service libraries is granted to account they should not have access to." + }, + { + "lang": "es", + "value": " Bajo ciertas condiciones, se concede acceso a las librer\u00edas de servicios a cuentas a las que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29125.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29125.json index e4416fab6e7..70d0da03b71 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29125.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29125.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29125", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:16.770", - "lastModified": "2024-11-05T16:15:16.770", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700." + }, + { + "lang": "es", + "value": " Se podr\u00eda provocar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico al enviar un paquete espec\u00edfico al puerto TCP 7700." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-291xx/CVE-2023-29126.json b/CVE-2023/CVE-2023-291xx/CVE-2023-29126.json index 4f9957540db..94c3ee02b64 100644 --- a/CVE-2023/CVE-2023-291xx/CVE-2023-29126.json +++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29126.json @@ -2,13 +2,17 @@ "id": "CVE-2023-29126", "sourceIdentifier": "cve@asrg.io", "published": "2024-11-05T16:15:16.950", - "lastModified": "2024-11-05T16:15:16.950", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication." + }, + { + "lang": "es", + "value": " La aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X contiene una vulnerabilidad de tipo PHP que puede permitir un proceso de fuerza bruta y bajo ciertas condiciones omitir la autenticaci\u00f3n." } ], "metrics": { diff --git a/CVE-2023/CVE-2023-375xx/CVE-2023-37563.json b/CVE-2023/CVE-2023-375xx/CVE-2023-37563.json index bff7223ac98..8bd704426d4 100644 --- a/CVE-2023/CVE-2023-375xx/CVE-2023-37563.json +++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37563.json @@ -2,7 +2,7 @@ "id": "CVE-2023-37563", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2023-07-13T03:15:09.927", - "lastModified": "2023-08-18T10:15:10.483", + "lastModified": "2024-11-06T18:35:04.220", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -45,6 +45,16 @@ "value": "NVD-CWE-noinfo" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-922" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-458xx/CVE-2023-45860.json b/CVE-2023/CVE-2023-458xx/CVE-2023-45860.json index e73a2545a3e..589f9216b3e 100644 --- a/CVE-2023/CVE-2023-458xx/CVE-2023-45860.json +++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45860.json @@ -2,7 +2,7 @@ "id": "CVE-2023-45860", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-16T10:15:08.080", - "lastModified": "2024-02-16T13:37:51.433", + "lastModified": "2024-11-06T17:35:24.870", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En Hazelcast Platform hasta 5.3.4, existe un problema de seguridad dentro de la asignaci\u00f3n SQL para el conector de origen de archivos CSV. Este problema surge de una verificaci\u00f3n inadecuada de permisos, que podr\u00eda permitir que clientes no autorizados accedan a datos de archivos almacenados en el sistema de archivos de un miembro." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], "references": [ { "url": "https://github.com/hazelcast/hazelcast/pull/25348", diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52571.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52571.json index d6b9aeca34b..16dd57f40e5 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52571.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52571.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52571", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:49.257", - "lastModified": "2024-03-04T13:58:23.447", + "lastModified": "2024-11-06T17:35:25.707", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: power: Supply: rk817: reparar la fuga de recuento de nodos Dan Carpenter informa que la advertencia del verificador est\u00e1tico Smatch encontr\u00f3 que hay otra fuga de recuento en la funci\u00f3n de sonda. Si bien of_node_put() se agreg\u00f3 en una de las rutas de retorno, de hecho deber\u00eda agregarse para TODAS las rutas de retorno que devuelven un error y en el momento de eliminar el controlador." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695", diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52687.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52687.json index da035680a18..3fb2dcf22dc 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52687.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52687.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52687", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T15:15:19.810", - "lastModified": "2024-05-17T18:35:35.070", + "lastModified": "2024-11-06T17:35:25.900", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: safexcel - A\u00f1adir manejo de errores para llamadas a dma_map_sg() La macro dma_map_sg() puede devolver 0 en caso de error. Este parche permite realizar comprobaciones en caso de fallo de la macro y garantiza la eliminaci\u00f3n de la asignaci\u00f3n de b\u00faferes previamente asignados con dma_unmap_sg(). Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico SVACE." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/4c0ac81a172a69a7733290915276672787e904ec", diff --git a/CVE-2023/CVE-2023-526xx/CVE-2023-52699.json b/CVE-2023/CVE-2023-526xx/CVE-2023-52699.json index 1cef44d0363..e39dcbe34e2 100644 --- a/CVE-2023/CVE-2023-526xx/CVE-2023-52699.json +++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52699.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52699", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-19T11:15:47.507", - "lastModified": "2024-11-04T13:16:47.650", + "lastModified": "2024-11-06T17:35:26.090", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sysv: no llame a sb_bread() con pointers_lock retenido syzbot informa suspensi\u00f3n en contexto at\u00f3mico en el sistema de archivos SysV [1], porque sb_bread() se llama con rw_spinlock retenido. Un error \"write_lock(&pointers_lock) => read_lock(&pointers_lock) deadlock\" y un error \"sb_bread() with write_lock(&pointers_lock)\" fueron introducidos por \"Reemplazar BKL para bloqueo de cadena con sysvfs-private rwlock\" en Linux 2.5.12. Luego, \"[PATCH] err1-40: correcci\u00f3n de bloqueo de sysvfs\" en Linux 2.6.8 solucion\u00f3 el error anterior moviendo el bloqueo pointers_lock a las personas que llaman, pero en su lugar introdujo un error \"sb_bread() con read_lock(&pointers_lock)\" (que hizo que esto problema m\u00e1s f\u00e1cil de abordar). Al Viro sugiri\u00f3 que por qu\u00e9 no hacer lo que hace get_branch()/get_block()/find_shared() en el sistema de archivos Minix. Y hacer eso es casi una reversi\u00f3n de \"[PATCH] err1-40: correcci\u00f3n de bloqueo de sysvfs\", excepto que get_branch() de find_shared() se llama sin write_lock(&pointers_lock)." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76", diff --git a/CVE-2023/CVE-2023-528xx/CVE-2023-52862.json b/CVE-2023/CVE-2023-528xx/CVE-2023-52862.json index c372196e34c..09e9337fd1d 100644 --- a/CVE-2023/CVE-2023-528xx/CVE-2023-52862.json +++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52862.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52862", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-21T16:15:23.150", - "lastModified": "2024-05-21T16:53:56.550", + "lastModified": "2024-11-06T17:35:26.283", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: corrige la desreferencia del puntero null en el mensaje de error. Este parche corrige una desreferencia del puntero null en el mensaje de error que se imprime cuando el Display Core (DC) no se inicializa. El mensaje original incluye el n\u00famero de versi\u00f3n del DC, que no est\u00e1 definido si el DC no est\u00e1 inicializado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0c3601a2fbfb265ce283651480e30c8e60459112", diff --git a/CVE-2024/CVE-2024-01xx/CVE-2024-0134.json b/CVE-2024/CVE-2024-01xx/CVE-2024-0134.json index d9c853f3e2a..a0a1308497f 100644 --- a/CVE-2024/CVE-2024-01xx/CVE-2024-0134.json +++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0134.json @@ -2,13 +2,17 @@ "id": "CVE-2024-0134", "sourceIdentifier": "psirt@nvidia.com", "published": "2024-11-05T19:15:05.203", - "lastModified": "2024-11-05T19:15:05.203", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering." + }, + { + "lang": "es", + "value": " NVIDIA Container Toolkit y NVIDIA GPU Operator para Linux contienen una vulnerabilidad de UNIX en la que una imagen de contenedor especialmente manipulada puede provocar la creaci\u00f3n de archivos no autorizados en el host. El nombre y la ubicaci\u00f3n de los archivos no pueden ser controlados por un atacante. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la manipulaci\u00f3n de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10020.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10020.json index 0ef4852ee5e..f7eca8f9cbf 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10020.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10020.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10020", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T07:15:03.377", - "lastModified": "2024-11-06T07:15:03.377", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login." + }, + { + "lang": "es", + "value": "El complemento de WordPress Heateor Social Login para WordPress es vulnerable a la omisi\u00f3n de la autenticaci\u00f3n en todas las versiones hasta la 1.1.35 incluida. Esto se debe a que el token de inicio de sesi\u00f3n social no verifica lo suficiente el usuario que devuelve. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, si tienen acceso al correo electr\u00f3nico y el usuario no tiene una cuenta ya existente para el servicio que devuelve el token. Un atacante no puede autenticarse como administrador de forma predeterminada, pero estas cuentas tambi\u00e9n corren riesgo si se ha permitido expl\u00edcitamente la autenticaci\u00f3n para administradores a trav\u00e9s del inicio de sesi\u00f3n social." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10028.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10028.json index 541bae22a53..faff6befc02 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10028.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10028.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10028", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T00:15:13.000", - "lastModified": "2024-11-06T00:15:13.000", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup." + }, + { + "lang": "es", + "value": "El complemento Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.2.13 incluida a trav\u00e9s del archivo de estad\u00edsticas del proceso expuesto durante el proceso de copia de seguridad. Esto permite que atacantes no autenticados obtengan un nombre de archivo y descarguen la copia de seguridad del sitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10081.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10081.json index 7ded0ff9d3f..be9a95d1d45 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10081.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10081.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10081", "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "published": "2024-11-06T15:15:11.480", - "lastModified": "2024-11-06T15:15:11.480", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10082.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10082.json index e64ae7251ed..87b0997e34e 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10082.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10082.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10082", "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf", "published": "2024-11-06T15:15:11.760", - "lastModified": "2024-11-06T15:15:11.760", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-100xx/CVE-2024-10084.json b/CVE-2024/CVE-2024-100xx/CVE-2024-10084.json index 8e761354775..d00a048b541 100644 --- a/CVE-2024/CVE-2024-100xx/CVE-2024-10084.json +++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10084.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10084", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-05T22:15:20.680", - "lastModified": "2024-11-05T22:15:20.680", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own." + }, + { + "lang": "es", + "value": " El complemento Contact Form 7 \u2013 Dynamic Text Extension para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n b\u00e1sica en todas las versiones hasta la 4.5 incluida a trav\u00e9s del c\u00f3digo corto CF7_get_post_var. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, extraigan los t\u00edtulos y el contenido de texto de publicaciones privadas y protegidas con contrase\u00f1a que no son de su propiedad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json index ecfa56755ff..8709d3c644b 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10168", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T12:15:03.400", - "lastModified": "2024-11-06T12:15:03.400", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json index b6c5bcb554c..969c2bc701c 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10186", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T13:15:03.163", - "lastModified": "2024-11-06T13:15:03.163", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json new file mode 100644 index 00000000000..d4fb923fafd --- /dev/null +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-10318", + "sourceIdentifier": "f5sirt@f5.com", + "published": "2024-11-06T17:15:13.680", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "f5sirt@f5.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "f5sirt@f5.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "f5sirt@f5.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-384" + } + ] + } + ], + "references": [ + { + "url": "https://my.f5.com/manage/s/article/K000148232", + "source": "f5sirt@f5.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10501.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10501.json index da38ed5c994..773f2813020 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10501.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10501.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10501", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-30T01:15:03.107", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:20:32.857", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", + "matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74" + } + ] + } + ] + } + ], "references": [ { "url": "https://flowus.cn/share/95cc2cb9-7ab2-4eba-969f-f836fac1deb4?code=G8A6P3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.282441", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.282441", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.427398", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10502.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10502.json index 799ae51e2a2..1ffbb1f7df2 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10502.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10502.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10502", "sourceIdentifier": "cna@vuldb.com", "published": "2024-10-30T01:15:03.377", - "lastModified": "2024-11-01T12:57:03.417", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:20:59.217", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -120,22 +140,55 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*", + "matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74" + } + ] + } + ] + } + ], "references": [ { "url": "https://flowus.cn/share/f1f8c6bd-057f-406b-9421-ab6cee169980?code=G8A6P3", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.282442", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.282442", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.427399", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10535.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10535.json index 2465ccf510f..6c05a35d95c 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10535.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10535.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10535", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T07:15:03.880", - "lastModified": "2024-11-06T07:15:03.880", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory." + }, + { + "lang": "es", + "value": "El complemento Video Gallery for WooCommerce para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n remove_unused_thumbnails() en todas las versiones hasta la 1.31 incluida. Esto permite que atacantes no autenticados eliminen miniaturas en el directorio video-wc-gallery-thumb." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10543.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10543.json index 91fc09fb9f2..0c039b9ddd5 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10543.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10543.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10543", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T07:15:04.160", - "lastModified": "2024-11-06T07:15:04.160", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information." + }, + { + "lang": "es", + "value": "El complemento Tumult Hype Animations para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n hypeanimations_getcontent en todas las versiones hasta la 1.9.14 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, recuperen informaci\u00f3n de las animaciones." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10647.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10647.json index 221841980b7..ad651c78cb3 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10647.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10647.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10647", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T02:15:15.930", - "lastModified": "2024-11-06T02:15:15.930", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress para WordPress es vulnerable a ataques de Cross-Site Scripting reflejado debido al uso de remove_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 1.9.244 incluida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json index 85c860bc7f1..d8e4a74f956 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10715", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T11:15:03.353", - "lastModified": "2024-11-06T11:15:03.353", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10751.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10751.json index 772378d4a8e..98798c3ad21 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10751.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10751.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10751", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-04T02:15:14.993", - "lastModified": "2024-11-04T18:50:05.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:34:57.597", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Codezips ISP Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file pay.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": " Se encontr\u00f3 una vulnerabilidad en Codezips ISP Management System 1.0 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo pay.php. La manipulaci\u00f3n del argumento customer conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { @@ -57,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -105,6 +129,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -116,22 +150,52 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:codezips:isp_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "0FF6890C-7A61-46EA-AF5D-FAB569F6DAD2" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/JiangJiangCC/CVE/issues/1", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.282920", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.282920", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.436296", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10753.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10753.json index 197e5bd78cd..031263b85da 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10753.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10753.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10753", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-04T02:15:15.613", - "lastModified": "2024-11-04T18:50:05.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:42:14.277", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Online Shopping Portal 2.0. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. La manipulaci\u00f3n del argumento scripts de conduce a cross site scripting. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { @@ -57,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -116,26 +140,59 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*", + "matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(dom_data_two_headers.php).md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://phpgurukul.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://vuldb.com/?ctiid.282922", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required" + ] }, { "url": "https://vuldb.com/?id.282922", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.436375", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json new file mode 100644 index 00000000000..9cddae7da91 --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10826", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-11-06T17:15:13.930", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/370217726", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json new file mode 100644 index 00000000000..c2ed7ce32c4 --- /dev/null +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-10827", + "sourceIdentifier": "chrome-cve-admin@google.com", + "published": "2024-11-06T17:15:14.030", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "chrome-cve-admin@google.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html", + "source": "chrome-cve-admin@google.com" + }, + { + "url": "https://issues.chromium.org/issues/375065084", + "source": "chrome-cve-admin@google.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json index feaf56ee57e..ee73f3fb58e 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10914", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T14:15:05.310", - "lastModified": "2024-11-06T14:15:05.310", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json index 81bc5c3ff15..ec2e32be52b 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10915", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T14:15:05.783", - "lastModified": "2024-11-06T14:15:05.783", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json index 42ab0551aa0..2c32937f8a8 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10916", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T15:15:12.123", - "lastModified": "2024-11-06T16:15:05.450", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10919.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10919.json index d824a5a18d9..2154e4470dc 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10919.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10919.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10919", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T16:15:05.610", - "lastModified": "2024-11-06T16:15:05.610", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10920.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10920.json index fe2180a2d17..bc69e073c4a 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10920.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10920.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10920", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-06T16:15:05.930", - "lastModified": "2024-11-06T16:15:05.930", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-203xx/CVE-2024-20371.json b/CVE-2024/CVE-2024-203xx/CVE-2024-20371.json new file mode 100644 index 00000000000..c9e64735df8 --- /dev/null +++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20371.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20371", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:14.187", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device. \r\n\r\nThis vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-264" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20418.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20418.json new file mode 100644 index 00000000000..24d45a15f85 --- /dev/null +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20418.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20418", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:14.453", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.\r\n\r\nThis vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20445.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20445.json new file mode 100644 index 00000000000..0ef806babe3 --- /dev/null +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20445.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20445", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:14.830", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20457.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20457.json new file mode 100644 index 00000000000..6f27f47222e --- /dev/null +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20457.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20457", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:15.107", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20476.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20476.json new file mode 100644 index 00000000000..a125e46c414 --- /dev/null +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20476.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20476", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:15.337", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions.\r\n\r\nThis vulnerability is due to lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload files to a location that should be restricted. To exploit this vulnerability, an attacker would need valid Read-Only Administrator credentials." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-602" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20484.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20484.json new file mode 100644 index 00000000000..8830e9fbac4 --- /dev/null +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20484.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20484", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:15.580", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources > Services > Unified CCE > EAAS, then click Start." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-204xx/CVE-2024-20487.json b/CVE-2024/CVE-2024-204xx/CVE-2024-20487.json new file mode 100644 index 00000000000..ad76831aabb --- /dev/null +++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20487.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20487", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:15.833", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20504.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20504.json new file mode 100644 index 00000000000..e854a2fc279 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20504.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20504", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:16.053", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-80" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20507.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20507.json new file mode 100644 index 00000000000..e36faa4eaa4 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20507.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20507", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:16.257", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-info-disc-9ZEMAhGA", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20511.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20511.json new file mode 100644 index 00000000000..5a3e7161057 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20511.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20511", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:16.467", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20514.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20514.json new file mode 100644 index 00000000000..11a8fa36ec2 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20514.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20514", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:16.687", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-yyf2zkXs", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20525.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20525.json new file mode 100644 index 00000000000..c793c6dc600 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20525.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20525", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:16.927", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20527.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20527.json new file mode 100644 index 00000000000..096e3474fe9 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20527.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20527", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:17.147", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20528.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20528.json new file mode 100644 index 00000000000..6dc6f124386 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20528.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20528", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:17.373", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to upload custom files to arbitrary locations on the underlying operating system, execute arbitrary code, and elevate privileges to root." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.8, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20529.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20529.json new file mode 100644 index 00000000000..071a0a60d71 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20529.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20529", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:17.593", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20530.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20530.json new file mode 100644 index 00000000000..580d8e979ab --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20530.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20530", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:17.793", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20531.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20531.json new file mode 100644 index 00000000000..b7c0dc64d0f --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20531.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20531", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:18.043", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-611" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20532.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20532.json new file mode 100644 index 00000000000..fc007e67425 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20532.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20532", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:18.270", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20533.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20533.json new file mode 100644 index 00000000000..2316e982de6 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20533.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20533", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:18.700", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20534.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20534.json new file mode 100644 index 00000000000..4ea69517006 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20534.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20534", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:18.927", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20536.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20536.json new file mode 100644 index 00000000000..4ee54ebcb8d --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20536.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20536", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:19.140", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device. " + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20537.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20537.json new file mode 100644 index 00000000000..f8a6b095202 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20537.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20537", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:19.350", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.\r\n\r\nThis vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to conduct administrative functions beyond their intended access level. To exploit this vulnerability, an attacker would need Read-Only Administrator credentials." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20538.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20538.json new file mode 100644 index 00000000000..2d90bd15694 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20538.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20538", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:19.563", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20539.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20539.json new file mode 100644 index 00000000000..6a67a3c3e47 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20539.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20539", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:19.767", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials on an affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-205xx/CVE-2024-20540.json b/CVE-2024/CVE-2024-205xx/CVE-2024-20540.json new file mode 100644 index 00000000000..8fa3a2d2b08 --- /dev/null +++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20540.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-20540", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-06T17:15:19.977", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-220xx/CVE-2024-22006.json b/CVE-2024/CVE-2024-220xx/CVE-2024-22006.json index 224e9167007..45a3e5b5594 100644 --- a/CVE-2024/CVE-2024-220xx/CVE-2024-22006.json +++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22006.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22006", "sourceIdentifier": "dsap-vuln-management@google.com", "published": "2024-03-11T19:15:47.187", - "lastModified": "2024-03-15T20:15:07.573", + "lastModified": "2024-11-06T18:35:05.707", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "El kernel de Android permite la divulgaci\u00f3n de informaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, "references": [ { "url": "https://source.android.com/security/bulletin/pixel/2024-03-01", diff --git a/CVE-2024/CVE-2024-227xx/CVE-2024-22778.json b/CVE-2024/CVE-2024-227xx/CVE-2024-22778.json index dc57c11afb2..38319712e0e 100644 --- a/CVE-2024/CVE-2024-227xx/CVE-2024-22778.json +++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22778.json @@ -2,7 +2,7 @@ "id": "CVE-2024-22778", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-21T15:15:09.270", - "lastModified": "2024-02-22T19:07:27.197", + "lastModified": "2024-11-06T17:35:29.337", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "HackMD CodiMD <2.5.2 es vulnerable a la denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://github.com/hackmdio/codimd/issues/1846", diff --git a/CVE-2024/CVE-2024-236xx/CVE-2024-23674.json b/CVE-2024/CVE-2024-236xx/CVE-2024-23674.json index afdcffc8b68..49740599ef6 100644 --- a/CVE-2024/CVE-2024-236xx/CVE-2024-23674.json +++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23674.json @@ -2,7 +2,7 @@ "id": "CVE-2024-23674", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-15T23:15:08.827", - "lastModified": "2024-02-16T13:37:55.033", + "lastModified": "2024-11-06T18:35:05.950", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "El esquema de identificaci\u00f3n electr\u00f3nica Online-Ausweis-Funktion en el documento nacional de identidad alem\u00e1n hasta el 15 de febrero de 2024 permite omitir la autenticaci\u00f3n mediante suplantaci\u00f3n de identidad. Un atacante intermediario puede asumir la identidad de la v\u00edctima para acceder a recursos gubernamentales, m\u00e9dicos y financieros, y tambi\u00e9n puede extraer datos personales de la tarjeta, tambi\u00e9n conocido como el problema \"sPACE (establecimiento de conexi\u00f3n autenticada con contrase\u00f1a suplantada)\". Esto ocurre debido a una combinaci\u00f3n de factores, como la entrada insegura del PIN (para lectores b\u00e1sicos) y los enlaces profundos eid://. La v\u00edctima debe estar utilizando un kernel de eID modificado, lo que puede ocurrir si se enga\u00f1a a la v\u00edctima para que instale una versi\u00f3n falsa de una aplicaci\u00f3n oficial. NOTA: la posici\u00f3n de BSI es \"garantizar un entorno operativo seguro en el lado del cliente es una obligaci\u00f3n del propietario de la tarjeta de identificaci\u00f3n\"." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-290" + } + ] + } + ], "references": [ { "url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1", diff --git a/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json b/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json index 41dab5fc9e8..83f8dd7200b 100644 --- a/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json +++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26857", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T11:15:08.787", - "lastModified": "2024-11-05T10:15:55.427", + "lastModified": "2024-11-06T17:35:29.517", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: geneve: aseg\u00farese de extraer el encabezado interno en geneve_rx() syzbot desencaden\u00f3 un error en geneve_rx() [1] El problema es similar al que solucion\u00e9 en la confirmaci\u00f3n 8d975c15c0cd (\"ip6_tunnel: aseg\u00farese de extraer el encabezado interno en __ip6_tnl_rcv()\"). Tenemos que guardar skb->network_header en una variable temporal para poder volver a calcular el puntero network_header despu\u00e9s de una llamada a pskb_inet_may_pull(). pskb_inet_may_pull() se asegura de que los encabezados necesarios est\u00e9n en skb->head. [1] ERROR: KMSAN: valor uninit en IP_ECN_decapsulate include/net/inet_ecn.h:302 [en l\u00ednea] ERROR: KMSAN: valor uninit en geneve_rx drivers/net/geneve.c:279 [en l\u00ednea] ERROR: KMSAN: uninit -valor en geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 IP_ECN_decapsulate include/net/inet_ecn.h:302 [en l\u00ednea] geneve_rx drivers/net/geneve.c:279 [en l\u00ednea] geneve_udp_encap_recv+0x36f9/0x3c10 drivers/ net/geneve.c:391 udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp. c:2346 __udp4_lib_rcv +0x1c6b/0x3010 net/ipv4/udp.c:2422 udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ ipv4/ ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [en l\u00ednea] ip_rcv_finish net/ipv4/ ip_input.c:449 [en l\u00ednea] NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [en l\u00ednea] __netif_receive_skb+ 0x1a6/0x5a0 net/core/dev.c:5648 Process_backlog+0x480/0x8b0 net/core/dev.c:5976 __napi_poll+0xe3/0x980 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [en l\u00ednea] net_rx_action+0x8b8/0x1870 net/core/dev.c:6778 __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553 do_softirq+0x9a/0xf0 kernel/softirq.c:454 __local_bh_enable_ip+0x9b/0xa0 kernel/softirq. c:381 local_bh_enable include/linux/bottom_half.h:33 [en l\u00ednea] rcu_read_unlock_bh include/linux/rcupdate.h:820 [en l\u00ednea] __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378 dev_queue_xmit include/linux/netdevice. h:3171 [en l\u00ednea] paquete_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 paquete_snd net/packet/af_packet.c:3081 [en l\u00ednea] paquete_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/ socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea] __se_sys_sendto net/socket.c:2199 [en l\u00ednea] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63 / 0x6b Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slub.c:3819 [en l\u00ednea] slab_alloc_node mm/slub.c:3860 [en l\u00ednea] kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff .c:560 __alloc_skb+0x352/0x790 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1296 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783 paquete_alloc_skb net/packet/af_packet.c:2930 [en l\u00ednea] paquete_snd net/packet/af_packet.c:3024 [en l\u00ednea] paquete_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea] __se_sys_sendto net/socket.c :2199 [en l\u00ednea] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe + 0x63/0x6b" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/048e16dee1fc609c1c85072ccd70bfd4b5fef6ca", diff --git a/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json b/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json index e0b467239fb..f350f4fd9c0 100644 --- a/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json +++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26915", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-04-17T16:15:08.143", - "lastModified": "2024-04-17T16:51:07.347", + "lastModified": "2024-11-06T17:35:29.737", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Restablecer el bit IH OVERFLOW_CLEAR Tambi\u00e9n nos permite detectar desbordamientos posteriores del b\u00fafer en anillo IH." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/2827633c9dab6304ec4cdbf369363219832e605d", diff --git a/CVE-2024/CVE-2024-274xx/CVE-2024-27435.json b/CVE-2024/CVE-2024-274xx/CVE-2024-27435.json index 7e7827fe2a1..325c394c11f 100644 --- a/CVE-2024/CVE-2024-274xx/CVE-2024-27435.json +++ b/CVE-2024/CVE-2024-274xx/CVE-2024-27435.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27435", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-17T13:15:58.073", - "lastModified": "2024-05-17T18:35:35.070", + "lastModified": "2024-11-06T17:35:29.977", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nvme: se corrigi\u00f3 el error de reconexi\u00f3n debido a la asignaci\u00f3n de etiquetas reservadas. Encontramos un problema en el entorno de producci\u00f3n al usar NVMe sobre RDMA, la reconexi\u00f3n de admin_q fall\u00f3 para siempre mientras el objetivo remoto y la red est\u00e1n bien. Despu\u00e9s de investigarlo, descubrimos que puede deberse a un punto muerto de ABBA debido a la asignaci\u00f3n de etiquetas. En mi caso, la etiqueta estaba retenida por una solicitud de mantenimiento en espera dentro de admin_q, ya que desactivamos admin_q mientras reiniciamos Ctrl, por lo que la solicitud se realiz\u00f3 como inactiva y no se procesar\u00e1 antes de que el reinicio se realice correctamente. Como fabric_q comparte el conjunto de etiquetas con admin_q, mientras reconectamos el objetivo remoto, necesitamos una etiqueta para el comando de conexi\u00f3n, pero la \u00fanica etiqueta reservada estaba mantenida por el comando Keep Alive que esperaba dentro de admin_q. Como resultado, no pudimos volver a conectar admin_q para siempre. Para solucionar este problema, creo que deber\u00edamos mantener dos etiquetas reservadas para la cola de administraci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/149afee5c7418ec5db9d7387b9c9a5c1eb7ea2a8", diff --git a/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json b/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json index ef27665556a..df4c12b7169 100644 --- a/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json +++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json @@ -2,16 +2,55 @@ "id": "CVE-2024-28265", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-01T16:15:08.277", - "lastModified": "2024-11-01T20:24:53.730", + "lastModified": "2024-11-06T17:35:30.180", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBOS v4.5.5 has an arbitrary file deletion vulnerability via \\system\\modules\\dashboard\\controllers\\LoginController.php." + }, + { + "lang": "es", + "value": " IBOS v4.5.5 tiene una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos a trav\u00e9s de \\system\\modules\\dashboard\\controllers\\LoginController.php." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-459" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://gitee.com/ibos/IBOS", diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34673.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34673.json index 364d856a925..c04bc24deb5 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34673.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34673.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34673", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:03.257", - "lastModified": "2024-11-06T03:15:03.257", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta en IpcProtocol en m\u00f3dems anteriores a SMR Nov-2024 Release 1 permite que atacantes locales provoquen denegaci\u00f3n de servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34674.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34674.json index e91942b10dc..df5d889712d 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34674.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34674.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34674", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:03.473", - "lastModified": "2024-11-06T03:15:03.473", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en Contactos anteriores a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes f\u00edsicos accedan a datos de m\u00faltiples perfiles de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34675.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34675.json index 70fce75fceb..b03bbc1688a 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34675.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34675.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34675", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:03.643", - "lastModified": "2024-11-06T03:15:03.643", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en el modo Dex anterior a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes f\u00edsicos accedan temporalmente a la pantalla desbloqueada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34676.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34676.json index 3ac113383dd..b614c5df78a 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34676.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34676.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34676", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:03.820", - "lastModified": "2024-11-06T03:15:03.820", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability." + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en el an\u00e1lisis del archivo de subt\u00edtulos en libsubextractor.so anterior a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que los atacantes locales provoquen da\u00f1os en la memoria. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34677.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34677.json index 5fed44fd4ad..075bdc280e0 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34677.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34677.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34677", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:03.980", - "lastModified": "2024-11-06T03:15:03.980", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate." + }, + { + "lang": "es", + "value": "La exposici\u00f3n de informaci\u00f3n confidencial en la interfaz de usuario del sistema antes de la versi\u00f3n 1 de SMR de noviembre de 2024 permite a los atacantes locales hacer que las aplicaciones maliciosas parezcan leg\u00edtimas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34678.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34678.json index f47a31b2428..a6dbc98530c 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34678.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34678.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34678", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:04.153", - "lastModified": "2024-11-06T03:15:04.153", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption." + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en libsapeextractor.so anterior a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes locales provoquen da\u00f1os en la memoria." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34679.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34679.json index f2197ff1929..5c9e7fd2a08 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34679.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34679.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34679", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:04.317", - "lastModified": "2024-11-06T03:15:04.317", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege." + }, + { + "lang": "es", + "value": "Los permisos predeterminados incorrectos en Crane antes de SMR Nov-2024 Release 1 permiten a atacantes locales acceder a archivos con privilegios de tel\u00e9fono." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34680.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34680.json index 34825f1e2d9..a6fa91e8612 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34680.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34680.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34680", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:04.477", - "lastModified": "2024-11-06T03:15:04.477", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information." + }, + { + "lang": "es", + "value": "El uso de intenci\u00f3n impl\u00edcita para comunicaciones confidenciales en WlanTest antes de SMR Nov-2024 Release 1 permite que atacantes locales obtengan informaci\u00f3n confidencial." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34681.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34681.json index f6632961736..49df9e2b5d8 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34681.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34681.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34681", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:04.643", - "lastModified": "2024-11-06T03:15:04.643", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta en BluetoothAdapter anterior a SMR Nov-2024 Release 1 permite que atacantes locales provoquen una denegaci\u00f3n de servicio permanente local en Galaxy Watch." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-346xx/CVE-2024-34682.json b/CVE-2024/CVE-2024-346xx/CVE-2024-34682.json index 15250965ae9..531838d873a 100644 --- a/CVE-2024/CVE-2024-346xx/CVE-2024-34682.json +++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34682.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34682", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:04.807", - "lastModified": "2024-11-06T03:15:04.807", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode." + }, + { + "lang": "es", + "value": "La autorizaci\u00f3n incorrecta en las configuraciones anteriores a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes f\u00edsicos accedan a la contrase\u00f1a de WiFi almacenada en el modo de mantenimiento." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json b/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json index 757c371bc4c..76291f2b7eb 100644 --- a/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json +++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35146", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-06T15:15:19.247", - "lastModified": "2024-11-06T15:15:19.247", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json index ce5e6ac45ed..9784913c415 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json @@ -2,7 +2,7 @@ "id": "CVE-2024-36050", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-18T22:15:07.460", - "lastModified": "2024-05-22T16:15:10.777", + "lastModified": "2024-11-06T17:35:31.217", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Nix hasta 2.22.1 maneja mal cierto uso de cach\u00e9s hash, lo que facilita que los atacantes reemplacen el c\u00f3digo fuente actual con c\u00f3digo fuente controlado por el atacante al atraer a un mantenedor para que acepte una solicitud de extracci\u00f3n maliciosa." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, "references": [ { "url": "https://discourse.nixos.org/t/nixpkgs-supply-chain-security-project/34345", diff --git a/CVE-2024/CVE-2024-369xx/CVE-2024-36944.json b/CVE-2024/CVE-2024-369xx/CVE-2024-36944.json index 5f11d745e9a..e37fa8499f1 100644 --- a/CVE-2024/CVE-2024-369xx/CVE-2024-36944.json +++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36944.json @@ -2,7 +2,7 @@ "id": "CVE-2024-36944", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-30T16:15:17.387", - "lastModified": "2024-05-30T18:18:58.870", + "lastModified": "2024-11-06T17:35:31.387", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Vuelva a aplicar \"drm/qxl: simplificar qxl_fence_wait\" Esto revierte el commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt informa: \"Fui a ejecutar mis pruebas en mis m\u00e1quinas virtuales y las pruebas se colgaron al arrancar. Desafortunadamente, lo m\u00e1ximo que obtuve fue: [ 93.607888] Probando evento de initcall del sistema: OK [ 93.667730] Ejecutando pruebas en todos los eventos de seguimiento : [93.669757] Probando todos los eventos: OK [95.631064] ------------[ cortar aqu\u00ed ]------------ Se agot\u00f3 el tiempo de espera despu\u00e9s de 60 segundos\" y m\u00e1s puntos de depuraci\u00f3n a una posible dependencia de bloqueo circular entre el bloqueo del propietario de la consola y el bloqueo del grupo de trabajadores. Revertir el commit permite que la m\u00e1quina virtual de Steve se inicie nuevamente. [Obviamente, esto puede provocar que aparezcan nuevamente los mensajes \"[TTM] Error en el desalojo del b\u00fafer\", que fue el motivo de la reversi\u00f3n original. Pero en este punto esto parece preferible a un sistema sin arranque...]" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/148ed8b4d64f94ab079c8f0d88c3f444db97ba97", diff --git a/CVE-2024/CVE-2024-384xx/CVE-2024-38449.json b/CVE-2024/CVE-2024-384xx/CVE-2024-38449.json index f103982e796..f7c8036a73e 100644 --- a/CVE-2024/CVE-2024-384xx/CVE-2024-38449.json +++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38449.json @@ -2,7 +2,7 @@ "id": "CVE-2024-38449", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-17T19:15:58.567", - "lastModified": "2024-06-20T12:44:22.977", + "lastModified": "2024-11-06T17:35:31.553", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Una vulnerabilidad de Directory Traversal en KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 y posiblemente versiones anteriores permite a atacantes remotos autenticados explorar directorios principales y leer el contenido de archivos fuera del alcance de la aplicaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.7, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.1, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], "references": [ { "url": "https://github.com/kasmtech/KasmVNC/issues/254", diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38544.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38544.json index 61f3b43c35b..1b3ac9f84e3 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38544.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38544.json @@ -2,7 +2,7 @@ "id": "CVE-2024-38544", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-19T14:15:14.687", - "lastModified": "2024-10-17T14:15:06.360", + "lastModified": "2024-11-06T17:35:32.340", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/rxe: corrige la falla de segmentaci\u00f3n en rxe_comp_queue_pkt En rxe_comp_queue_pkt(), un paquete de respuesta entrante skb se pone en cola en la cola resp_pkts y luego se toma una decisi\u00f3n si se ejecuta la tarea de finalizaci\u00f3n en l\u00ednea o programarla. Finalmente, se elimina la referencia al skb para aumentar un contador de rendimiento 'hw'. Esto es incorrecto porque si la tarea de finalizaci\u00f3n ya se est\u00e1 ejecutando en un hilo separado, es posible que ya haya procesado el skb y lo haya liberado, lo que puede causar una falla de segmentaci\u00f3n. Esto se ha observado con poca frecuencia en pruebas a gran escala. Este parche soluciona este problema cambiando el orden de poner en cola el paquete hasta que se accede al contador." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.0, + "impactScore": 5.2 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/21b4c6d4d89030fd4657a8e7c8110fd941049794", diff --git a/CVE-2024/CVE-2024-385xx/CVE-2024-38593.json b/CVE-2024/CVE-2024-385xx/CVE-2024-38593.json index 7184951d4b5..ba40cefc13c 100644 --- a/CVE-2024/CVE-2024-385xx/CVE-2024-38593.json +++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38593.json @@ -2,7 +2,7 @@ "id": "CVE-2024-38593", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-06-19T14:15:19.387", - "lastModified": "2024-06-20T12:44:01.637", + "lastModified": "2024-11-06T18:35:06.780", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: micrel: Se corrigi\u00f3 la recepci\u00f3n de la marca de tiempo en el framework para lan8841. El commit culpable comenz\u00f3 a usar la cola de trabajo ptp para obtener la segunda parte de la marca de tiempo. Y cuando se establece el puerto, esta cola de trabajo se detiene. Pero si la opci\u00f3n de configuraci\u00f3n NETWORK_PHY_TIMESTAMPING no est\u00e1 habilitada, entonces ptp_clock no se inicializa, por lo que se bloquear\u00e1 cuando intente acceder al trabajo retrasado. Entonces, b\u00e1sicamente, al configurar y luego desactivar el puerto, fallar\u00eda. La soluci\u00f3n consiste en comprobar si el ptp_clock est\u00e1 inicializado y s\u00f3lo entonces cancelar el trabajo retrasado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://git.kernel.org/stable/c/3ddf170e4a604f5d4d9459a36993f5e92b53e8b0", diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41141.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41141.json index 814e56ef3bf..d6e7eee4999 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41141.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41141.json @@ -2,7 +2,7 @@ "id": "CVE-2024-41141", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-07-30T09:15:04.070", - "lastModified": "2024-07-30T13:32:45.943", + "lastModified": "2024-11-06T17:35:32.520", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": " Existe una vulnerabilidad de cross-site scripting almacenado en EC-CUBE Web API Plugin. Cuando hay varios usuarios que utilizan la funci\u00f3n de administraci\u00f3n de OAuth y uno de ellos ingresa alg\u00fan valor dise\u00f1ado en la p\u00e1gina de administraci\u00f3n de OAuth, se puede ejecutar un script arbitrario en el navegador web del otro usuario que accedi\u00f3 a la p\u00e1gina de administraci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN26225832/", diff --git a/CVE-2024/CVE-2024-425xx/CVE-2024-42509.json b/CVE-2024/CVE-2024-425xx/CVE-2024-42509.json index 6cc18fd9588..13765aedc1c 100644 --- a/CVE-2024/CVE-2024-425xx/CVE-2024-42509.json +++ b/CVE-2024/CVE-2024-425xx/CVE-2024-42509.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42509", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-11-05T23:15:03.423", - "lastModified": "2024-11-06T16:35:18.743", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json b/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json index 87a0fdf0ff9..6b8f91e3e6f 100644 --- a/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json +++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43924", "sourceIdentifier": "audit@patchstack.com", "published": "2024-10-23T08:15:03.453", - "lastModified": "2024-10-23T15:12:34.673", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:03:52.480", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:dfactory:responsive_lightbox:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.4.8", + "matchCriteriaId": "5B4EC304-97DA-4442-8934-88FDAE1C23B2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/responsive-lightbox/wordpress-responsive-lightbox-gallery-plugin-2-4-7-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45164.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45164.json index dcd110fe2c1..c5ddaeb7168 100644 --- a/CVE-2024/CVE-2024-451xx/CVE-2024-45164.json +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45164.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45164", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-04T14:15:14.677", - "lastModified": "2024-11-06T15:51:17.410", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-06T17:35:33.437", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 2.8, "impactScore": 4.2 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-863" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-451xx/CVE-2024-45184.json b/CVE-2024/CVE-2024-451xx/CVE-2024-45184.json index 34659f296dd..b158096bc8e 100644 --- a/CVE-2024/CVE-2024-451xx/CVE-2024-45184.json +++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45184.json @@ -2,7 +2,7 @@ "id": "CVE-2024-45184", "sourceIdentifier": "cve@mitre.org", "published": "2024-10-11T21:15:06.947", - "lastModified": "2024-10-15T12:57:46.880", + "lastModified": "2024-11-06T17:35:34.223", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 un problema en Samsung Mobile Processor, Wearable Processor, and Modems with chipset 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, m\u00f3dem 5123 y Modem 5300. Una escritura fuera de los l\u00edmites de USAT debido a un desbordamiento del b\u00fafer del mont\u00f3n puede provocar una denegaci\u00f3n de servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45785.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45785.json index 43b8fd3a419..07a52f11d96 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45785.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45785.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45785", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T08:15:02.883", - "lastModified": "2024-10-25T12:56:07.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:08:40.507", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ], "cvssMetricV30": [ { "source": "vultures@jpcert.or.jp", @@ -40,6 +62,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "vultures@jpcert.or.jp", "type": "Secondary", @@ -51,10 +83,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:neumann:musasi:3:*:*:*:*:*:*:*", + "matchCriteriaId": "86513091-AB9E-4352-89F5-B16319CBFFFC" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN31982676/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47158.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47158.json index ebe96adc011..670e823b461 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47158.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47158.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47158", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-10-25T08:15:03.080", - "lastModified": "2024-10-25T12:56:07.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:10:03.857", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ], "cvssMetricV30": [ { "source": "vultures@jpcert.or.jp", @@ -40,6 +62,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-94" + } + ] + }, { "source": "vultures@jpcert.or.jp", "type": "Secondary", @@ -51,10 +83,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:neumann:n-line:*:*:*:*:*:*:*:*", + "versionEndIncluding": "2.0.6", + "matchCriteriaId": "54E65C6F-4A2F-4FDE-8CE8-6F92965366AB" + } + ] + } + ] + } + ], "references": [ { "url": "https://jvn.jp/en/jp/JVN57285747/", - "source": "vultures@jpcert.or.jp" + "source": "vultures@jpcert.or.jp", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47460.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47460.json index 0c8e39ae00f..6d712c22140 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47460.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47460.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47460", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-11-05T23:15:03.610", - "lastModified": "2024-11-06T16:35:19.473", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47461.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47461.json index 00ee3993d19..e0a37989ff5 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47461.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47461.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47461", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-11-05T23:15:03.787", - "lastModified": "2024-11-06T16:35:20.197", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47462.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47462.json index 4b0d599ee4f..32f711e2e99 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47462.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47462.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47462", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-11-05T23:15:03.957", - "lastModified": "2024-11-05T23:15:03.957", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47463.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47463.json index 8050660fd65..df7f02c7b66 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47463.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47463.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47463", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-11-05T23:15:04.123", - "lastModified": "2024-11-05T23:15:04.123", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-474xx/CVE-2024-47464.json b/CVE-2024/CVE-2024-474xx/CVE-2024-47464.json index 37253e33f3a..c1e70c2a70e 100644 --- a/CVE-2024/CVE-2024-474xx/CVE-2024-47464.json +++ b/CVE-2024/CVE-2024-474xx/CVE-2024-47464.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47464", "sourceIdentifier": "security-alert@hpe.com", "published": "2024-11-05T23:15:04.300", - "lastModified": "2024-11-06T16:35:21.100", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47972.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47972.json index e011828296b..1fbb31fb772 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47972.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47972.json @@ -2,7 +2,7 @@ "id": "CVE-2024-47972", "sourceIdentifier": "f946a70c-00eb-42ce-8e9b-634d1f7b5a6f", "published": "2024-10-07T20:15:06.797", - "lastModified": "2024-10-17T22:15:03.113", + "lastModified": "2024-11-06T17:35:35.073", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-404" + } + ] + } + ], "references": [ { "url": "https://www.solidigm.com/support-page/support-security.html", diff --git a/CVE-2024/CVE-2024-481xx/CVE-2024-48176.json b/CVE-2024/CVE-2024-481xx/CVE-2024-48176.json index 2176e161064..c7b6e7308f3 100644 --- a/CVE-2024/CVE-2024-481xx/CVE-2024-48176.json +++ b/CVE-2024/CVE-2024-481xx/CVE-2024-48176.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48176", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T23:15:04.470", - "lastModified": "2024-11-06T16:35:21.810", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-483xx/CVE-2024-48312.json b/CVE-2024/CVE-2024-483xx/CVE-2024-48312.json index ce0fb32a8e5..fe0d836bfbb 100644 --- a/CVE-2024/CVE-2024-483xx/CVE-2024-48312.json +++ b/CVE-2024/CVE-2024-483xx/CVE-2024-48312.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48312", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T17:15:06.093", - "lastModified": "2024-11-05T20:35:24.200", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "WebLaudos v20.8 (118) was discovered to contain a cross-site scripting (XSS) vulnerability via the login page." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que WebLaudos v20.8 (118) conten\u00eda una vulnerabilidad de Cross Site Scripting (XSS) a trav\u00e9s de la p\u00e1gina de inicio de sesi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-487xx/CVE-2024-48746.json b/CVE-2024/CVE-2024-487xx/CVE-2024-48746.json index 687bb6bd8c5..2afa4cc038c 100644 --- a/CVE-2024/CVE-2024-487xx/CVE-2024-48746.json +++ b/CVE-2024/CVE-2024-487xx/CVE-2024-48746.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48746", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T23:15:04.553", - "lastModified": "2024-11-05T23:15:04.553", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -15,7 +15,42 @@ "value": " Un problema en la integraci\u00f3n de Lens Visual con Power BI v.4.0.0.3 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s del componente de procesamiento de lenguaje natural." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/KaiqueFerreiraPeres/a56c33104a52019c533e4283c257d3a0", diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49368.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49368.json index e342e8a5b47..a849fa8e3f1 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49368.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49368.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49368", "sourceIdentifier": "security-advisories@github.com", "published": "2024-10-21T17:15:03.960", - "lastModified": "2024-10-23T15:13:58.783", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T18:28:54.440", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -59,12 +59,44 @@ "baseSeverity": "HIGH" } } + ], + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } ] }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -73,14 +105,279 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:*:*:*:*:*:*:*:*", + "versionEndIncluding": "1.9.9-4", + "matchCriteriaId": "22A77A87-A811-4F69-A383-D7B7E5A4F3C2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta1:*:*:*:*:*:*", + "matchCriteriaId": "3C287A7F-66B4-406A-B87B-B954A1CA6D44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10:*:*:*:*:*:*", + "matchCriteriaId": "D684FFEF-4451-49ED-A04D-CF74F45A2F40" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta10_patch:*:*:*:*:*:*", + "matchCriteriaId": "D5984B3A-40C9-4188-976C-E9EB166FA624" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta11:*:*:*:*:*:*", + "matchCriteriaId": "EDE74B22-31D1-41D1-A5DD-DB4AAA7A7984" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta12:*:*:*:*:*:*", + "matchCriteriaId": "B99C6CCE-C042-4AB1-9D47-2DFE59851BE1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta13:*:*:*:*:*:*", + "matchCriteriaId": "B484B49F-B83F-4E9F-BE87-059D7FE3BD51" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta13-patch:*:*:*:*:*:*", + "matchCriteriaId": "D61FFDC5-D5DE-4608-A303-2A804D25200F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta14:*:*:*:*:*:*", + "matchCriteriaId": "56799738-9FD4-41EC-B259-3273165DE071" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta15:*:*:*:*:*:*", + "matchCriteriaId": "B7CBB875-B2B8-473B-9F89-8CE4EF93819C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta16:*:*:*:*:*:*", + "matchCriteriaId": "B48C61F6-EE8C-4DA4-B2F1-58345C2A1507" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta17:*:*:*:*:*:*", + "matchCriteriaId": "96DB1BA6-5BA0-4E54-B32B-C7B789A8C25C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18:*:*:*:*:*:*", + "matchCriteriaId": "7FB8C798-E100-4290-8341-174F3E5B7C6A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18-patch1:*:*:*:*:*:*", + "matchCriteriaId": "5E5F4274-4644-447B-9082-5F9491FD9D12" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta18-patch2:*:*:*:*:*:*", + "matchCriteriaId": "4DF6E94E-E7DE-410B-AE2A-371D7FFFAB07" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta19:*:*:*:*:*:*", + "matchCriteriaId": "3715D4C4-C7E1-4B1D-8D06-2256065010A2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta2:*:*:*:*:*:*", + "matchCriteriaId": "25DD91AC-465B-4A43-A79F-4DE47243741C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta20:*:*:*:*:*:*", + "matchCriteriaId": "2ED9DDCE-D3CE-4F8C-AEC8-E8632BC8F2EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta21:*:*:*:*:*:*", + "matchCriteriaId": "7DE84C54-309D-4A91-9597-B09EF587B2EF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta22:*:*:*:*:*:*", + "matchCriteriaId": "F81DFE2E-33CF-4ED6-B1F3-8DF059418AE2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23:*:*:*:*:*:*", + "matchCriteriaId": "F6ADBCF5-1898-4B98-9F78-B9CE03E319DA" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23-patch1:*:*:*:*:*:*", + "matchCriteriaId": "F29790DF-EF6C-4C78-8479-8C2155685156" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta23-ptach2:*:*:*:*:*:*", + "matchCriteriaId": "70EBD5F7-DC32-4534-9F0B-10D0B8629CEF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta24:*:*:*:*:*:*", + "matchCriteriaId": "2CABC38D-7F44-4501-9889-125B988682A7" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25:*:*:*:*:*:*", + "matchCriteriaId": "5A7219E9-21D1-4F39-AC78-155468E48F06" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25-patch1:*:*:*:*:*:*", + "matchCriteriaId": "A5526972-5733-4F85-8208-F66BAA73ADA1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta25-ptach2:*:*:*:*:*:*", + "matchCriteriaId": "D3B74576-733E-4C21-A0A1-B03B5F6CB58E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta27:*:*:*:*:*:*", + "matchCriteriaId": "8F947576-8B6B-40BA-A2A7-DF21A5501033" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta28:*:*:*:*:*:*", + "matchCriteriaId": "091FA173-5470-45B7-BBED-7DF06B5646F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta29:*:*:*:*:*:*", + "matchCriteriaId": "08052F6C-9D02-4EF3-BF93-EF4A16AD53FC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta3:*:*:*:*:*:*", + "matchCriteriaId": "115588C7-D947-4576-9E6C-B5AF1FCE9A29" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta30:*:*:*:*:*:*", + "matchCriteriaId": "432993A8-AAC1-4245-A0F1-BADED990EF01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta31:*:*:*:*:*:*", + "matchCriteriaId": "3C29B365-6A28-4E28-BA04-FA2158E3A6B2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta32:*:*:*:*:*:*", + "matchCriteriaId": "ED82D9C5-837C-4258-A7A1-1FA8CB6E13CC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta32-patch1:*:*:*:*:*:*", + "matchCriteriaId": "142C0FD2-7B0A-48D5-BF2D-62790C20444C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta33:*:*:*:*:*:*", + "matchCriteriaId": "202A862C-BE02-4716-9A9B-A779678C5A6B" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta34:*:*:*:*:*:*", + "matchCriteriaId": "DDB5ACE0-6911-4AFE-A5FB-ED5EC67F38A5" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta35:*:*:*:*:*:*", + "matchCriteriaId": "6D67DDA9-8946-40EB-83B0-93AE3E31E310" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4:*:*:*:*:*:*", + "matchCriteriaId": "BBB20EA3-F3CF-42AF-A217-D5DF7A7ADD70" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta4_patch:*:*:*:*:*:*", + "matchCriteriaId": "81A6C732-FBF2-44A8-B810-456E54B59A09" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5:*:*:*:*:*:*", + "matchCriteriaId": "8C5664E5-150E-4B4B-BA0C-420738820FF1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta5_patch:*:*:*:*:*:*", + "matchCriteriaId": "7E764AA1-3060-441F-8F14-ADD165316741" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6:*:*:*:*:*:*", + "matchCriteriaId": "04A3E84F-91AA-420A-B908-3393E037AC44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch:*:*:*:*:*:*", + "matchCriteriaId": "828EAE87-24E5-4F31-B301-BA2F96BDEA42" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta6_patch2:*:*:*:*:*:*", + "matchCriteriaId": "45710D36-954A-4450-B622-CB0F368DF544" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta7:*:*:*:*:*:*", + "matchCriteriaId": "2B57EEFB-5518-4BD5-998A-34B6690A6F4C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8:*:*:*:*:*:*", + "matchCriteriaId": "8EDF4CEE-F24D-441B-92A8-7F5A2B41487E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta8_patch:*:*:*:*:*:*", + "matchCriteriaId": "F0275FDF-BAE8-4909-8991-6FCE34B8905E" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:nginxui:nginx_ui:2.0.0:beta9:*:*:*:*:*:*", + "matchCriteriaId": "B52F973F-A2F2-40C2-9936-9447B5803CFB" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/0xJacky/nginx-ui/releases/tag/v2.0.0-beta.36", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Release Notes" + ] }, { "url": "https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-66m6-27r9-77vm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49377.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49377.json index ef3ba9fc224..3a7e566fa82 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49377.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49377.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49377", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:05.737", - "lastModified": "2024-11-05T19:15:05.737", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain reflected XSS vulnerabilities in the login dialog and the standalone application key confirmation dialog. An attacker who successfully talked a victim into clicking on a specially crafted login link, or a malicious app running on a victim's computer triggering the application key workflow with specially crafted parameters and then redirecting the victim to the related standalone confirmation dialog could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The above mentioned specific vulnerabilities of the login dialog and the standalone application key confirmation dialog have been patched in the bugfix release 1.10.3 by individual escaping of the detected locations. A global change throughout all of OctoPrint's templating system with the upcoming 1.11.0 release will handle this further, switching to globally enforced automatic escaping and thus reducing the attack surface in general. The latter will also improve the security of third party plugins. During a transition period, third party plugins will be able to opt into the automatic escaping. With OctoPrint 1.13.0, automatic escaping will be switched over to be enforced even for third party plugins, unless they explicitly opt-out." + }, + { + "lang": "es", + "value": "OctoPrint proporciona una interfaz web para controlar impresoras 3D de consumo. Las versiones de OctoPrint hasta la 1.10.2 incluida contienen vulnerabilidades XSS reflejadas en el cuadro de di\u00e1logo de inicio de sesi\u00f3n y en el cuadro de di\u00e1logo de confirmaci\u00f3n de clave de aplicaci\u00f3n independiente. Un atacante que haya logrado convencer a una v\u00edctima para que haga clic en un enlace de inicio de sesi\u00f3n especialmente manipulado, o una aplicaci\u00f3n maliciosa que se ejecute en la computadora de una v\u00edctima que active el workflow de clave de aplicaci\u00f3n con par\u00e1metros especialmente manipulados y luego redirija a la v\u00edctima al cuadro de di\u00e1logo de confirmaci\u00f3n independiente relacionado, podr\u00eda usar esto para recuperar o modificar configuraciones confidenciales, interrumpir impresiones o interactuar de otro modo con la instancia de OctoPrint de forma maliciosa. Las vulnerabilidades espec\u00edficas mencionadas anteriormente del cuadro de di\u00e1logo de inicio de sesi\u00f3n y del cuadro de di\u00e1logo de confirmaci\u00f3n de clave de aplicaci\u00f3n independiente se han corregido en la versi\u00f3n de correcci\u00f3n de errores 1.10.3 mediante el escape individual de las ubicaciones detectadas. Un cambio global en todo el sistema de plantillas de OctoPrint con la pr\u00f3xima versi\u00f3n 1.11.0 se ocupar\u00e1 de esto a\u00fan m\u00e1s, cambiando a un escape autom\u00e1tico aplicado globalmente y, por lo tanto, reduciendo la superficie de ataque en general. Este \u00faltimo aspecto tambi\u00e9n mejorar\u00e1 la seguridad de los complementos de terceros. Durante un per\u00edodo de transici\u00f3n, los complementos de terceros podr\u00e1n optar por el escape autom\u00e1tico. Con OctoPrint 1.13.0, el escape autom\u00e1tico se implementar\u00e1 incluso para complementos de terceros, a menos que opten por no hacerlo expl\u00edcitamente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49401.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49401.json index 119d3817ad3..7349e855b23 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49401.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49401.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49401", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:04.973", - "lastModified": "2024-11-06T03:15:04.973", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta en las sugerencias de configuraci\u00f3n anteriores a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes locales inicien actividades privilegiadas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49402.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49402.json index b138480c3e8..7c53a12fd8d 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49402.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49402.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49402", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:05.153", - "lastModified": "2024-11-06T03:15:05.153", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles." + }, + { + "lang": "es", + "value": "La validaci\u00f3n de entrada incorrecta en Dressroom antes de la versi\u00f3n 1 de SMR de noviembre de 2024 permit\u00eda a atacantes f\u00edsicos acceder a datos de m\u00faltiples perfiles de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49403.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49403.json index 65c084f67e6..9b9ba675a39 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49403.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49403.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49403", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:05.323", - "lastModified": "2024-11-06T03:15:05.323", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en Samsung Voice Recorder anterior a la versi\u00f3n 21.5.40.37 permite a atacantes f\u00edsicos acceder a los archivos de grabaci\u00f3n en la pantalla de bloqueo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49404.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49404.json index 6f6f0c4fbd7..e48a35b3761 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49404.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49404.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49404", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:05.490", - "lastModified": "2024-11-06T03:15:05.490", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en Samsung Video Player anterior a las versiones 7.3.29.1 en Android 12, 7.3.36.1 en Android 13 y 7.3.41.230 en Android 14 permite a atacantes f\u00edsicos acceder a archivos de video de otros usuarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49405.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49405.json index e88b374f496..9f8d56084db 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49405.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49405.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49405", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:05.660", - "lastModified": "2024-11-06T03:15:05.660", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario." + }, + { + "lang": "es", + "value": "La autenticaci\u00f3n incorrecta en informaci\u00f3n privada en Samsung Pass en versiones anteriores a 4.4.04.7 permite a atacantes f\u00edsicos acceder a informaci\u00f3n confidencial en un escenario espec\u00edfico." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49406.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49406.json index 881aa2e47e7..b97d01282e3 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49406.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49406.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49406", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:05.833", - "lastModified": "2024-11-06T03:15:05.833", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability." + }, + { + "lang": "es", + "value": "La validaci\u00f3n incorrecta del valor de verificaci\u00f3n de integridad en Blockchain Keystore anterior a la versi\u00f3n 1.3.16 permite a los atacantes locales modificar la transacci\u00f3n. Se requiere privilegio de root para activar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49407.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49407.json index 77744817fa0..bb3559a6c53 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49407.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49407.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49407", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:05.990", - "lastModified": "2024-11-06T03:15:05.990", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles." + }, + { + "lang": "es", + "value": "El control de acceso inadecuado en Samsung Flow anterior a la versi\u00f3n 4.9.15.7 permite a atacantes f\u00edsicos acceder a datos de m\u00faltiples perfiles de usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49408.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49408.json index 0334a2781d1..279402e72b4 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49408.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49408.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49408", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:06.157", - "lastModified": "2024-11-06T03:15:06.157", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability." + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en el controlador USB anterior a la actualizaci\u00f3n de firmware de septiembre de 2024 en Galaxy S24 permite a los atacantes locales escribir en la memoria fuera de los l\u00edmites. Se requiere privilegio del sistema para activar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-494xx/CVE-2024-49409.json b/CVE-2024/CVE-2024-494xx/CVE-2024-49409.json index 68e089272f5..42e1508f9e0 100644 --- a/CVE-2024/CVE-2024-494xx/CVE-2024-49409.json +++ b/CVE-2024/CVE-2024-494xx/CVE-2024-49409.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49409", "sourceIdentifier": "mobile.security@samsung.com", "published": "2024-11-06T03:15:06.317", - "lastModified": "2024-11-06T03:15:06.317", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability." + }, + { + "lang": "es", + "value": "La escritura fuera de los l\u00edmites en el nodo Battery Full Capacity antes de la actualizaci\u00f3n de firmware de septiembre de 2024 en Galaxy S24 permite a los atacantes locales escribir en la memoria fuera de los l\u00edmites. Se requiere privilegio del sistema para activar esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49522.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49522.json index 9ccf82c6271..142d2469437 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49522.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49522.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49522", "sourceIdentifier": "psirt@adobe.com", "published": "2024-11-05T17:15:06.173", - "lastModified": "2024-11-05T17:15:06.173", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Substance3D - Painter versions 10.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file." + }, + { + "lang": "es", + "value": " Las versiones 10.0.1 y anteriores de Substance3D - Painter se ven afectadas por una vulnerabilidad de escritura fuera de los l\u00edmites que podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del usuario actual. Para explotar este problema es necesaria la interacci\u00f3n del usuario, ya que la v\u00edctima debe abrir un archivo malicioso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49772.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49772.json index 9be5f1bff63..4798ea58198 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49772.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49772.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49772", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:05.970", - "lastModified": "2024-11-05T19:15:05.970", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. In SuiteCRM versions 7.14.4, poor input validation allows authenticated user do a SQL injection attack. Authenticated user with low pivilege can leak all data in database. This issue has been addressed in releases 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "SuiteCRM es una aplicaci\u00f3n de software de gesti\u00f3n de relaciones con los clientes (CRM) de c\u00f3digo abierto y preparada para empresas. En las versiones 7.14.4 de SuiteCRM, una validaci\u00f3n de entrada deficiente permite que un usuario autenticado realice un ataque de inyecci\u00f3n SQL. Un usuario autenticado con poca autoridad puede filtrar todos los datos de la base de datos. Este problema se ha solucionado en las versiones 7.14.6 y 8.7.1. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidos para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49773.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49773.json index 96585255545..0151d277263 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49773.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49773.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49773", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:06.200", - "lastModified": "2024-11-05T19:15:06.200", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Poor input validation in export allows authenticated user do a SQL injection attack. User-controlled input is used to build SQL query. `current_post` parameter in `export` entry point can be abused to perform blind SQL injection via generateSearchWhere(). Allows for Information disclosure, including personally identifiable information. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "SuiteCRM es una aplicaci\u00f3n de software de gesti\u00f3n de relaciones con clientes (CRM) de c\u00f3digo abierto y preparada para empresas. La validaci\u00f3n deficiente de la entrada en la exportaci\u00f3n permite que un usuario autenticado realice un ataque de inyecci\u00f3n SQL. La entrada controlada por el usuario se utiliza para crear una consulta SQL. El par\u00e1metro `current_post` en el punto de entrada `export` se puede utilizar de forma indebida para realizar una inyecci\u00f3n SQL ciega mediante generateSearchWhere(). Permite la divulgaci\u00f3n de informaci\u00f3n, incluida la informaci\u00f3n de identificaci\u00f3n personal. Este problema se ha solucionado en las versiones 7.14.6 y 8.7.1. Se recomienda a los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-497xx/CVE-2024-49774.json b/CVE-2024/CVE-2024-497xx/CVE-2024-49774.json index 566dbeb416c..15111e0b396 100644 --- a/CVE-2024/CVE-2024-497xx/CVE-2024-49774.json +++ b/CVE-2024/CVE-2024-497xx/CVE-2024-49774.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49774", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:06.410", - "lastModified": "2024-11-05T19:15:06.410", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. SuiteCRM relies on the blacklist of functions/methods to prevent installation of malicious MLPs. But this checks can be bypassed with some syntax constructions. SuiteCRM uses token_get_all to parse PHP scripts and check the resulted AST against blacklists. But it doesn't take into account all scenarios. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "SuiteCRM es una aplicaci\u00f3n de software de gesti\u00f3n de relaciones con clientes (CRM) de c\u00f3digo abierto y preparada para empresas. SuiteCRM se basa en la lista negra de funciones/m\u00e9todos para evitar la instalaci\u00f3n de MLP maliciosos. Pero estas comprobaciones se pueden omitir con algunas construcciones de sintaxis. SuiteCRM utiliza token_get_all para analizar scripts PHP y comprobar el AST resultante con listas negras. Pero no tiene en cuenta todos los escenarios. Este problema se ha solucionado en las versiones 7.14.6 y 8.7.1. Se recomienda a los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50089.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50089.json index eaab18d1932..2390fa22784 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50089.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50089.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50089", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.410", - "lastModified": "2024-11-05T17:15:06.410", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nunicode: Don't special case ignorable code points\n\nWe don't need to handle them separately. Instead, just let them\ndecompose/casefold to themselves." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: unicode: No aplicar may\u00fasculas y min\u00fasculas especiales a los puntos de c\u00f3digo que se puedan ignorar. No necesitamos manejarlos por separado. En su lugar, simplemente dejamos que se descompongan o se conviertan en may\u00fasculas y min\u00fasculas por s\u00ed mismos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50090.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50090.json index fcef0398c66..540654dd557 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50090.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50090.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50090", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.477", - "lastModified": "2024-11-05T17:15:06.477", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/xe/oa: Fix overflow in oa batch buffer\n\nBy default xe_bb_create_job() appends a MI_BATCH_BUFFER_END to batch\nbuffer, this is not a problem if batch buffer is only used once but\noa reuses the batch buffer for the same metric and at each call\nit appends a MI_BATCH_BUFFER_END, printing the warning below and then\noverflowing.\n\n[ 381.072016] ------------[ cut here ]------------\n[ 381.072019] xe 0000:00:02.0: [drm] Assertion `bb->len * 4 + bb_prefetch(q->gt) <= size` failed!\n platform: LUNARLAKE subplatform: 1\n graphics: Xe2_LPG / Xe2_HPG 20.04 step B0\n media: Xe2_LPM / Xe2_HPM 20.00 step B0\n tile: 0 VRAM 0 B\n GT: 0 type 1\n\nSo here checking if batch buffer already have MI_BATCH_BUFFER_END if\nnot append it.\n\nv2:\n- simply fix, suggestion from Ashutosh\n\n(cherry picked from commit 9ba0e0f30ca42a98af3689460063edfb6315718a)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/xe/oa: Corregir desbordamiento en el b\u00fafer por lotes de oa. De manera predeterminada, xe_bb_create_job() agrega un MI_BATCH_BUFFER_END al buffer por lotes, esto no es un problema si el buffer por lotes solo se usa una vez, pero oa reutiliza el b\u00fafer por lotes para la misma m\u00e9trica y en cada llamada agrega un MI_BATCH_BUFFER_END, imprimiendo la advertencia a continuaci\u00f3n y luego desbord\u00e1ndose. [ 381.072016] ------------[ cortar aqu\u00ed ]------------ [ 381.072019] xe 0000:00:02.0: [drm] \u00a1La afirmaci\u00f3n `bb->len * 4 + bb_prefetch(q->gt) <= size` fall\u00f3! Plataforma: LUNARLAKE Subplataforma: 1 Gr\u00e1ficos: Xe2_LPG / Xe2_HPG 20.04 Paso B0 Medios: Xe2_LPM / Xe2_HPM 20.00 Paso B0 Mosaico: 0 VRAM 0 B GT: 0 Tipo 1 Aqu\u00ed se verifica si el buffer de lote ya tiene MI_BATCH_BUFFER_END si no, se agrega. v2: - simplemente se arregla, sugerencia de Ashutosh (seleccionada del commit 9ba0e0f30ca42a98af3689460063edfb6315718a)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50091.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50091.json index 7271aeea88f..8594d06da08 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50091.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50091.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50091", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.533", - "lastModified": "2024-11-05T17:15:06.533", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm vdo: don't refer to dedupe_context after releasing it\n\nClear the dedupe_context pointer in a data_vio whenever ownership of\nthe context is lost, so that vdo can't examine it accidentally." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm vdo: no hacer referencia a dedupe_context despu\u00e9s de liberarlo. Borre el puntero dedupe_context en un data_vio siempre que se pierda la propiedad del contexto, de modo que vdo no pueda examinarlo accidentalmente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50092.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50092.json index 28ef7beb50c..f7b7b57cda2 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50092.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50092.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50092", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.597", - "lastModified": "2024-11-05T17:15:06.597", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netconsole: fix wrong warning\n\nA warning is triggered when there is insufficient space in the buffer\nfor userdata. However, this is not an issue since userdata will be sent\nin the next iteration.\n\nCurrent warning message:\n\n ------------[ cut here ]------------\n WARNING: CPU: 13 PID: 3013042 at drivers/net/netconsole.c:1122 write_ext_msg+0x3b6/0x3d0\n ? write_ext_msg+0x3b6/0x3d0\n console_flush_all+0x1e9/0x330\n\nThe code incorrectly issues a warning when this_chunk is zero, which is\na valid scenario. The warning should only be triggered when this_chunk\nis negative." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: netconsole: fix wrong Warning Se activa una advertencia cuando no hay suficiente espacio en el b\u00fafer para los datos del usuario. Sin embargo, esto no es un problema ya que los datos del usuario se enviar\u00e1n en la siguiente iteraci\u00f3n. Mensaje de advertencia actual: ------------[ cut here ]------------ WARNING: CPU: 13 PID: 3013042 at drivers/net/netconsole.c:1122 write_ext_msg+0x3b6/0x3d0 ? write_ext_msg+0x3b6/0x3d0 console_flush_all+0x1e9/0x330 El c\u00f3digo emite incorrectamente una advertencia cuando this_chunk es cero, lo cual es un escenario v\u00e1lido. La advertencia solo deber\u00eda activarse cuando this_chunk es negativo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50093.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50093.json index 0685ffa3dfd..0533c3e8033 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50093.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50093.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50093", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.663", - "lastModified": "2024-11-05T17:15:06.663", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthermal: intel: int340x: processor: Fix warning during module unload\n\nThe processor_thermal driver uses pcim_device_enable() to enable a PCI\ndevice, which means the device will be automatically disabled on driver\ndetach. Thus there is no need to call pci_disable_device() again on it.\n\nWith recent PCI device resource management improvements, e.g. commit\nf748a07a0b64 (\"PCI: Remove legacy pcim_release()\"), this problem is\nexposed and triggers the warining below.\n\n [ 224.010735] proc_thermal_pci 0000:00:04.0: disabling already-disabled device\n [ 224.010747] WARNING: CPU: 8 PID: 4442 at drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100\n ...\n [ 224.010844] Call Trace:\n [ 224.010845] \n [ 224.010847] ? show_regs+0x6d/0x80\n [ 224.010851] ? __warn+0x8c/0x140\n [ 224.010854] ? pci_disable_device+0xe5/0x100\n [ 224.010856] ? report_bug+0x1c9/0x1e0\n [ 224.010859] ? handle_bug+0x46/0x80\n [ 224.010862] ? exc_invalid_op+0x1d/0x80\n [ 224.010863] ? asm_exc_invalid_op+0x1f/0x30\n [ 224.010867] ? pci_disable_device+0xe5/0x100\n [ 224.010869] ? pci_disable_device+0xe5/0x100\n [ 224.010871] ? kfree+0x21a/0x2b0\n [ 224.010873] pcim_disable_device+0x20/0x30\n [ 224.010875] devm_action_release+0x16/0x20\n [ 224.010878] release_nodes+0x47/0xc0\n [ 224.010880] devres_release_all+0x9f/0xe0\n [ 224.010883] device_unbind_cleanup+0x12/0x80\n [ 224.010885] device_release_driver_internal+0x1ca/0x210\n [ 224.010887] driver_detach+0x4e/0xa0\n [ 224.010889] bus_remove_driver+0x6f/0xf0\n [ 224.010890] driver_unregister+0x35/0x60\n [ 224.010892] pci_unregister_driver+0x44/0x90\n [ 224.010894] proc_thermal_pci_driver_exit+0x14/0x5f0 [processor_thermal_device_pci]\n ...\n [ 224.010921] ---[ end trace 0000000000000000 ]---\n\nRemove the excess pci_disable_device() calls.\n\n[ rjw: Subject and changelog edits ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thermal: intel: int340x: procesador: Se corrige la advertencia durante la descarga del m\u00f3dulo. El controlador procesador_thermal utiliza pcim_device_enable() para habilitar un dispositivo PCI, lo que significa que el dispositivo se deshabilitar\u00e1 autom\u00e1ticamente al desconectar el controlador. Por lo tanto, no es necesario volver a llamar a pci_disable_device() en \u00e9l. Con las recientes mejoras en la administraci\u00f3n de recursos del dispositivo PCI, por ejemplo, la confirmaci\u00f3n f748a07a0b64 (\"PCI: Eliminar el legado pcim_release()\"), este problema queda expuesto y activa la advertencia siguiente. [ 224.010735] proc_thermal_pci 0000:00:04.0: deshabilitando dispositivo ya deshabilitado [ 224.010747] ADVERTENCIA: CPU: 8 PID: 4442 en drivers/pci/pci.c:2250 pci_disable_device+0xe5/0x100 ... [ 224.010844] Seguimiento de llamadas: [ 224.010845] [ 224.010847] ? show_regs+0x6d/0x80 [ 224.010851] ? __warn+0x8c/0x140 [ 224.010854] ? pci_disable_device+0xe5/0x100 [ 224.010856] ? report_bug+0x1c9/0x1e0 [ 224.010859] ? handle_bug+0x46/0x80 [ 224.010862] ? exc_invalid_op+0x1d/0x80 [ 224.010863] ? asm_exc_invalid_op+0x1f/0x30 [ 224.010867] ? pci_disable_device+0xe5/0x100 [ 224.010869] ? pci_disable_device+0xe5/0x100 [ 224.010871] ? kfree+0x21a/0x2b0 [ 224.010873] pcim_disable_device+0x20/0x30 [ 224.010875] devm_action_release+0x16/0x20 [ 224.010878] release_nodes+0x47/0xc0 [ 224.010880] devres_release_all+0x9f/0xe0 [ 224.010883] device_unbind_cleanup+0x12/0x80 [ 224.010885] device_release_driver_internal+0x1ca/0x210 [ 224.010887] driver_detach+0x4e/0xa0 [ 224.010889] bus_remove_driver+0x6f/0xf0 [ 224.010890] driver_unregister+0x35/0x60 [ 224.010892] pci_unregister_driver+0x44/0x90 [ 224.010894] proc_thermal_pci_driver_exit+0x14/0x5f0 [processor_thermal_device_pci] ... [ 224.010921] ---[ fin del seguimiento 000000000000000 ]--- Elimine las llamadas pci_disable_device() en exceso. [ rjw: Asunto y ediciones del registro de cambios ]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50094.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50094.json index ff2410fa0d1..fbfa1541cf0 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50094.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50094.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50094", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.733", - "lastModified": "2024-11-05T17:15:06.733", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsfc: Don't invoke xdp_do_flush() from netpoll.\n\nYury reported a crash in the sfc driver originated from\nnetpoll_send_udp(). The netconsole sends a message and then netpoll\ninvokes the driver's NAPI function with a budget of zero. It is\ndedicated to allow driver to free TX resources, that it may have used\nwhile sending the packet.\n\nIn the netpoll case the driver invokes xdp_do_flush() unconditionally,\nleading to crash because bpf_net_context was never assigned.\n\nInvoke xdp_do_flush() only if budget is not zero." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sfc: No invoque xdp_do_flush() desde netpoll. Yury inform\u00f3 de un fallo en el controlador sfc originado desde netpoll_send_udp(). La netconsole env\u00eda un mensaje y luego netpoll invoca la funci\u00f3n NAPI del controlador con un presupuesto de cero. Est\u00e1 dedicada a permitir que el controlador libere recursos TX, que puede haber usado al enviar el paquete. En el caso de netpoll, el controlador invoca xdp_do_flush() incondicionalmente, lo que provoca un fallo porque bpf_net_context nunca se asign\u00f3. Invoque xdp_do_flush() solo si el presupuesto no es cero." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50095.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50095.json index 350de342b83..f08fa3a4d26 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50095.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50095.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50095", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.797", - "lastModified": "2024-11-05T17:15:06.797", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/mad: Improve handling of timed out WRs of mad agent\n\nCurrent timeout handler of mad agent acquires/releases mad_agent_priv\nlock for every timed out WRs. This causes heavy locking contention\nwhen higher no. of WRs are to be handled inside timeout handler.\n\nThis leads to softlockup with below trace in some use cases where\nrdma-cm path is used to establish connection between peer nodes\n\nTrace:\n-----\n BUG: soft lockup - CPU#4 stuck for 26s! [kworker/u128:3:19767]\n CPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: loaded Tainted: G OE\n ------- --- 5.14.0-427.13.1.el9_4.x86_64 #1\n Hardware name: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 11/26/2019\n Workqueue: ib_mad1 timeout_sends [ib_core]\n RIP: 0010:__do_softirq+0x78/0x2ac\n RSP: 0018:ffffb253449e4f98 EFLAGS: 00000246\n RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f\n RDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b\n RBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000\n R10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000\n R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040\n FS: 0000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 55555554\n Call Trace:\n \n ? show_trace_log_lvl+0x1c4/0x2df\n ? show_trace_log_lvl+0x1c4/0x2df\n ? __irq_exit_rcu+0xa1/0xc0\n ? watchdog_timer_fn+0x1b2/0x210\n ? __pfx_watchdog_timer_fn+0x10/0x10\n ? __hrtimer_run_queues+0x127/0x2c0\n ? hrtimer_interrupt+0xfc/0x210\n ? __sysvec_apic_timer_interrupt+0x5c/0x110\n ? sysvec_apic_timer_interrupt+0x37/0x90\n ? asm_sysvec_apic_timer_interrupt+0x16/0x20\n ? __do_softirq+0x78/0x2ac\n ? __do_softirq+0x60/0x2ac\n __irq_exit_rcu+0xa1/0xc0\n sysvec_call_function_single+0x72/0x90\n \n \n asm_sysvec_call_function_single+0x16/0x20\n RIP: 0010:_raw_spin_unlock_irq+0x14/0x30\n RSP: 0018:ffffb253604cbd88 EFLAGS: 00000247\n RAX: 000000000001960d RBX: 0000000000000002 RCX: ffff8cad2a064800\n RDX: 000000008020001b RSI: 0000000000000001 RDI: ffff8cad5d39f66c\n RBP: ffff8cad5d39f600 R08: 0000000000000001 R09: 0000000000000000\n R10: ffff8caa443e0c00 R11: ffffb253604cbcd8 R12: ffff8cacb8682538\n R13: 0000000000000005 R14: ffffb253604cbd90 R15: ffff8cad5d39f66c\n cm_process_send_error+0x122/0x1d0 [ib_cm]\n timeout_sends+0x1dd/0x270 [ib_core]\n process_one_work+0x1e2/0x3b0\n ? __pfx_worker_thread+0x10/0x10\n worker_thread+0x50/0x3a0\n ? __pfx_worker_thread+0x10/0x10\n kthread+0xdd/0x100\n ? __pfx_kthread+0x10/0x10\n ret_from_fork+0x29/0x50\n \n\nSimplified timeout handler by creating local list of timed out WRs\nand invoke send handler post creating the list. The new method acquires/\nreleases lock once to fetch the list and hence helps to reduce locking\ncontetiong when processing higher no. of WRs" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: RDMA/mad: Mejorar el manejo de los WR con tiempo de espera agotado del agente mad El controlador de tiempo de espera actual del agente mad adquiere/libera el bloqueo mad_agent_priv para cada WR con tiempo de espera agotado. Esto provoca una fuerte contenci\u00f3n de bloqueo cuando se deben manejar una mayor cantidad de WR dentro del controlador de tiempo de espera. Esto conduce a un bloqueo suave con el siguiente seguimiento en algunos casos de uso donde se usa la ruta rdma-cm para establecer la conexi\u00f3n entre nodos pares Seguimiento: ----- ERROR: bloqueo suave: \u00a1CPU n.\u00ba 4 atascada durante 26 s! [kworker/u128:3:19767] CPU: 4 PID: 19767 Comm: kworker/u128:3 Kdump: cargado Contaminado: G OE ------- --- 5.14.0-427.13.1.el9_4.x86_64 #1 Nombre del hardware: Dell Inc. PowerEdge R740/01YM03, BIOS 2.4.8 26/11/2019 Cola de trabajo: ib_mad1 timeout_sends [ib_core] RIP: 0010:__do_softirq+0x78/0x2ac RSP: 0018:ffffb253449e4f98 EFLAGS: 00000246 RAX: 00000000ffffffff RBX: 0000000000000000 RCX: 000000000000001f RDX: 000000000000001d RSI: 000000003d1879ab RDI: fff363b66fd3a86b RBP: ffffb253604cbcd8 R08: 0000009065635f3b R09: 0000000000000000 R10: 0000000000000040 R11: ffffb253449e4ff8 R12: 0000000000000000 R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000040 FS: 000000000000000(0000) GS:ffff8caa1fc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fd9ec9db900 CR3: 0000000891934006 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 00000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 00000000000000400 PKRU: 55555554 Seguimiento de llamadas: ? show_trace_log_lvl+0x1c4/0x2df ? show_trace_log_lvl+0x1c4/0x2df ? __irq_exit_rcu+0xa1/0xc0 ? watchdog_timer_fn+0x1b2/0x210 ? __pfx_watchdog_timer_fn+0x10/0x10 ? __hrtimer_run_queues+0x127/0x2c0 ? hrtimer_interrupt+0xfc/0x210 ? __sysvec_apic_timer_interrupt+0x5c/0x110 ? sysvec_apic_timer_interrupt+0x37/0x90 ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? __do_softirq+0x78/0x2ac ? asm_sysvec_call_function_single+0x16/0x20 RIP: 0010:_raw_spin_unlock_irq+0x14/0x30 RSP: 0018:ffffb253604cbd88 EFLAGS: 00000247 RAX: 000000000001960d RBX: 0000000000000002 RCX: ffff8cad2a064800 RDX: 000000008020001b RSI: 00000000000000001 RDI: ffff8cad5d39f66c RBP: ffff8cad5d39f600 R08: 0000000000000001 R09: 0000000000000000 R10: ffff8caa443e0c00 R11: ffffb253604cbcd8 R12: ffff8cacb8682538 R13: 0000000000000005 R14: ffffb253604cbd90 R15: ffff8cad5d39f66c cm_process_send_error+0x122/0x1d0 [ib_cm] timeout_sends+0x1dd/0x270 [ib_core] process_one_work+0x1e2/0x3b0 ? __pfx_worker_thread+0x10/0x10 worker_thread+0x50/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xdd/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x29/0x50 Se simplific\u00f3 el controlador de tiempo de espera al crear una lista local de los WR que han expirado y al invocar el controlador de env\u00edo despu\u00e9s de crear la lista. El nuevo m\u00e9todo adquiere/libera el bloqueo una vez para obtener la lista y, por lo tanto, ayuda a reducir la contenci\u00f3n del bloqueo cuando se procesa una cantidad mayor de WR." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50096.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50096.json index 370ff504e82..fac893bc530 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50096.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50096.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50096", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.870", - "lastModified": "2024-11-05T17:15:06.870", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error\n\nThe `nouveau_dmem_copy_one` function ensures that the copy push command is\nsent to the device firmware but does not track whether it was executed\nsuccessfully.\n\nIn the case of a copy error (e.g., firmware or hardware failure), the\ncopy push command will be sent via the firmware channel, and\n`nouveau_dmem_copy_one` will likely report success, leading to the\n`migrate_to_ram` function returning a dirty HIGH_USER page to the user.\n\nThis can result in a security vulnerability, as a HIGH_USER page that may\ncontain sensitive or corrupted data could be returned to the user.\n\nTo prevent this vulnerability, we allocate a zero page. Thus, in case of\nan error, a non-dirty (zero) page will be returned to the user." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nouveau/dmem: Se corrige la vulnerabilidad en migrants_to_ram tras un error de copia. La funci\u00f3n `nouveau_dmem_copy_one` garantiza que el comando de copia push se env\u00ede al firmware del dispositivo, pero no rastrea si se ejecut\u00f3 correctamente. En el caso de un error de copia (por ejemplo, fallo del firmware o hardware), el comando de copia push se enviar\u00e1 a trav\u00e9s del canal de firmware y `nouveau_dmem_copy_one` probablemente informar\u00e1 el \u00e9xito, lo que llevar\u00e1 a la funci\u00f3n `migrate_to_ram` a devolver una p\u00e1gina HIGH_USER sucia al usuario. Esto puede resultar en una vulnerabilidad de seguridad, ya que una p\u00e1gina HIGH_USER que puede contener datos confidenciales o da\u00f1ados podr\u00eda devolverse al usuario. Para evitar esta vulnerabilidad, asignamos una p\u00e1gina cero. Por lo tanto, en caso de un error, se devolver\u00e1 al usuario una p\u00e1gina no sucia (cero)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50097.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50097.json index 112484acf80..75324e57cec 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50097.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50097.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50097", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T17:15:06.937", - "lastModified": "2024-11-05T17:15:06.937", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fec: don't save PTP state if PTP is unsupported\n\nSome platforms (such as i.MX25 and i.MX27) do not support PTP, so on\nthese platforms fec_ptp_init() is not called and the related members\nin fep are not initialized. However, fec_ptp_save_state() is called\nunconditionally, which causes the kernel to panic. Therefore, add a\ncondition so that fec_ptp_save_state() is not called if PTP is not\nsupported." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: fec: no guardar el estado de PTP si PTP no es compatible. Algunas plataformas (como i.MX25 e i.MX27) no son compatibles con PTP, por lo que en estas plataformas no se llama a fec_ptp_init() y los miembros relacionados en fep no se inicializan. Sin embargo, se llama a fec_ptp_save_state() de forma incondicional, lo que hace que el kernel entre en p\u00e1nico. Por lo tanto, agregue una condici\u00f3n para que no se llame a fec_ptp_save_state() si PTP no es compatible." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50098.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50098.json index 4f39b0573b7..3a8e94c0d97 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50098.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50098.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50098", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.620", - "lastModified": "2024-11-05T18:15:13.620", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down\n\nThere is a history of deadlock if reboot is performed at the beginning\nof booting. SDEV_QUIESCE was set for all LU's scsi_devices by UFS\nshutdown, and at that time the audio driver was waiting on\nblk_mq_submit_bio() holding a mutex_lock while reading the fw binary.\nAfter that, a deadlock issue occurred while audio driver shutdown was\nwaiting for mutex_unlock of blk_mq_submit_bio(). To solve this, set\nSDEV_OFFLINE for all LUs except WLUN, so that any I/O that comes down\nafter a UFS shutdown will return an error.\n\n[ 31.907781]I[0: swapper/0: 0] 1 130705007 1651079834 11289729804 0 D( 2) 3 ffffff882e208000 * init [device_shutdown]\n[ 31.907793]I[0: swapper/0: 0] Mutex: 0xffffff8849a2b8b0: owner[0xffffff882e28cb00 kworker/6:0 :49]\n[ 31.907806]I[0: swapper/0: 0] Call trace:\n[ 31.907810]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.907819]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.907826]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.907834]I[0: swapper/0: 0] schedule_preempt_disabled+0x24/0x40\n[ 31.907842]I[0: swapper/0: 0] __mutex_lock+0x408/0xdac\n[ 31.907849]I[0: swapper/0: 0] __mutex_lock_slowpath+0x14/0x24\n[ 31.907858]I[0: swapper/0: 0] mutex_lock+0x40/0xec\n[ 31.907866]I[0: swapper/0: 0] device_shutdown+0x108/0x280\n[ 31.907875]I[0: swapper/0: 0] kernel_restart+0x4c/0x11c\n[ 31.907883]I[0: swapper/0: 0] __arm64_sys_reboot+0x15c/0x280\n[ 31.907890]I[0: swapper/0: 0] invoke_syscall+0x70/0x158\n[ 31.907899]I[0: swapper/0: 0] el0_svc_common+0xb4/0xf4\n[ 31.907909]I[0: swapper/0: 0] do_el0_svc+0x2c/0xb0\n[ 31.907918]I[0: swapper/0: 0] el0_svc+0x34/0xe0\n[ 31.907928]I[0: swapper/0: 0] el0t_64_sync_handler+0x68/0xb4\n[ 31.907937]I[0: swapper/0: 0] el0t_64_sync+0x1a0/0x1a4\n\n[ 31.908774]I[0: swapper/0: 0] 49 0 11960702 11236868007 0 D( 2) 6 ffffff882e28cb00 * kworker/6:0 [__bio_queue_enter]\n[ 31.908783]I[0: swapper/0: 0] Call trace:\n[ 31.908788]I[0: swapper/0: 0] __switch_to+0x174/0x338\n[ 31.908796]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc\n[ 31.908803]I[0: swapper/0: 0] schedule+0x7c/0xe8\n[ 31.908811]I[0: swapper/0: 0] __bio_queue_enter+0xb8/0x178\n[ 31.908818]I[0: swapper/0: 0] blk_mq_submit_bio+0x194/0x67c\n[ 31.908827]I[0: swapper/0: 0] __submit_bio+0xb8/0x19c" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: ufs: core: Establecer SDEV_OFFLINE cuando se apaga UFS. Hay un historial de interbloqueo si se realiza el reinicio al comienzo del arranque. SDEV_QUIESCE se estableci\u00f3 para todos los scsi_devices de LU por el apagado de UFS, y en ese momento el controlador de audio estaba esperando a blk_mq_submit_bio() sosteniendo un mutex_lock mientras le\u00eda el binario fw. Despu\u00e9s de eso, ocurri\u00f3 un problema de interbloqueo mientras el apagado del controlador de audio estaba esperando mutex_unlock de blk_mq_submit_bio(). Para resolver esto, establezca SDEV_OFFLINE para todas las LU excepto WLUN, de modo que cualquier E/S que se caiga despu\u00e9s de un apagado de UFS devuelva un error. [ 31.907781]I[0: swapper/0: 0] 1 130705007 1651079834 11289729804 0 D( 2) 3 ffffff882e208000 * init [apagado_dispositivo] [ 31.907793]I[0: swapper/0: 0] Mutex: 0xffffff8849a2b8b0: owner[0xffffff882e28cb00 kworker/6:0 :49] [ 31.907806]I[0: swapper/0: 0] Rastreo de llamadas: [ 31.907810]I[0: swapper/0: 0] __switch_to+0x174/0x338 [ 31.907819]I[0: intercambiador/0: 0] __schedule+0x5ec/0x9cc [ 31.907826]I[0: intercambiador/0: 0] schedule+0x7c/0xe8 [ 31.907834]I[0: intercambiador/0: 0] schedule_preempt_disabled+0x24/0x40 [ 31.907842]I[0: intercambiador/0: 0] __mutex_lock+0x408/0xdac [ 31.907849]I[0: intercambiador/0: 0] __mutex_lock_slowpath+0x14/0x24 [ 31.907858]I[0: intercambiador/0: 0] mutex_lock+0x40/0xec [ 31.907866]I[0: intercambiador/0: 0] device_shutdown+0x108/0x280 [ 31.907875]I[0: intercambiador/0: 0] kernel_restart+0x4c/0x11c [ 31.907883]I[0: intercambiador/0: 0] __arm64_sys_reboot+0x15c/0x280 [ 31.907890]I[0: intercambiador/0: 0] invoke_syscall+0x70/0x158 [ 31.907899]I[0: intercambiador/0: 0] el0_svc_common+0xb4/0xf4 [ 31.907909]I[0: intercambiador/0: 0] do_el0_svc+0x2c/0xb0 [ 31.907918]I[0: intercambiador/0: 0] el0_svc+0x34/0xe0 [ 31.907928]I[0: intercambiador/0: 0] el0t_64_sync_handler+0x68/0xb4 [ 31.907937]I[0: intercambiador/0: 0] el0t_64_sync+0x1a0/0x1a4 [ 31.908774]I[0: intercambiador/0: 0] 49 0 11960702 11236868007 0 D( 2) 6 ffffff882e28cb00 * kworker/6:0 [__bio_queue_enter] [ 31.908783]I[0: swapper/0: 0] Rastreo de llamadas: [ 31.908788]I[0: swapper/0: 0] __switch_to+0x174/0x338 [ 31.908796]I[0: swapper/0: 0] __schedule+0x5ec/0x9cc [ 31.908803]I[0: swapper/0: 0] schedule+0x7c/0xe8 [ 31.908811]I[0: swapper/0: 0] __bio_queue_enter+0xb8/0x178 [ 31.908818]I[0: swapper/0: 0] blk_mq_submit_bio+0x194/0x67c [ 31.908827]I[0: intercambiador/0: 0] __submit_bio+0xb8/0x19c" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-500xx/CVE-2024-50099.json b/CVE-2024/CVE-2024-500xx/CVE-2024-50099.json index d715055dfb9..28d6cdbf720 100644 --- a/CVE-2024/CVE-2024-500xx/CVE-2024-50099.json +++ b/CVE-2024/CVE-2024-500xx/CVE-2024-50099.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50099", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.690", - "lastModified": "2024-11-05T18:15:13.690", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64: probes: Remove broken LDR (literal) uprobe support\n\nThe simulate_ldr_literal() and simulate_ldrsw_literal() functions are\nunsafe to use for uprobes. Both functions were originally written for\nuse with kprobes, and access memory with plain C accesses. When uprobes\nwas added, these were reused unmodified even though they cannot safely\naccess user memory.\n\nThere are three key problems:\n\n1) The plain C accesses do not have corresponding extable entries, and\n thus if they encounter a fault the kernel will treat these as\n unintentional accesses to user memory, resulting in a BUG() which\n will kill the kernel thread, and likely lead to further issues (e.g.\n lockup or panic()).\n\n2) The plain C accesses are subject to HW PAN and SW PAN, and so when\n either is in use, any attempt to simulate an access to user memory\n will fault. Thus neither simulate_ldr_literal() nor\n simulate_ldrsw_literal() can do anything useful when simulating a\n user instruction on any system with HW PAN or SW PAN.\n\n3) The plain C accesses are privileged, as they run in kernel context,\n and in practice can access a small range of kernel virtual addresses.\n The instructions they simulate have a range of +/-1MiB, and since the\n simulated instructions must itself be a user instructions in the\n TTBR0 address range, these can address the final 1MiB of the TTBR1\n acddress range by wrapping downwards from an address in the first\n 1MiB of the TTBR0 address range.\n\n In contemporary kernels the last 8MiB of TTBR1 address range is\n reserved, and accesses to this will always fault, meaning this is no\n worse than (1).\n\n Historically, it was theoretically possible for the linear map or\n vmemmap to spill into the final 8MiB of the TTBR1 address range, but\n in practice this is extremely unlikely to occur as this would\n require either:\n\n * Having enough physical memory to fill the entire linear map all the\n way to the final 1MiB of the TTBR1 address range.\n\n * Getting unlucky with KASLR randomization of the linear map such\n that the populated region happens to overlap with the last 1MiB of\n the TTBR address range.\n\n ... and in either case if we were to spill into the final page there\n would be larger problems as the final page would alias with error\n pointers.\n\nPractically speaking, (1) and (2) are the big issues. Given there have\nbeen no reports of problems since the broken code was introduced, it\nappears that no-one is relying on probing these instructions with\nuprobes.\n\nAvoid these issues by not allowing uprobes on LDR (literal) and LDRSW\n(literal), limiting the use of simulate_ldr_literal() and\nsimulate_ldrsw_literal() to kprobes. Attempts to place uprobes on LDR\n(literal) and LDRSW (literal) will be rejected as\narm_probe_decode_insn() will return INSN_REJECTED. In future we can\nconsider introducing working uprobes support for these instructions, but\nthis will require more significant work." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64: sondas: Eliminar el soporte roto de uprobe LDR (literal). Las funciones simulation_ldr_literal() y simulation_ldrsw_literal() no son seguras para usar con uprobes. Ambas funciones se escribieron originalmente para usar con kprobes y acceder a la memoria con accesos C simples. Cuando se agreg\u00f3 uprobes, se reutilizaron sin modificar a pesar de que no pueden acceder de manera segura a la memoria del usuario. Hay tres problemas clave: 1) Los accesos C simples no tienen entradas extable correspondientes y, por lo tanto, si encuentran un fallo, el kernel los tratar\u00e1 como accesos no intencionales a la memoria del usuario, lo que resultar\u00e1 en un BUG() que matar\u00e1 el hilo del kernel y probablemente conducir\u00e1 a m\u00e1s problemas (por ejemplo, bloqueo o panic()). 2) Los accesos C simples est\u00e1n sujetos a HW PAN y SW PAN, y por lo tanto, cuando cualquiera de ellos est\u00e1 en uso, cualquier intento de simular un acceso a la memoria del usuario fallar\u00e1. Por lo tanto, ni simulation_ldr_literal() ni simulation_ldrsw_literal() pueden hacer nada \u00fatil al simular una instrucci\u00f3n de usuario en cualquier sistema con HW PAN o SW PAN. 3) Los accesos C simples son privilegiados, ya que se ejecutan en el contexto del n\u00facleo y, en la pr\u00e1ctica, pueden acceder a un peque\u00f1o rango de direcciones virtuales del n\u00facleo. Las instrucciones que simulan tienen un rango de +/-1 MiB y, dado que las instrucciones simuladas deben ser instrucciones de usuario en el rango de direcciones TTBR0, estas pueden direccionar el \u00faltimo MiB del rango de direcciones de TTBR1 envolviendo hacia abajo desde una direcci\u00f3n en el primer MiB del rango de direcciones TTBR0. En los n\u00facleos contempor\u00e1neos, los \u00faltimos 8 MiB del rango de direcciones TTBR1 est\u00e1n reservados y los accesos a estos siempre fallar\u00e1n, lo que significa que esto no es peor que (1). Hist\u00f3ricamente, era te\u00f3ricamente posible que el mapa lineal o vmemmap se derramara en los \u00faltimos 8 MiB del rango de direcciones TTBR1, pero en la pr\u00e1ctica esto es extremadamente improbable que ocurra ya que esto requerir\u00eda: * Tener suficiente memoria f\u00edsica para llenar todo el mapa lineal hasta el \u00faltimo 1 MiB del rango de direcciones TTBR1. * Tener mala suerte con la aleatorizaci\u00f3n KASLR del mapa lineal de modo que la regi\u00f3n poblada se superponga con el \u00faltimo 1 MiB del rango de direcciones TTBR. ... y en cualquier caso, si nos desbord\u00e1ramos en la p\u00e1gina final, habr\u00eda problemas m\u00e1s grandes ya que la p\u00e1gina final tendr\u00eda alias con punteros de error. Pr\u00e1cticamente hablando, (1) y (2) son los grandes problemas. Dado que no ha habido informes de problemas desde que se introdujo el c\u00f3digo roto, parece que nadie conf\u00eda en sondear estas instrucciones con uprobes. Evite estos problemas al no permitir uprobes en LDR (literal) y LDRSW (literal), y al limitar el uso de simulation_ldr_literal() y simulation_ldrsw_literal() a kprobes. Los intentos de colocar uprobes en LDR (literal) y LDRSW (literal) ser\u00e1n rechazados ya que arm_probe_decode_insn() devolver\u00e1 INSN_REJECTED. En el futuro, podemos considerar la introducci\u00f3n de compatibilidad con uprobes funcionales para estas instrucciones, pero esto requerir\u00e1 un trabajo m\u00e1s significativo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50100.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50100.json index 572c7f16f82..55cccb8fef5 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50100.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50100.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50100", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.757", - "lastModified": "2024-11-05T18:15:13.757", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: gadget: dummy-hcd: Fix \"task hung\" problem\n\nThe syzbot fuzzer has been encountering \"task hung\" problems ever\nsince the dummy-hcd driver was changed to use hrtimers instead of\nregular timers. It turns out that the problems are caused by a subtle\ndifference between the timer_pending() and hrtimer_active() APIs.\n\nThe changeover blindly replaced the first by the second. However,\ntimer_pending() returns True when the timer is queued but not when its\ncallback is running, whereas hrtimer_active() returns True when the\nhrtimer is queued _or_ its callback is running. This difference\noccasionally caused dummy_urb_enqueue() to think that the callback\nroutine had not yet started when in fact it was almost finished. As a\nresult the hrtimer was not restarted, which made it impossible for the\ndriver to dequeue later the URB that was just enqueued. This caused\nusb_kill_urb() to hang, and things got worse from there.\n\nSince hrtimers have no API for telling when they are queued and the\ncallback isn't running, the driver must keep track of this for itself.\nThat's what this patch does, adding a new \"timer_pending\" flag and\nsetting or clearing it at the appropriate times." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: gadget: dummy-hcd: soluciona el problema de \"tarea colgada\" El fuzzer syzbot ha estado encontrando problemas de \"tarea colgada\" desde que se cambi\u00f3 el controlador dummy-hcd para usar temporizadores hrtimer en lugar de temporizadores normales. Resulta que los problemas son causados por una diferencia sutil entre las API timer_pending() y hrtimer_active(). El cambio reemplaz\u00f3 ciegamente la primera por la segunda. Sin embargo, timer_pending() devuelve True cuando el temporizador est\u00e1 en cola pero no cuando su devoluci\u00f3n de llamada se est\u00e1 ejecutando, mientras que hrtimer_active() devuelve True cuando el hrtimer est\u00e1 en cola _o_ su devoluci\u00f3n de llamada se est\u00e1 ejecutando. Esta diferencia ocasionalmente hizo que dummy_urb_enqueue() pensara que la rutina de devoluci\u00f3n de llamada a\u00fan no hab\u00eda comenzado cuando, de hecho, estaba casi terminada. Como resultado, el hrtimer no se reinici\u00f3, lo que hizo imposible que el controlador quitara de la cola m\u00e1s tarde el URB que acababa de ponerse en cola. Esto provoc\u00f3 que usb_kill_urb() se bloqueara y las cosas empeoraron a partir de ah\u00ed. Dado que los temporizadores hr no tienen una API para saber cu\u00e1ndo est\u00e1n en cola y la devoluci\u00f3n de llamada no se est\u00e1 ejecutando, el controlador debe realizar un seguimiento de esto por s\u00ed mismo. Eso es lo que hace este parche, agregando un nuevo indicador \"timer_pending\" y configur\u00e1ndolo o borr\u00e1ndolo en los momentos apropiados." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50101.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50101.json index b10a3246f03..a12b53fe07b 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50101.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50101.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50101", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.813", - "lastModified": "2024-11-05T18:15:13.813", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices\n\nPreviously, the domain_context_clear() function incorrectly called\npci_for_each_dma_alias() to set up context entries for non-PCI devices.\nThis could lead to kernel hangs or other unexpected behavior.\n\nAdd a check to only call pci_for_each_dma_alias() for PCI devices. For\nnon-PCI devices, domain_context_clear_one() is called directly." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Se corrige pci_for_each_dma_alias() incorrecto para dispositivos que no sean PCI Anteriormente, la funci\u00f3n domain_context_clear() llamaba incorrectamente a pci_for_each_dma_alias() para configurar entradas de contexto para dispositivos que no sean PCI. Esto podr\u00eda provocar bloqueos del kernel u otro comportamiento inesperado. Agregue una verificaci\u00f3n para llamar solo a pci_for_each_dma_alias() para dispositivos PCI. Para dispositivos que no sean PCI, se llama a domain_context_clear_one() directamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50102.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50102.json index 96fe1b01e3d..3b4374e226a 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50102.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50102.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50102", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.877", - "lastModified": "2024-11-05T18:15:13.877", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86: fix user address masking non-canonical speculation issue\n\nIt turns out that AMD has a \"Meltdown Lite(tm)\" issue with non-canonical\naccesses in kernel space. And so using just the high bit to decide\nwhether an access is in user space or kernel space ends up with the good\nold \"leak speculative data\" if you have the right gadget using the\nresult:\n\n CVE-2020-12965 \u201cTransient Execution of Non-Canonical Accesses\u201c\n\nNow, the kernel surrounds the access with a STAC/CLAC pair, and those\ninstructions end up serializing execution on older Zen architectures,\nwhich closes the speculation window.\n\nBut that was true only up until Zen 5, which renames the AC bit [1].\nThat improves performance of STAC/CLAC a lot, but also means that the\nspeculation window is now open.\n\nNote that this affects not just the new address masking, but also the\nregular valid_user_address() check used by access_ok(), and the asm\nversion of the sign bit check in the get_user() helpers.\n\nIt does not affect put_user() or clear_user() variants, since there's no\nspeculative result to be used in a gadget for those operations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86: se soluciona el problema de especulaci\u00f3n no can\u00f3nica de enmascaramiento de direcciones de usuario Resulta que AMD tiene un problema de \"Meltdown Lite(tm)\" con los accesos no can\u00f3nicos en el espacio del kernel. Y entonces, usar solo el bit alto para decidir si un acceso est\u00e1 en el espacio del usuario o en el espacio del kernel termina con la buena y vieja \"filtraci\u00f3n de datos especulativos\" si tienes el gadget correcto usando el resultado: CVE-2020-12965 \"Ejecuci\u00f3n transitoria de accesos no can\u00f3nicos\" Ahora, el kernel rodea el acceso con un par STAC/CLAC, y esas instrucciones terminan serializando la ejecuci\u00f3n en arquitecturas Zen m\u00e1s antiguas, lo que cierra la ventana de especulaci\u00f3n. Pero eso era cierto solo hasta Zen 5, que renombra el bit AC [1]. Eso mejora mucho el rendimiento de STAC/CLAC, pero tambi\u00e9n significa que la ventana de especulaci\u00f3n ahora est\u00e1 abierta. Tenga en cuenta que esto no solo afecta al nuevo enmascaramiento de direcci\u00f3n, sino tambi\u00e9n a la comprobaci\u00f3n regular valid_user_address() utilizada por access_ok() y a la versi\u00f3n asm de la comprobaci\u00f3n del bit de signo en los ayudantes get_user(). No afecta a las variantes put_user() o clear_user(), ya que no hay ning\u00fan resultado especulativo que se pueda utilizar en un gadget para esas operaciones." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50103.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50103.json index 4bf82978884..5a351a12357 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50103.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50103.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50103", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.930", - "lastModified": "2024-11-05T18:15:13.930", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe()\n\nA devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could\npossibly return NULL pointer. NULL Pointer Dereference may be\ntriggerred without addtional check.\nAdd a NULL check for the returned pointer." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: qcom: Se ha corregido la desreferencia NULL en asoc_qcom_lpass_cpu_platform_probe(). Una devm_kzalloc() en asoc_qcom_lpass_cpu_platform_probe() podr\u00eda devolver un puntero NULL. La desreferencia de puntero NULL se puede activar sin una comprobaci\u00f3n adicional. Agregue una comprobaci\u00f3n NULL para el puntero devuelto." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50104.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50104.json index e1c644f5c07..ccdacb9b356 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50104.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50104.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50104", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.993", - "lastModified": "2024-11-05T18:15:13.993", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: sdm845: add missing soundwire runtime stream alloc\n\nDuring the migration of Soundwire runtime stream allocation from\nthe Qualcomm Soundwire controller to SoC's soundcard drivers the sdm845\nsoundcard was forgotten.\n\nAt this point any playback attempt or audio daemon startup, for instance\non sdm845-db845c (Qualcomm RB3 board), will result in stream pointer\nNULL dereference:\n\n Unable to handle kernel NULL pointer dereference at virtual\n address 0000000000000020\n Mem abort info:\n ESR = 0x0000000096000004\n EC = 0x25: DABT (current EL), IL = 32 bits\n SET = 0, FnV = 0\n EA = 0, S1PTW = 0\n FSC = 0x04: level 0 translation fault\n Data abort info:\n ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n user pgtable: 4k pages, 48-bit VAs, pgdp=0000000101ecf000\n [0000000000000020] pgd=0000000000000000, p4d=0000000000000000\n Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n Modules linked in: ...\n CPU: 5 UID: 0 PID: 1198 Comm: aplay\n Not tainted 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18\n Hardware name: Thundercomm Dragonboard 845c (DT)\n pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\n lr : sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\n sp : ffff80008a2035c0\n x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 0000000000000000\n x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800\n x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003\n x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000\n x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000\n x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000\n x11: 0000000000000000 x10: 0000000000000000 x9 : 0000000000000000\n x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec\n x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003\n x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8\n Call trace:\n sdw_stream_add_slave+0x44/0x380 [soundwire_bus]\n wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x]\n snd_soc_dai_hw_params+0x3c/0xa4\n __soc_pcm_hw_params+0x230/0x660\n dpcm_be_dai_hw_params+0x1d0/0x3f8\n dpcm_fe_dai_hw_params+0x98/0x268\n snd_pcm_hw_params+0x124/0x460\n snd_pcm_common_ioctl+0x998/0x16e8\n snd_pcm_ioctl+0x34/0x58\n __arm64_sys_ioctl+0xac/0xf8\n invoke_syscall+0x48/0x104\n el0_svc_common.constprop.0+0x40/0xe0\n do_el0_svc+0x1c/0x28\n el0_svc+0x34/0xe0\n el0t_64_sync_handler+0x120/0x12c\n el0t_64_sync+0x190/0x194\n Code: aa0403fb f9418400 9100e000 9400102f (f8420f22)\n ---[ end trace 0000000000000000 ]---\n\n0000000000006108 :\n 6108: d503233f paciasp\n 610c: a9b97bfd stp x29, x30, [sp, #-112]!\n 6110: 910003fd mov x29, sp\n 6114: a90153f3 stp x19, x20, [sp, #16]\n 6118: a9025bf5 stp x21, x22, [sp, #32]\n 611c: aa0103f6 mov x22, x1\n 6120: 2a0303f5 mov w21, w3\n 6124: a90363f7 stp x23, x24, [sp, #48]\n 6128: aa0003f8 mov x24, x0\n 612c: aa0203f7 mov x23, x2\n 6130: a9046bf9 stp x25, x26, [sp, #64]\n 6134: aa0403f9 mov x25, x4 <-- x4 copied to x25\n 6138: a90573fb stp x27, x28, [sp, #80]\n 613c: aa0403fb mov x27, x4\n 6140: f9418400 ldr x0, [x0, #776]\n 6144: 9100e000 add x0, x0, #0x38\n 6148: 94000000 bl 0 \n 614c: f8420f22 ldr x2, [x25, #32]! <-- offset 0x44\n ^^^\nThis is 0x6108 + offset 0x44 from the beginning of sdw_stream_add_slave()\nwhere data abort happens.\nwsa881x_hw_params() is called with stream = NULL and passes it further\nin register x4 (5th argu\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: qcom: sdm845: agregar asignaci\u00f3n de flujo de tiempo de ejecuci\u00f3n de Soundwire faltante Durante la migraci\u00f3n de la asignaci\u00f3n de flujo de tiempo de ejecuci\u00f3n de Soundwire desde el controlador Qualcomm Soundwire a los controladores de tarjeta de sonido del SoC, se olvid\u00f3 la tarjeta de sonido sdm845. En este punto, cualquier intento de reproducci\u00f3n o inicio del demonio de audio, por ejemplo en sdm845-db845c (placa Qualcomm RB3), dar\u00e1 como resultado una desreferenciaci\u00f3n del puntero de flujo NULL: No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000020 Informaci\u00f3n de aborto de memoria: ESR = 0x0000000096000004 EC = 0x25: DABT (EL actual), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: error de traducci\u00f3n de nivel 0 Informaci\u00f3n de aborto de datos: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Superposici\u00f3n = 0, DirtyBit = 0, Xs = 0 usuario pgtable: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000101ecf000 [0000000000000020] pgd=0000000000000000, p4d=0000000000000000 Error interno: Oops: 0000000096000004 [#1] PREEMPT M\u00f3dulos SMP vinculados en: ... CPU: 5 UID: 0 PID: 1198 Comm: aplay No contaminado 6.12.0-rc2-qcomlt-arm64-00059-g9d78f315a362-dirty #18 Nombre del hardware: Thundercomm Dragonboard 845c (DT) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : sdw_stream_add_slave+0x44/0x380 [bus_soundwire] lr : sdw_stream_add_slave+0x44/0x380 [bus_soundwire] sp : ffff80008a2035c0 x29: ffff80008a2035c0 x28: ffff80008a203978 x27: 000000000000000 x26: 00000000000000c0 x25: 0000000000000000 x24: ffff1676025f4800 x23: ffff167600ff1cb8 x22: ffff167600ff1c98 x21: 0000000000000003 x20: ffff167607316000 x19: ffff167604e64e80 x18: 0000000000000000 x17: 0000000000000000 x16: ffffcec265074160 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 00000000000000000 x10: 0000000000000000 x9 : 0000000000000000 x8 : 0000000000000000 x7 : 0000000000000000 x6 : ffff167600ff1cec x5 : ffffcec22cfa2010 x4 : 0000000000000000 x3 : 0000000000000003 x2 : ffff167613f836c0 x1 : 0000000000000000 x0 : ffff16761feb60b8 Rastreo de llamadas: sdw_stream_add_slave+0x44/0x380 [bus de cable de sonido] wsa881x_hw_params+0x68/0x80 [snd_soc_wsa881x] snd_soc_dai_hw_params+0x3c/0xa4 __soc_pcm_hw_params+0x230/0x660 dpcm_be_dai_hw_params+0x1d0/0x3f8 dpcm_fe_dai_hw_params+0x98/0x268 snd_pcm_hw_params+0x124/0x460 snd_pcm_common_ioctl+0x998/0x16e8 snd_pcm_ioctl+0x34/0x58 __arm64_sys_ioctl+0xac/0xf8 invocar_syscall+0x48/0x104 el0_svc_common.constprop.0+0x40/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xe0 el0t_64_sync_handler+0x120/0x12c el0t_64_sync+0x190/0x194 C\u00f3digo: aa0403fb f9418400 9100e000 9400102f (f8420f22) ---[ fin de seguimiento 000000000000000 ]--- 0000000000006108 : 6108: d503233f paciasp 610c: a9b97bfd stp x29, x30, [sp, #-112]! 6110: 910003fd movimiento x29, movimiento r\u00e1pido 6114: a90153f3 movimiento r\u00e1pido x19, x20, [movimiento r\u00e1pido, n.\u00b0 16] 6118: a9025bf5 movimiento r\u00e1pido x21, x22, [movimiento r\u00e1pido, n.\u00b0 32] 611c: aa0103f6 movimiento x22, x1 6120: 2a0303f5 movimiento r\u00e1pido w21, w3 6124: a90363f7 movimiento r\u00e1pido x23, x24, [movimiento r\u00e1pido, n.\u00b0 48] 6128: aa0003f8 movimiento r\u00e1pido x24, x0 612c: aa0203f7 movimiento r\u00e1pido x23, x2 6130: a9046bf9 movimiento r\u00e1pido x25, x26, [movimiento r\u00e1pido, n.\u00b0 64] 6134: aa0403f9 mov x25, x4 <-- x4 copiado a x25 6138: a90573fb stp x27, x28, [sp, #80] 613c: aa0403fb mov x27, x4 6140: f9418400 ldr x0, [x0, #776] 6144: 9100e000 agrega x0, x0, #0x38 6148: 94000000 bl 0 614c: f8420f22 ldr x2, [x25, #32]! <-- desplazamiento 0x44 ^^^ Esto es 0x6108 + desplazamiento 0x44 desde el comienzo de sdw_stream_add_slave() donde ocurre la interrupci\u00f3n de datos. Se llama a wsa881x_hw_params() con stream = NULL y se pasa m\u00e1s adelante en el registro x4 (quinto argumento ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50105.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50105.json index ca20706f88e..e7bf143726e 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50105.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50105.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50105", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.063", - "lastModified": "2024-11-05T18:15:14.063", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc\n\nCommit 15c7fab0e047 (\"ASoC: qcom: Move Soundwire runtime stream alloc to\nsoundcards\") moved the allocation of Soundwire stream runtime from the\nQualcomm Soundwire driver to each individual machine sound card driver,\nexcept that it forgot to update SC7280 card.\n\nJust like for other Qualcomm sound cards using Soundwire, the card\ndriver should allocate and release the runtime. Otherwise sound\nplayback will result in a NULL pointer dereference or other effect of\nuninitialized memory accesses (which was confirmed on SDM845 having\nsimilar issue)." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Commit 15c7fab0e047 (\"ASoC: qcom: Move Soundwire runtime stream alloc to soundcards\") movi\u00f3 la asignaci\u00f3n de tiempo de ejecuci\u00f3n de flujo Soundwire del controlador Qualcomm Soundwire al controlador de tarjeta de sonido de cada m\u00e1quina individual, excepto que olvid\u00f3 actualizar la tarjeta SC7280. Al igual que para otras tarjetas de sonido Qualcomm que usan Soundwire, el controlador de la tarjeta debe asignar y liberar el tiempo de ejecuci\u00f3n. De lo contrario, la reproducci\u00f3n de sonido dar\u00e1 como resultado una desreferencia de puntero NULL u otro efecto de accesos a memoria no inicializados (lo que se confirm\u00f3 en SDM845 que ten\u00eda un problema similar)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50106.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50106.json index 1ebf615bc96..c1ec70b0832 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50106.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50106.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50106", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.120", - "lastModified": "2024-11-05T18:15:14.120", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: fix race between laundromat and free_stateid\n\nThere is a race between laundromat handling of revoked delegations\nand a client sending free_stateid operation. Laundromat thread\nfinds that delegation has expired and needs to be revoked so it\nmarks the delegation stid revoked and it puts it on a reaper list\nbut then it unlock the state lock and the actual delegation revocation\nhappens without the lock. Once the stid is marked revoked a racing\nfree_stateid processing thread does the following (1) it calls\nlist_del_init() which removes it from the reaper list and (2) frees\nthe delegation stid structure. The laundromat thread ends up not\ncalling the revoke_delegation() function for this particular delegation\nbut that means it will no release the lock lease that exists on\nthe file.\n\nNow, a new open for this file comes in and ends up finding that\nlease list isn't empty and calls nfsd_breaker_owns_lease() which ends\nup trying to derefence a freed delegation stateid. Leading to the\nfollowint use-after-free KASAN warning:\n\nkernel: ==================================================================\nkernel: BUG: KASAN: slab-use-after-free in nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: Read of size 8 at addr ffff0000e73cd0c8 by task nfsd/6205\nkernel:\nkernel: CPU: 2 UID: 0 PID: 6205 Comm: nfsd Kdump: loaded Not tainted 6.11.0-rc7+ #9\nkernel: Hardware name: Apple Inc. Apple Virtualization Generic Platform, BIOS 2069.0.0.0.0 08/03/2024\nkernel: Call trace:\nkernel: dump_backtrace+0x98/0x120\nkernel: show_stack+0x1c/0x30\nkernel: dump_stack_lvl+0x80/0xe8\nkernel: print_address_description.constprop.0+0x84/0x390\nkernel: print_report+0xa4/0x268\nkernel: kasan_report+0xb4/0xf8\nkernel: __asan_report_load8_noabort+0x1c/0x28\nkernel: nfsd_breaker_owns_lease+0x140/0x160 [nfsd]\nkernel: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd]\nkernel: nfsd_file_acquire_opened+0x84/0x110 [nfsd]\nkernel: nfs4_get_vfs_file+0x634/0x958 [nfsd]\nkernel: nfsd4_process_open2+0xa40/0x1a40 [nfsd]\nkernel: nfsd4_open+0xa08/0xe80 [nfsd]\nkernel: nfsd4_proc_compound+0xb8c/0x2130 [nfsd]\nkernel: nfsd_dispatch+0x22c/0x718 [nfsd]\nkernel: svc_process_common+0x8e8/0x1960 [sunrpc]\nkernel: svc_process+0x3d4/0x7e0 [sunrpc]\nkernel: svc_handle_xprt+0x828/0xe10 [sunrpc]\nkernel: svc_recv+0x2cc/0x6a8 [sunrpc]\nkernel: nfsd+0x270/0x400 [nfsd]\nkernel: kthread+0x288/0x310\nkernel: ret_from_fork+0x10/0x20\n\nThis patch proposes a fixed that's based on adding 2 new additional\nstid's sc_status values that help coordinate between the laundromat\nand other operations (nfsd4_free_stateid() and nfsd4_delegreturn()).\n\nFirst to make sure, that once the stid is marked revoked, it is not\nremoved by the nfsd4_free_stateid(), the laundromat take a reference\non the stateid. Then, coordinating whether the stid has been put\non the cl_revoked list or we are processing FREE_STATEID and need to\nmake sure to remove it from the list, each check that state and act\naccordingly. If laundromat has added to the cl_revoke list before\nthe arrival of FREE_STATEID, then nfsd4_free_stateid() knows to remove\nit from the list. If nfsd4_free_stateid() finds that operations arrived\nbefore laundromat has placed it on cl_revoke list, it marks the state\nfreed and then laundromat will no longer add it to the list.\n\nAlso, for nfsd4_delegreturn() when looking for the specified stid,\nwe need to access stid that are marked removed or freeable, it means\nthe laundromat has started processing it but hasn't finished and this\ndelegreturn needs to return nfserr_deleg_revoked and not\nnfserr_bad_stateid. The latter will not trigger a FREE_STATEID and the\nlack of it will leave this stid on the cl_revoked list indefinitely." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: arregla la ejecuci\u00f3n entre laundromat y free_stateid. Hay una ejecuci\u00f3n entre el manejo de laundromat de delegaciones revocadas y un cliente que env\u00eda la operaci\u00f3n free_stateid. El hilo de laundromat encuentra que la delegaci\u00f3n ha expirado y necesita ser revocada, por lo que marca el stid de delegaci\u00f3n revocado y lo pone en una lista de reaper, pero luego desbloquea el bloqueo de estado y la revocaci\u00f3n de delegaci\u00f3n real ocurre sin el bloqueo. Una vez que el stid est\u00e1 marcado como revocado, un hilo de procesamiento de free_stateid en ejecuci\u00f3n hace lo siguiente: (1) llama a list_del_init() que lo elimina de la lista de reaper y (2) libera la estructura del stid de delegaci\u00f3n. El hilo de laundromat termina sin llamar a la funci\u00f3n revoke_delegation() para esta delegaci\u00f3n en particular, pero eso significa que no liberar\u00e1 la concesi\u00f3n de bloqueo que existe en el archivo. Ahora, una nueva apertura para este archivo llega y termina encontrando que la lista de arrendamientos no est\u00e1 vac\u00eda y llama a nfsd_breaker_owns_lease() que termina intentando desreferenciar un stateid de delegaci\u00f3n liberado. Lo que genera la siguiente advertencia de KASAN de use-after-free: kernel: == ... 2069.0.0.0.0 08/03/2024 n\u00facleo: Seguimiento de llamadas: n\u00facleo: dump_backtrace+0x98/0x120 n\u00facleo: show_stack+0x1c/0x30 n\u00facleo: dump_stack_lvl+0x80/0xe8 n\u00facleo: print_address_description.constprop.0+0x84/0x390 n\u00facleo: print_report+0xa4/0x268 n\u00facleo: kasan_report+0xb4/0xf8 n\u00facleo: __asan_report_load8_noabort+0x1c/0x28 n\u00facleo: nfsd_breaker_owns_lease+0x140/0x160 [nfsd] n\u00facleo: nfsd_file_do_acquire+0xb3c/0x11d0 [nfsd] n\u00facleo: nfsd_file_acquire_opened+0x84/0x110 [nfsd] n\u00facleo: nfs4_get_vfs_file+0x634/0x958 [nfsd] n\u00facleo: nfsd4_process_open2+0xa40/0x1a40 [nfsd] n\u00facleo: nfsd4_open+0xa08/0xe80 [nfsd] n\u00facleo: nfsd4_proc_compound+0xb8c/0x2130 [nfsd] n\u00facleo: nfsd_dispatch+0x22c/0x718 [nfsd] n\u00facleo: svc_process_common+0x8e8/0x1960 [sunrpc] n\u00facleo: svc_process+0x3d4/0x7e0 [sunrpc] n\u00facleo: svc_handle_xprt+0x828/0xe10 [sunrpc] kernel: svc_recv+0x2cc/0x6a8 [sunrpc] kernel: nfsd+0x270/0x400 [nfsd] kernel: kthread+0x288/0x310 kernel: ret_from_fork+0x10/0x20 Este parche propone una soluci\u00f3n basada en agregar 2 nuevos valores de stid adicionales sc_status que ayudan a coordinar entre la lavander\u00eda y otras operaciones (nfsd4_free_stateid() y nfsd4_delegreturn()). Primero, para asegurarse de que una vez que el stid est\u00e9 marcado como revocado, no sea eliminado por nfsd4_free_stateid(), la lavander\u00eda tome una referencia en el stateid. Luego, al coordinar si el stid se ha colocado en la lista cl_revoked o si estamos procesando FREE_STATEID y debemos asegurarnos de eliminarlo de la lista, cada uno verifica ese estado y act\u00faa en consecuencia. Si laundromat ha agregado a la lista cl_revoke antes de la llegada de FREE_STATEID, entonces nfsd4_free_stateid() sabe eliminarlo de la lista. Si nfsd4_free_stateid() encuentra que las operaciones llegaron antes de que laundromat lo haya colocado en la lista cl_revoke, marca el estado como liberado y luego laundromat ya no lo agregar\u00e1 a la lista. Adem\u00e1s, para nfsd4_delegreturn() cuando buscamos el stid especificado, necesitamos acceder a los stid que est\u00e1n marcados como eliminados o liberables, significa que laundromat ha comenzado a procesarlo pero no ha terminado y este delegreturn debe devolver nfserr_deleg_revoked y no nfserr_bad_stateid. Este \u00faltimo no activar\u00e1 un FREE_STATEID y la falta del mismo dejar\u00e1 este stid en la lista cl_revoked indefinidamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50107.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50107.json index 32384cb8575..56c0f6ab0d9 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50107.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50107.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50107", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.177", - "lastModified": "2024-11-05T18:15:14.177", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nplatform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses\n\nCommit 50c6dbdfd16e (\"x86/ioremap: Improve iounmap() address range checks\")\nintroduces a WARN when adrress ranges of iounmap are invalid. On Thinkpad\nP1 Gen 7 (Meteor Lake-P) this caused the following warning to appear:\n\nWARNING: CPU: 7 PID: 713 at arch/x86/mm/ioremap.c:461 iounmap+0x58/0x1f0\nModules linked in: rfkill(+) snd_timer(+) fjes(+) snd soundcore intel_pmc_core(+)\nint3403_thermal(+) int340x_thermal_zone intel_vsec pmt_telemetry acpi_pad pmt_class\nacpi_tad int3400_thermal acpi_thermal_rel joydev loop nfnetlink zram xe drm_suballoc_helper\nnouveau i915 mxm_wmi drm_ttm_helper gpu_sched drm_gpuvm drm_exec drm_buddy i2c_algo_bit\ncrct10dif_pclmul crc32_pclmul ttm crc32c_intel polyval_clmulni rtsx_pci_sdmmc ucsi_acpi\npolyval_generic mmc_core hid_multitouch drm_display_helper ghash_clmulni_intel typec_ucsi\nnvme sha512_ssse3 video sha256_ssse3 nvme_core intel_vpu sha1_ssse3 rtsx_pci cec typec\nnvme_auth i2c_hid_acpi i2c_hid wmi pinctrl_meteorlake serio_raw ip6_tables ip_tables fuse\nCPU: 7 UID: 0 PID: 713 Comm: (udev-worker) Not tainted 6.12.0-rc2iounmap+ #42\nHardware name: LENOVO 21KWCTO1WW/21KWCTO1WW, BIOS N48ET19W (1.06 ) 07/18/2024\nRIP: 0010:iounmap+0x58/0x1f0\nCode: 85 6a 01 00 00 48 8b 05 e6 e2 28 04 48 39 c5 72 19 eb 26 cc cc cc 48 ba 00 00 00 00 00 00 32 00 48 8d 44 02 ff 48 39 c5 72 23 <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 cc cc cc cc 48 ba 00 00 00 00 00\nRSP: 0018:ffff888131eff038 EFLAGS: 00010207\nRAX: ffffc90000000000 RBX: 0000000000000000 RCX: ffff888e33b80000\nRDX: dffffc0000000000 RSI: ffff888e33bc29c0 RDI: 0000000000000000\nRBP: 0000000000000000 R08: ffff8881598a8000 R09: ffff888e2ccedc10\nR10: 0000000000000003 R11: ffffffffb3367634 R12: 00000000fe000000\nR13: ffff888101d0da28 R14: ffffffffc2e437e0 R15: ffff888110b03b28\nFS: 00007f3c1d4b3980(0000) GS:ffff888e33b80000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00005651cfc93578 CR3: 0000000124e4c002 CR4: 0000000000f70ef0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400\nPKRU: 55555554\nCall Trace:\n\n? __warn.cold+0xb6/0x176\n? iounmap+0x58/0x1f0\n? report_bug+0x1f4/0x2b0\n? handle_bug+0x58/0x90\n? exc_invalid_op+0x17/0x40\n? asm_exc_invalid_op+0x1a/0x20\n? iounmap+0x58/0x1f0\npmc_core_ssram_get_pmc+0x477/0x6c0 [intel_pmc_core]\n? __pfx_pmc_core_ssram_get_pmc+0x10/0x10 [intel_pmc_core]\n? __pfx_do_pci_enable_device+0x10/0x10\n? pci_wait_for_pending+0x60/0x110\n? pci_enable_device_flags+0x1e3/0x2e0\n? __pfx_mtl_core_init+0x10/0x10 [intel_pmc_core]\npmc_core_ssram_init+0x7f/0x110 [intel_pmc_core]\nmtl_core_init+0xda/0x130 [intel_pmc_core]\n? __mutex_init+0xb9/0x130\npmc_core_probe+0x27e/0x10b0 [intel_pmc_core]\n? _raw_spin_lock_irqsave+0x96/0xf0\n? __pfx_pmc_core_probe+0x10/0x10 [intel_pmc_core]\n? __pfx_mutex_unlock+0x10/0x10\n? __pfx_mutex_lock+0x10/0x10\n? device_pm_check_callbacks+0x82/0x370\n? acpi_dev_pm_attach+0x234/0x2b0\nplatform_probe+0x9f/0x150\nreally_probe+0x1e0/0x8a0\n__driver_probe_device+0x18c/0x370\n? __pfx___driver_attach+0x10/0x10\ndriver_probe_device+0x4a/0x120\n__driver_attach+0x190/0x4a0\n? __pfx___driver_attach+0x10/0x10\nbus_for_each_dev+0x103/0x180\n? __pfx_bus_for_each_dev+0x10/0x10\n? klist_add_tail+0x136/0x270\nbus_add_driver+0x2fc/0x540\ndriver_register+0x1a5/0x360\n? __pfx_pmc_core_driver_init+0x10/0x10 [intel_pmc_core]\ndo_one_initcall+0xa4/0x380\n? __pfx_do_one_initcall+0x10/0x10\n? kasan_unpoison+0x44/0x70\ndo_init_module+0x296/0x800\nload_module+0x5090/0x6ce0\n? __pfx_load_module+0x10/0x10\n? ima_post_read_file+0x193/0x200\n? __pfx_ima_post_read_file+0x10/0x10\n? rw_verify_area+0x152/0x4c0\n? kernel_read_file+0x257/0x750\n? __pfx_kernel_read_file+0x10/0x10\n? __pfx_filemap_get_read_batch+0x10/0x10\n? init_module_from_file+0xd1/0x130\ninit_module_from_file+0xd1/0x130\n? __pfx_init_module_from_file+0x10/0\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: platform/x86/intel/pmc: Corregir pmc_core_iounmap para llamar a iounmap para direcciones v\u00e1lidas. La confirmaci\u00f3n 50c6dbdfd16e (\"x86/ioremap: Mejorar las comprobaciones del rango de direcciones de iounmap()\") introduce una ADVERTENCIA cuando los rangos de direcciones de iounmap no son v\u00e1lidos. En Thinkpad P1 Gen 7 (Meteor Lake-P), esto provoc\u00f3 que apareciera la siguiente advertencia: ADVERTENCIA: CPU: 7 PID: 713 en arch/x86/mm/ioremap.c:461 iounmap+0x58/0x1f0 M\u00f3dulos vinculados en: rfkill(+) snd_timer(+) fjes(+) snd soundcore intel_pmc_core(+) int3403_thermal(+) int340x_thermal_zone intel_vsec pmt_telemetry acpi_pad pmt_class acpi_tad int3400_thermal acpi_thermal_rel joydev loop nfnetlink zram xe drm_suballoc_helper nouveau i915 mxm_wmi drm_ttm_helper gpu_sched drm_gpuvm drm_exec drm_buddy i2c_algo_bit crct10dif_pclmul crc32_pclmul ttm crc32c_intel polyval_clmulni rtsx_pci_sdmmc ucsi_acpi polyval_generic mmc_core hid_multitouch drm_display_helper ghash_clmulni_intel typec_ucsi nvme sha512_ssse3 video sha256_ssse3 nvme_core intel_vpu sha1_ssse3 rtsx_pci cec typec nvme_auth i2c_hid_acpi i2c_hid wmi pinctrl_meteorlake serio_raw ip6_tables ip_tables fuse CPU: 7 UID: 0 PID: 713 Comm: (udev-worker) No contaminado 6.12.0-rc2iounmap+ #42 Nombre del hardware: LENOVO 21KWCTO1WW/21KWCTO1WW, BIOS N48ET19W (1.06) 18/07/2024 RIP: 0010:iounmap+0x58/0x1f0 C\u00f3digo: 85 6a 01 00 00 48 8b 05 e6 e2 28 04 48 39 c5 72 19 eb 26 cc cc cc 48 ba 00 00 00 00 00 00 32 00 48 8d 44 02 ff 48 39 c5 72 23 <0f> 0b 48 83 c4 08 5b 5d 41 5c c3 cc cc cc cc 48 ba 00 00 00 00 00 RSP: 0018:ffff888131eff038 EFLAGS: 00010207 RAX: ffffc90000000000 RBX: 0000000000000000 RCX: ffff888e33b80000 RDX: dffffc0000000000 RSI: ffff888e33bc29c0 RDI: 0000000000000000 RBP: 0000000000000000 R08: ffff8881598a8000 R09: ffff888e2ccedc10 R10: 0000000000000003 R11: ffffffffb3367634 R12: 00000000fe000000 R13: ffff888101d0da28 R14: ffffffffc2e437e0 R15: ffff888110b03b28 FS: 00007f3c1d4b3980(0000) GS:ffff888e33b80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005651cfc93578 CR3: 0000000124e4c002 CR4: 0000000000f70ef0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000ffff07f0 DR7: 0000000000000400 PKRU: 55555554 Seguimiento de llamadas: ? __warn.cold+0xb6/0x176 ? iounmap+0x58/0x1f0 ? report_bug+0x1f4/0x2b0 ? handle_bug+0x58/0x90 ? exc_invalid_op+0x17/0x40 ? pci_enable_device_flags+0x1e3/0x2e0 ? __pfx_mtl_core_init+0x10/0x10 [intel_pmc_core] pmc_core_ssram_init+0x7f/0x110 [intel_pmc_core] mtl_core_init+0xda/0x130 [intel_pmc_core] ? __mutex_init+0xb9/0x130 pmc_core_probe+0x27e/0x10b0 [intel_pmc_core] ? _raw_spin_lock_irqsave+0x96/0xf0 ? __pfx_pmc_core_probe+0x10/0x10 [intel_pmc_core] ? __pfx_mutex_unlock+0x10/0x10 ? __pfx_mutex_lock+0x10/0x10 ? device_pm_check_callbacks+0x82/0x370 ? acpi_dev_pm_attach+0x234/0x2b0 platform_probe+0x9f/0x150 really_probe+0x1e0/0x8a0 __driver_probe_device+0x18c/0x370 ? __pfx___driver_attach+0x10/0x10 driver_probe_device+0x4a/0x120 __driver_attach+0x190/0x4a0 ? __pfx___driver_attach+0x10/0x10 bus_for_each_dev+0x103/0x180 ? __pfx_bus_for_each_dev+0x10/0x10 ? klist_add_tail+0x136/0x270 bus_add_driver+0x2fc/0x540 driver_register+0x1a5/0x360 ? __pfx_pmc_core_driver_init+0x10/0x10 [intel_pmc_core] do_one_initcall+0xa4/0x380 ? __pfx_do_one_initcall+0x10/0x10 ? kasan_unpoison+0x44/0x70 do_init_module+0x296/0x800 load_module+0x5090/0x6ce0 ? __pfx_load_module+0x10/0x10 ? ima_post_read_file+0x193/0x200 ? __pfx_ima_post_read_file+0x10/0x10 ? rw_verify_area+0x152/0x4c0 ? kernel_read_file+0x257/0x750 ? __pfx_kernel_read_file+0x10/0x10 ? __pfx_filemap_get_read_batch+0x10/0x10 ? init_module_from_file+0xd1/0x130 init_module_from_file+0xd1/0x130 ? __pfx_init_module_from_file+0x10/0 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50108.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50108.json index 3466a13a328..610d1016083 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50108.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50108.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50108", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.247", - "lastModified": "2024-11-05T18:15:14.247", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/display: Disable PSR-SU on Parade 08-01 TCON too\n\nStuart Hayhurst has found that both at bootup and fullscreen VA-API video\nis leading to black screens for around 1 second and kernel WARNING [1] traces\nwhen calling dmub_psr_enable() with Parade 08-01 TCON.\n\nThese symptoms all go away with PSR-SU disabled for this TCON, so disable\nit for now while DMUB traces [2] from the failure can be analyzed and the failure\nstate properly root caused.\n\n(cherry picked from commit afb634a6823d8d9db23c5fb04f79c5549349628b)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: Deshabilitar PSR-SU tambi\u00e9n en Parade 08-01 TCON Stuart Hayhurst ha descubierto que tanto en el arranque como en pantalla completa, el v\u00eddeo VA-API provoca pantallas negras durante alrededor de 1 segundo y rastros de ADVERTENCIA [1] en el kernel al llamar a dmub_psr_enable() con Parade 08-01 TCON. Todos estos s\u00edntomas desaparecen con PSR-SU deshabilitado para este TCON, as\u00ed que deshabil\u00edtelo por ahora mientras se pueden analizar los rastros DMUB [2] del fallo y se puede determinar correctamente el estado del fallo. (seleccionado de la confirmaci\u00f3n afb634a6823d8d9db23c5fb04f79c5549349628b)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50109.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50109.json index 16e7cf5f49e..6aecd7ae023 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50109.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50109.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50109", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.317", - "lastModified": "2024-11-05T18:15:14.317", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd/raid10: fix null ptr dereference in raid10_size()\n\nIn raid10_run() if raid10_set_queue_limits() succeed, the return value\nis set to zero, and if following procedures failed raid10_run() will\nreturn zero while mddev->private is still NULL, causing null ptr\ndereference in raid10_size().\n\nFix the problem by only overwrite the return value if\nraid10_set_queue_limits() failed." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: md/raid10: se corrige la desreferencia ptr nulo en raid10_size() En raid10_run(), si raid10_set_queue_limits() tiene \u00e9xito, el valor de retorno se establece en cero y, si fallan los siguientes procedimientos, raid10_run() devolver\u00e1 cero mientras que mddev->private sigue siendo NULL, lo que provoca una desreferencia ptr nula en raid10_size(). Solucione el problema sobrescribiendo solo el valor de retorno si raid10_set_queue_limits() falla." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50110.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50110.json index 3f895a1ce72..809d5f99be8 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50110.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50110.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50110", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.370", - "lastModified": "2024-11-05T18:15:14.370", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfrm: fix one more kernel-infoleak in algo dumping\n\nDuring fuzz testing, the following issue was discovered:\n\nBUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30\n _copy_to_iter+0x598/0x2a30\n __skb_datagram_iter+0x168/0x1060\n skb_copy_datagram_iter+0x5b/0x220\n netlink_recvmsg+0x362/0x1700\n sock_recvmsg+0x2dc/0x390\n __sys_recvfrom+0x381/0x6d0\n __x64_sys_recvfrom+0x130/0x200\n x64_sys_call+0x32c8/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was stored to memory at:\n copy_to_user_state_extra+0xcc1/0x1e00\n dump_one_state+0x28c/0x5f0\n xfrm_state_walk+0x548/0x11e0\n xfrm_dump_sa+0x1e0/0x840\n netlink_dump+0x943/0x1c40\n __netlink_dump_start+0x746/0xdb0\n xfrm_user_rcv_msg+0x429/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nUninit was created at:\n __kmalloc+0x571/0xd30\n attach_auth+0x106/0x3e0\n xfrm_add_sa+0x2aa0/0x4230\n xfrm_user_rcv_msg+0x832/0xc00\n netlink_rcv_skb+0x613/0x780\n xfrm_netlink_rcv+0x77/0xc0\n netlink_unicast+0xe90/0x1280\n netlink_sendmsg+0x126d/0x1490\n __sock_sendmsg+0x332/0x3d0\n ____sys_sendmsg+0x863/0xc30\n ___sys_sendmsg+0x285/0x3e0\n __x64_sys_sendmsg+0x2d6/0x560\n x64_sys_call+0x1316/0x3cc0\n do_syscall_64+0xd8/0x1c0\n entry_SYSCALL_64_after_hwframe+0x79/0x81\n\nBytes 328-379 of 732 are uninitialized\nMemory access of size 732 starts at ffff88800e18e000\nData copied to user address 00007ff30f48aff0\n\nCPU: 2 PID: 18167 Comm: syz-executor.0 Not tainted 6.8.11 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\n\nFixes copying of xfrm algorithms where some random\ndata of the structure fields can end up in userspace.\nPadding in structures may be filled with random (possibly sensitve)\ndata and should never be given directly to user-space.\n\nA similar issue was resolved in the commit\n8222d5910dae (\"xfrm: Zero padding when dumping algos and encap\")\n\nFound by Linux Verification Center (linuxtesting.org) with Syzkaller." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfrm: corrige una fuga de informaci\u00f3n del kernel m\u00e1s en el volcado de algoritmos. Durante las pruebas fuzz, se descubri\u00f3 el siguiente problema: ERROR: KMSAN: fuga de informaci\u00f3n del kernel en _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram_iter+0x168/0x1060 skb_copy_datagram_iter+0x5b/0x220 netlink_recvmsg+0x362/0x1700 sock_recvmsg+0x2dc/0x390 __sys_recvfrom+0x381/0x6d0 __x64_sys_recvfrom+0x130/0x200 x64_sys_call+0x32c8/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Ununit se almacen\u00f3 en la memoria en: copy_to_user_state_extra+0xcc1/0x1e00 dump_one_state+0x28c/0x5f0 xfrm_state_walk+0x548/0x11e0 xfrm_dump_sa+0x1e0/0x840 netlink_dump+0x943/0x1c40 __netlink_dump_start+0x746/0xdb0 xfrm_user_rcv_msg+0x429/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Uninit se cre\u00f3 en: __kmalloc+0x571/0xd30 attached_auth+0x106/0x3e0 xfrm_add_sa+0x2aa0/0x4230 xfrm_user_rcv_msg+0x832/0xc00 netlink_rcv_skb+0x613/0x780 xfrm_netlink_rcv+0x77/0xc0 netlink_unicast+0xe90/0x1280 netlink_sendmsg+0x126d/0x1490 __sock_sendmsg+0x332/0x3d0 ____sys_sendmsg+0x863/0xc30 ___sys_sendmsg+0x285/0x3e0 __x64_sys_sendmsg+0x2d6/0x560 x64_sys_call+0x1316/0x3cc0 do_syscall_64+0xd8/0x1c0 entry_SYSCALL_64_after_hwframe+0x79/0x81 Los bytes 328-379 de 732 no est\u00e1n inicializados El acceso a la memoria de tama\u00f1o 732 comienza en ffff88800e18e000 Datos copiados a la direcci\u00f3n de usuario 00007ff30f48aff0 CPU: 2 PID: 18167 Comm: syz-executor.0 No contaminado 6.8.11 #1 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Corrige la copia de algoritmos xfrm donde algunos datos aleatorios de los campos de estructura pueden terminar en el espacio de usuario. El relleno en las estructuras se puede rellenar con datos aleatorios (posiblemente confidenciales) y nunca se debe proporcionar directamente al espacio de usuario. Un problema similar se resolvi\u00f3 en la confirmaci\u00f3n 8222d5910dae (\"xfrm: relleno de ceros al volcar algoritmos y encap\") encontrado por Linux Verification Center (linuxtesting.org) con Syzkaller." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50111.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50111.json index 934b2a6fc0e..cf15c9b8e3b 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50111.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50111.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50111", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.433", - "lastModified": "2024-11-05T18:15:14.433", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Enable IRQ if do_ale() triggered in irq-enabled context\n\nUnaligned access exception can be triggered in irq-enabled context such\nas user mode, in this case do_ale() may call get_user() which may cause\nsleep. Then we will get:\n\n BUG: sleeping function called from invalid context at arch/loongarch/kernel/access-helper.h:7\n in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 129, name: modprobe\n preempt_count: 0, expected: 0\n RCU nest depth: 0, expected: 0\n CPU: 0 UID: 0 PID: 129 Comm: modprobe Tainted: G W 6.12.0-rc1+ #1723\n Tainted: [W]=WARN\n Stack : 9000000105e0bd48 0000000000000000 9000000003803944 9000000105e08000\n 9000000105e0bc70 9000000105e0bc78 0000000000000000 0000000000000000\n 9000000105e0bc78 0000000000000001 9000000185e0ba07 9000000105e0b890\n ffffffffffffffff 9000000105e0bc78 73924b81763be05b 9000000100194500\n 000000000000020c 000000000000000a 0000000000000000 0000000000000003\n 00000000000023f0 00000000000e1401 00000000072f8000 0000007ffbb0e260\n 0000000000000000 0000000000000000 9000000005437650 90000000055d5000\n 0000000000000000 0000000000000003 0000007ffbb0e1f0 0000000000000000\n 0000005567b00490 0000000000000000 9000000003803964 0000007ffbb0dfec\n 00000000000000b0 0000000000000007 0000000000000003 0000000000071c1d\n ...\n Call Trace:\n [<9000000003803964>] show_stack+0x64/0x1a0\n [<9000000004c57464>] dump_stack_lvl+0x74/0xb0\n [<9000000003861ab4>] __might_resched+0x154/0x1a0\n [<900000000380c96c>] emulate_load_store_insn+0x6c/0xf60\n [<9000000004c58118>] do_ale+0x78/0x180\n [<9000000003801bc8>] handle_ale+0x128/0x1e0\n\nSo enable IRQ if unaligned access exception is triggered in irq-enabled\ncontext to fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: Habilitar IRQ si do_ale() se activa en un contexto habilitado para irq. La excepci\u00f3n de acceso no alineado se puede activar en un contexto habilitado para irq, como el modo de usuario; en este caso, do_ale() puede llamar a get_user(), lo que puede provocar una suspensi\u00f3n. Entonces obtendremos: ERROR: funci\u00f3n inactiva llamada desde un contexto no v\u00e1lido en arch/loongarch/kernel/access-helper.h:7 in_atomic(): 0, irqs_disabled(): 1, non_block: 0, pid: 129, nombre: modprobe preempt_count: 0, esperado: 0 Profundidad de anidaci\u00f3n de RCU: 0, esperado: 0 CPU: 0 UID: 0 PID: 129 Comm: modprobe Contaminado: GW 6.12.0-rc1+ #1723 Contaminado: [W]=WARN Pila: 9000000105e0bd48 0000000000000000 9000000003803944 9000000105e08000 9000000105e0bc70 9000000105e0bc78 000000000000000 0000000000000000 9000000105e0bc78 0000000000000001 9000000185e0ba07 9000000105e0b890 ffffffffffffffff 9000000105e0bc78 73924b81763be05b 9000000100194500 000000000000020c 00000000000000a 0000000000000000 000000000000003 000000000000023f0 000000000000e1401 00000000072f8000 0000007ffbb0e260 0000000000000000 000000000000000 9000000005437650 90000000055d5000 0000000000000000 0000000000000003 0000007ffbb0e1f0 000000000000000 000005567b00490 0000000000000000 9000000003803964 0000007ffbb0dfec 000000000000000b0 0000000000000007 0000000000000003 0000000000071c1d ... Seguimiento de llamadas: [<9000000003803964>] show_stack+0x64/0x1a0 [<9000000004c57464>] dump_stack_lvl+0x74/0xb0 [<9000000003861ab4>] __might_resched+0x154/0x1a0 [<900000000380c96c>] emulate_load_store_insn+0x6c/0xf60 [<9000000004c58118>] do_ale+0x78/0x180 [<9000000003801bc8>] handle_ale+0x128/0x1e0 Entonces habilite IRQ si se activa una excepci\u00f3n de acceso no alineado en un contexto habilitado para irq para solucionarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50112.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50112.json index 48911e17975..d0cb4f03ce5 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50112.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50112.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50112", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.497", - "lastModified": "2024-11-05T18:15:14.497", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/lam: Disable ADDRESS_MASKING in most cases\n\nLinear Address Masking (LAM) has a weakness related to transient\nexecution as described in the SLAM paper[1]. Unless Linear Address\nSpace Separation (LASS) is enabled this weakness may be exploitable.\n\nUntil kernel adds support for LASS[2], only allow LAM for COMPILE_TEST,\nor when speculation mitigations have been disabled at compile time,\notherwise keep LAM disabled.\n\nThere are no processors in market that support LAM yet, so currently\nnobody is affected by this issue.\n\n[1] SLAM: https://download.vusec.net/papers/slam_sp24.pdf\n[2] LASS: https://lore.kernel.org/lkml/20230609183632.48706-1-alexander.shishkin@linux.intel.com/\n\n[ dhansen: update SPECULATION_MITIGATIONS -> CPU_MITIGATIONS ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: x86/lam: Deshabilitar ADDRESS_MASKING en la mayor\u00eda de los casos. El enmascaramiento de direcciones lineales (LAM) tiene una debilidad relacionada con la ejecuci\u00f3n transitoria como se describe en el documento SLAM[1]. A menos que se habilite la separaci\u00f3n del espacio de direcciones lineales (LASS), esta debilidad puede ser explotable. Hasta que el kernel agregue soporte para LASS[2], solo permita LAM para COMPILE_TEST, o cuando las mitigaciones de especulaci\u00f3n se hayan deshabilitado en el momento de la compilaci\u00f3n, de lo contrario, mantenga LAM deshabilitado. No hay procesadores en el mercado que admitan LAM todav\u00eda, por lo que actualmente nadie se ve afectado por este problema. [1] SLAM: https://download.vusec.net/papers/slam_sp24.pdf [2] LASS: https://lore.kernel.org/lkml/20230609183632.48706-1-alexander.shishkin@linux.intel.com/ [ dhansen: actualizaci\u00f3n MITIGACIONES_DE_ESPECULACI\u00d3N -> MITIGACIONES_DE_CPU ]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50113.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50113.json index 7c45937eb02..e6c010e8697 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50113.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50113.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50113", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.560", - "lastModified": "2024-11-05T18:15:14.560", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfirewire: core: fix invalid port index for parent device\n\nIn a commit 24b7f8e5cd65 (\"firewire: core: use helper functions for self\nID sequence\"), the enumeration over self ID sequence was refactored with\nsome helper functions with KUnit tests. These helper functions are\nguaranteed to work expectedly by the KUnit tests, however their application\nincludes a mistake to assign invalid value to the index of port connected\nto parent device.\n\nThis bug affects the case that any extra node devices which has three or\nmore ports are connected to 1394 OHCI controller. In the case, the path\nto update the tree cache could hits WARN_ON(), and gets general protection\nfault due to the access to invalid address computed by the invalid value.\n\nThis commit fixes the bug to assign correct port index." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: firewire: core: fix invalid port index for parent device En una confirmaci\u00f3n 24b7f8e5cd65 (\"firewire: core: use helper functions for self ID sequence\"), la enumeraci\u00f3n sobre la secuencia de auto-identificaci\u00f3n se refactoriz\u00f3 con algunas funciones auxiliares con pruebas KUnit. Se garantiza que estas funciones auxiliares funcionar\u00e1n como se espera mediante las pruebas KUnit, sin embargo, su aplicaci\u00f3n incluye un error para asignar un valor no v\u00e1lido al \u00edndice del puerto conectado al dispositivo principal. Este error afecta al caso en que cualquier dispositivo de nodo adicional que tenga tres o m\u00e1s puertos est\u00e9 conectado al controlador 1394 OHCI. En el caso, la ruta para actualizar la cach\u00e9 del \u00e1rbol podr\u00eda alcanzar WARN_ON() y obtener un fallo de protecci\u00f3n general debido al acceso a una direcci\u00f3n no v\u00e1lida calculada por el valor no v\u00e1lido. Esta confirmaci\u00f3n corrige el error para asignar el \u00edndice de puerto correcto." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json index 55e4f9f8ecb..3b3d505106b 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50114.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50114", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.630", - "lastModified": "2024-11-05T18:15:14.630", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: arm64: Unregister redistributor for failed vCPU creation\n\nAlex reports that syzkaller has managed to trigger a use-after-free when\ntearing down a VM:\n\n BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769\n Read of size 8 at addr ffffff801c6890d0 by task syz.3.2219/10758\n\n CPU: 3 UID: 0 PID: 10758 Comm: syz.3.2219 Not tainted 6.11.0-rc6-dirty #64\n Hardware name: linux,dummy-virt (DT)\n Call trace:\n dump_backtrace+0x17c/0x1a8 arch/arm64/kernel/stacktrace.c:317\n show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324\n __dump_stack lib/dump_stack.c:93 [inline]\n dump_stack_lvl+0x94/0xc0 lib/dump_stack.c:119\n print_report+0x144/0x7a4 mm/kasan/report.c:377\n kasan_report+0xcc/0x128 mm/kasan/report.c:601\n __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381\n kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769\n kvm_vm_release+0x4c/0x60 virt/kvm/kvm_main.c:1409\n __fput+0x198/0x71c fs/file_table.c:422\n ____fput+0x20/0x30 fs/file_table.c:450\n task_work_run+0x1cc/0x23c kernel/task_work.c:228\n do_notify_resume+0x144/0x1a0 include/linux/resume_user_mode.h:50\n el0_svc+0x64/0x68 arch/arm64/kernel/entry-common.c:169\n el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730\n el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598\n\nUpon closer inspection, it appears that we do not properly tear down the\nMMIO registration for a vCPU that fails creation late in the game, e.g.\na vCPU w/ the same ID already exists in the VM.\n\nIt is important to consider the context of commit that introduced this bug\nby moving the unregistration out of __kvm_vgic_vcpu_destroy(). That\nchange correctly sought to avoid an srcu v. config_lock inversion by\nbreaking up the vCPU teardown into two parts, one guarded by the\nconfig_lock.\n\nFix the use-after-free while avoiding lock inversion by adding a\nspecial-cased unregistration to __kvm_vgic_vcpu_destroy(). This is safe\nbecause failed vCPUs are torn down outside of the config_lock." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: arm64: Anular el registro del redistribuidor en caso de creaci\u00f3n fallida de una vCPU. Alex informa que syzkaller ha conseguido activar un use-after-free al desmantelar una m\u00e1quina virtual: ERROR: KASAN: slab-use-after-free en kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffff801c6890d0 por la tarea syz.3.2219/10758 CPU: 3 UID: 0 PID: 10758 Comm: syz.3.2219 No contaminado 6.11.0-rc6-dirty #64 Nombre del hardware: linux,dummy-virt (DT) Rastreo de llamadas: dump_backtrace+0x17c/0x1a8 arch/arm64/kernel/stacktrace.c:317 show_stack+0x2c/0x3c arch/arm64/kernel/stacktrace.c:324 __dump_stack lib/dump_stack.c:93 [en l\u00ednea] dump_stack_lvl+0x94/0xc0 lib/dump_stack.c:119 print_report+0x144/0x7a4 mm/kasan/report.c:377 kasan_report+0xcc/0x128 mm/kasan/report.c:601 __asan_report_load8_noabort+0x20/0x2c mm/kasan/report_generic.c:381 kvm_put_kvm+0x300/0xe68 virt/kvm/kvm_main.c:5769 kvm_vm_release+0x4c/0x60 virt/kvm/kvm_main.c:1409 __fput+0x198/0x71c fs/file_table.c:422 ____fput+0x20/0x30 fs/file_table.c:450 task_work_run+0x1cc/0x23c kernel/task_work.c:228 do_notify_resume+0x144/0x1a0 include/linux/resume_user_mode.h:50 el0_svc+0x64/0x68 arch/arm64/kernel/entry-common.c:169 el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 Tras una inspecci\u00f3n m\u00e1s detallada, parece que no eliminamos correctamente el registro MMIO para una vCPU que falla en la creaci\u00f3n tarde en el juego, por ejemplo, una vCPU con el mismo ID ya existe en la VM. Es importante considerar el contexto de la confirmaci\u00f3n que introdujo este error al mover la anulaci\u00f3n del registro fuera de __kvm_vgic_vcpu_destroy(). Ese cambio busc\u00f3 correctamente evitar una inversi\u00f3n de srcu v. config_lock al dividir el desmontaje de la vCPU en dos partes, una protegida por config_lock. Corrija el use-after-free mientras evita la inversi\u00f3n del bloqueo agregando una anulaci\u00f3n del registro con caso especial a __kvm_vgic_vcpu_destroy(). Esto es seguro porque las vCPU fallidas se eliminan fuera de config_lock." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50115.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50115.json index 90068a310c8..96308b332d6 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50115.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50115.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50115", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.700", - "lastModified": "2024-11-05T18:15:14.700", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory\n\nIgnore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits\n4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't\nenforce 32-byte alignment of nCR3.\n\nIn the absolute worst case scenario, failure to ignore bits 4:0 can result\nin an out-of-bounds read, e.g. if the target page is at the end of a\nmemslot, and the VMM isn't using guard pages.\n\nPer the APM:\n\n The CR3 register points to the base address of the page-directory-pointer\n table. The page-directory-pointer table is aligned on a 32-byte boundary,\n with the low 5 address bits 4:0 assumed to be 0.\n\nAnd the SDM's much more explicit:\n\n 4:0 Ignored\n\nNote, KVM gets this right when loading PDPTRs, it's only the nSVM flow\nthat is broken." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: nSVM: Ignorar nCR3[4:0] al cargar PDPTE desde la memoria Ignorar nCR3[4:0] al cargar PDPTE desde la memoria para SVM anidado, ya que los bits 4:0 de CR3 se ignoran cuando se utiliza la paginaci\u00f3n PAE y, por lo tanto, VMRUN no aplica la alineaci\u00f3n de 32 bytes de nCR3. En el peor de los casos, no ignorar los bits 4:0 puede dar como resultado una lectura fuera de los l\u00edmites, por ejemplo, si la p\u00e1gina de destino est\u00e1 al final de un memslot y el VMM no est\u00e1 utilizando p\u00e1ginas de protecci\u00f3n. Seg\u00fan el APM: El registro CR3 apunta a la direcci\u00f3n base de la tabla de punteros de directorio de p\u00e1ginas. La tabla de punteros de directorio de p\u00e1gina est\u00e1 alineada en un l\u00edmite de 32 bytes, y se supone que los 5 bits de direcci\u00f3n bajos 4:0 son 0. Y el SDM es mucho m\u00e1s expl\u00edcito: 4:0 Ignorado. Tenga en cuenta que KVM hace esto correctamente al cargar PDPTR, es solo el flujo nSVM el que est\u00e1 da\u00f1ado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50116.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50116.json index 343a0fccf21..982fe95df30 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50116.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50116.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50116", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.763", - "lastModified": "2024-11-05T18:15:14.763", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of buffer delay flag\n\nSyzbot reported that after nilfs2 reads a corrupted file system image\nand degrades to read-only, the BUG_ON check for the buffer delay flag\nin submit_bh_wbc() may fail, causing a kernel bug.\n\nThis is because the buffer delay flag is not cleared when clearing the\nbuffer state flags to discard a page/folio or a buffer head. So, fix\nthis.\n\nThis became necessary when the use of nilfs2's own page clear routine\nwas expanded. This state inconsistency does not occur if the buffer\nis written normally by log writing." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige un error del kernel debido a la falta de limpieza del indicador de retraso del b\u00fafer Syzbot inform\u00f3 que despu\u00e9s de que nilfs2 lee una imagen de sistema de archivos corrupta y se degrada a solo lectura, la comprobaci\u00f3n BUG_ON para el indicador de retraso del b\u00fafer en submission_bh_wbc() puede fallar, lo que provoca un error del kernel. Esto se debe a que el indicador de retraso del b\u00fafer no se borra al borrar los indicadores de estado del b\u00fafer para descartar una p\u00e1gina/folio o un encabezado de b\u00fafer. Por lo tanto, solucione esto. Esto se volvi\u00f3 necesario cuando se expandi\u00f3 el uso de la propia rutina de limpieza de p\u00e1ginas de nilfs2. Esta inconsistencia de estado no ocurre si el b\u00fafer se escribe normalmente mediante la escritura de registro." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50117.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50117.json index f231f484923..9f071f3ecea 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50117.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50117.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50117", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.823", - "lastModified": "2024-11-05T18:15:14.823", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd: Guard against bad data for ATIF ACPI method\n\nIf a BIOS provides bad data in response to an ATIF method call\nthis causes a NULL pointer dereference in the caller.\n\n```\n? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminator 1))\n? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434)\n? page_fault_oops (arch/x86/mm/fault.c:544 (discriminator 2) arch/x86/mm/fault.c:705 (discriminator 2))\n? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminator 1) arch/x86/mm/fault.c:1232 (discriminator 1))\n? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642)\n? exc_page_fault (arch/x86/mm/fault.c:1542)\n? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623)\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminator 2)) amdgpu\n? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminator 1)) amdgpu\n```\n\nIt has been encountered on at least one system, so guard for it.\n\n(cherry picked from commit c9b7c809b89f24e9372a4e7f02d64c950b07fdee)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd: Protecci\u00f3n contra datos err\u00f3neos para el m\u00e9todo ACPI de ATIF Si un BIOS proporciona datos err\u00f3neos en respuesta a una llamada al m\u00e9todo ATIF, esto provoca una desreferencia de puntero NULL en el llamador. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminador 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminador 2) arch/x86/mm/fault.c:705 (discriminador 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminador 1) arch/x86/mm/fault.c:1232 (discriminador 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminador 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminador 1)) amdgpu ``` Se ha detectado en al menos un sistema, por lo que debe tener cuidado. (seleccionado de la confirmaci\u00f3n c9b7c809b89f24e9372a4e7f02d64c950b07fdee)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50118.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50118.json index 92f6b2430bf..85e533b5dbb 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50118.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50118.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50118", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.887", - "lastModified": "2024-11-05T18:15:14.887", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reject ro->rw reconfiguration if there are hard ro requirements\n\n[BUG]\nSyzbot reports the following crash:\n\n BTRFS info (device loop0 state MCS): disabling free space tree\n BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)\n BTRFS info (device loop0 state MCS): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)\n Oops: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI\n KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f]\n Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014\n RIP: 0010:backup_super_roots fs/btrfs/disk-io.c:1691 [inline]\n RIP: 0010:write_all_supers+0x97a/0x40f0 fs/btrfs/disk-io.c:4041\n Call Trace:\n \n btrfs_commit_transaction+0x1eae/0x3740 fs/btrfs/transaction.c:2530\n btrfs_delete_free_space_tree+0x383/0x730 fs/btrfs/free-space-tree.c:1312\n btrfs_start_pre_rw_mount+0xf28/0x1300 fs/btrfs/disk-io.c:3012\n btrfs_remount_rw fs/btrfs/super.c:1309 [inline]\n btrfs_reconfigure+0xae6/0x2d40 fs/btrfs/super.c:1534\n btrfs_reconfigure_for_mount fs/btrfs/super.c:2020 [inline]\n btrfs_get_tree_subvol fs/btrfs/super.c:2079 [inline]\n btrfs_get_tree+0x918/0x1920 fs/btrfs/super.c:2115\n vfs_get_tree+0x90/0x2b0 fs/super.c:1800\n do_new_mount+0x2be/0xb40 fs/namespace.c:3472\n do_mount fs/namespace.c:3812 [inline]\n __do_sys_mount fs/namespace.c:4020 [inline]\n __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[CAUSE]\nTo support mounting different subvolume with different RO/RW flags for\nthe new mount APIs, btrfs introduced two workaround to support this feature:\n\n- Skip mount option/feature checks if we are mounting a different\n subvolume\n\n- Reconfigure the fs to RW if the initial mount is RO\n\nCombining these two, we can have the following sequence:\n\n- Mount the fs ro,rescue=all,clear_cache,space_cache=v1\n rescue=all will mark the fs as hard read-only, so no v2 cache clearing\n will happen.\n\n- Mount a subvolume rw of the same fs.\n We go into btrfs_get_tree_subvol(), but fc_mount() returns EBUSY\n because our new fc is RW, different from the original fs.\n\n Now we enter btrfs_reconfigure_for_mount(), which switches the RO flag\n first so that we can grab the existing fs_info.\n Then we reconfigure the fs to RW.\n\n- During reconfiguration, option/features check is skipped\n This means we will restart the v2 cache clearing, and convert back to\n v1 cache.\n This will trigger fs writes, and since the original fs has \"rescue=all\"\n option, it skips the csum tree read.\n\n And eventually causing NULL pointer dereference in super block\n writeback.\n\n[FIX]\nFor reconfiguration caused by different subvolume RO/RW flags, ensure we\nalways run btrfs_check_options() to ensure we have proper hard RO\nrequirements met.\n\nIn fact the function btrfs_check_options() doesn't really do many\ncomplex checks, but hard RO requirement and some feature dependency\nchecks, thus there is no special reason not to do the check for mount\nreconfiguration." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: rechazar la reconfiguraci\u00f3n de ro->rw si hay requisitos de ro estrictos [ERROR]. Syzbot informa del siguiente fallo: Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): deshabilitar el \u00e1rbol de espacio libre Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): borrando el indicador de funci\u00f3n de compatibilidad para FREE_SPACE_TREE (0x1) Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): borrando el indicador de funci\u00f3n de compatibilidad para FREE_SPACE_TREE_VALID (0x2) Vaya: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref en el rango [0x000000000000018-0x000000000000001f] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 RIP: 0010:backup_super_roots fs/btrfs/disk-io.c:1691 [en l\u00ednea] RIP: 0010:write_all_supers+0x97a/0x40f0 fs/btrfs/disk-io.c:4041 Seguimiento de llamadas: btrfs_commit_transaction+0x1eae/0x3740 fs/btrfs/transaction.c:2530 btrfs_delete_free_space_tree+0x383/0x730 fs/btrfs/free-space-tree.c:1312 btrfs_start_pre_rw_mount+0xf28/0x1300 fs/btrfs/disk-io.c:3012 btrfs_remount_rw fs/btrfs/super.c:1309 [en l\u00ednea] btrfs_reconfigure+0xae6/0x2d40 fs/btrfs/super.c:1534 btrfs_reconfigure_for_mount fs/btrfs/super.c:2020 [en l\u00ednea] btrfs_get_tree_subvol fs/btrfs/super.c:2079 [en l\u00ednea] btrfs_get_tree+0x918/0x1920 fs/btrfs/super.c:2115 vfs_get_tree+0x90/0x2b0 fs/super.c:1800 do_new_mount+0x2be/0xb40 fs/namespace.c:3472 do_mount fs/namespace.c:3812 [en l\u00ednea] __do_sys_mount fs/namespace.c:4020 [en l\u00ednea] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [CAUSA] Para admitir el montaje de diferentes subvol\u00famenes con diferentes indicadores RO/RW para las nuevas API de montaje, btrfs introdujo dos workarounds para admitir esta funci\u00f3n: - Omitir las comprobaciones de opciones/funciones de montaje si estamos montando un subvolumen diferente - Reconfigurar el fs a RW si el montaje inicial es RO Combinando estos dos, podemos tener la siguiente secuencia: - Montar el fs ro,rescue=all,clear_cache,space_cache=v1 rescue=all marcar\u00e1 el fs como de solo lectura, por lo que no se borrar\u00e1 la cach\u00e9 v2. - Montar un subvolumen rw del mismo fs. Entramos en btrfs_get_tree_subvol(), pero fc_mount() devuelve EBUSY porque nuestro nuevo fc es RW, diferente del fs original. Ahora ingresamos btrfs_reconfigure_for_mount(), que cambia el indicador RO primero para que podamos obtener el fs_info existente. Luego reconfiguramos el fs a RW. - Durante la reconfiguraci\u00f3n, se omite la verificaci\u00f3n de opciones/caracter\u00edsticas Esto significa que reiniciaremos el borrado de la cach\u00e9 v2 y volveremos a la cach\u00e9 v1. Esto activar\u00e1 escrituras en el sistema de archivos y, dado que el sistema de archivos original tiene la opci\u00f3n \"rescue=all\", omite la lectura del \u00e1rbol csum. Y, eventualmente, provoca la desreferencia del puntero NULL en la reescritura del superbloque. [SOLUCI\u00d3N] Para la reconfiguraci\u00f3n causada por diferentes indicadores de RO/RW de subvolumen, aseg\u00farese de que siempre ejecutamos btrfs_check_options() para garantizar que se cumplan los requisitos de RO estrictos adecuados. De hecho, la funci\u00f3n btrfs_check_options() no realiza muchas comprobaciones complejas, sino requisitos de RO estrictos y algunas comprobaciones de dependencia de funciones, por lo que no hay ninguna raz\u00f3n especial para no realizar la comprobaci\u00f3n para la reconfiguraci\u00f3n del montaje." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50119.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50119.json index 5e068fed359..554f5f7aaea 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50119.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50119.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50119", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:14.957", - "lastModified": "2024-11-05T18:15:14.957", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncifs: fix warning when destroy 'cifs_io_request_pool'\n\nThere's a issue as follows:\nWARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 free_large_kmalloc+0xac/0xe0\nRIP: 0010:free_large_kmalloc+0xac/0xe0\nCall Trace:\n \n ? __warn+0xea/0x330\n mempool_destroy+0x13f/0x1d0\n init_cifs+0xa50/0xff0 [cifs]\n do_one_initcall+0xdc/0x550\n do_init_module+0x22d/0x6b0\n load_module+0x4e96/0x5ff0\n init_module_from_file+0xcd/0x130\n idempotent_init_module+0x330/0x620\n __x64_sys_finit_module+0xb3/0x110\n do_syscall_64+0xc1/0x1d0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nObviously, 'cifs_io_request_pool' is not created by mempool_create().\nSo just use mempool_exit() to revert 'cifs_io_request_pool'." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: se corrige la advertencia al destruir 'cifs_io_request_pool' Hay un problema como el siguiente: ADVERTENCIA: CPU: 1 PID: 27826 en mm/slub.c:4698 free_large_kmalloc+0xac/0xe0 RIP: 0010:free_large_kmalloc+0xac/0xe0 Rastreo de llamadas: ? Obviamente, 'cifs_io_request_pool' no es creado por mempool_create(). Entonces simplemente use mempool_exit() para revertir 'cifs_io_request_pool'." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50120.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50120.json index b1df0304193..60301b86e71 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50120.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50120.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50120", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.023", - "lastModified": "2024-11-05T18:15:15.023", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmb: client: Handle kstrdup failures for passwords\n\nIn smb3_reconfigure(), after duplicating ctx->password and\nctx->password2 with kstrdup(), we need to check for allocation\nfailures.\n\nIf ses->password allocation fails, return -ENOMEM.\nIf ses->password2 allocation fails, free ses->password, set it\nto NULL, and return -ENOMEM." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: Manejar errores de kstrdup para contrase\u00f1as. En smb3_reconfigure(), despu\u00e9s de duplicar ctx->password y ctx->password2 con kstrdup(), debemos verificar si hay errores de asignaci\u00f3n. Si la asignaci\u00f3n de ses->password falla, devuelva -ENOMEM. Si la asignaci\u00f3n de ses->password2 falla, libere ses->password, config\u00farelo en NULL y devuelva -ENOMEM." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50121.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50121.json index ca0b0fdd92d..cb4048a889e 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50121.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50121.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50121", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.080", - "lastModified": "2024-11-05T18:15:15.080", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net\n\nIn the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the\nfunction `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` will\nrelease all resources related to the hashed `nfs4_client`. If the\n`nfsd_client_shrinker` is running concurrently, the `expire_client`\nfunction will first unhash this client and then destroy it. This can\nlead to the following warning. Additionally, numerous use-after-free\nerrors may occur as well.\n\nnfsd_client_shrinker echo 0 > /proc/fs/nfsd/threads\n\nexpire_client nfsd_shutdown_net\n unhash_client ...\n nfs4_state_shutdown_net\n /* won't wait shrinker exit */\n /* cancel_work(&nn->nfsd_shrinker_work)\n * nfsd_file for this /* won't destroy unhashed client1 */\n * client1 still alive nfs4_state_destroy_net\n */\n\n nfsd_file_cache_shutdown\n /* trigger warning */\n kmem_cache_destroy(nfsd_file_slab)\n kmem_cache_destroy(nfsd_file_mark_slab)\n /* release nfsd_file and mark */\n __destroy_client\n\n====================================================================\nBUG nfsd_file (Not tainted): Objects remaining in nfsd_file on\n__kmem_cache_shutdown()\n--------------------------------------------------------------------\nCPU: 4 UID: 0 PID: 764 Comm: sh Not tainted 6.12.0-rc3+ #1\n\n dump_stack_lvl+0x53/0x70\n slab_err+0xb0/0xf0\n __kmem_cache_shutdown+0x15c/0x310\n kmem_cache_destroy+0x66/0x160\n nfsd_file_cache_shutdown+0xac/0x210 [nfsd]\n nfsd_destroy_serv+0x251/0x2a0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\n====================================================================\nBUG nfsd_file_mark (Tainted: G B W ): Objects remaining\nnfsd_file_mark on __kmem_cache_shutdown()\n--------------------------------------------------------------------\n\n dump_stack_lvl+0x53/0x70\n slab_err+0xb0/0xf0\n __kmem_cache_shutdown+0x15c/0x310\n kmem_cache_destroy+0x66/0x160\n nfsd_file_cache_shutdown+0xc8/0x210 [nfsd]\n nfsd_destroy_serv+0x251/0x2a0 [nfsd]\n nfsd_svc+0x125/0x1e0 [nfsd]\n write_threads+0x16a/0x2a0 [nfsd]\n nfsctl_transaction_write+0x74/0xa0 [nfsd]\n vfs_write+0x1a5/0x6d0\n ksys_write+0xc1/0x160\n do_syscall_64+0x5f/0x170\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nTo resolve this issue, cancel `nfsd_shrinker_work` using synchronous\nmode in nfs4_state_shutdown_net." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: cancelar nfsd_shrinker_work usando el modo de sincronizaci\u00f3n en nfs4_state_shutdown_net. En el caso normal, cuando ejecutamos `echo 0 > /proc/fs/nfsd/threads`, la funci\u00f3n `nfs4_state_destroy_net` en `nfs4_state_shutdown_net` liberar\u00e1 todos los recursos relacionados con el `nfs4_client` con hash. Si `nfsd_client_shrinker` se est\u00e1 ejecutando simult\u00e1neamente, la funci\u00f3n `expire_client` primero deshar\u00e1 el hash de este cliente y luego lo destruir\u00e1. Esto puede generar la siguiente advertencia. Adem\u00e1s, tambi\u00e9n pueden ocurrir numerosos errores de use-after-free. nfsd_client_shrinker echo 0 > /proc/fs/nfsd/threads expire_client nfsd_shutdown_net unhash_client ... nfs4_state_shutdown_net /* no esperar\u00e1 a que el reductor salga */ /* cancel_work(&nn->nfsd_shrinker_work) * nfsd_file para esto /* no destruir\u00e1 el cliente1 sin hash */ * el cliente1 sigue activo nfs4_state_destroy_net */ nfsd_file_cache_shutdown /* advertencia de activaci\u00f3n */ kmem_cache_destroy(nfsd_file_slab) kmem_cache_destroy(nfsd_file_mark_slab) /* liberar nfsd_file y marcar */ __destroy_client ============================================================================ ERROR nfsd_file (no contaminado): objetos restantes en nfsd_file en __kmem_cache_shutdown() -------------------------------------------------------------------- CPU: 4 UID: 0 PID: 764 Comm: sh No contaminado 6.12.0-rc3+ #1 dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xac/0x210 [nfsd] nfsd_destroy_serv+0x251/0x2a0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e ========================================================================= ERROR nfsd_file_mark (Corrompido: GBW): Objetos que permanecen en nfsd_file_mark en __kmem_cache_shutdown() -------------------------------------------------------------------- dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xc8/0x210 [nfsd] Para resolver este problema, cancele `nfsd_shrinker_work` usando el modo sincr\u00f3nico en nfs4_state_shutdown_net." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50122.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50122.json index 7567b3a389a..7f00f7019ec 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50122.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50122.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50122", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.210", - "lastModified": "2024-11-05T18:15:15.210", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nPCI: Hold rescan lock while adding devices during host probe\n\nSince adding the PCI power control code, we may end up with a race between\nthe pwrctl platform device rescanning the bus and host controller probe\nfunctions. The latter need to take the rescan lock when adding devices or\nwe may end up in an undefined state having two incompletely added devices\nand hit the following crash when trying to remove the device over sysfs:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n Internal error: Oops: 0000000096000004 [#1] SMP\n Call trace:\n __pi_strlen+0x14/0x150\n kernfs_find_ns+0x80/0x13c\n kernfs_remove_by_name_ns+0x54/0xf0\n sysfs_remove_bin_file+0x24/0x34\n pci_remove_resource_files+0x3c/0x84\n pci_remove_sysfs_dev_files+0x28/0x38\n pci_stop_bus_device+0x8c/0xd8\n pci_stop_bus_device+0x40/0xd8\n pci_stop_and_remove_bus_device_locked+0x28/0x48\n remove_store+0x70/0xb0\n dev_attr_store+0x20/0x38\n sysfs_kf_write+0x58/0x78\n kernfs_fop_write_iter+0xe8/0x184\n vfs_write+0x2dc/0x308\n ksys_write+0x7c/0xec" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: PCI: Mantener el bloqueo de rescaneo mientras se agregan dispositivos durante la sonda del host. Desde que se agreg\u00f3 el c\u00f3digo de control de energ\u00eda PCI, podemos terminar con una ejecuci\u00f3n entre el dispositivo de la plataforma pwrctl que vuelve a escanear el bus y las funciones de sonda del controlador del host. Estos \u00faltimos deben tomar el bloqueo de rescan al agregar dispositivos o podemos terminar en un estado indefinido con dos dispositivos agregados de forma incompleta y encontrar el siguiente bloqueo al intentar eliminar el dispositivo a trav\u00e9s de sysfs: No se puede manejar la desreferencia del puntero NULL del kernel en la direcci\u00f3n virtual 0000000000000000 Error interno: Oops: 0000000096000004 [#1] Rastreo de llamadas SMP: __pi_strlen+0x14/0x150 kernfs_find_ns+0x80/0x13c kernfs_remove_by_name_ns+0x54/0xf0 sysfs_remove_bin_file+0x24/0x34 pci_remove_resource_files+0x3c/0x84 pci_remove_sysfs_dev_files+0x28/0x38 pci_stop_bus_device+0x8c/0xd8 pci_stop_bus_device+0x40/0xd8 pci_stop_and_remove_bus_device_locked+0x28/0x48 remove_store+0x70/0xb0 dev_attr_store+0x20/0x38 sysfs_kf_write+0x58/0x78 kernfs_fop_write_iter+0xe8/0x184 vfs_write+0x2dc/0x308 ksys_write+0x7c/0xec" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50123.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50123.json index 1bc888d1cc7..2fe0453bb36 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50123.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50123.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50123", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.367", - "lastModified": "2024-11-05T18:15:15.367", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Add the missing BPF_LINK_TYPE invocation for sockmap\n\nThere is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap\nlink fd. Fix it by adding the missing BPF_LINK_TYPE invocation for\nsockmap link\n\nAlso add comments for bpf_link_type to prevent missing updates in the\nfuture." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Agregue la invocaci\u00f3n BPF_LINK_TYPE faltante para sockmap Hay una lectura fuera de los l\u00edmites en bpf_link_show_fdinfo() para el fd del enlace sockmap. Arr\u00e9glelo agregando la invocaci\u00f3n BPF_LINK_TYPE faltante para el enlace sockmap Agregue tambi\u00e9n comentarios para bpf_link_type para evitar actualizaciones faltantes en el futuro." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json index ce091471cc4..cef425aaf45 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50124.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50124", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.487", - "lastModified": "2024-11-05T18:15:15.487", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: ISO: Fix UAF on iso_sock_timeout\n\nconn->sk maybe have been unlinked/freed while waiting for iso_conn_lock\nso this checks if the conn->sk is still valid by checking if it part of\niso_sk_list." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: ISO: Se corrigi\u00f3 que UAF en iso_sock_timeout conn->sk pudiera haberse desvinculado/liberado mientras se esperaba a iso_conn_lock, por lo que esto verifica si conn->sk a\u00fan es v\u00e1lido verificando si es parte de iso_sk_list." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json index 57b7f69e5a9..0be46357c73 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50125.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50125", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.550", - "lastModified": "2024-11-05T18:15:15.550", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: SCO: Fix UAF on sco_sock_timeout\n\nconn->sk maybe have been unlinked/freed while waiting for sco_conn_lock\nso this checks if the conn->sk is still valid by checking if it part of\nsco_sk_list." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: SCO: Se corrige que UAF en sco_sock_timeout conn->sk pueda haberse desvinculado/liberado mientras se esperaba sco_conn_lock, por lo que esto verifica si conn->sk a\u00fan es v\u00e1lido verificando si es parte de sco_sk_list." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json index d90536baba0..ef67175a94a 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50126.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50126", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.607", - "lastModified": "2024-11-05T18:15:15.607", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: use RCU read-side critical section in taprio_dump()\n\nFix possible use-after-free in 'taprio_dump()' by adding RCU\nread-side critical section there. Never seen on x86 but\nfound on a KASAN-enabled arm64 system when investigating\nhttps://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa:\n\n[T15862] BUG: KASAN: slab-use-after-free in taprio_dump+0xa0c/0xbb0\n[T15862] Read of size 4 at addr ffff0000d4bb88f8 by task repro/15862\n[T15862]\n[T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro Not tainted 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2\n[T15862] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 05/24/2024\n[T15862] Call trace:\n[T15862] dump_backtrace+0x20c/0x220\n[T15862] show_stack+0x2c/0x40\n[T15862] dump_stack_lvl+0xf8/0x174\n[T15862] print_report+0x170/0x4d8\n[T15862] kasan_report+0xb8/0x1d4\n[T15862] __asan_report_load4_noabort+0x20/0x2c\n[T15862] taprio_dump+0xa0c/0xbb0\n[T15862] tc_fill_qdisc+0x540/0x1020\n[T15862] qdisc_notify.isra.0+0x330/0x3a0\n[T15862] tc_modify_qdisc+0x7b8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Allocated by task 15857:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_alloc_info+0x40/0x60\n[T15862] __kasan_kmalloc+0xd4/0xe0\n[T15862] __kmalloc_cache_noprof+0x194/0x334\n[T15862] taprio_change+0x45c/0x2fe0\n[T15862] tc_modify_qdisc+0x6a8/0x1838\n[T15862] rtnetlink_rcv_msg+0x3c8/0xc20\n[T15862] netlink_rcv_skb+0x1f8/0x3d4\n[T15862] rtnetlink_rcv+0x28/0x40\n[T15862] netlink_unicast+0x51c/0x790\n[T15862] netlink_sendmsg+0x79c/0xc20\n[T15862] __sock_sendmsg+0xe0/0x1a0\n[T15862] ____sys_sendmsg+0x6c0/0x840\n[T15862] ___sys_sendmsg+0x1ac/0x1f0\n[T15862] __sys_sendmsg+0x110/0x1d0\n[T15862] __arm64_sys_sendmsg+0x74/0xb0\n[T15862] invoke_syscall+0x88/0x2e0\n[T15862] el0_svc_common.constprop.0+0xe4/0x2a0\n[T15862] do_el0_svc+0x44/0x60\n[T15862] el0_svc+0x50/0x184\n[T15862] el0t_64_sync_handler+0x120/0x12c\n[T15862] el0t_64_sync+0x190/0x194\n[T15862]\n[T15862] Freed by task 6192:\n[T15862] kasan_save_stack+0x3c/0x70\n[T15862] kasan_save_track+0x20/0x3c\n[T15862] kasan_save_free_info+0x4c/0x80\n[T15862] poison_slab_object+0x110/0x160\n[T15862] __kasan_slab_free+0x3c/0x74\n[T15862] kfree+0x134/0x3c0\n[T15862] taprio_free_sched_cb+0x18c/0x220\n[T15862] rcu_core+0x920/0x1b7c\n[T15862] rcu_core_si+0x10/0x1c\n[T15862] handle_softirqs+0x2e8/0xd64\n[T15862] __do_softirq+0x14/0x20" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: usar la secci\u00f3n cr\u00edtica del lado de lectura de RCU en taprio_dump(). Corrija el posible use-after-free en 'taprio_dump()' agregando all\u00ed la secci\u00f3n cr\u00edtica del lado de lectura de RCU. Nunca visto en x86 pero encontrado en un sistema arm64 habilitado para KASAN al investigar https://syzkaller.appspot.com/bug?extid=b65e0af58423fc8a73aa: [T15862] ERROR: KASAN: slab-use-after-free en taprio_dump+0xa0c/0xbb0 [T15862] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff0000d4bb88f8 por la tarea repro/15862 [T15862] [T15862] CPU: 0 UID: 0 PID: 15862 Comm: repro No contaminado 6.11.0-rc1-00293-gdefaf1a2113a-dirty #2 [T15862] Nombre del hardware: QEMU QEMU Virtual Machine, BIOS edk2-20240524-5.fc40 24/05/2024 [T15862] Seguimiento de llamadas: [T15862] dump_backtrace+0x20c/0x220 [T15862] show_stack+0x2c/0x40 [T15862] dump_stack_lvl+0xf8/0x174 [T15862] print_report+0x170/0x4d8 [T15862] kasan_report+0xb8/0x1d4 [T15862] __asan_report_load4_noabort+0x20/0x2c [T15862] taprio_dump+0xa0c/0xbb0 [T15862] El comando tc_fill_qdisc_notify.isra.0_0x330_0x3a0_tc_modify_qdisc_0x7b8_0x1838_rtnetlink_rcv_msg_0x3c8_0xc20_netlink_rcv_skb_0x1f8_0x3d4_rtnetlink_rcv_0x28_0x40_netlink_unicast_0x51c_0x790_netlink_sendmsg_0x79c_0xc20_tc_sendmsg_0x1a ... [T15862] ____sys_sendmsg+0x6c0/0x840 [T15862] ___sys_sendmsg+0x1ac/0x1f0 [T15862] __sys_sendmsg+0x110/0x1d0 [T15862] __arm64_sys_sendmsg+0x74/0xb0 [T15862] invoke_syscall+0x88/0x2e0 [T15862] el0_svc_common.constprop.0+0xe4/0x2a0 [T15862] do_el0_svc+0x44/0x60 [T15862] el0_svc+0x50/0x184 [T15862] el0t_64_sync_handler+0x120/0x12c [T15862] el0t_64_sync+0x190/0x194 [T15862] [T15862] Asignado por la tarea 15857: [T15862] kasan_save_stack+0x3c/0x70 [T15862] kasan_save_track+0x20/0x3c [T15862] kasan_save_alloc_info+0x40/0x60 [T15862] __kasan_kmalloc+0xd4/0xe0 [T15862] __kmalloc_cache_noprof+0x194/0x334 [T15862] taprio_change+0x45c/0x2fe0 [T15862] tc_modify_qdisc+0x6a8/0x1838 [T15862] rtnetlink_rcv_msg+0x3c8/0xc20 [T15862] netlink_rcv_skb+0x1f8/0x3d4 [T15862] rtnetlink_rcv+0x28/0x40 [T15862] netlink_unicast+0x51c/0x790 [T15862] netlink_sendmsg+0x79c/0xc20 [T15862] __sock_sendmsg+0xe0/0x1a0 [T15862] ____sys_sendmsg+0x6c0/0x840 [T15862] ___sys_sendmsg+0x1ac/0x1f0 [T15862] __sys_sendmsg+0x110/0x1d0 [T15862] __arm64_sys_sendmsg+0x74/0xb0 [T15862] invoke_syscall+0x88/0x2e0 [T15862] el0_svc_common.constprop.0+0xe4/0x2a0 [T15862] do_el0_svc+0x44/0x60 [T15862] el0_svc+0x50/0x184 [T15862] el0t_64_sync_handler+0x120/0x12c [T15862] el0t_64_sync+0x190/0x194 [T15862] [T15862] Liberado por la tarea 6192: [T15862] kasan_save_stack+0x3c/0x70 [T15862] kasan_save_track+0x20/0x3c [T15862] kasan_save_free_info+0x4c/0x80 [T15862] poison_slab_object+0x110/0x160 [T15862] __kasan_slab_free+0x3c/0x74 [T15862] kfree+0x134/0x3c0 [T15862] taprio_free_sched_cb+0x18c/0x220 [T15862] rcu_core+0x920/0x1b7c [T15862] rcu_core_si+0x10/0x1c [T15862] handle_softirqs+0x2e8/0xd64 [T15862] __do_softirq+0x14/0x20" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json index 7d069f0b552..7c90cf06652 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50127.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50127", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.670", - "lastModified": "2024-11-05T18:15:15.670", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: sched: fix use-after-free in taprio_change()\n\nIn 'taprio_change()', 'admin' pointer may become dangling due to sched\nswitch / removal caused by 'advance_sched()', and critical section\nprotected by 'q->current_entry_lock' is too small to prevent from such\na scenario (which causes use-after-free detected by KASAN). Fix this\nby prefer 'rcu_replace_pointer()' over 'rcu_assign_pointer()' to update\n'admin' immediately before an attempt to schedule freeing." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: sched: arreglado use-after-free en taprio_change(). En 'taprio_change()', el puntero 'admin' puede quedar colgando debido al cambio/eliminaci\u00f3n de sched causado por 'advance_sched()', y la secci\u00f3n cr\u00edtica protegida por 'q->current_entry_lock' es demasiado peque\u00f1a para evitar tal escenario (que causa el use-after-free detectado por KASAN). Solucione esto al preferir 'rcu_replace_pointer()' sobre 'rcu_assign_pointer()' para actualizar 'admin' inmediatamente antes de un intento de liberaci\u00f3n de programaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50128.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50128.json index 818f0f6e98e..c9890359d28 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50128.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50128.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50128", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.730", - "lastModified": "2024-11-05T18:15:15.730", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: wwan: fix global oob in wwan_rtnl_policy\n\nThe variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to\na global out-of-bounds read when parsing the netlink attributes. Exactly\nsame bug cause as the oob fixed in commit b33fb5b801c6 (\"net: qualcomm:\nrmnet: fix global oob in rmnet_policy\").\n\n==================================================================\nBUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:388 [inline]\nBUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\nRead of size 1 at addr ffffffff8b09cb60 by task syz.1.66276/323862\n\nCPU: 0 PID: 323862 Comm: syz.1.66276 Not tainted 6.1.70 #1\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014\nCall Trace:\n \n __dump_stack lib/dump_stack.c:88 [inline]\n dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106\n print_address_description mm/kasan/report.c:284 [inline]\n print_report+0x14f/0x750 mm/kasan/report.c:395\n kasan_report+0x139/0x170 mm/kasan/report.c:495\n validate_nla lib/nlattr.c:388 [inline]\n __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603\n __nla_parse+0x3c/0x50 lib/nlattr.c:700\n nla_parse_nested_deprecated include/net/netlink.h:1269 [inline]\n __rtnl_newlink net/core/rtnetlink.c:3514 [inline]\n rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623\n rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122\n netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508\n netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline]\n netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352\n netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874\n sock_sendmsg_nosec net/socket.c:716 [inline]\n __sock_sendmsg net/socket.c:728 [inline]\n ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499\n ___sys_sendmsg+0x21c/0x290 net/socket.c:2553\n __sys_sendmsg net/socket.c:2582 [inline]\n __do_sys_sendmsg net/socket.c:2591 [inline]\n __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589\n do_syscall_x64 arch/x86/entry/common.c:51 [inline]\n do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81\n entry_SYSCALL_64_after_hwframe+0x63/0xcd\nRIP: 0033:0x7f67b19a24ad\nRSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e\nRAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad\nRDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004\nRBP: 00007f67b1a1e01d R08: 0000000000000000 R09: 0000000000000000\nR10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000\nR13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40\n \n\nThe buggy address belongs to the variable:\n wwan_rtnl_policy+0x20/0x40\n\nThe buggy address belongs to the physical page:\npage:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c\nflags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff)\nraw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 0000000000000000\nraw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000\npage dumped because: kasan: bad access detected\npage_owner info is not present (never set?)\n\nMemory state around the buggy address:\n ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 00 01 f9 f9\n ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9\n>ffffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9\n ^\n ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n==================================================================\n\nAccording to the comment of `nla_parse_nested_deprecated`, use correct size\n`IFLA_WWAN_MAX` here to fix this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: wwan: fix global oob in wwan_rtnl_policy. La variable wwan_rtnl_link_ops asigna un maxtype *mayor* que lleva a una lectura global fuera de los l\u00edmites al analizar los atributos netlink. Exactamente la misma causa del error que el oob corregido en la confirmaci\u00f3n b33fb5b801c6 (\"net: qualcomm: rmnet: fix global oob in rmnet_policy\"). ======================================================================= ERROR: KASAN: global fuera de los l\u00edmites en la librer\u00eda validation_nla/nlattr.c:388 [en l\u00ednea] ERROR: KASAN: global fuera de los l\u00edmites en la librer\u00eda __nla_validate_parse+0x19d7/0x29a0/nlattr.c:603 Lectura de tama\u00f1o 1 en la direcci\u00f3n ffffffff8b09cb60 por la tarea syz.1.66276/323862 CPU: 0 PID: 323862 Comm: syz.1.66276 No contaminado 6.1.70 #1 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 01/04/2014 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [en l\u00ednea] print_report+0x14f/0x750 mm/kasan/report.c:395 kasan_report+0x139/0x170 mm/kasan/report.c:495 validation_nla lib/nlattr.c:388 [en l\u00ednea] __nla_validate_parse+0x19d7/0x29a0 lib/nlattr.c:603 __nla_parse+0x3c/0x50 lib/nlattr.c:700 nla_parse_nested_deprecated include/net/netlink.h:1269 [en l\u00ednea] __rtnl_newlink net/core/rtnetlink.c:3514 [en l\u00ednea] rtnl_newlink+0x7bc/0x1fd0 net/core/rtnetlink.c:3623 rtnetlink_rcv_msg+0x794/0xef0 net/core/rtnetlink.c:6122 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [en l\u00ednea] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [en l\u00ednea] __sock_sendmsg net/socket.c:728 [en l\u00ednea] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [en l\u00ednea] __do_sys_sendmsg net/socket.c:2591 [en l\u00ednea] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [en l\u00ednea] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7f67b19a24ad RSP: 002b:00007f67b17febb8 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f67b1b45f80 RCX: 00007f67b19a24ad RDX: 0000000000000000 RSI: 0000000020005e40 RDI: 0000000000000004 RBP: 00007f67b1a1e01d R08: 000000000000000 R09: 0000000000000000 R10: 000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffd2513764f R14: 00007ffd251376e0 R15: 00007f67b17fed40 La direcci\u00f3n con errores pertenece a la variable: wwan_rtnl_policy+0x20/0x40 La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: page:ffffea00002c2700 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0xb09c flags: 0xfff00000001000(reserved|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000001000 ffffea00002c2708 ffffea00002c2708 000000000000000 raw: 000000000000000 0000000000000000 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado la informaci\u00f3n del propietario de la p\u00e1gina no est\u00e1 presente (\u00bfnunca se estableci\u00f3?) Estado de la memoria alrededor de la direcci\u00f3n con errores: ffffffff8b09ca00: 05 f9 f9 f9 05 f9 f9 f9 00 01 f9 f9 01 f9 f9 ffffffff8b09ca80: 00 00 00 05 f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 >ffffffff8b09cb00: 00 00 00 00 05 f9 f9 f9 00 00 00 00 f9 f9 f9 f9 ^ ffffffff8b09cb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 =================================================================== Seg\u00fan el comentario de `nla_parse_nested_deprecated`, use el tama\u00f1o correcto `IFLA_WWAN_MAX` aqu\u00ed para solucionar este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50129.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50129.json index e1fb8b45c5a..ac26b214c72 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50129.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50129.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50129", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.797", - "lastModified": "2024-11-05T18:15:15.797", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: pse-pd: Fix out of bound for loop\n\nAdjust the loop limit to prevent out-of-bounds access when iterating over\nPI structures. The loop should not reach the index pcdev->nr_lines since\nwe allocate exactly pcdev->nr_lines number of PI structures. This fix\nensures proper bounds are maintained during iterations." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: pse-pd: Corregir bucle for fuera de los l\u00edmites. Ajuste el l\u00edmite del bucle para evitar el acceso fuera de los l\u00edmites al iterar sobre estructuras PI. El bucle no deber\u00eda alcanzar el \u00edndice pcdev->nr_lines ya que asignamos exactamente pcdev->nr_lines la cantidad de estructuras PI. Esta correcci\u00f3n garantiza que se mantengan los l\u00edmites adecuados durante las iteraciones." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50130.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50130.json index e5c6c5cb68b..a13bf1c1544 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50130.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50130.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50130", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.850", - "lastModified": "2024-11-05T18:15:15.850", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: bpf: must hold reference on net namespace\n\nBUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0\nRead of size 8 at addr ffff8880106fe400 by task repro/72=\nbpf_nf_link_release+0xda/0x1e0\nbpf_link_free+0x139/0x2d0\nbpf_link_release+0x68/0x80\n__fput+0x414/0xb60\n\nEric says:\n It seems that bpf was able to defer the __nf_unregister_net_hook()\n after exit()/close() time.\n Perhaps a netns reference is missing, because the netns has been\n dismantled/freed already.\n bpf_nf_link_attach() does :\n link->net = net;\n But I do not see a reference being taken on net.\n\nAdd such a reference and release it after hook unreg.\nNote that I was unable to get syzbot reproducer to work, so I\ndo not know if this resolves this splat." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: bpf: debe contener referencia en el espacio de nombres net ERROR: KASAN: slab-use-after-free en __nf_unregister_net_hook+0x640/0x6b0 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880106fe400 por la tarea repro/72= bpf_nf_link_release+0xda/0x1e0 bpf_link_free+0x139/0x2d0 bpf_link_release+0x68/0x80 __fput+0x414/0xb60 Eric dice: Parece que bpf pudo diferir __nf_unregister_net_hook() despu\u00e9s del tiempo de exit()/close(). Quiz\u00e1s falta una referencia a netns, porque netns ya se ha desmantelado/liberado. bpf_nf_link_attach() hace: link->net = net; Pero no veo que se tome ninguna referencia en net. Agregue dicha referencia y lib\u00e9rela despu\u00e9s de anular el registro. Tenga en cuenta que no pude hacer que funcionara el reproductor syzbot, por lo que no s\u00e9 si esto resuelve este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50131.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50131.json index 2e11196aab5..12ef7c4d612 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50131.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50131.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50131", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.917", - "lastModified": "2024-11-05T18:15:15.917", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing: Consider the NULL character when validating the event length\n\nstrlen() returns a string length excluding the null byte. If the string\nlength equals to the maximum buffer length, the buffer will have no\nspace for the NULL terminating character.\n\nThis commit checks this condition and returns failure for it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo: considerar el car\u00e1cter NULL al validar la longitud del evento strlen() devuelve una longitud de cadena que excluye el byte nulo. Si la longitud de la cadena es igual a la longitud m\u00e1xima del b\u00fafer, el b\u00fafer no tendr\u00e1 espacio para el car\u00e1cter de terminaci\u00f3n NULL. Esta confirmaci\u00f3n verifica esta condici\u00f3n y devuelve un error." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50132.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50132.json index 70097b605b8..f64501dc067 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50132.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50132.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50132", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:15.973", - "lastModified": "2024-11-05T18:15:15.973", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntracing/probes: Fix MAX_TRACE_ARGS limit handling\n\nWhen creating a trace_probe we would set nr_args prior to truncating the\narguments to MAX_TRACE_ARGS. However, we would only initialize arguments\nup to the limit.\n\nThis caused invalid memory access when attempting to set up probes with\nmore than 128 fetchargs.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 0 UID: 0 PID: 1769 Comm: cat Not tainted 6.11.0-rc7+ #8\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014\n RIP: 0010:__set_print_fmt+0x134/0x330\n\nResolve the issue by applying the MAX_TRACE_ARGS limit earlier. Return\nan error when there are too many arguments instead of silently\ntruncating." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rastreo/sondas: Se corrige el manejo del l\u00edmite MAX_TRACE_ARGS Al crear un trace_probe, establecer\u00edamos nr_args antes de truncar los argumentos a MAX_TRACE_ARGS. Sin embargo, solo inicializar\u00edamos los argumentos hasta el l\u00edmite. Esto causaba un acceso no v\u00e1lido a la memoria al intentar configurar sondas con m\u00e1s de 128 fetchargs. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000020 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 1769 Comm: cat No contaminado 6.11.0-rc7+ #8 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-1.fc39 04/01/2014 RIP: 0010:__set_print_fmt+0x134/0x330 Resuelva el problema aplicando el l\u00edmite MAX_TRACE_ARGS anteriormente. Devuelva un error cuando haya demasiados argumentos en lugar de truncarlos silenciosamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50133.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50133.json index 0bb2459bc0a..0ee97566366 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50133.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50133.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50133", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:16.030", - "lastModified": "2024-11-05T18:15:16.030", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nLoongArch: Don't crash in stack_top() for tasks without vDSO\n\nNot all tasks have a vDSO mapped, for example kthreads never do. If such\na task ever ends up calling stack_top(), it will derefence the NULL vdso\npointer and crash.\n\nThis can for example happen when using kunit:\n\n\t[<9000000000203874>] stack_top+0x58/0xa8\n\t[<90000000002956cc>] arch_pick_mmap_layout+0x164/0x220\n\t[<90000000003c284c>] kunit_vm_mmap_init+0x108/0x12c\n\t[<90000000003c1fbc>] __kunit_add_resource+0x38/0x8c\n\t[<90000000003c2704>] kunit_vm_mmap+0x88/0xc8\n\t[<9000000000410b14>] usercopy_test_init+0xbc/0x25c\n\t[<90000000003c1db4>] kunit_try_run_case+0x5c/0x184\n\t[<90000000003c3d54>] kunit_generic_run_threadfn_adapter+0x24/0x48\n\t[<900000000022e4bc>] kthread+0xc8/0xd4\n\t[<9000000000200ce8>] ret_from_kernel_thread+0xc/0xa4" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: LoongArch: No se bloquea en stack_top() para tareas sin vDSO No todas las tareas tienen un vDSO asignado, por ejemplo, kthreads nunca lo tiene. Si alguna vez una tarea de este tipo termina llamando a stack_top(), desreferenciar\u00e1 el puntero vdso NULL y se bloquear\u00e1. Esto puede suceder, por ejemplo, al usar kunit: [<9000000000203874>] stack_top+0x58/0xa8 [<90000000002956cc>] arch_pick_mmap_layout+0x164/0x220 [<90000000003c284c>] kunit_vm_mmap_init+0x108/0x12c [<90000000003c1fbc>] __kunit_add_resource+0x38/0x8c [<90000000003c2704>] kunit_vm_mmap+0x88/0xc8 [<9000000000410b14>] usercopy_test_init+0xbc/0x25c [<90000000003c1db4>] kunit_try_run_case+0x5c/0x184 [<90000000003c3d54>] kunit_generic_run_threadfn_adapter+0x24/0x48 [<900000000022e4bc>] kthread+0xc8/0xd4 [<9000000000200ce8>] ret_from_kernel_thread+0xc/0xa4" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50134.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50134.json index ea2167d5da1..b49c528920e 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50134.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50134.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50134", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:16.093", - "lastModified": "2024-11-05T18:15:16.093", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA\n\nReplace the fake VLA at end of the vbva_mouse_pointer_shape shape with\na real VLA to fix a \"memcpy: detected field-spanning write error\" warning:\n\n[ 13.319813] memcpy: detected field-spanning write (size 16896) of single field \"p->data\" at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (size 4)\n[ 13.319841] WARNING: CPU: 0 PID: 1105 at drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo]\n[ 13.320038] Call Trace:\n[ 13.320173] hgsmi_update_pointer_shape [vboxvideo]\n[ 13.320184] vbox_cursor_atomic_update [vboxvideo]\n\nNote as mentioned in the added comment it seems the original length\ncalculation for the allocated and send hgsmi buffer is 4 bytes too large.\nChanging this is not the goal of this patch, so this behavior is kept." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/vboxvideo: Reemplazar VLA falso al final de vbva_mouse_pointer_shape con VLA real Reemplace el VLA falso al final de la forma vbva_mouse_pointer_shape con un VLA real para corregir una advertencia \"memcpy: error de escritura que abarca el campo detectado\": [ 13.319813] memcpy: se detect\u00f3 una escritura que abarca el campo (tama\u00f1o 16896) de un solo campo \"p->data\" en drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 (tama\u00f1o 4) [ 13.319841] ADVERTENCIA: CPU: 0 PID: 1105 en drivers/gpu/drm/vboxvideo/hgsmi_base.c:154 hgsmi_update_pointer_shape+0x192/0x1c0 [vboxvideo] [ [13.320038] Seguimiento de llamadas: [13.320173] hgsmi_update_pointer_shape [vboxvideo] [13.320184] vbox_cursor_atomic_update [vboxvideo] Tenga en cuenta que, como se menciona en el comentario agregado, parece que el c\u00e1lculo de longitud original para el b\u00fafer hgsmi asignado y enviado es 4 bytes m\u00e1s grande. Cambiar esto no es el objetivo de este parche, por lo que se mantiene este comportamiento." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50135.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50135.json index ee3041fe1d0..a28f6962042 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50135.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50135.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50135", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:16.153", - "lastModified": "2024-11-05T18:15:16.153", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvme-pci: fix race condition between reset and nvme_dev_disable()\n\nnvme_dev_disable() modifies the dev->online_queues field, therefore\nnvme_pci_update_nr_queues() should avoid racing against it, otherwise\nwe could end up passing invalid values to blk_mq_update_nr_hw_queues().\n\n WARNING: CPU: 39 PID: 61303 at drivers/pci/msi/api.c:347\n pci_irq_get_affinity+0x187/0x210\n Workqueue: nvme-reset-wq nvme_reset_work [nvme]\n RIP: 0010:pci_irq_get_affinity+0x187/0x210\n Call Trace:\n \n ? blk_mq_pci_map_queues+0x87/0x3c0\n ? pci_irq_get_affinity+0x187/0x210\n blk_mq_pci_map_queues+0x87/0x3c0\n nvme_pci_map_queues+0x189/0x460 [nvme]\n blk_mq_update_nr_hw_queues+0x2a/0x40\n nvme_reset_work+0x1be/0x2a0 [nvme]\n\nFix the bug by locking the shutdown_lock mutex before using\ndev->online_queues. Give up if nvme_dev_disable() is running or if\nit has been executed already." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvme-pci: corrige la condici\u00f3n de ejecuci\u00f3n entre reset y nvme_dev_disable() nvme_dev_disable() modifica el campo dev->online_queues, por lo tanto, nvme_pci_update_nr_queues() deber\u00eda evitar competir contra \u00e9l, de lo contrario podr\u00edamos terminar pasando valores no v\u00e1lidos a blk_mq_update_nr_hw_queues(). ADVERTENCIA: CPU: 39 PID: 61303 en drivers/pci/msi/api.c:347 pci_irq_get_affinity+0x187/0x210 Workqueue: nvme-reset-wq nvme_reset_work [nvme] RIP: 0010:pci_irq_get_affinity+0x187/0x210 Seguimiento de llamadas: ? blk_mq_pci_map_queues+0x87/0x3c0 ? pci_irq_get_affinity+0x187/0x210 blk_mq_pci_map_queues+0x87/0x3c0 nvme_pci_map_queues+0x189/0x460 [nvme] blk_mq_update_nr_hw_queues+0x2a/0x40 nvme_reset_work+0x1be/0x2a0 [nvme] Corrija el error bloqueando el mutex shutoff_lock antes de usar dev->online_queues. Abandone si nvme_dev_disable() se est\u00e1 ejecutando o si ya se ha ejecutado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50136.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50136.json index 3904c0cc24e..c28ae317450 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50136.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50136.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50136", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:16.213", - "lastModified": "2024-11-05T18:15:16.213", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5: Unregister notifier on eswitch init failure\n\nIt otherwise remains registered and a subsequent attempt at eswitch\nenabling might trigger warnings of the sort:\n\n[ 682.589148] ------------[ cut here ]------------\n[ 682.590204] notifier callback eswitch_vport_event [mlx5_core] already registered\n[ 682.590256] WARNING: CPU: 13 PID: 2660 at kernel/notifier.c:31 notifier_chain_register+0x3e/0x90\n[...snipped]\n[ 682.610052] Call Trace:\n[ 682.610369] \n[ 682.610663] ? __warn+0x7c/0x110\n[ 682.611050] ? notifier_chain_register+0x3e/0x90\n[ 682.611556] ? report_bug+0x148/0x170\n[ 682.611977] ? handle_bug+0x36/0x70\n[ 682.612384] ? exc_invalid_op+0x13/0x60\n[ 682.612817] ? asm_exc_invalid_op+0x16/0x20\n[ 682.613284] ? notifier_chain_register+0x3e/0x90\n[ 682.613789] atomic_notifier_chain_register+0x25/0x40\n[ 682.614322] mlx5_eswitch_enable_locked+0x1d4/0x3b0 [mlx5_core]\n[ 682.614965] mlx5_eswitch_enable+0xc9/0x100 [mlx5_core]\n[ 682.615551] mlx5_device_enable_sriov+0x25/0x340 [mlx5_core]\n[ 682.616170] mlx5_core_sriov_configure+0x50/0x170 [mlx5_core]\n[ 682.616789] sriov_numvfs_store+0xb0/0x1b0\n[ 682.617248] kernfs_fop_write_iter+0x117/0x1a0\n[ 682.617734] vfs_write+0x231/0x3f0\n[ 682.618138] ksys_write+0x63/0xe0\n[ 682.618536] do_syscall_64+0x4c/0x100\n[ 682.618958] entry_SYSCALL_64_after_hwframe+0x4b/0x53" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Anular el registro del notificador en caso de error de inicializaci\u00f3n de eswitch De lo contrario, permanece registrado y un intento posterior de habilitar eswitch podr\u00eda generar advertencias del tipo: [ 682.589148] ------------[ cortar aqu\u00ed ]------------ [ 682.590204] devoluci\u00f3n de llamada del notificador eswitch_vport_event [mlx5_core] ya registrado [ 682.590256] ADVERTENCIA: CPU: 13 PID: 2660 en kernel/notifier.c:31 notifier_chain_register+0x3e/0x90 [...cortado] [ 682.610052] Rastreo de llamada: [ 682.610369] [ 682.610663] ? __warn+0x7c/0x110 [ 682.611050] ? notifier_chain_register+0x3e/0x90 [ 682.611556] ? report_bug+0x148/0x170 [ 682.611977] ? handle_bug+0x36/0x70 [ 682.612384] ? exc_invalid_op+0x13/0x60 [ 682.612817] ? asm_exc_invalid_op+0x16/0x20 [ 682.613284] ? notifier_chain_register+0x3e/0x90 [ 682.613789] atomic_notifier_chain_register+0x25/0x40 [ 682.614322] mlx5_eswitch_enable_locked+0x1d4/0x3b0 [mlx5_core] [ 682.614965] mlx5_eswitch_enable+0xc9/0x100 [mlx5_core] [ 682.615551] mlx5_device_enable_sriov+0x25/0x340 [mlx5_core] [ 682.616170] mlx5_core_sriov_configure+0x50/0x170 [mlx5_core] [ 682.616789] sriov_numvfs_store+0xb0/0x1b0 [ 682.617248] kernfs_fop_write_iter+0x117/0x1a0 [ 682.617734] vfs_write+0x231/0x3f0 [ 682.618138] ksys_write+0x63/0xe0 [ 682.618536] do_syscall_64+0x4c/0x100 [ 682.618958] entry_SYSCALL_64_after_hwframe+0x4b/0x53" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50137.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50137.json index 7fb66371ed0..07f650ca0eb 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50137.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50137.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50137", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:16.277", - "lastModified": "2024-11-05T18:15:16.277", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nreset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC\n\ndata->asserted will be NULL on JH7110 SoC since commit 82327b127d41\n(\"reset: starfive: Add StarFive JH7110 reset driver\") was added. Add\nthe judgment condition to avoid errors when calling reset_control_status\non JH7110 SoC." + }, + { + "lang": "es", + "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: reset: starfive: jh71x0: Se ha corregido el acceso al miembro vac\u00edo en el SoC JH7110. La informaci\u00f3n data->asserted ser\u00e1 NULL en el SoC JH7110 desde que se agreg\u00f3 la confirmaci\u00f3n 82327b127d41 (\"reset: starfive: Add StarFive JH7110 reset driver\"). Se ha agregado la condici\u00f3n de juicio para evitar errores al llamar a reset_control_status en el SoC JH7110." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50138.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50138.json index 620d30c612f..2b7bf3e1575 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50138.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50138.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50138", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:16.337", - "lastModified": "2024-11-05T18:15:16.337", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Use raw_spinlock_t in ringbuf\n\nThe function __bpf_ringbuf_reserve is invoked from a tracepoint, which\ndisables preemption. Using spinlock_t in this context can lead to a\n\"sleep in atomic\" warning in the RT variant. This issue is illustrated\nin the example below:\n\nBUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48\nin_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs\npreempt_count: 1, expected: 0\nRCU nest depth: 1, expected: 1\nINFO: lockdep is turned off.\nPreemption disabled at:\n[] migrate_enable+0xc0/0x39c\nCPU: 7 PID: 556208 Comm: test_progs Tainted: G\nHardware name: Qualcomm SA8775P Ride (DT)\nCall trace:\n dump_backtrace+0xac/0x130\n show_stack+0x1c/0x30\n dump_stack_lvl+0xac/0xe8\n dump_stack+0x18/0x30\n __might_resched+0x3bc/0x4fc\n rt_spin_lock+0x8c/0x1a4\n __bpf_ringbuf_reserve+0xc4/0x254\n bpf_ringbuf_reserve_dynptr+0x5c/0xdc\n bpf_prog_ac3d15160d62622a_test_read_write+0x104/0x238\n trace_call_bpf+0x238/0x774\n perf_call_bpf_enter.isra.0+0x104/0x194\n perf_syscall_enter+0x2f8/0x510\n trace_sys_enter+0x39c/0x564\n syscall_trace_enter+0x220/0x3c0\n do_el0_svc+0x138/0x1dc\n el0_svc+0x54/0x130\n el0t_64_sync_handler+0x134/0x150\n el0t_64_sync+0x17c/0x180\n\nSwitch the spinlock to raw_spinlock_t to avoid this error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: uso de raw_spinlock_t en ringbuf La funci\u00f3n __bpf_ringbuf_reserve se invoca desde un punto de seguimiento, lo que desactiva la preempci\u00f3n. El uso de spinlock_t en este contexto puede provocar una advertencia de \"suspensi\u00f3n en at\u00f3mico\" en la variante RT. Este problema se ilustra en el siguiente ejemplo: ERROR: funci\u00f3n de suspensi\u00f3n llamada desde un contexto no v\u00e1lido en kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 556208, name: test_progs preempt_count: 1, expected: 0 Profundidad de anidaci\u00f3n de RCU: 1, expected: 1 INFORMACI\u00d3N: lockdep est\u00e1 desactivado. Prelaci\u00f3n deshabilitada en: [] migrants_enable+0xc0/0x39c CPU: 7 PID: 556208 Comm: test_progs Contaminado: G Nombre del hardware: Qualcomm SA8775P Ride (DT) Rastreo de llamadas: dump_backtrace+0xac/0x130 show_stack+0x1c/0x30 dump_stack_lvl+0xac/0xe8 dump_stack+0x18/0x30 __might_resched+0x3bc/0x4fc rt_spin_lock+0x8c/0x1a4 __bpf_ringbuf_reserve+0xc4/0x254 bpf_ringbuf_reserve_dynptr+0x5c/0xdc Cambie el bloqueo de giro a raw_spinlock_t para evitar este error." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50315.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50315.json new file mode 100644 index 00000000000..fa8a8f9c27a --- /dev/null +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50315.json @@ -0,0 +1,16 @@ +{ + "id": "CVE-2024-50315", + "sourceIdentifier": "talos-cna@cisco.com", + "published": "2024-11-06T18:15:06.173", + "lastModified": "2024-11-06T18:15:06.173", + "vulnStatus": "Rejected", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2024. Notes: none." + } + ], + "metrics": {}, + "references": [] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50332.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50332.json index 3c29a9660ae..e2b9612ac77 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50332.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50332.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50332", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:06.623", - "lastModified": "2024-11-05T19:15:06.623", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. Insufficient input value validation causes Blind SQL injection in DeleteRelationShip. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": " SuiteCRM es una aplicaci\u00f3n de software de gesti\u00f3n de relaciones con los clientes (CRM) de c\u00f3digo abierto y preparada para empresas. La validaci\u00f3n insuficiente de los valores de entrada provoca una inyecci\u00f3n SQL ciega en DeleteRelationShip. Este problema se ha solucionado en las versiones 7.14.6 y 8.7.1. Se recomienda a los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50333.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50333.json index b2b5813c78f..c8b32090a3e 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50333.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50333.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50333", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:06.840", - "lastModified": "2024-11-05T19:15:06.840", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. User input is not validated and is written to the filesystem. The ParserLabel::addLabels() function can be used to write attacker-controlled data into the custom language file that will be included at the runtime. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": " SuiteCRM es una aplicaci\u00f3n de software de gesti\u00f3n de relaciones con los clientes (CRM) de c\u00f3digo abierto y preparada para empresas. La entrada del usuario no se valida y se escribe en el sistema de archivos. La funci\u00f3n ParserLabel::addLabels() se puede utilizar para escribir datos controlados por el atacante en el archivo de idioma personalizado que se incluir\u00e1 en el entorno de ejecuci\u00f3n. Este problema se ha solucionado en las versiones 7.14.6 y 8.7.1. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50335.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50335.json index ecb02d93b3e..3fd3a5e692a 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50335.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50335.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50335", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:07.060", - "lastModified": "2024-11-05T19:15:07.060", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SuiteCRM is an open-source, enterprise-ready Customer Relationship Management (CRM) software application. The \"Publish Key\" field in SuiteCRM's Edit Profile page is vulnerable to Reflected Cross-Site Scripting (XSS), allowing an attacker to inject malicious JavaScript code. This can be exploited to steal CSRF tokens and perform unauthorized actions, such as creating new administrative users without proper authentication. The vulnerability arises due to insufficient input validation and sanitization of the Publish Key field within the SuiteCRM application. When an attacker injects a malicious script, it gets executed within the context of an authenticated user's session. The injected script (o.js) then leverages the captured CSRF token to forge requests that create new administrative users, effectively compromising the integrity and security of the CRM instance. This issue has been addressed in versions 7.14.6 and 8.7.1. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "SuiteCRM es una aplicaci\u00f3n de software de gesti\u00f3n de relaciones con los clientes (CRM) de c\u00f3digo abierto y preparada para empresas. El campo \"Clave de publicaci\u00f3n\" de la p\u00e1gina Editar perfil de SuiteCRM es vulnerable a Cross-Site Scripting reflejado (XSS), lo que permite a un atacante inyectar c\u00f3digo JavaScript malicioso. Esto se puede aprovechar para robar tokens CSRF y realizar acciones no autorizadas, como crear nuevos usuarios administrativos sin la autenticaci\u00f3n adecuada. La vulnerabilidad surge debido a una validaci\u00f3n de entrada y una limpieza insuficientes del campo Clave de publicaci\u00f3n dentro de la aplicaci\u00f3n SuiteCRM. Cuando un atacante inyecta un script malicioso, se ejecuta dentro del contexto de la sesi\u00f3n de un usuario autenticado. El script inyectado (o.js) aprovecha el token CSRF capturado para falsificar solicitudes que crean nuevos usuarios administrativos, lo que compromete de manera efectiva la integridad y la seguridad de la instancia de CRM. Este problema se ha solucionado en las versiones 7.14.6 y 8.7.1. Se recomienda a los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50526.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50526.json index cb209c1c2c4..5818d6f4dd4 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50526.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50526.json @@ -2,17 +2,41 @@ "id": "CVE-2024-50526", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-04T14:15:15.170", - "lastModified": "2024-11-04T18:50:05.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:07:02.417", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a Web Shell to a Web Server.This issue affects Multi Purpose Mail Form: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": " La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en mahlamusa Multi Purpose Mail Form permite cargar un shell web a un servidor web. Este problema afecta a Multi Purpose Mail Form: desde n/a hasta 1.0.2." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lindeni:multi_purpose_mail_form:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.2", + "matchCriteriaId": "A461AE0C-3ED4-4C94-82E7-9E2B03842EC0" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/multi-purpose-mail-form/wordpress-multi-purpose-mail-form-plugin-1-0-2-arbitrary-file-upload-vulnerability-2?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50527.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50527.json index f6f1c305e7f..1fa1e37f9eb 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50527.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50527.json @@ -2,17 +2,41 @@ "id": "CVE-2024-50527", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-04T14:15:15.367", - "lastModified": "2024-11-04T18:50:05.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:06:23.250", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Stacks Stacks Mobile App Builder allows Upload a Web Shell to a Web Server.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3." + }, + { + "lang": "es", + "value": " Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Stacks Stacks Mobile App Builder permite cargar un Web Shell a un servidor web. Este problema afecta a Stacks Mobile App Builder: desde n/a hasta 5.2.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -36,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stacksmarket:stacks_mobile_app_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.2.3", + "matchCriteriaId": "49CD9587-09D6-4905-BF18-55C65D0755E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50528.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50528.json index 54fe5fa5389..0fa30e88779 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50528.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50528.json @@ -2,17 +2,41 @@ "id": "CVE-2024-50528", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-04T14:15:15.560", - "lastModified": "2024-11-04T18:50:05.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:06:03.840", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder allows Retrieve Embedded Sensitive Data.This issue affects Stacks Mobile App Builder: from n/a through 5.2.3." + }, + { + "lang": "es", + "value": " Vulnerabilidad de exposici\u00f3n de informaci\u00f3n confidencial del sistema a una esfera de control no autorizada en Stacks Stacks Mobile App Builder permite recuperar datos confidenciales integrados. Este problema afecta a Stacks Mobile App Builder: desde n/a hasta 5.2.3." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -37,8 +61,18 @@ }, "weaknesses": [ { - "source": "audit@patchstack.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, + { + "source": "audit@patchstack.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -47,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:stacksmarket:stacks_mobile_app_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "5.2.3", + "matchCriteriaId": "49CD9587-09D6-4905-BF18-55C65D0755E8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/stacks-mobile-app-builder/wordpress-stacks-mobile-app-builder-plugin-5-2-3-sensitive-data-exposure-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50529.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50529.json index 34e528cb19a..d4311bdaf14 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50529.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50529.json @@ -2,17 +2,41 @@ "id": "CVE-2024-50529", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-04T14:15:15.750", - "lastModified": "2024-11-04T18:50:05.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:04:57.810", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training \u2013 Courses allows Upload a Web Shell to a Web Server.This issue affects Training \u2013 Courses: from n/a through 2.0.1." + }, + { + "lang": "es", + "value": " La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Rudra Innnovative Software Training \u2013 Courses permite cargar un shell web a un servidor web. Este problema afecta a Training \u2013 Courses: desde n/a hasta 2.0.1." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:rudrainnovative:training_-_courses:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.1", + "matchCriteriaId": "060E0B7D-98C3-4D59-B532-9FABBC1FDAA2" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/training/wordpress-training-courses-plugin-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50530.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50530.json index 93eef2fa9a0..543fcbf1292 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50530.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50530.json @@ -2,17 +2,41 @@ "id": "CVE-2024-50530", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-04T14:15:15.937", - "lastModified": "2024-11-04T18:50:05.607", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:02:05.543", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Myriad Solutionz Stars SMTP Mailer allows Upload a Web Shell to a Web Server.This issue affects Stars SMTP Mailer: from n/a through 1.7." + }, + { + "lang": "es", + "value": " Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Myriad Solutionz Stars SMTP Mailer permite cargar un shell web a un servidor web. Este problema afecta a Stars SMTP Mailer: desde n/a hasta 1.7." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -47,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:myriadsolutionz:stars_smtp_mailer:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.7", + "matchCriteriaId": "D43A5CC7-0436-4646-B91A-47046E9543D8" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/stars-smtp-mailer/wordpress-stars-smtp-mailer-plugin-1-7-arbitrary-file-upload-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50637.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50637.json new file mode 100644 index 00000000000..7d5e7a7806a --- /dev/null +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50637.json @@ -0,0 +1,29 @@ +{ + "id": "CVE-2024-50637", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-06T17:15:20.680", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "UnoPim 0.1.3 and below is vulnerable to Cross Site Scripting (XSS) in the Create User function. \u00b6\u00b6 The vulnerability allows attackers to perform XSS in SVG file extension, which can be used to stealing cookies." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/unopim/unopim/issues/41", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/unopim/unopim/releases/tag/v0.1.4", + "source": "cve@mitre.org" + }, + { + "url": "https://github.com/yamerooo123/ResearchNBugBountyEncyclopedia/blob/main/Researches/Unopim/Findings.md", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51115.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51115.json index 5aae59aebd8..39a54afd3af 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51115.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51115.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51115", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T23:15:04.630", - "lastModified": "2024-11-05T23:15:04.630", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -15,7 +15,42 @@ "value": " Se descubri\u00f3 que DCME-320 v7.4.12.90 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-77" + } + ] + } + ], "references": [ { "url": "https://github.com/CLan-nad/CVE/blob/main/dcn/ip_inter/1.md", diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51116.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51116.json index e335e885871..4368e02d4c6 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51116.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51116.json @@ -2,16 +2,55 @@ "id": "CVE-2024-51116", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T22:15:21.477", - "lastModified": "2024-11-05T22:15:21.477", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Tenda AC6 v2.0 V15.03.06.50 was discovered to contain a buffer overflow in the function 'formSetPPTPServer'." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 que Tenda AC6 v2.0 V15.03.06.50 contiene un desbordamiento de b\u00fafer en la funci\u00f3n 'formSetPPTPServer'." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://github.com/CLan-nad/CVE/blob/main/tenda/formSetPPTPServer/readme.md", diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51132.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51132.json index 3535a857908..6ebb23617f3 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51132.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51132.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51132", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T17:15:07.310", - "lastModified": "2024-11-05T17:15:07.310", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de entidad externa XML (XXE) en HAPI FHIR anterior a v6.4.0 permite a los atacantes acceder a informaci\u00f3n confidencial o ejecutar c\u00f3digo arbitrario mediante el suministro de una solicitud manipulada que contiene entidades XML maliciosas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-512xx/CVE-2024-51240.json b/CVE-2024/CVE-2024-512xx/CVE-2024-51240.json index 84647405624..2f3d67d2f31 100644 --- a/CVE-2024/CVE-2024-512xx/CVE-2024-51240.json +++ b/CVE-2024/CVE-2024-512xx/CVE-2024-51240.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51240", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T19:15:07.283", - "lastModified": "2024-11-05T19:15:07.283", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue in the luci-mod-rpc package in OpenWRT Luci LTS allows for privilege escalation from an admin account to root via the JSON-RPC-API, which is exposed by the luci-mod-rpc package" + }, + { + "lang": "es", + "value": "Un problema en el paquete luci-mod-rpc en OpenWRT Luci LTS permite la escalada de privilegios desde una cuenta de administrador a root a trav\u00e9s de JSON-RPC-API, que est\u00e1 expuesta por el paquete luci-mod-rpc" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-513xx/CVE-2024-51358.json b/CVE-2024/CVE-2024-513xx/CVE-2024-51358.json index b9801ce6eab..35e353f1151 100644 --- a/CVE-2024/CVE-2024-513xx/CVE-2024-51358.json +++ b/CVE-2024/CVE-2024-513xx/CVE-2024-51358.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51358", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T23:15:04.707", - "lastModified": "2024-11-05T23:15:04.707", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-513xx/CVE-2024-51362.json b/CVE-2024/CVE-2024-513xx/CVE-2024-51362.json index 55604b46069..c423ceb2327 100644 --- a/CVE-2024/CVE-2024-513xx/CVE-2024-51362.json +++ b/CVE-2024/CVE-2024-513xx/CVE-2024-51362.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51362", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T17:15:07.383", - "lastModified": "2024-11-05T17:15:07.383", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The LSC Smart Connect Indoor IP Camera V7.6.32 is vulnerable to an information disclosure issue where live camera footage can be accessed through the RTSP protocol on port 8554 without requiring authentication. This allows unauthorized users with network access to view the camera's feed, potentially compromising user privacy and security. No credentials or special permissions are required, and access can be gained remotely over the network." + }, + { + "lang": "es", + "value": "LSC Smart Connect Indoor IP Camera V7.6.32 es vulnerable a un problema de divulgaci\u00f3n de informaci\u00f3n que permite acceder a las im\u00e1genes en vivo de la c\u00e1mara a trav\u00e9s del protocolo RTSP en el puerto 8554 sin necesidad de autenticaci\u00f3n. Esto permite que usuarios no autorizados con acceso a la red vean la se\u00f1al de la c\u00e1mara, lo que podr\u00eda comprometer la privacidad y la seguridad del usuario. No se requieren credenciales ni permisos especiales, y se puede acceder de forma remota a trav\u00e9s de la red." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-513xx/CVE-2024-51379.json b/CVE-2024/CVE-2024-513xx/CVE-2024-51379.json index 8ea615a32be..84888c6e872 100644 --- a/CVE-2024/CVE-2024-513xx/CVE-2024-51379.json +++ b/CVE-2024/CVE-2024-513xx/CVE-2024-51379.json @@ -2,16 +2,55 @@ "id": "CVE-2024-51379", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T19:15:07.373", - "lastModified": "2024-11-05T19:15:07.373", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stored Cross-Site Scripting (XSS) vulnerability discovered in JATOS v3.9.3. The vulnerability exists in the description component of the study section, where an attacker can inject JavaScript into the description field. This allows for the execution of malicious scripts when an admin views the description, potentially leading to account takeover and unauthorized actions." + }, + { + "lang": "es", + "value": " Vulnerabilidad de Cross Site Scripting (XSS) almacenado descubierta en JATOS v3.9.3. La vulnerabilidad existe en el componente de descripci\u00f3n de la secci\u00f3n de estudio, donde un atacante puede inyectar JavaScript en el campo de descripci\u00f3n. Esto permite la ejecuci\u00f3n de scripts maliciosos cuando un administrador ve la descripci\u00f3n, lo que puede provocar la apropiaci\u00f3n de cuentas y acciones no autorizadas." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://hacking-notes.medium.com/cve-2024-51379-jatos-v3-9-3-stored-xss-description-component-de49d0077a96", diff --git a/CVE-2024/CVE-2024-513xx/CVE-2024-51380.json b/CVE-2024/CVE-2024-513xx/CVE-2024-51380.json index 934ac5bce5d..f7aa0e5b6ab 100644 --- a/CVE-2024/CVE-2024-513xx/CVE-2024-51380.json +++ b/CVE-2024/CVE-2024-513xx/CVE-2024-51380.json @@ -2,16 +2,55 @@ "id": "CVE-2024-51380", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T19:15:07.470", - "lastModified": "2024-11-05T19:15:07.470", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stored Cross-Site Scripting (XSS) vulnerability discovered in the Properties Component of JATOS v3.9.3. This flaw allows an attacker to inject malicious JavaScript into the properties section of a study, specifically within the UUID field. When an admin user accesses the study's properties, the injected script is executed in the admin's browser, which could lead to unauthorized actions, including account compromise and privilege escalation." + }, + { + "lang": "es", + "value": "Vulnerabilidad de Cross Site Scripting (XSS) almacenado descubierta en el componente Propiedades de JATOS v3.9.3. Este fallo permite a un atacante inyectar c\u00f3digo JavaScript malicioso en la secci\u00f3n de propiedades de un estudio, espec\u00edficamente en el campo UUID. Cuando un usuario administrador accede a las propiedades del estudio, el c\u00f3digo inyectado se ejecuta en el navegador del administrador, lo que podr\u00eda provocar acciones no autorizadas, como la vulneraci\u00f3n de la cuenta y la escalada de privilegios." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://hacking-notes.medium.com/cve-2024-51380-jatos-v3-9-3-stored-xss-properties-component-44aea338ee9c", diff --git a/CVE-2024/CVE-2024-513xx/CVE-2024-51381.json b/CVE-2024/CVE-2024-513xx/CVE-2024-51381.json index 8a199b91444..bc7bda9d7c0 100644 --- a/CVE-2024/CVE-2024-513xx/CVE-2024-51381.json +++ b/CVE-2024/CVE-2024-513xx/CVE-2024-51381.json @@ -2,16 +2,55 @@ "id": "CVE-2024-51381", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T19:15:07.550", - "lastModified": "2024-11-05T19:15:07.550", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 that allows attackers to perform actions reserved for administrators, including creating admin accounts. This critical flaw can lead to unauthorized activities, compromising the security and integrity of the platform, especially if an attacker gains administrative control." + }, + { + "lang": "es", + "value": " Vulnerabilidad de Cross-Site Request Forgery (CSRF) en JATOS v3.9.3 que permite a los atacantes realizar acciones reservadas a los administradores, incluida la creaci\u00f3n de cuentas de administrador. Este fallo cr\u00edtico puede conducir a actividades no autorizadas, lo que compromete la seguridad y la integridad de la plataforma, especialmente si un atacante obtiene el control administrativo." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://hacking-notes.medium.com/cve-2024-51381-jatos-v3-9-3-csrf-admin-account-creation-94035f24d0be", diff --git a/CVE-2024/CVE-2024-513xx/CVE-2024-51382.json b/CVE-2024/CVE-2024-513xx/CVE-2024-51382.json index fe9d3da2025..484a80c6043 100644 --- a/CVE-2024/CVE-2024-513xx/CVE-2024-51382.json +++ b/CVE-2024/CVE-2024-513xx/CVE-2024-51382.json @@ -2,16 +2,55 @@ "id": "CVE-2024-51382", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-05T19:15:07.640", - "lastModified": "2024-11-05T19:15:07.640", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in JATOS v3.9.3 allows an attacker to reset the administrator's password. This critical security flaw can result in unauthorized access to the platform, enabling attackers to hijack admin accounts and compromise the integrity and security of the system." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en JATOS v3.9.3 permite a un atacante restablecer la contrase\u00f1a del administrador. Este fallo de seguridad cr\u00edtica puede generar acceso no autorizado a la plataforma, lo que permite a los atacantes secuestrar cuentas de administrador y comprometer la integridad y seguridad del sistema." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.7, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://hacking-notes.medium.com/cve-2024-51382-jatos-v3-9-3-csrf-admin-password-reset-1adeff0386ed", diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51493.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51493.json index 527b2a5dda3..b17accbed59 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51493.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51493.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51493", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:07.730", - "lastModified": "2024-11-05T19:15:07.730", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.2 contain a vulnerability that allows an attacker that has gained temporary control over an authenticated victim's OctoPrint browser session to retrieve/recreate/delete the user's or - if the victim has admin permissions - the global API key without having to reauthenticate by re-entering the user account's password. An attacker could use a stolen API key to access OctoPrint through its API, or disrupt workflows depending on the API key they deleted. This vulnerability will be patched in version 1.10.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "OctoPrint proporciona una interfaz web para controlar impresoras 3D de consumo. Las versiones de OctoPrint hasta la 1.10.2 incluida contienen una vulnerabilidad que permite a un atacante que ha obtenido control temporal sobre la sesi\u00f3n del navegador OctoPrint de una v\u00edctima autenticada recuperar/recrear/eliminar la clave API del usuario o (si la v\u00edctima tiene permisos de administrador) la clave API global sin tener que volver a autenticarse ingresando nuevamente la contrase\u00f1a de la cuenta de usuario. Un atacante podr\u00eda usar una clave API robada para acceder a OctoPrint a trav\u00e9s de su API o interrumpir los flujos de trabajo seg\u00fan la clave API que haya eliminado. Esta vulnerabilidad se solucionar\u00e1 en la versi\u00f3n 1.10.3 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51735.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51735.json index f209b315b71..865b0d64861 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51735.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51735.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51735", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:07.947", - "lastModified": "2024-11-05T19:15:07.947", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Osmedeus is a Workflow Engine for Offensive Security. Cross-site Scripting (XSS) occurs on the Osmedues web server when viewing results from the workflow, allowing commands to be executed on the server. When using a workflow that contains the summary module, it generates reports in HTML and Markdown formats. The default report is based on the `general-template.md` template.The contents of the files are read and used to generate the report. However, the file contents are not properly filtered, leading to XSS. This may lead to commands executed on the host as well. This issue is not yet resolved. Users are advised to add their own filtering or to reach out to the developer to aid in developing a patch." + }, + { + "lang": "es", + "value": "Osmedeus es un motor de workflow para seguridad ofensiva. Se produce un ataque de Cross Site Scripting (XSS) en el servidor web de Osmedeus cuando se visualizan los resultados del workflow, lo que permite ejecutar comandos en el servidor. Cuando se utiliza un workflow que contiene el m\u00f3dulo de resumen, se generan informes en formatos HTML y Markdown. El informe predeterminado se basa en la plantilla `general-template.md`. Se leen los contenidos de los archivos y se utilizan para generar el informe. Sin embargo, los contenidos de los archivos no se filtran correctamente, lo que genera un ataque de Cross Site Scripting (XSS). Esto tambi\u00e9n puede provocar la ejecuci\u00f3n de comandos en el host. Este problema a\u00fan no se ha resuelto. Se recomienda a los usuarios que agreguen su propio filtrado o que se pongan en contacto con el desarrollador para que les ayude a desarrollar un parche." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51739.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51739.json index 5ee28102da2..a87605d5b32 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51739.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51739.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51739", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T18:15:16.547", - "lastModified": "2024-11-05T18:15:16.547", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. Users unable to upgrade may overload the dictionary entry `\"UI:ResetPwd-Error-WrongLogin\"` through an extension and replace it with a generic message." + }, + { + "lang": "es", + "value": " Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Los usuarios no autenticados pueden realizar la enumeraci\u00f3n de usuarios, lo que puede facilitar la b\u00fasqueda por fuerza bruta de una cuenta v\u00e1lida. Como soluci\u00f3n, la frase que se muestra despu\u00e9s de restablecer la contrase\u00f1a ya no muestra si el usuario existe o no. Esta soluci\u00f3n est\u00e1 incluida en las versiones 2.7.11, 3.0.5, 3.1.2 y 3.2.0. Se recomienda a los usuarios que actualicen la versi\u00f3n. Los usuarios que no puedan actualizar pueden sobrecargar la entrada del diccionario `\"UI:ResetPwd-Error-WrongLogin\"` a trav\u00e9s de una extensi\u00f3n y reemplazarla con un mensaje gen\u00e9rico." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51740.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51740.json index 17c3b0a9b98..23c4b25b9a6 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51740.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51740.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51740", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:08.087", - "lastModified": "2024-11-05T19:15:08.087", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Combodo iTop is a simple, web based IT Service Management tool. This vulnerability can be used to create HTTP requests on behalf of the server, from a low privileged user. The user portal form manager has been fixed to only instantiate classes derived from it. This issue has been addressed in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": " Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Esta vulnerabilidad se puede utilizar para crear solicitudes HTTP en nombre del servidor desde un usuario con pocos privilegios. El administrador de formularios del portal de usuarios se ha corregido para que solo cree instancias de clases derivadas de \u00e9l. Este problema se ha solucionado en las versiones 2.7.11, 3.0.5, 3.1.2 y 3.2.0. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51745.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51745.json index bcef8b294b9..f5851b419cc 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51745.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51745.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51745", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T22:15:21.643", - "lastModified": "2024-11-05T22:15:21.643", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", and so on, however it did not block access to the special device filenames which use superscript digits, such as \"COM\u00b9\", \"COM\u00b2\", \"LPT\u2070\", \"LPT\u00b9\", and so on. Untrusted Wasm programs that are given access to any filesystem directory could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them gain access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports. Patch releases for Wasmtime have been issued as 24.0.2, 25.0.3, and 26.0.1. Users of Wasmtime 23.0.x and prior are recommended to upgrade to one of these patched versions. There are no known workarounds for this issue. Affected Windows users are recommended to upgrade." + "value": "Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device filenames such as \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", and so on, however it did not block access to the special device filenames which use superscript digits, such as \"COM\u00b9\", \"COM\u00b2\", \"LPT?\", \"LPT\u00b9\", and so on. Untrusted Wasm programs that are given access to any filesystem directory could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them gain access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports. Patch releases for Wasmtime have been issued as 24.0.2, 25.0.3, and 26.0.1. Users of Wasmtime 23.0.x and prior are recommended to upgrade to one of these patched versions. There are no known workarounds for this issue. Affected Windows users are recommended to upgrade." + }, + { + "lang": "es", + "value": "Wasmtime es un entorno de ejecuci\u00f3n r\u00e1pido y seguro para WebAssembly. La implementaci\u00f3n de la zona protegida del sistema de archivos de Wasmtime en Windows bloquea el acceso a nombres de archivos de dispositivos especiales como \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", etc., pero no bloquea el acceso a los nombres de archivos de dispositivos especiales que utilizan d\u00edgitos en super\u00edndice, como \"COM\u00b9\", \"COM\u00b2\", \"LPT?\", \"LPT\u00b9\", etc. Los programas Wasm no confiables a los que se les da acceso a cualquier directorio del sistema de archivos podr\u00edan omitir la zona protegida y acceder a los dispositivos a trav\u00e9s de esos nombres de archivos de dispositivos especiales con d\u00edgitos en super\u00edndice, y a trav\u00e9s de ellos obtener acceso a dispositivos perif\u00e9ricos conectados a la computadora o recursos de red asignados a esos dispositivos. Esto puede incluir m\u00f3dems, impresoras, impresoras de red y cualquier otro dispositivo conectado a un puerto serial o paralelo, incluidos los puertos seriales USB emulados. Se han publicado parches para Wasmtime como 24.0.2, 25.0.3 y 26.0.1. Se recomienda a los usuarios de Wasmtime 23.0.x y versiones anteriores que actualicen a una de estas versiones parcheadas. No existen workarounds conocidos para este problema. Se recomienda a los usuarios de Windows afectados que actualicen." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51746.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51746.json index 83c88cf34b1..710f61b56c9 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51746.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51746.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51746", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T19:15:08.300", - "lastModified": "2024-11-05T19:15:08.300", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Gitsign is a keyless Sigstore to signing tool for Git commits with your a GitHub / OIDC identity. gitsign may select the wrong Rekor entry to use during online verification when multiple entries are returned by the log. gitsign uses Rekor's search API to fetch entries that apply to a signature being verified. The parameters used for the search are the public key and the payload. The search API returns entries that match either condition rather than both. When gitsign's credential cache is used, there can be multiple entries that use the same ephemeral keypair / signing certificate. As gitsign assumes both conditions are matched by Rekor, there is no additional validation that the entry's hash matches the payload being verified, meaning that the wrong entry can be used to successfully pass verification. Impact is minimal as while gitsign does not match the payload against the entry, it does ensure that the certificate matches. This would need to be exploited during the certificate validity window (10 minutes) by the key holder." + }, + { + "lang": "es", + "value": "Gitsign es una herramienta de firma de Sigstore sin clave para las confirmaciones de Git con su identidad de GitHub/OIDC. gitsign puede seleccionar la entrada de Rekor incorrecta para usar durante la verificaci\u00f3n en l\u00ednea cuando el registro devuelve varias entradas. gitsign usa la API de b\u00fasqueda de Rekor para obtener las entradas que se aplican a una firma que se est\u00e1 verificando. Los par\u00e1metros utilizados para la b\u00fasqueda son la clave p\u00fablica y el payload. La API de b\u00fasqueda devuelve las entradas que coinciden con una de las condiciones en lugar de ambas. Cuando se usa el cach\u00e9 de credenciales de gitsign, puede haber varias entradas que usen el mismo certificado de firma/par de claves ef\u00edmeras. Como gitsign asume que Rekor cumple con ambas condiciones, no hay una validaci\u00f3n adicional de que el hash de la entrada coincida con el payload que se est\u00e1 verificando, lo que significa que se puede usar la entrada incorrecta para pasar la verificaci\u00f3n con \u00e9xito. El impacto es m\u00ednimo ya que, si bien gitsign no compara el payload con la entrada, s\u00ed garantiza que el certificado coincida. Esto deber\u00eda ser explotado durante la ventana de validez del certificado (10 minutos) por el titular de la clave." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51752.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51752.json index 001be5d467c..5ca03839757 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51752.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51752.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51752", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T20:15:15.167", - "lastModified": "2024-11-05T20:15:15.167", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The AuthKit library for Next.js provides convenient helpers for authentication and session management using WorkOS & AuthKit with Next.js. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.13.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "La librer\u00eda AuthKit para Next.js ofrece ayudas pr\u00e1cticas para la autenticaci\u00f3n y la gesti\u00f3n de sesiones mediante WorkOS y AuthKit con Next.js. En las versiones afectadas, los tokens de actualizaci\u00f3n se registran en la consola cuando se habilita la bandera `debug` (deshabilitada de forma predeterminada). Este problema se ha corregido en la versi\u00f3n 0.13.2 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51753.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51753.json index 1c328b376a1..392c809d2e5 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51753.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51753.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51753", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T20:15:15.300", - "lastModified": "2024-11-05T20:15:15.300", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The AuthKit library for Remix provides convenient helpers for authentication and session management using WorkOS & AuthKit with Remix. In affected versions refresh tokens are logged to the console when the disabled by default `debug` flag, is enabled. This issue has been patched in version 0.4.1. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": " La librer\u00eda AuthKit para Remix ofrece asistentes pr\u00e1cticos para la autenticaci\u00f3n y la gesti\u00f3n de sesiones mediante WorkOS y AuthKit con Remix. En las versiones afectadas, los tokens de actualizaci\u00f3n se registran en la consola cuando se habilita la bandera `debug` (deshabilitada de forma predeterminada). Este problema se ha corregido en la versi\u00f3n 0.4.1. Se recomienda a todos los usuarios que actualicen. No existen workarounds conocidos para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51756.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51756.json index f85bf7c52c7..485866a454e 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51756.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51756.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51756", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-05T22:15:21.817", - "lastModified": "2024-11-05T22:15:21.817", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "The cap-std project is organized around the eponymous `cap-std` crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", and so on, however it did not block access to the special device filenames which use superscript digits, such as \"COM\u00b9\", \"COM\u00b2\", \"LPT\u2070\", \"LPT\u00b9\", and so on. Untrusted filesystem paths could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them provide access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports. The bug is fixed in #371, which is published in cap-primitives 3.4.1, cap-std 3.4.1, and cap-async-std 3.4.1. There are no known workarounds for this issue. Affected Windows users are recommended to upgrade." + "value": "The cap-std project is organized around the eponymous `cap-std` crate, and develops libraries to make it easy to write capability-based code. cap-std's filesystem sandbox implementation on Windows blocks access to special device filenames such as \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", and so on, however it did not block access to the special device filenames which use superscript digits, such as \"COM\u00b9\", \"COM\u00b2\", \"LPT?\", \"LPT\u00b9\", and so on. Untrusted filesystem paths could bypass the sandbox and access devices through those special device filenames with superscript digits, and through them provide access peripheral devices connected to the computer, or network resources mapped to those devices. This can include modems, printers, network printers, and any other device connected to a serial or parallel port, including emulated USB serial ports. The bug is fixed in #371, which is published in cap-primitives 3.4.1, cap-std 3.4.1, and cap-async-std 3.4.1. There are no known workarounds for this issue. Affected Windows users are recommended to upgrade." + }, + { + "lang": "es", + "value": "El proyecto cap-std est\u00e1 organizado en torno al caj\u00f3n hom\u00f3nimo `cap-std`, y desarrolla librer\u00edas para facilitar la escritura de c\u00f3digo basado en capacidades. La implementaci\u00f3n del sandbox del sistema de archivos de cap-std en Windows bloquea el acceso a nombres de archivos de dispositivos especiales como \"COM1\", \"COM2\", \"LPT0\", \"LPT1\", etc., sin embargo, no bloquea el acceso a los nombres de archivos de dispositivos especiales que utilizan d\u00edgitos en super\u00edndice, como \"COM\u00b9\", \"COM\u00b2\", \"LPT?\", \"LPT\u00b9\", etc. Las rutas del sistema de archivos no confiables podr\u00edan eludir el sandbox y acceder a los dispositivos a trav\u00e9s de esos nombres de archivos de dispositivos especiales con d\u00edgitos en super\u00edndice, y a trav\u00e9s de ellos proporcionar acceso a dispositivos perif\u00e9ricos conectados a la computadora o recursos de red asignados a esos dispositivos. Esto puede incluir m\u00f3dems, impresoras, impresoras de red y cualquier otro dispositivo conectado a un puerto serial o paralelo, incluidos los puertos seriales USB emulados. El error se corrigi\u00f3 en el n.\u00b0 371, que se public\u00f3 en cap-primitives 3.4.1, cap-std 3.4.1 y cap-async-std 3.4.1. No se conocen workarounds para este problema. Se recomienda a los usuarios de Windows afectados que actualicen." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51774.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51774.json index fffa4fe2571..8482a2b1d2c 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51774.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51774.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51774", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-02T06:15:03.007", - "lastModified": "2024-11-04T14:27:25.593", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-06T17:35:41.767", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { "lang": "en", "value": "qBittorrent before 5.0.1 proceeds with use of https URLs even after certificate validation errors." + }, + { + "lang": "es", + "value": " qBittorrent anterior a 5.0.1 contin\u00faa utilizando URL https incluso despu\u00e9s de errores de validaci\u00f3n de certificado." } ], "metrics": { @@ -32,6 +36,26 @@ }, "exploitabilityScore": 2.2, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 } ] }, @@ -45,6 +69,16 @@ "value": "CWE-295" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-295" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52043.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52043.json index aaa1ac075ad..8d3ee4efb71 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52043.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52043.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52043", "sourceIdentifier": "2fdefc65-d750-4b8d-96ee-6e2c0c42dbfe", "published": "2024-11-06T08:15:03.420", - "lastModified": "2024-11-06T11:15:04.140", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6626.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6626.json index e9ae5e47ef5..88bf48b7fd7 100644 --- a/CVE-2024/CVE-2024-66xx/CVE-2024-6626.json +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6626.json @@ -2,13 +2,17 @@ "id": "CVE-2024-6626", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T07:15:04.460", - "lastModified": "2024-11-06T07:15:04.460", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The EleForms \u2013 All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several functions in all versions up to, and including, 2.9.9.9. This makes it possible for unauthenticated attackers to view form submissions." + }, + { + "lang": "es", + "value": "El complemento EleForms \u2013 All In One Form Integration including DB for Elementor para WordPress es vulnerable al acceso no autorizado a los datos debido a la falta de comprobaci\u00f3n de capacidad en varias funciones en todas las versiones hasta la 2.9.9.9 incluida. Esto permite que atacantes no autenticados vean los env\u00edos de formularios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-68xx/CVE-2024-6861.json b/CVE-2024/CVE-2024-68xx/CVE-2024-6861.json index 7c469388325..d489fbe24c4 100644 --- a/CVE-2024/CVE-2024-68xx/CVE-2024-6861.json +++ b/CVE-2024/CVE-2024-68xx/CVE-2024-6861.json @@ -2,8 +2,8 @@ "id": "CVE-2024-6861", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-06T15:15:20.187", - "lastModified": "2024-11-06T15:15:20.187", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-78xx/CVE-2024-7879.json b/CVE-2024/CVE-2024-78xx/CVE-2024-7879.json index eefa1382b22..8f69fc34b9e 100644 --- a/CVE-2024/CVE-2024-78xx/CVE-2024-7879.json +++ b/CVE-2024/CVE-2024-78xx/CVE-2024-7879.json @@ -2,8 +2,8 @@ "id": "CVE-2024-7879", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-06T06:15:03.813", - "lastModified": "2024-11-06T16:35:22.967", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-79xx/CVE-2024-7995.json b/CVE-2024/CVE-2024-79xx/CVE-2024-7995.json index 2b7ab1032e8..f3e13259443 100644 --- a/CVE-2024/CVE-2024-79xx/CVE-2024-7995.json +++ b/CVE-2024/CVE-2024-79xx/CVE-2024-7995.json @@ -2,13 +2,17 @@ "id": "CVE-2024-7995", "sourceIdentifier": "psirt@autodesk.com", "published": "2024-11-05T20:15:15.423", - "lastModified": "2024-11-05T20:15:15.423", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A maliciously crafted binary file when downloaded could lead to escalation of privileges to NT AUTHORITY/SYSTEM due to an untrusted search path being utilized in the VRED Design application. Exploitation of this vulnerability may lead to code execution." + }, + { + "lang": "es", + "value": " Al descargar un archivo binario creado con fines malintencionados, se podr\u00eda producir una escalada de privilegios a NT AUTHORITY/SYSTEM debido a que se utiliza una ruta de b\u00fasqueda no confiable en la aplicaci\u00f3n VRED Design. La explotaci\u00f3n de esta vulnerabilidad puede provocar la ejecuci\u00f3n de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-83xx/CVE-2024-8323.json b/CVE-2024/CVE-2024-83xx/CVE-2024-8323.json index d8f3e2c38ec..c2565753e16 100644 --- a/CVE-2024/CVE-2024-83xx/CVE-2024-8323.json +++ b/CVE-2024/CVE-2024-83xx/CVE-2024-8323.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8323", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T12:15:03.950", - "lastModified": "2024-11-06T12:15:03.950", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8614.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8614.json index 6349bf82eb6..a3bdfb77308 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8614.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8614.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8614", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T09:15:04.520", - "lastModified": "2024-11-06T09:15:04.520", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-86xx/CVE-2024-8615.json b/CVE-2024/CVE-2024-86xx/CVE-2024-8615.json index 9d74bd551c3..fa0d5b17a37 100644 --- a/CVE-2024/CVE-2024-86xx/CVE-2024-8615.json +++ b/CVE-2024/CVE-2024-86xx/CVE-2024-8615.json @@ -2,8 +2,8 @@ "id": "CVE-2024-8615", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T09:15:04.773", - "lastModified": "2024-11-06T09:15:04.773", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-91xx/CVE-2024-9109.json b/CVE-2024/CVE-2024-91xx/CVE-2024-9109.json index 76f7344937c..75cce623a13 100644 --- a/CVE-2024/CVE-2024-91xx/CVE-2024-9109.json +++ b/CVE-2024/CVE-2024-91xx/CVE-2024-9109.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9109", "sourceIdentifier": "security@wordfence.com", "published": "2024-10-25T06:15:13.300", - "lastModified": "2024-10-25T12:56:07.750", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:18:48.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,18 +51,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:octolize:woocommerce_ups_shipping:*:*:*:*:free:wordpress:*:*", + "versionEndExcluding": "3.0.0", + "matchCriteriaId": "7409CD6F-BAC0-4C60-A5AE-5D26B94C05A8" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/flexible-shipping-ups/trunk/vendor_prefixed/octolize/wp-ups-oauth/src/OAuth/Ajax.php#L32", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3173845/flexible-shipping-ups/tags/3.0.0/vendor_prefixed/octolize/wp-ups-oauth/src/OAuth/Ajax.php?old=3158553&old_path=flexible-shipping-ups%2Ftags%2F2.3.11%2Fvendor_prefixed%2Foctolize%2Fwp-ups-oauth%2Fsrc%2FOAuth%2FAjax.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/699fdea9-15ae-4882-9723-9a98d7d53c74?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9307.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9307.json index 68ce663d984..62bb0df6d40 100644 --- a/CVE-2024/CVE-2024-93xx/CVE-2024-9307.json +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9307.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9307", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T07:15:04.717", - "lastModified": "2024-11-06T07:15:04.717", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The mFolio Lite plugin for WordPress is vulnerable to file uploads due to a missing capability check in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file or upload arbitrary EXE files on the affected site's server which may make remote code execution possible if the attacker can also gain access to run the .exe file, or trick a site visitor into downloading and running the .exe file." + }, + { + "lang": "es", + "value": "El complemento mFolio Lite para WordPress es vulnerable a las cargas de archivos debido a la falta de una comprobaci\u00f3n de capacidad en todas las versiones hasta la 1.2.1 incluida. Esto permite que atacantes autenticados, con acceso de nivel de autor o superior, inyecten scripts web arbitrarios en las p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda al archivo SVG o cargue archivos EXE arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo si el atacante tambi\u00e9n puede obtener acceso para ejecutar el archivo .exe o enga\u00f1ar a un visitante del sitio para que descargue y ejecute el archivo .exe." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-95xx/CVE-2024-9579.json b/CVE-2024/CVE-2024-95xx/CVE-2024-9579.json index d850fda4606..e63ff8ae1ac 100644 --- a/CVE-2024/CVE-2024-95xx/CVE-2024-9579.json +++ b/CVE-2024/CVE-2024-95xx/CVE-2024-9579.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9579", "sourceIdentifier": "hp-security-alert@hp.com", "published": "2024-11-05T17:15:07.667", - "lastModified": "2024-11-05T17:15:07.667", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A potential vulnerability was discovered in certain Poly video conferencing devices. The firmware flaw does not properly sanitize user input. The exploitation of this vulnerability is dependent on a layered attack and cannot be exploited by itself." + }, + { + "lang": "es", + "value": " Se descubri\u00f3 una vulnerabilidad potencial en ciertos dispositivos de videoconferencia de Poly. El fallo del firmware no desinfecta adecuadamente la entrada del usuario. La explotaci\u00f3n de esta vulnerabilidad depende de un ataque en capas y no puede explotarse por s\u00ed sola." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-96xx/CVE-2024-9681.json b/CVE-2024/CVE-2024-96xx/CVE-2024-9681.json index af0f5f96137..51a76d087e9 100644 --- a/CVE-2024/CVE-2024-96xx/CVE-2024-9681.json +++ b/CVE-2024/CVE-2024-96xx/CVE-2024-9681.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9681", "sourceIdentifier": "2499f714-1537-4658-8207-48ae4bb9eae9", "published": "2024-11-06T08:15:03.740", - "lastModified": "2024-11-06T08:15:03.740", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -15,7 +15,30 @@ "value": "Cuando se le pide a curl que use HSTS, el tiempo de expiraci\u00f3n de un subdominio puede sobrescribir la entrada de cach\u00e9 de un dominio principal, lo que hace que finalice antes o despu\u00e9s de lo previsto. Esto afecta a curl que usa aplicaciones que habilitan HSTS y usan URL con el esquema inseguro `HTTP://` y realizan transferencias con hosts como `x.example.com` as\u00ed como `example.com` donde el primer host es un subdominio del segundo host. (El cach\u00e9 HSTS debe haberse llenado manualmente o debe haber habido accesos HTTPS previos ya que el cach\u00e9 debe tener entradas para los dominios involucrados para activar este problema). Cuando `x.example.com` responde con encabezados `Strict-Transport-Security:`, este error puede hacer que el tiempo de expiraci\u00f3n del subdominio *se extienda* y se configure para el dominio principal `example.com` en el cach\u00e9 HSTS de curl. El resultado de un error activado es que los accesos HTTP a `example.com` se convierten a HTTPS durante un per\u00edodo de tiempo diferente al solicitado por el servidor de origen. Si `example.com`, por ejemplo, deja de admitir HTTPS en su momento de vencimiento, curl podr\u00eda entonces no poder acceder a `http://example.com` hasta que expire el tiempo de espera (configurado incorrectamente). Este error tambi\u00e9n puede hacer que la entrada principal expire *antes*, lo que hace que curl vuelva inadvertidamente a HTTP inseguro antes de lo previsto." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://curl.se/docs/CVE-2024-9681.html", diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9883.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9883.json index 52b628103be..2e6cfe59dea 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9883.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9883.json @@ -2,17 +2,41 @@ "id": "CVE-2024-9883", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-05T06:15:06.430", - "lastModified": "2024-11-05T16:36:00.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-06T17:32:17.477", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Pods WordPress plugin before 3.2.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)." + }, + { + "lang": "es", + "value": "El complemento Pods de WordPress anterior a la versi\u00f3n 3.2.7.1 no desinfecta ni escapa de algunas de sus configuraciones, lo que podr\u00eda permitir que usuarios con privilegios elevados, como el administrador, realicen ataques de Cross Site Scripting almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n de varios sitios)." } ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -35,10 +59,44 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:podsfoundation:pods:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.7.1", + "matchCriteriaId": "0788321D-338E-4E58-AE9A-23FF1B093D08" + } + ] + } + ] + } + ], "references": [ { "url": "https://wpscan.com/vulnerability/ea4b277e-ef47-4e38-bd82-c5a54a95372f/", - "source": "contact@wpscan.com" + "source": "contact@wpscan.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9902.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9902.json index 91052470a68..7e9fb6e6f63 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9902.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9902.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9902", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-06T10:15:06.200", - "lastModified": "2024-11-06T10:15:06.200", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9934.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9934.json index 851bd96b24a..8c6f793adda 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9934.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9934.json @@ -2,8 +2,8 @@ "id": "CVE-2024-9934", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-06T06:15:03.973", - "lastModified": "2024-11-06T16:35:23.160", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9936.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9936.json index c2a1d72a2af..b806eba4a73 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9936.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9936.json @@ -2,7 +2,7 @@ "id": "CVE-2024-9936", "sourceIdentifier": "security@mozilla.org", "published": "2024-10-14T14:15:12.553", - "lastModified": "2024-10-15T12:57:46.880", + "lastModified": "2024-11-06T17:35:42.870", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Al manipular la cach\u00e9 del nodo de selecci\u00f3n, un atacante podr\u00eda haber provocado un comportamiento inesperado, lo que podr\u00eda derivar en un bloqueo explotable. Esta vulnerabilidad afecta a Firefox < 131.0.3." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920381", diff --git a/CVE-2024/CVE-2024-99xx/CVE-2024-9946.json b/CVE-2024/CVE-2024-99xx/CVE-2024-9946.json index 6d12d23973d..063d5204782 100644 --- a/CVE-2024/CVE-2024-99xx/CVE-2024-9946.json +++ b/CVE-2024/CVE-2024-99xx/CVE-2024-9946.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9946", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-06T07:15:04.977", - "lastModified": "2024-11-06T07:15:04.977", - "vulnStatus": "Received", + "lastModified": "2024-11-06T18:17:17.287", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Social Share, Social Login and Social Comments Plugin \u2013 Super Socializer plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 7.13.68. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login. The vulnerability was partially patched in version 7.13.68." + }, + { + "lang": "es", + "value": "El complemento Social Share, Social Login y Social Comments (complemento Super Socializer para WordPress) es vulnerable a la omisi\u00f3n de la autenticaci\u00f3n en todas las versiones hasta la 7.13.68 incluida. Esto se debe a que el token de inicio de sesi\u00f3n social no verifica lo suficiente el usuario que devuelve. Esto permite que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, si tienen acceso al correo electr\u00f3nico y el usuario no tiene una cuenta ya existente para el servicio que devuelve el token. Un atacante no puede autenticarse como administrador de forma predeterminada, pero estas cuentas tambi\u00e9n corren riesgo si se ha permitido expl\u00edcitamente la autenticaci\u00f3n para administradores a trav\u00e9s del inicio de sesi\u00f3n social. La vulnerabilidad se solucion\u00f3 parcialmente en la versi\u00f3n 7.13.68." } ], "metrics": { diff --git a/README.md b/README.md index 193d53032f3..7b16eac1f73 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-06T17:00:22.288814+00:00 +2024-11-06T19:00:21.748867+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-06T16:41:00.277000+00:00 +2024-11-06T18:35:06.780000+00:00 ``` ### Last Data Feed Release @@ -33,51 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -268445 +268475 ``` ### CVEs added in the last Commit -Recently added CVEs: `7` +Recently added CVEs: `30` -- [CVE-2024-10081](CVE-2024/CVE-2024-100xx/CVE-2024-10081.json) (`2024-11-06T15:15:11.480`) -- [CVE-2024-10082](CVE-2024/CVE-2024-100xx/CVE-2024-10082.json) (`2024-11-06T15:15:11.760`) -- [CVE-2024-10916](CVE-2024/CVE-2024-109xx/CVE-2024-10916.json) (`2024-11-06T15:15:12.123`) -- [CVE-2024-10919](CVE-2024/CVE-2024-109xx/CVE-2024-10919.json) (`2024-11-06T16:15:05.610`) -- [CVE-2024-10920](CVE-2024/CVE-2024-109xx/CVE-2024-10920.json) (`2024-11-06T16:15:05.930`) -- [CVE-2024-35146](CVE-2024/CVE-2024-351xx/CVE-2024-35146.json) (`2024-11-06T15:15:19.247`) -- [CVE-2024-6861](CVE-2024/CVE-2024-68xx/CVE-2024-6861.json) (`2024-11-06T15:15:20.187`) +- [CVE-2024-20445](CVE-2024/CVE-2024-204xx/CVE-2024-20445.json) (`2024-11-06T17:15:14.830`) +- [CVE-2024-20457](CVE-2024/CVE-2024-204xx/CVE-2024-20457.json) (`2024-11-06T17:15:15.107`) +- [CVE-2024-20476](CVE-2024/CVE-2024-204xx/CVE-2024-20476.json) (`2024-11-06T17:15:15.337`) +- [CVE-2024-20484](CVE-2024/CVE-2024-204xx/CVE-2024-20484.json) (`2024-11-06T17:15:15.580`) +- [CVE-2024-20487](CVE-2024/CVE-2024-204xx/CVE-2024-20487.json) (`2024-11-06T17:15:15.833`) +- [CVE-2024-20504](CVE-2024/CVE-2024-205xx/CVE-2024-20504.json) (`2024-11-06T17:15:16.053`) +- [CVE-2024-20507](CVE-2024/CVE-2024-205xx/CVE-2024-20507.json) (`2024-11-06T17:15:16.257`) +- [CVE-2024-20511](CVE-2024/CVE-2024-205xx/CVE-2024-20511.json) (`2024-11-06T17:15:16.467`) +- [CVE-2024-20514](CVE-2024/CVE-2024-205xx/CVE-2024-20514.json) (`2024-11-06T17:15:16.687`) +- [CVE-2024-20525](CVE-2024/CVE-2024-205xx/CVE-2024-20525.json) (`2024-11-06T17:15:16.927`) +- [CVE-2024-20527](CVE-2024/CVE-2024-205xx/CVE-2024-20527.json) (`2024-11-06T17:15:17.147`) +- [CVE-2024-20528](CVE-2024/CVE-2024-205xx/CVE-2024-20528.json) (`2024-11-06T17:15:17.373`) +- [CVE-2024-20529](CVE-2024/CVE-2024-205xx/CVE-2024-20529.json) (`2024-11-06T17:15:17.593`) +- [CVE-2024-20530](CVE-2024/CVE-2024-205xx/CVE-2024-20530.json) (`2024-11-06T17:15:17.793`) +- [CVE-2024-20531](CVE-2024/CVE-2024-205xx/CVE-2024-20531.json) (`2024-11-06T17:15:18.043`) +- [CVE-2024-20532](CVE-2024/CVE-2024-205xx/CVE-2024-20532.json) (`2024-11-06T17:15:18.270`) +- [CVE-2024-20533](CVE-2024/CVE-2024-205xx/CVE-2024-20533.json) (`2024-11-06T17:15:18.700`) +- [CVE-2024-20534](CVE-2024/CVE-2024-205xx/CVE-2024-20534.json) (`2024-11-06T17:15:18.927`) +- [CVE-2024-20536](CVE-2024/CVE-2024-205xx/CVE-2024-20536.json) (`2024-11-06T17:15:19.140`) +- [CVE-2024-20537](CVE-2024/CVE-2024-205xx/CVE-2024-20537.json) (`2024-11-06T17:15:19.350`) +- [CVE-2024-20538](CVE-2024/CVE-2024-205xx/CVE-2024-20538.json) (`2024-11-06T17:15:19.563`) +- [CVE-2024-20539](CVE-2024/CVE-2024-205xx/CVE-2024-20539.json) (`2024-11-06T17:15:19.767`) +- [CVE-2024-20540](CVE-2024/CVE-2024-205xx/CVE-2024-20540.json) (`2024-11-06T17:15:19.977`) +- [CVE-2024-50315](CVE-2024/CVE-2024-503xx/CVE-2024-50315.json) (`2024-11-06T18:15:06.173`) +- [CVE-2024-50637](CVE-2024/CVE-2024-506xx/CVE-2024-50637.json) (`2024-11-06T17:15:20.680`) ### CVEs modified in the last Commit -Recently modified CVEs: `98` +Recently modified CVEs: `193` -- [CVE-2024-48176](CVE-2024/CVE-2024-481xx/CVE-2024-48176.json) (`2024-11-06T16:35:21.810`) -- [CVE-2024-48931](CVE-2024/CVE-2024-489xx/CVE-2024-48931.json) (`2024-11-06T15:46:23.067`) -- [CVE-2024-48932](CVE-2024/CVE-2024-489xx/CVE-2024-48932.json) (`2024-11-06T15:25:41.470`) -- [CVE-2024-49357](CVE-2024/CVE-2024-493xx/CVE-2024-49357.json) (`2024-11-06T15:28:38.160`) -- [CVE-2024-49358](CVE-2024/CVE-2024-493xx/CVE-2024-49358.json) (`2024-11-06T15:27:26.637`) -- [CVE-2024-49359](CVE-2024/CVE-2024-493xx/CVE-2024-49359.json) (`2024-11-06T15:27:02.347`) -- [CVE-2024-49760](CVE-2024/CVE-2024-497xx/CVE-2024-49760.json) (`2024-11-06T15:01:01.013`) -- [CVE-2024-50523](CVE-2024/CVE-2024-505xx/CVE-2024-50523.json) (`2024-11-06T15:46:32.907`) -- [CVE-2024-50525](CVE-2024/CVE-2024-505xx/CVE-2024-50525.json) (`2024-11-06T15:42:52.993`) -- [CVE-2024-50531](CVE-2024/CVE-2024-505xx/CVE-2024-50531.json) (`2024-11-06T16:34:13.990`) -- [CVE-2024-51326](CVE-2024/CVE-2024-513xx/CVE-2024-51326.json) (`2024-11-06T15:02:12.403`) -- [CVE-2024-51327](CVE-2024/CVE-2024-513xx/CVE-2024-51327.json) (`2024-11-06T15:02:55.710`) -- [CVE-2024-51561](CVE-2024/CVE-2024-515xx/CVE-2024-51561.json) (`2024-11-06T15:59:22.287`) -- [CVE-2024-51582](CVE-2024/CVE-2024-515xx/CVE-2024-51582.json) (`2024-11-06T15:47:13.077`) -- [CVE-2024-5578](CVE-2024/CVE-2024-55xx/CVE-2024-5578.json) (`2024-11-06T15:44:19.040`) -- [CVE-2024-5764](CVE-2024/CVE-2024-57xx/CVE-2024-5764.json) (`2024-11-06T16:41:00.277`) -- [CVE-2024-6615](CVE-2024/CVE-2024-66xx/CVE-2024-6615.json) (`2024-11-06T15:35:19.120`) -- [CVE-2024-7456](CVE-2024/CVE-2024-74xx/CVE-2024-7456.json) (`2024-11-06T15:45:58.993`) -- [CVE-2024-7876](CVE-2024/CVE-2024-78xx/CVE-2024-7876.json) (`2024-11-06T15:42:37.723`) -- [CVE-2024-7877](CVE-2024/CVE-2024-78xx/CVE-2024-7877.json) (`2024-11-06T15:42:19.343`) -- [CVE-2024-7879](CVE-2024/CVE-2024-78xx/CVE-2024-7879.json) (`2024-11-06T16:35:22.967`) -- [CVE-2024-9147](CVE-2024/CVE-2024-91xx/CVE-2024-9147.json) (`2024-11-06T15:53:59.983`) -- [CVE-2024-9459](CVE-2024/CVE-2024-94xx/CVE-2024-9459.json) (`2024-11-06T15:29:04.917`) -- [CVE-2024-9686](CVE-2024/CVE-2024-96xx/CVE-2024-9686.json) (`2024-11-06T16:19:04.333`) -- [CVE-2024-9934](CVE-2024/CVE-2024-99xx/CVE-2024-9934.json) (`2024-11-06T16:35:23.160`) +- [CVE-2024-51739](CVE-2024/CVE-2024-517xx/CVE-2024-51739.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-51740](CVE-2024/CVE-2024-517xx/CVE-2024-51740.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-51745](CVE-2024/CVE-2024-517xx/CVE-2024-51745.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-51746](CVE-2024/CVE-2024-517xx/CVE-2024-51746.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-51752](CVE-2024/CVE-2024-517xx/CVE-2024-51752.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-51753](CVE-2024/CVE-2024-517xx/CVE-2024-51753.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-51756](CVE-2024/CVE-2024-517xx/CVE-2024-51756.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-51774](CVE-2024/CVE-2024-517xx/CVE-2024-51774.json) (`2024-11-06T17:35:41.767`) +- [CVE-2024-52043](CVE-2024/CVE-2024-520xx/CVE-2024-52043.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-6626](CVE-2024/CVE-2024-66xx/CVE-2024-6626.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-6861](CVE-2024/CVE-2024-68xx/CVE-2024-6861.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-7879](CVE-2024/CVE-2024-78xx/CVE-2024-7879.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-7995](CVE-2024/CVE-2024-79xx/CVE-2024-7995.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-8323](CVE-2024/CVE-2024-83xx/CVE-2024-8323.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-8614](CVE-2024/CVE-2024-86xx/CVE-2024-8614.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-8615](CVE-2024/CVE-2024-86xx/CVE-2024-8615.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-9109](CVE-2024/CVE-2024-91xx/CVE-2024-9109.json) (`2024-11-06T17:18:48.363`) +- [CVE-2024-9307](CVE-2024/CVE-2024-93xx/CVE-2024-9307.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-9579](CVE-2024/CVE-2024-95xx/CVE-2024-9579.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-9681](CVE-2024/CVE-2024-96xx/CVE-2024-9681.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-9883](CVE-2024/CVE-2024-98xx/CVE-2024-9883.json) (`2024-11-06T17:32:17.477`) +- [CVE-2024-9902](CVE-2024/CVE-2024-99xx/CVE-2024-9902.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-9934](CVE-2024/CVE-2024-99xx/CVE-2024-9934.json) (`2024-11-06T18:17:17.287`) +- [CVE-2024-9936](CVE-2024/CVE-2024-99xx/CVE-2024-9936.json) (`2024-11-06T17:35:42.870`) +- [CVE-2024-9946](CVE-2024/CVE-2024-99xx/CVE-2024-9946.json) (`2024-11-06T18:17:17.287`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 4b1d7e20321..2eae7d315f9 100644 --- a/_state.csv +++ b/_state.csv @@ -146853,7 +146853,7 @@ CVE-2020-11855,0,0,e14561753ea7476ef1a46ad2271a2d7705e48957ee839066d428855f0813a CVE-2020-11856,0,0,5abea0f5863e425aba8da9037a573c7a3b4f3f117b19f6f108ddeefc546a6311,2023-11-07T03:15:13.060000 CVE-2020-11857,0,0,cfe4b29cbd7705754d8ff7c436f360e01cc84f49a7da178c74183fbb0fdce6b5,2023-11-07T03:15:13.327000 CVE-2020-11858,0,0,f1a7878dcbe39fb75e66ba015f3e0a8c37bed95690a925f034528dceb4a78f9a,2023-11-07T03:15:13.613000 -CVE-2020-11859,0,0,c6463e65a47b733c143ba1012ce4867d704a396d64748d0f657e0f2a5a3f62b8,2024-11-06T14:15:04.963000 +CVE-2020-11859,0,1,c131955138a3582e873a3566953f2cade4fb619551817ae25841a82e07360970,2024-11-06T18:17:17.287000 CVE-2020-1186,0,0,1eefdf7a8e33c4c2cd4bfb01e3572e05bdae937974ad739d1b8791b6b68c2142,2021-07-21T11:39:23.747000 CVE-2020-11860,0,0,5ff0fb781acc00bd8736fa43437c501792b5b28d4b3cd41269e4609dde6edb4d,2023-11-07T03:15:13.847000 CVE-2020-11861,0,0,4131e0ca5ed9aa3ac9d2a10890f2f261f9722b9905d29a15f5ba8b6d4694ee13,2023-11-07T03:15:14.130000 @@ -159327,7 +159327,7 @@ CVE-2020-36777,0,0,049b8813e9bcefe32870c3cf66fa0cd20fdf6be2bd1a3ff587d83ec743eb7 CVE-2020-36778,0,0,58953424d0105836bc5b83a06a4f1a21fc2b40fd22d252a3f5643ad3022d6c4f,2024-02-28T14:06:45.783000 CVE-2020-36779,0,0,7eb4e9c2057ae3c0e4d37be51bf4f303afc7478ec993947fd0f0bdf8d4af6494,2024-02-28T14:06:45.783000 CVE-2020-3678,0,0,4aee54f0d31d799a6b08b9c6bf16b18149399fb9c8520d8a6ca631cbbb1bc1e4,2020-11-06T16:36:51.433000 -CVE-2020-36780,0,1,56476c1e5cf8e661b5c2e9c8f9aff0a5c950781a316ab7251e767dfc2013dbef,2024-11-06T15:35:01.093000 +CVE-2020-36780,0,0,56476c1e5cf8e661b5c2e9c8f9aff0a5c950781a316ab7251e767dfc2013dbef,2024-11-06T15:35:01.093000 CVE-2020-36781,0,0,61a407fbdebd7e5824519d452d639a1b2c615525a0a7a84f355881fd9fe34dcb,2024-02-28T14:06:45.783000 CVE-2020-36782,0,0,1431a48342434d9bab8e132cab75b82cbbeff46df1a56cd9e6d3cf750ae4fda9,2024-02-28T14:06:45.783000 CVE-2020-36783,0,0,caa430b2b6e2db815c144f46ee4cfe84516eb1af7156e42225c1288618e90b1e,2024-02-28T14:06:45.783000 @@ -186980,7 +186980,7 @@ CVE-2021-47053,0,0,8f736f2f01b70cfed79b8cbc597240df12c000d5c76b7102c3485a471f32a CVE-2021-47054,0,0,fcf7927d7d238b861acf3b53cedb7d3ed444b00f5c452a34f170e61c2b1ab75c,2024-03-01T14:04:26.010000 CVE-2021-47055,0,0,fb1bc0ca872601a933b9554a3b182a2a27a4fbb393830b0e69e8fce6e4336da5,2024-03-01T14:04:26.010000 CVE-2021-47056,0,0,53a8d2cbb50ac5db0355e680253b631e57465ed746d5d73fab1533b9541e9c36,2024-03-01T14:04:26.010000 -CVE-2021-47057,0,1,1d3916c52a7749b5b8e55bd16d4876c24340a0feafd41a16ef48cddd81108f94,2024-11-06T15:35:01.363000 +CVE-2021-47057,0,0,1d3916c52a7749b5b8e55bd16d4876c24340a0feafd41a16ef48cddd81108f94,2024-11-06T15:35:01.363000 CVE-2021-47058,0,0,b438168fba91aa01292c697aab3b07888b9ffa4094f5b28ad48fc85c717f7887,2024-03-01T14:04:26.010000 CVE-2021-47059,0,0,a6f9203052591d3c066a3d0e65a10b21f093da98369347d14343ba5229adce4d,2024-03-01T14:04:26.010000 CVE-2021-47060,0,0,c4246e1e1755844e9a224a72b45747a7a2b84b1b2fc40a5d5d9511a6b6244c62,2024-03-01T14:04:26.010000 @@ -187049,7 +187049,7 @@ CVE-2021-47122,0,0,28b4df740d5d373d84a01991045074d3d1aa535b070dc5acae075f87e26d7 CVE-2021-47123,0,0,19b5a6623d8c9a1db7519f3fda7b6127df1661faca66bbef10124982153459be,2024-03-17T22:38:29.433000 CVE-2021-47124,0,0,b73327c05d29a4e288826974adc33b62dc05cce859457fb5e2029c3a6d9ce6f0,2024-03-17T22:38:29.433000 CVE-2021-47125,0,0,0756e8b7261e7b1a153ad489bf9ffed4c3c6b590a24bfbf4e2eff1aeaaa58cf9,2024-03-17T22:38:29.433000 -CVE-2021-47126,0,0,a034e294c1d1b663d08eaf969805865c1efbc89fcc8511c70b55bf9fe0c91155,2024-03-17T22:38:29.433000 +CVE-2021-47126,0,1,04c8e8e108310e1fe214f1adf53742d1f96d605d92b4070dc915f41754d74d3e,2024-11-06T17:35:01.970000 CVE-2021-47127,0,0,e4981b245281ea0af5618150d4684033b91a573e39d2b09ae4cf2fd729abd995,2024-03-17T22:38:29.433000 CVE-2021-47128,0,0,d4b8a83073f5f99b0dad82cbfd95dacc611cbe63c431e8fa1d88a19ed32ba271,2024-03-17T22:38:29.433000 CVE-2021-47129,0,0,0b91474c287c9fac5441e0bfddbeb84807bcf87135fd1024c88789a5dd0ae27e,2024-03-17T22:38:29.433000 @@ -187084,7 +187084,7 @@ CVE-2021-47157,0,0,ffa912ab59086aaed72ae16afb96bf4cf5c72c4797b59fc955ea9521c3ad9 CVE-2021-47158,0,0,ed3553c31f579bd6548b37f699692b3ee0e6203d21cc8234a4da99028a7b3d9e,2024-03-25T13:47:14.087000 CVE-2021-47159,0,0,5927d99dc6ec378e92c8f2e42d5d1210c32d7f3d1c668496b4ba8d6204380782,2024-03-25T13:47:14.087000 CVE-2021-47160,0,0,62362f698cb6b23636b1521d294f437609382d60bbb7ece00da2d9b85fb92cae,2024-03-25T13:47:14.087000 -CVE-2021-47161,0,1,1f6534fd9cb538ebb937132ca46b67351f976ac68c13fe1aead97482062b4419,2024-11-06T15:35:02.283000 +CVE-2021-47161,0,0,1f6534fd9cb538ebb937132ca46b67351f976ac68c13fe1aead97482062b4419,2024-11-06T15:35:02.283000 CVE-2021-47162,0,0,1e2d6d3d0829f920390d9527f183551670be304f93fb3935ed211c7efefae690,2024-03-25T13:47:14.087000 CVE-2021-47163,0,0,5d00a110286f0d9fc08feaedc9379b44e524beb2c2fee557e2a8c06a929ec208,2024-03-25T13:47:14.087000 CVE-2021-47164,0,0,7e01c6ba0a36652024857fde9822906da48c9a0dec08bbb57b6100ad8faaba2c,2024-05-23T17:50:11.240000 @@ -187095,7 +187095,7 @@ CVE-2021-47168,0,0,dfbd5c3011cbaa5812f37b0e34b7e875914ae5c83d256825df281398c30a3 CVE-2021-47169,0,0,bcda9b66344a7aacd30ac4a270a0b0cbb80764791e2d22437ee140a93dcca68d,2024-03-25T13:47:14.087000 CVE-2021-47170,0,0,30bedc5f112e16b6562633b4959cdb2a8ec1618c71dbaa0740f0303542cf557f,2024-03-25T13:47:14.087000 CVE-2021-47171,0,0,03916b8077dd25d1d286052d0b8e6e6864f4a8956d7a95395083d7337643a36a,2024-05-16T21:15:30.830000 -CVE-2021-47172,0,1,a0a91260c1b2dde62a0b6da2eeead76a8ea2a1bcde379b2073b3d007c0b4916f,2024-11-06T16:35:01.133000 +CVE-2021-47172,0,0,a0a91260c1b2dde62a0b6da2eeead76a8ea2a1bcde379b2073b3d007c0b4916f,2024-11-06T16:35:01.133000 CVE-2021-47173,0,0,ab78c9cf89ebb7698b9d17847dace711fa50a2f3da3ace9f7afb3c3b9ba92a5a,2024-05-16T21:19:33.063000 CVE-2021-47174,0,0,d0e799e17bb64038a6ef4f4e11d88c18e7cdeb9779058ea60347b8fbe16d6dcf,2024-03-25T13:47:14.087000 CVE-2021-47175,0,0,ecd8849b88cbe55314cced768d69a3efa532eb7d7a60caec067485d827c83589,2024-03-25T13:47:14.087000 @@ -187366,7 +187366,7 @@ CVE-2021-47439,0,0,deb4030b8ddd9f57e2809b987e15ae912806fd170e3bd972e39b8f64188da CVE-2021-47440,0,0,78881d0820ec3934882509266fcaf6cebdeb255396dc9b736225df39e92e2fff,2024-11-01T17:35:01.927000 CVE-2021-47441,0,0,0f3b983feef84ab521b403aca7907c792115b545aee8b57acd22e8325593d7f9,2024-07-03T01:37:55.917000 CVE-2021-47442,0,0,ea327f347d948a1a55388d77debcd85955a3e437785ae68f3946bb6c997710a7,2024-05-22T12:46:53.887000 -CVE-2021-47443,0,0,b5d50d1c05bc973c09a21861cdf0326c927bb3f81ca68dac3f98fd2e7e14e683,2024-05-22T12:46:53.887000 +CVE-2021-47443,0,1,15e5aa6af67a6e75d41be3eb179b4b3357f3b5d572335101b9d77a16cc240c10,2024-11-06T17:35:03.030000 CVE-2021-47444,0,0,4a7cbcadba8057ab0508ef3e73b20bbf54e3188deeb6719cef708aa34243d4a1,2024-05-22T12:46:53.887000 CVE-2021-47445,0,0,21fc896860fffefafa9aa835465276d609313e1013c80059416f676b461ea657,2024-05-22T12:46:53.887000 CVE-2021-47446,0,0,3c208b33728fa949084ac2577096bc3db3ea155516d8511259e29c10cf44eec1,2024-05-22T12:46:53.887000 @@ -187515,7 +187515,7 @@ CVE-2021-47588,0,0,0f7c2ddebf5230cc4da6aa5555c1f5261002923073136fff5e4910d65af55 CVE-2021-47589,0,0,90b76d41b40e586a29ff9e2db3957fc07fd2120cba5363d84fdec4e79fc74d37,2024-08-27T03:16:19 CVE-2021-47590,0,0,f39be5f78d966c2d22d67b4496d2a7538ff62fc77cf57a6c71df81c4fb431fce,2024-08-27T16:14:56.530000 CVE-2021-47591,0,0,7a4c92882fc6ade8ad5eadc6852e87396055c873880477f5c3c9e6323be98b85,2024-11-01T15:12:03.857000 -CVE-2021-47592,0,1,dd2692abff20f0f746e76890be9b0a3eaf65e8e73e8071d8a5c1fae6a9e9f505,2024-11-06T16:35:02.757000 +CVE-2021-47592,0,0,dd2692abff20f0f746e76890be9b0a3eaf65e8e73e8071d8a5c1fae6a9e9f505,2024-11-06T16:35:02.757000 CVE-2021-47593,0,0,f2aed51b37cc91d040b21464062700deebf3a35e4f5b4c52b3d752b924fb09e9,2024-11-01T15:15:41.027000 CVE-2021-47594,0,0,8cdfebe564f634c8797806be731e7843af5aeef7ba442bbd86f3cc5d16520d6b,2024-10-31T13:25:38.567000 CVE-2021-47595,0,0,22cbd66b2328e4653957278957d5f13a2f978d0699c1f3217e6008a131202601,2024-10-31T13:27:04.057000 @@ -215207,7 +215207,7 @@ CVE-2023-20796,0,0,2701789a8326a3208285bd3b0f001130605722f5204d3caa43baa832e056f CVE-2023-20797,0,0,27f06866663eb9b44a4131babadde1bb70df24fa479c51e93c78285f703bcaae,2024-10-22T18:35:00.667000 CVE-2023-20798,0,0,3a53171791afa77a5baabd3d1463e3f8a2d720e815473fe4174889b195ae31e9,2023-08-09T13:49:52.743000 CVE-2023-2080,0,0,e157d4e828722bb0499442360051b052d8336e3a66b9f3d98184689a9dd2e74e,2023-06-30T16:39:02.840000 -CVE-2023-20800,0,1,10bb75e2109d85e4457bbd80d140d8623ef789a87dbda36df2cdcde9cef3514f,2024-11-06T16:35:05.560000 +CVE-2023-20800,0,0,10bb75e2109d85e4457bbd80d140d8623ef789a87dbda36df2cdcde9cef3514f,2024-11-06T16:35:05.560000 CVE-2023-20801,0,0,3f54217e44d01e396e4e56936d1401bc5570f2f6ab2c31efd20c7ef5f222325f,2023-08-09T15:07:45.820000 CVE-2023-20802,0,0,b9dc75b05e578e1b1fdb4b7c06bf0ae88c71275a533562261263d991ebf95f25,2023-08-09T18:07:36.453000 CVE-2023-20803,0,0,812495a0c33694b1008949aaef6370c3b57e0d58b87accd7edcbbc20ee96ee97,2024-10-22T16:35:07.320000 @@ -215330,7 +215330,7 @@ CVE-2023-20914,0,0,a5b39227f923c9a4c5c06b48a85a40593ac596bf36acb8aa3fcc8ef7da62b CVE-2023-20915,0,0,dd34c26e80860ce5e51d76483f9aa503cac11547421806b9306c85cf2c0a8cfd,2023-02-01T19:00:49.127000 CVE-2023-20916,0,0,c85e428b9e471b19c38ba861ffc864e06dbd9ad454d1381d481f1f5482a5bfe1,2023-02-01T18:55:51.083000 CVE-2023-20917,0,0,452145f34f84e9e47203d573f850bcc8cfff3bca5dfa025b483a56005a5ed573,2023-03-29T07:36:39.297000 -CVE-2023-20918,0,0,824189f0f5ed6ae0aa8ce6502e4e781ab5c1c043f9ba9021fc563c36d6790896,2023-07-25T18:02:46.967000 +CVE-2023-20918,0,1,0f609f3509efcfd58d6dc54888b34d28417f5db3ae7b71a494fde712b5793d97,2024-11-06T17:35:20.907000 CVE-2023-20919,0,0,49736c1825943c3082494accf0ef906e965e20720e604d6457fc61defd2240d4,2023-02-01T18:55:32.637000 CVE-2023-2092,0,0,c49f6b9724bff5a142bbb34614415b2b89b0c42009a0af5dba8fdbf21aaca80b,2024-05-17T02:22:39.477000 CVE-2023-20920,0,0,b5fd895d40b65a4b245fd03c8fe1b897798e47770f9123c5167cdf2b40972cce,2023-02-01T18:54:59.567000 @@ -215357,7 +215357,7 @@ CVE-2023-20939,0,0,514e1151f3ae8408f599c055693b7ade5c0bb6833c24fadc6779cbf04a387 CVE-2023-2094,0,0,db54644a03185a25a79dd5e6bcb56b893967c724f11e6456b136b23473493d8f,2024-05-17T02:22:39.677000 CVE-2023-20940,0,0,b9275028dfa14d334c48b6ef407aec2b3f0b7461b573178e21d7756194fdf1f7,2023-03-06T19:40:50.823000 CVE-2023-20941,0,0,5d2eb8fb6d96777de5256cc7a8909da2e3ef7a97da4eb04492abcb0485e25726,2023-04-29T01:50:52.760000 -CVE-2023-20942,0,0,ae8a304cf86e6289cc41a3172a9aa2c376ca4e65e11005f39a535a470b8c460a,2023-07-25T17:42:56.930000 +CVE-2023-20942,0,1,bbb15a4d7824020d71a9106072610f3f8a99fc5a6429550a9be19529da98be80,2024-11-06T17:35:21.643000 CVE-2023-20943,0,0,71f2bd5e0838f8e9db624a96760ac1a2bdfdab5f604f03a257d7f5c2927369c1,2023-03-06T19:40:14.133000 CVE-2023-20944,0,0,b32e0f788173eafc48dcadc370e6431bc86b017cd439034b93dc6dbf88503eba,2023-03-06T19:39:09.687000 CVE-2023-20945,0,0,463ef0675a0cac2365dda60036f103059d7f1447b8f01c1dd76a250c1ac8da97,2023-03-06T19:31:55.937000 @@ -215672,8 +215672,8 @@ CVE-2023-21234,0,0,3ed2d81ee4c7ea17b656428ec3adc3fc9b1508bb86554d88272ed64ae47f5 CVE-2023-21235,0,0,a633fb81316269eabe5fb6486af53986b26d1eb879046641e6e121eedb58adaf,2023-10-13T01:00:32.633000 CVE-2023-21236,0,0,2532d464307feff3594a6f6d73986df60c8b49368732d1a57abdda5cfd10820c,2023-07-06T13:06:36.347000 CVE-2023-21237,0,0,3c50c0373043c735e88c20a061281c0c2dbb919a3babb696de1a40b322a02616,2024-08-14T15:23:35.867000 -CVE-2023-21238,0,0,e0324ebf7aad84b12a859f29b15ca1529a0362b1f85f2ddfcb12accd4bafed43,2023-07-25T18:01:59.637000 -CVE-2023-21239,0,0,3f3587f483915e3c9afb8639c73361bc6926c1d12e35d3dc0d1f9b5209ce998f,2023-07-25T18:02:14.360000 +CVE-2023-21238,0,1,2a0bd78cc2b9cb201fa2ddf38d90a5886080a831f6150e2b85e36926910d5f3f,2024-11-06T17:35:22.390000 +CVE-2023-21239,0,1,308f7fd80a4c01e436cc527c218d159e0897ca615176bc91cf1a3bc7d6717090,2024-11-06T17:35:23.130000 CVE-2023-2124,0,0,743e8b2923f31f42d6f7947651fa77428a8ea1b2d0e5fae61d333897d0913949,2024-02-01T01:35:35.037000 CVE-2023-21240,0,0,df9f70d43c749615d7e4186ed28f62eed05f75faf2ad82f120a60b174e6b8c50,2023-07-25T16:35:18.047000 CVE-2023-21241,0,0,3bd2cf0126ecfb67f5991dfa03d713b8ae0ee11f9b4a6b191c7da6ec765e96a4,2023-07-25T16:35:58.603000 @@ -215681,7 +215681,7 @@ CVE-2023-21242,0,0,a09c7be69b0c4023af5f32626ec7f4f35856ecffe3e3a000c544e8c71e5bf CVE-2023-21243,0,0,a6ce974d22ae659a5350cc915d8548b0f991b424b281574dacef9135854bf791,2023-07-25T16:36:21.863000 CVE-2023-21244,0,0,062e8304900e191e277a105326a083d2c1594b2aa2d126dc8832c5dc9758ffb4,2023-10-12T16:46:48.953000 CVE-2023-21245,0,0,c178800c9e58ae092c1488ee4084eaf528ac5903ae42a647b3e6a94ddc5abcf9,2023-07-25T16:12:10.183000 -CVE-2023-21246,0,0,846b56144841097f07e7c4447befec78968097772b48147642f9c6c49669c5c8,2023-07-25T16:16:17.067000 +CVE-2023-21246,0,1,d32b9e8bc71bda9f3ed685f4bbae2506d2cee8f478c6b9ab7f4bd5ad152221ca,2024-11-06T18:35:00.933000 CVE-2023-21247,0,0,229a053bff86f7c08f0102891e17f0169f7e8feb91de0c07004cafde241b809e,2023-07-25T16:18:21.930000 CVE-2023-21248,0,0,078afadc18700f9015ee0e923d591024c11ac0512959ffb0c120ec88ea350f76,2023-07-25T16:05:34.197000 CVE-2023-21249,0,0,a486e44e57d9dccd47f74171061e7688b88b0f2f0cca9f2940e11dcad2c15f44,2023-07-25T16:06:54.813000 @@ -215691,7 +215691,7 @@ CVE-2023-21252,0,0,57dbebb6899ac6c906da9065e924e0e30d428e73d775998d8462123d17242 CVE-2023-21253,0,0,3b8990883d78c7419c59e2dd3d303f58188da2b212f4a3038b4cb6683e8b7dc9,2023-10-11T18:26:51.070000 CVE-2023-21254,0,0,5450d2d17b57d30e75a8e3ec9902df63bdc818c849e5905b97558080f6001dd7,2024-11-05T16:35:03.223000 CVE-2023-21255,0,0,430ddb4591a64244a173ce0d938a6c075ceb47f87bb26df908cb2c27fb6ae319,2024-01-19T16:15:08.713000 -CVE-2023-21256,0,1,fcf2ad51749c2ab366d11aaad46cd9bcdfddf151fccb8c615c7956f3ef331307,2024-11-06T15:35:03.267000 +CVE-2023-21256,0,0,fcf2ad51749c2ab366d11aaad46cd9bcdfddf151fccb8c615c7956f3ef331307,2024-11-06T15:35:03.267000 CVE-2023-21257,0,0,a7293d75c559fb798497807513698150bd8de3e67e6b65f1cc7315d718af2ffc,2023-07-20T19:46:58.023000 CVE-2023-21260,0,0,cb51e15ff3fa9a63067f38bec463e09fbeec7db8d64ffa7677acca0a6a69d924,2023-07-20T19:04:40.987000 CVE-2023-21261,0,0,5bc6355003a4e85324b7c4ff66a4829f7e01cf7f793596eb5168da3c75da4cbe,2023-11-07T04:06:34.760000 @@ -222244,16 +222244,16 @@ CVE-2023-29111,0,0,b1bc07eb6200b4ea5e40e4e2a49487651690d8b4c4386b24b857eb7e95dc1 CVE-2023-29112,0,0,9f6533a766719bb5d00054122744481c4bc7f510d1a6deb7263cc259df740967,2023-04-18T02:09:33.777000 CVE-2023-29114,0,0,76076058dcbe332e33c66fbf066bdfb8f382055f672fdd2b1c8ce3b503fb6ffe,2024-11-05T17:15:05.277000 CVE-2023-29115,0,0,0639e3caf22e67f34921c04ab98a7fd4f943b66798d89896d171e8d7c0b4a476,2024-11-05T16:04:26.053000 -CVE-2023-29116,0,0,43e1adb1e863181a94eafbe70f342fab882e44687d8ec13b0773e46331c67ecb,2024-11-05T16:15:15.307000 -CVE-2023-29117,0,0,1405fb814da3761fc52b76b30c3a6a8a6c4aaebf6c226cdef308ff1bd35940a2,2024-11-05T16:15:15.543000 -CVE-2023-29118,0,0,69f78dd050930e651382fa63abd9b79e92e75303ea31ae4c779c1e37c8eeee5d,2024-11-05T16:15:15.760000 -CVE-2023-29119,0,0,faf449ada415a8e4547cbcd702df7fe2b69b1a357c9413678b189b6493ca4588,2024-11-05T16:15:15.983000 +CVE-2023-29116,0,1,429c34804f524247348e665e50efd020eeb4b4d2d285a9b9c426f3a08781c149,2024-11-06T18:17:17.287000 +CVE-2023-29117,0,1,e310d988e7529b37b51318b5a7dc9c21ff7a84779eb709063fb77bdef013016a,2024-11-06T18:17:17.287000 +CVE-2023-29118,0,1,e4e2968a780768366bfcb2c87124e26db7600e30c29103d9dd4145222cee6c97,2024-11-06T18:17:17.287000 +CVE-2023-29119,0,1,9ffe24467ee1cf4d9f5ac5f22b38a055b8aa66000b92e5fcc0128365eba50c46,2024-11-06T18:17:17.287000 CVE-2023-2912,0,0,496ac78287b31cd6cd69c389ab18d1e3e891ccac7b3cbaa6ae5b08fdaeac5246,2023-07-26T01:24:28.907000 -CVE-2023-29120,0,0,77d454265c0bb6d604ba9e73d4e16bf3b616eb0e5d7414204f88aa6f73b8f5a1,2024-11-05T16:15:16.190000 -CVE-2023-29121,0,0,9025a15aac158d789c6766a1648df8040a127b752820e72d218b46b8d8388641,2024-11-05T16:15:16.377000 -CVE-2023-29122,0,0,7ad79cfc1afb5778621d2f8cdd9009395b7be9458945f298b4aec0e9b540c4de,2024-11-05T16:15:16.577000 -CVE-2023-29125,0,0,04efff3608b054818404c9944395bd684d6c8bc2c9eebb9e8432f29c92dacfe0,2024-11-05T16:15:16.770000 -CVE-2023-29126,0,0,31b8b6cc07d149916b6385383fff90abc194ab146e0eae9741e42114a6c67b06,2024-11-05T16:15:16.950000 +CVE-2023-29120,0,1,f18bcbb24cb88e0ac22ce3ad4ac40fac81cb4dfab58be9d433f6544f58f190dc,2024-11-06T18:17:17.287000 +CVE-2023-29121,0,1,51b441209ebfeb923b3f9832f8c08d3f8aee25c0e23320ff1871ecf4315a2e20,2024-11-06T18:17:17.287000 +CVE-2023-29122,0,1,e8645199daa2a6159aa1fbf3cc32351317837a47ba690e4e4465c2820a07a16f,2024-11-06T18:17:17.287000 +CVE-2023-29125,0,1,f86dee74044a0b1d7a07fc256493a9abd1bc3a50b1185e48a0d7cc0240d194f1,2024-11-06T18:17:17.287000 +CVE-2023-29126,0,1,997d81d54e7745a9a8723df4df253570f7f9fe6a479678b0c77a7362f434828e,2024-11-06T18:17:17.287000 CVE-2023-29128,0,0,4dadcc6d6e3ece8469eb82b5f4c806c13ff7d302d5d1dd0d89a175b26ccd09a6,2023-05-15T18:21:42.613000 CVE-2023-29129,0,0,f9b9b9bd52fe0e7c2dc8f278bd2b9b52abd5795a4824909b877ed0016723bbd3,2023-08-08T10:15:14.957000 CVE-2023-2913,0,0,14e6e6d236b653f7eb4a3841442b9190f46edfd22b189caff29fe479a61ce509,2023-07-27T19:51:33.973000 @@ -223850,7 +223850,7 @@ CVE-2023-31300,0,0,c6a4108718dbef116ebe62862a40eb993a0f2f7732323f0332ebfa85216b3 CVE-2023-31301,0,0,8b4aa9e0020370e9364f1514c1548d00f13f3a6f7e88a244d5ac3dcc0555465f,2024-01-04T21:53:26.990000 CVE-2023-31302,0,0,7db878fe5302d808bd5001becdb205fd1302d85ff5b5989c39244fbd498603b5,2024-01-08T13:04:07.097000 CVE-2023-31304,0,0,d35cbd3c1a51f731cb3021ec4d7f26ebe776aa5c814e8a89e6392f12283085fa,2024-11-04T17:35:02.577000 -CVE-2023-31305,0,1,af1a24ed09ae428da28818e3b6639df4c603d6ee1ac78ab0a5cce894745493cd,2024-11-06T16:35:06.613000 +CVE-2023-31305,0,0,af1a24ed09ae428da28818e3b6639df4c603d6ee1ac78ab0a5cce894745493cd,2024-11-06T16:35:06.613000 CVE-2023-31307,0,0,927363a24df9ec7431f47a682d4205fb756e21f24bd0cd30e96e1e5c0bf4352a,2024-08-14T02:07:05.410000 CVE-2023-3131,0,0,92b0e6ff89d88f5d5d16464713458f8b0d9ad7ab63634417462d4acc9effd23f,2023-11-07T04:17:57.837000 CVE-2023-31310,0,0,f17e30a0294060da2ce7aa247bba7d7e4f3746a8423691dd74baefa96f0eead0,2024-10-31T15:35:04.980000 @@ -226334,7 +226334,7 @@ CVE-2023-3442,0,0,d473ad06ca0580a0e6c7ea220d2eefce87090bafa291913c0e1821be49a931 CVE-2023-34420,0,0,5b83db1bc772d0d43afe1e68eacecf16d775094f782410d7cbb93a1aa03800e3,2023-07-06T18:19:25.597000 CVE-2023-34421,0,0,fb68e51d86dcaa5e46bdf5288dfde4a0eb36a1a5626a60738b8c092723ab70a9,2023-07-06T18:17:47.483000 CVE-2023-34422,0,0,e9b8378cd22e4f9d2f91400e97cad9834bfe7dcc031bb85da8aa769e96085903,2023-07-06T18:17:32.040000 -CVE-2023-34423,0,1,fef82766b4fdeee53d4f863e005de55f242a3dccd34b61b4f006876c0951eaa6,2024-11-06T15:35:04.380000 +CVE-2023-34423,0,0,fef82766b4fdeee53d4f863e005de55f242a3dccd34b61b4f006876c0951eaa6,2024-11-06T15:35:04.380000 CVE-2023-34424,0,0,095e9da4ca2914fc29e646dda3edf10209c1071219efc6a43524f1572636deb5,2024-08-14T17:49:14.177000 CVE-2023-34425,0,0,1120b8609ed27ea90a68af4d450115333ab9df5807fc53f2eb550267c15bdf32,2023-08-03T16:59:34.220000 CVE-2023-34426,0,0,4031ae37b34c4271fe42f96e1b25dfb502c72d86572d832b499f79eb3d3ef1c0,2023-10-12T22:47:54.743000 @@ -228470,7 +228470,7 @@ CVE-2023-3756,0,0,b29015f32eb51de9285a2151fc01d83b073c800c1925478409ab5a5a7fae98 CVE-2023-37560,0,0,0b7591956a91612c27ab56d3ea7c4da6f4c705534d52744c38104e639d948ce4,2023-07-20T19:28:00.590000 CVE-2023-37561,0,0,de6378f0307613ee0897fd02b0f4d0cda7bf0d5bbd2a5a72a0a64101b1e200c0,2023-07-25T14:11:24.400000 CVE-2023-37562,0,0,42978a50b97f8b1ed8abd07134b8fd82ff52a976f302598cb0e16701b0cfce6b,2023-07-25T14:03:42.807000 -CVE-2023-37563,0,0,e1d428535eb3108b737c5d77a75a9073c2ca50d4130b8fc72de5ced63f449f09,2023-08-18T10:15:10.483000 +CVE-2023-37563,0,1,9d8b93b5c7e3e7c929f4af669f4e5c15453971817f71835496246f5eaaf7f522,2024-11-06T18:35:04.220000 CVE-2023-37564,0,0,5270db3f8441f203ac23fc27afe0045af9c419d6e5d1f3e630dccd8318de07dc,2023-07-25T14:49:22.723000 CVE-2023-37565,0,0,c18fea701ec64ecd9ce77523feb08bc40024815b8daa3221ce7fb65b5e8c0161,2023-07-25T14:50:48.460000 CVE-2023-37566,0,0,05ddb9296fa61e6b00c12a0286b7cdcd672e1017a3adfd55bd711adfab426d60,2023-08-18T10:15:10.977000 @@ -232429,7 +232429,7 @@ CVE-2023-42666,0,0,57fab42bb96d68c8e217cb2afc0110385b7603940944cbd619cfc5e9f14e7 CVE-2023-42667,0,0,30cb419317c489d29cdc7ba3766bcede8467aad9df4fd74972ad7344fc9f8aa2,2024-08-14T17:49:14.177000 CVE-2023-42668,0,0,47abc2bf2bbb0b20ca7097710f76725a48997bdca84169b316c67577af357579,2024-05-17T18:36:05.263000 CVE-2023-42669,0,0,125656ff5427e56fd0e71917cb9f82b665ffbd52efff30980ac5cd11be28e989,2024-09-16T15:15:13.973000 -CVE-2023-42670,0,1,3da5d3291d1a666c6068deac2353dac0900f0ced512ac0a2274d9edcb8322776,2024-11-06T15:15:08.453000 +CVE-2023-42670,0,0,3da5d3291d1a666c6068deac2353dac0900f0ced512ac0a2274d9edcb8322776,2024-11-06T15:15:08.453000 CVE-2023-42671,0,0,72c2e9da700cc2d03817ed0002c8fe2eeb95d9f20a6125d48e866c6a2d9aeab6,2023-12-06T22:09:53.053000 CVE-2023-42672,0,0,8d8965b504889acdb0bce563bddd751c36d54504830008bbac9caa6bc3cac006,2023-12-06T22:09:42.317000 CVE-2023-42673,0,0,f2606d55072e8bba387c928bbe507b25ee1e38d9b997fc351716c25d520eb621,2023-12-06T22:09:33.433000 @@ -232592,7 +232592,7 @@ CVE-2023-42830,0,0,9622822082e6d489decb51a66ff30e0a25a850d4f889ef38731f27c29845d CVE-2023-42831,0,0,15c2657a6cda93c32bf9e6d0e8961db6424b2c5d0a3a331db0a572f126ae013e,2024-01-17T20:51:35.577000 CVE-2023-42832,0,0,d4139f8d7ebcb6dbe3f816f6f2093afb5b55323ca863cc15652de2caab2f0de4,2024-01-17T21:16:29.277000 CVE-2023-42833,0,0,e02c52f1c5983deeaaa5bed3de6de8eda29bc873902f6330c812f223e64b2cf2,2024-02-06T02:15:07.997000 -CVE-2023-42834,0,1,08d87def638a26a5eb9093b6708a8eacf657bb89462798c60d907ee1b3410e44,2024-11-06T15:35:05.580000 +CVE-2023-42834,0,0,08d87def638a26a5eb9093b6708a8eacf657bb89462798c60d907ee1b3410e44,2024-11-06T15:35:05.580000 CVE-2023-42835,0,0,78785fec11e2de3eca12998532cc4e293a664be2c1386edf69f250c848f4be97,2024-02-22T19:07:27.197000 CVE-2023-42836,0,0,57dd9f5214333cc32869174710fab8ff9c58d3ed310e22708cf2b23e79addefb,2024-02-22T19:07:27.197000 CVE-2023-42838,0,0,d2c7cb1076afde325efe19ebd9189ea0f891ccc309473cf4021fe8881f3b600e,2024-08-09T16:35:01.893000 @@ -234547,7 +234547,7 @@ CVE-2023-45856,0,0,9549076e6d0a6fd1b223e9b67c01e74b49d52dd52325c68b86809e5c56a36 CVE-2023-45857,0,0,73cdaec7d516e0e7ed8e90335cf635a85ba7d5cc487bbd7bc0e61ce086b2cacc,2024-06-21T19:15:29.593000 CVE-2023-45859,0,0,8cd8af333d6e843c7205a63eb97f7d3265264e1feda0e9ac560c0011bc43a421,2024-02-29T13:49:47.277000 CVE-2023-4586,0,0,104df30f216072a0247c5bd44506e020988038789133d6aa41fc04bb32e2f895,2023-12-06T22:15:06.693000 -CVE-2023-45860,0,0,3e8ad1b41a18bd1d124e3f4d9770f646f5e8f1aca8861a40a871b09f0b0bcb12,2024-02-16T13:37:51.433000 +CVE-2023-45860,0,1,ca8a1401ae7c184e27cbc7f8d7c23abcd5830dcaec3cd73c6280ff7bd9f2c727,2024-11-06T17:35:24.870000 CVE-2023-45862,0,0,a3fb90f83c4489594bd26a84b93eb5897361e2bdfb615fcafc80fdd37f3c643d,2024-01-08T17:41:12.320000 CVE-2023-45863,0,0,cf6fae54a14f38a06c16e080afb9ebbb51eb002a14bcbc450a25d2e79b041be0,2024-01-11T21:15:10.273000 CVE-2023-45864,0,0,49d0683abe5283d204b1632f92af572fad99867fbce0bd9d10ff82475a42f2b9,2023-12-15T19:18:31.150000 @@ -234606,7 +234606,7 @@ CVE-2023-45925,0,0,165cab9a6af741d0f2a0bcbf7573b725a1a3e968b819f84cfa29a2780557f CVE-2023-45926,0,0,6e11510be2a63a248f16c7fb8affbca6400a19718c1245f13dd016e0c237e809,2024-01-30T06:15:45.480000 CVE-2023-45927,0,0,a12db79aa98ad29e91442cb68de9be1c89ec6e698664c9aa8cb20e2332a3e9a1,2024-08-06T15:35:04.090000 CVE-2023-45928,0,0,692773293cc994caed3570cd831cde7ba12c36d9e87f74ed0925476a93196572,2024-01-30T06:15:45.520000 -CVE-2023-45929,0,1,8b8c2fd2b8f9828010c75d33a6c272de39e04e21b8dd1f458a4f9d62c3a1947b,2024-11-06T15:35:06.040000 +CVE-2023-45929,0,0,8b8c2fd2b8f9828010c75d33a6c272de39e04e21b8dd1f458a4f9d62c3a1947b,2024-11-06T15:35:06.040000 CVE-2023-4593,0,0,4991cf119c8ebfc10d48154734bdf0ee9365316ccc7c1b60d5d04e7ab999d216,2023-11-29T21:23:46.107000 CVE-2023-45930,0,0,ac3197c84435c7633fa4745f386c7743f353780ba24625d46aefcbc75ec9d4de,2024-01-30T06:15:45.560000 CVE-2023-45931,0,0,1f5bd835283ab289e500417af1c235f343ba52a05df340c733345fabae2eb518,2024-09-04T15:35:13.067000 @@ -235410,7 +235410,7 @@ CVE-2023-47034,0,0,c0818dd5042015c3f4d4d5fd25a552c09e060919f4fb03f012723377318c9 CVE-2023-47035,0,0,fcbb1c73e2d81fb86f68464742cde63240ee6e860964d0a7dc4d87746479c330,2024-01-30T14:46:19.023000 CVE-2023-47037,0,0,8363546a4d1f25528ecf62cc8db47a8f0f725707143a02398fedbe67dc32f083,2023-11-20T19:31:24.707000 CVE-2023-47038,0,0,4c6529bc2e9654def8db099986227893367e97cf36a46ff18e36c75cdb025b2f,2024-09-16T16:15:07.003000 -CVE-2023-47039,0,1,d3b51cc560972eae0794d204436154bea371879b81eab609681ecac3d2f78d97,2024-11-06T15:15:10.383000 +CVE-2023-47039,0,0,d3b51cc560972eae0794d204436154bea371879b81eab609681ecac3d2f78d97,2024-11-06T15:15:10.383000 CVE-2023-4704,0,0,5628f2c2aad537b6a06890236ab0bf0e4bc99a623f548e6ffe2a428c25ce40aa,2023-09-07T17:36:22.737000 CVE-2023-47040,0,0,51eecabbcc24b02f70e9874de8b8e78496aa6ad121b94d6662290a171b03a5a2,2023-11-22T15:19:16.977000 CVE-2023-47041,0,0,689b46895ac0f0926e5644c46f2d343bbb5586a6b44ac33b736446481763da8c,2023-11-22T15:19:08.407000 @@ -239217,7 +239217,7 @@ CVE-2023-52509,0,0,bcfcbf5df8dadb5c77febe775be16b48e4efcb0ae7858106717d3661c9712 CVE-2023-5251,0,0,de8655b38a30642065bb297eb9a35bac6ebd60f43a29d54f33ad99175564509f,2023-11-08T02:15:53.437000 CVE-2023-52510,0,0,b0381f94ad157bbb54ab8605627db382c3f938399b2f02a5029ba8865071a1c0,2024-03-04T13:58:23.447000 CVE-2023-52511,0,0,e5b85766627e06fed6623e9653d50048aa2ca94038ff34496b386208621ee95b,2024-03-04T13:58:23.447000 -CVE-2023-52512,0,1,7596373f786b6636f89cf16d29f325de01a9f27b0c6ad0696e922063bc5589ad,2024-11-06T16:35:07.700000 +CVE-2023-52512,0,0,7596373f786b6636f89cf16d29f325de01a9f27b0c6ad0696e922063bc5589ad,2024-11-06T16:35:07.700000 CVE-2023-52513,0,0,68cace4cbac4420bddff285689d43b129b233d8af8a4ea35d26ac73dcbdfbb33,2024-03-04T13:58:23.447000 CVE-2023-52514,0,0,96b3bc37b65a7f0f11caed4828897554155b5e08fde97001434005eb59164e32,2024-03-11T16:15:07.720000 CVE-2023-52515,0,0,5ffa997a555173d9af90e077528a37a683b9a5a159d27ffef5a51bb6da261564,2024-03-04T13:58:23.447000 @@ -239276,13 +239276,13 @@ CVE-2023-52562,0,0,454d21a00b73374bef1d9203abf0967f2678b88a94fb5ff95a91c111a0cb0 CVE-2023-52563,0,0,960b5a9380bd6ee2fc552704a4ddd50a6733a22470964324c4db37d93d49fe1e,2024-03-04T13:58:23.447000 CVE-2023-52564,0,0,3a218cd093fa4b84f7fa8ddb8efdc1d5ffe4511c4ca71bc1445b6bdf4e6aae11,2024-05-28T20:16:33.820000 CVE-2023-52565,0,0,4becfb952fa8e47064b4fdaddf74d7713cacc08775fb52f4169ca8ef22544a89,2024-03-04T13:58:23.447000 -CVE-2023-52566,0,1,3547fc433bca275a5ad62d62658db0ec789f13ee097219d87d141d903fb16ebd,2024-11-06T15:35:06.933000 +CVE-2023-52566,0,0,3547fc433bca275a5ad62d62658db0ec789f13ee097219d87d141d903fb16ebd,2024-11-06T15:35:06.933000 CVE-2023-52567,0,0,a50451bece144678d97953b8ea49da9ccb64fefe2507fb8153d1aff8f013a9c5,2024-03-04T13:58:23.447000 CVE-2023-52568,0,0,b444f7aa7baf716273eed57d650bcc3b718be1471ab1dbcc5422caec9df50396,2024-03-04T13:58:23.447000 CVE-2023-52569,0,0,58631e98443cc1b611c3e34d1dcafd9f7c47aea99380d58e41f42849bfc05899,2024-03-04T13:58:23.447000 CVE-2023-5257,0,0,c8286c5b6aac4d8b9237a485de482507f066ceacb878b722be7d3ce2c69c4a71,2024-06-05T21:15:14.060000 CVE-2023-52570,0,0,f32c0d2ff3df0f2148dfcb622b77eae895ae51d6537593a1efec0066ecc1ef0e,2024-03-04T13:58:23.447000 -CVE-2023-52571,0,0,d3affae6070f8c3d9be2444ea0aeaa09390105b1607818ef8bdbc566b8b47001,2024-03-04T13:58:23.447000 +CVE-2023-52571,0,1,dc1815a4505d32e5fa8181fe50e5998082ae7c32eb331e7a3439fb66b7fccef8,2024-11-06T17:35:25.707000 CVE-2023-52572,0,0,730a90e61bcf526aee63c632c624f72f62bb14a93709f1a128ba9fc0c71c52e6,2024-03-04T13:58:23.447000 CVE-2023-52573,0,0,7e5e6bd381ffbb71b3bbbd757ef0d6a1ee5608f11341ee415da9436efc368c43,2024-03-04T13:58:23.447000 CVE-2023-52574,0,0,19767bcf8d46688c0980198e779622b34fc734504dc124f9a179455901935a50,2024-03-04T13:58:23.447000 @@ -239297,7 +239297,7 @@ CVE-2023-52581,0,0,7691221601b63aee3941e44780c6b7af99209571581645e4b8d4eab0fc7c1 CVE-2023-52582,0,0,5319c9d81969b1c465eda182035ed4a9673e94b09d499044fefc2972ffc554b4,2024-03-04T13:58:23.447000 CVE-2023-52583,0,0,448185b9dcb76c88a4f7c31c75268b66f031a442eec910523ce4db95e0c78ddb,2024-11-04T13:16:39.073000 CVE-2023-52584,0,0,006e4038ef636e5ce45dc9108c9592a1116ce315b254badb755b3f93c3a71dc1,2024-08-06T14:35:04.610000 -CVE-2023-52585,0,1,4746f65799bf828f45c1236f065fcfd2eb13bc3147ae231093e78997188f0853,2024-11-06T16:35:08.497000 +CVE-2023-52585,0,0,4746f65799bf828f45c1236f065fcfd2eb13bc3147ae231093e78997188f0853,2024-11-06T16:35:08.497000 CVE-2023-52586,0,0,545d29d25a05b795b88e1145bd1bacb3b8aa91f79f02282bb6f52947214b6c07,2024-03-06T15:18:08.093000 CVE-2023-52587,0,0,32ea3ae75d40e28174137d8b88c38b16f83a6d744708b5f6a11729fafd9cc18b,2024-11-04T13:16:39.373000 CVE-2023-52588,0,0,0923f4fbd6502719093eefefc24217ff997d166226b53426003273d3160522e7,2024-03-06T15:18:08.093000 @@ -239395,7 +239395,7 @@ CVE-2023-52670,0,0,265ecd23fe8b3bd84fc5ec569945263dce1d735ac2b1faeef2f58b2a52b3e CVE-2023-52671,0,0,58bf4d97be80c8b0e041ad34deaa799ac13079dde949602a5e835e7dd90af1db,2024-05-17T18:35:35.070000 CVE-2023-52672,0,0,f24c4cf75766d255e5636f6912a1b0a91f5547d8c1b8aa939a0e318accb66a8e,2024-11-04T13:16:45.690000 CVE-2023-52673,0,0,c6a5f31e608108682f01613877d2208302c7d15f1a19acb70c24b5f33eb3b738,2024-05-17T18:35:35.070000 -CVE-2023-52674,0,1,ce150f13ccfdd2751ba311b6ccc675129b4733aa7c50e21eadaf6d146542deef,2024-11-06T16:35:09.330000 +CVE-2023-52674,0,0,ce150f13ccfdd2751ba311b6ccc675129b4733aa7c50e21eadaf6d146542deef,2024-11-06T16:35:09.330000 CVE-2023-52675,0,0,c7dcda3181eab7779ae082601fb0dd24e57baf11775d050f6c2f4c314674a571,2024-11-04T13:16:45.927000 CVE-2023-52676,0,0,3fd4a26f33611ada4236d58e802d8cafaaab5a7b370555c1d95dc11fafffefaf,2024-05-17T18:35:35.070000 CVE-2023-52677,0,0,9064b7ec03e5b5f99707d91bdec6284d399d2a792becfa1593b75a80dfba9fff,2024-05-17T18:35:35.070000 @@ -239409,7 +239409,7 @@ CVE-2023-52683,0,0,10cf5db773a627f10f62e2b747504a42a9b761360a3c2b0570d6054a6128b CVE-2023-52684,0,0,33c7802e83b0cacce3f4943922f9d7f250c042b0471e9f2d74c9792f85da2e19,2024-05-17T18:35:35.070000 CVE-2023-52685,0,0,cf8140ec5f2b974bcd3641a1209ca634d3cb951fbfbcbdcc6560b6110e8da549,2024-06-18T14:15:10.603000 CVE-2023-52686,0,0,e035efa57ae3873f49aa0c8ed309f1cfd09bba774f28aff6bfa9af8bf3cd5628,2024-11-04T13:16:46.670000 -CVE-2023-52687,0,0,7564dc4ed2afa9da4c0283ecf1c21d098009347d0d337c4eae9961d0fb6805e8,2024-05-17T18:35:35.070000 +CVE-2023-52687,0,1,b28f8c5460527301f61b9b984f4d389c8ddced6a4a6f85a3bf5048ab19f25e70,2024-11-06T17:35:25.900000 CVE-2023-52688,0,0,3cd2078734f617571b58b5c311bd1d8437fbaca65d85f87b1ed5f0e3d16ce7ad,2024-05-17T18:35:35.070000 CVE-2023-52689,0,0,40fba815490a2f878e711ec2fbdc87e699902b1f8495f67efc65b37ed9ef2836,2024-05-17T18:35:35.070000 CVE-2023-5269,0,0,b9bf32290e7f15507f9d8b7815c71990ec3089c05f84e9f4bf584a3f79bf0ec9,2024-05-17T02:32:56.787000 @@ -239422,9 +239422,9 @@ CVE-2023-52695,0,0,019596ff8bcea9c76950322f8152e61d8eaee33fb41d311ec0c2f0160fbbb CVE-2023-52696,0,0,69720f193d20f64a5130674dd16b28f7bb7410b606f118c48d916c99e602da4e,2024-11-04T13:16:47.390000 CVE-2023-52697,0,0,b2b51fdf81914843eb3ede7029a455fc704d9624e06c392d3c3ffc07af33c338,2024-05-17T18:35:35.070000 CVE-2023-52698,0,0,bd697957057d734fce0d716c05cb74850a6725f68b265c94083446bb30b1ee60,2024-11-04T13:16:47.560000 -CVE-2023-52699,0,0,db3941b284ea9f7c7679e0f3029208071a5bf10757d0160917e108b36ca96df0,2024-11-04T13:16:47.650000 +CVE-2023-52699,0,1,cfea2cc04b938b9739aca5799874a57ed08cc7402a3304ce524b802836c78ba2,2024-11-06T17:35:26.090000 CVE-2023-5270,0,0,59c77e6c24afd41eaace6ecdd84167c5c2319574ba08c67842b725e799e4b2d1,2024-05-17T02:32:56.900000 -CVE-2023-52700,0,1,8cf5738642ff8e2160a8350f4c43f6b287a2fbef0bb1a641ab748ad2417301f5,2024-11-06T15:35:07.743000 +CVE-2023-52700,0,0,8cf5738642ff8e2160a8350f4c43f6b287a2fbef0bb1a641ab748ad2417301f5,2024-11-06T15:35:07.743000 CVE-2023-52701,0,0,677100564637bdf0af06f27033c00966698848f746d9ec1a45da915d615f9d0e,2024-05-21T16:53:56.550000 CVE-2023-52702,0,0,b2e8f62250efb7d825a81d0942184d9e9d88d741263380f5b5947ac07366415b,2024-05-21T16:53:56.550000 CVE-2023-52703,0,0,9a5f1701acfe47b75bd2aae3b80b45b36bdc1bef661725a649671bd38d55592d,2024-05-21T16:53:56.550000 @@ -239508,7 +239508,7 @@ CVE-2023-52775,0,0,50c7d0019b1d6d9694268305f9581086c8e23e10c1390d6e3eaeac029e7eb CVE-2023-52776,0,0,e6fc2f1214d761c410da0e3bbd9005e7cccde7f4c4459dfe89d44080702c79ad,2024-10-31T15:35:18.237000 CVE-2023-52777,0,0,001c71e38885408e23972d68080d982794664c9270f8df3282f1d5a3e325ec79,2024-05-21T16:53:56.550000 CVE-2023-52778,0,0,af232458a4003ddf379460614e985a39b878351e793860f708c43a22d9fc7d4d,2024-05-21T16:53:56.550000 -CVE-2023-52779,0,1,35f2af36e663dc82eebc482ae5002e5be86c04a034a6d9b73297e5d802411be5,2024-11-06T15:35:07.953000 +CVE-2023-52779,0,0,35f2af36e663dc82eebc482ae5002e5be86c04a034a6d9b73297e5d802411be5,2024-11-06T15:35:07.953000 CVE-2023-5278,0,0,9ed036873e5791600c344e37faf86a8cca8c4f49f0ed57ec37019e6db715072b,2024-05-17T02:32:57.600000 CVE-2023-52780,0,0,71bbdc09c4802dd2bd3263a973a78e05c8667cec1aa24459ead9a65b3232f8b5,2024-05-21T16:53:56.550000 CVE-2023-52781,0,0,672dc34d7df8e2538a1bd7387d1d7153c233396e17f3287de63ebae18ca666d8,2024-05-21T16:53:56.550000 @@ -239600,7 +239600,7 @@ CVE-2023-52859,0,0,dcb103c64193352741145eac6fcb7e386ada62988159ecd8c812858a0ffcc CVE-2023-5286,0,0,e64405a1a7aadc144eb29cd47c0ee611b7f7eea6e5cd0bd580c645cede9848c4,2024-05-17T02:32:58.453000 CVE-2023-52860,0,0,134621bdbc093e5eb34a513db021645a7639068426f556ccbc9e64163ff94439,2024-05-21T16:53:56.550000 CVE-2023-52861,0,0,0ba89c620b53b7997e5b0a5ed7e22a03376017d887df49a75e14b2c691dd945e,2024-07-03T01:44:07.527000 -CVE-2023-52862,0,0,33d8250a3df72009aa8fbda4c21436b7c209b28bc8cf1642b43174416842e020,2024-05-21T16:53:56.550000 +CVE-2023-52862,0,1,e3fd321a8f8445da65ab20d534c741bc7ae598ec73f79bb3e56126ef6893392b,2024-11-06T17:35:26.283000 CVE-2023-52863,0,0,d7546abc5624b2f553512814acf4c8a1f8afdec6b11c443606b0651c7011f28d,2024-05-21T16:53:56.550000 CVE-2023-52864,0,0,01d7d9dd91578b6ff2409a37d6908b0643ca1a3d5f712102ef6e8831cb3e2995,2024-05-21T16:53:56.550000 CVE-2023-52865,0,0,28f39cd2dcdd035b9f9d08e11f8baca2a71253580f8188804dc43baf5f850350,2024-05-21T16:53:56.550000 @@ -239611,7 +239611,7 @@ CVE-2023-52869,0,0,d37040a4a2cb7087cc996199bd2cd80e9806440599974a39ed17964633485 CVE-2023-5287,0,0,ce1ed467182937769fcb531729fdb4e9725d88b02f3d1fc370ffab1fa8fb95bd,2024-08-02T08:15:35.190000 CVE-2023-52870,0,0,3cd29495f5e39cdb702ab14ac676ec18938d854c6c7555166963b459739cbd65,2024-05-21T16:53:56.550000 CVE-2023-52871,0,0,fe9db8c2a60a638be83569a9528a947015c20fb1ca847cd7d6ee75b69b6f429f,2024-05-21T16:53:56.550000 -CVE-2023-52872,0,1,95562b8fb0cc421a39b970c47689ca5dfb57a52adf4583e91f8091a32ec9fe9a,2024-11-06T15:35:08.170000 +CVE-2023-52872,0,0,95562b8fb0cc421a39b970c47689ca5dfb57a52adf4583e91f8091a32ec9fe9a,2024-11-06T15:35:08.170000 CVE-2023-52873,0,0,87939aab335722274ff9346609ace667795230b4a40e5a5c0583dd242243c124,2024-05-21T16:53:56.550000 CVE-2023-52874,0,0,e0bde5c9d067b51935dae10235349446ec01111a07b6d9dab0a4b837f2b4b432,2024-05-21T16:53:56.550000 CVE-2023-52875,0,0,f89b47c6a058c9e63aaee66c4a65f9a4f131ddf5de7d0dea6f59a180e1733342,2024-05-21T16:53:56.550000 @@ -239624,7 +239624,7 @@ CVE-2023-52880,0,0,e40d961d339809fe9d2ce55424c4c1926381fa43195c1923838f4a035a075 CVE-2023-52881,0,0,6fd8affdcc64e7515585a36e8830d44119718460b76d8f8a6eab4860fa38ecaf,2024-05-29T13:02:09.280000 CVE-2023-52882,0,0,a314c9a885882a3e9bb52cd23a2202bffd95922b5ae0a571e165b78a7fb9e12e,2024-11-04T13:16:58.767000 CVE-2023-52883,0,0,97759c00758e41d95ed1ae62b92bf41e3188ce0db01c0040d74fe100684b74d7,2024-07-03T01:44:10.627000 -CVE-2023-52884,0,1,ee19f9629bb6a99663e07cc06ba1969869e65831218a77bee43c7237d0ba7c57,2024-11-06T16:35:09.513000 +CVE-2023-52884,0,0,ee19f9629bb6a99663e07cc06ba1969869e65831218a77bee43c7237d0ba7c57,2024-11-06T16:35:09.513000 CVE-2023-52885,0,0,ba54ce0f1e6cfdb0c3068ff6239477d1947ca1e313d076509a55e33f062d9169,2024-08-21T17:03:01.107000 CVE-2023-52886,0,0,83b61df55327135062e5e522c73f391153e99ea45d147df2c64cdb19c2b2b0e2,2024-08-21T17:28:49.267000 CVE-2023-52887,0,0,cb846ee4e76e369153e430accd03bef53983c1edb90492817231cbcbd98213a5,2024-07-29T16:21:52.517000 @@ -241583,7 +241583,7 @@ CVE-2024-0128,0,0,b74c421dd43501e0b836aea4fd331a4d8fa2654f8f97b63889c0c6ed9b383b CVE-2024-0129,0,0,6ed61392ba79f5db5fcce1c9578b2019ba40cb0d76cd37c2f6f179769672e354,2024-10-15T12:57:46.880000 CVE-2024-0132,0,0,f1d27ee91d38f95f18265c56576359c7b74449c09c2448ac9270cfde0a145c24,2024-10-02T14:45:36.160000 CVE-2024-0133,0,0,1869d101f5a07bee8a308ca6354c7bbc691223866612cf3986da3052ed18f6e1,2024-10-02T14:43:22.433000 -CVE-2024-0134,0,0,4e17cd434509d593eb3d33a2da951e6e54940c42d73d654db0f00b4365d32414,2024-11-05T19:15:05.203000 +CVE-2024-0134,0,1,8179df4b53e451da8a57e966071cc45758a046ec9885d5b2c44c063cfe4a72e5,2024-11-06T18:17:17.287000 CVE-2024-0151,0,0,e688008e47f7f2b2995cf15f9fce74bb525b3898f5e47db0ad5b6ce2aa86a255,2024-08-09T19:35:02.910000 CVE-2024-0153,0,0,27805279095cb051183cab09aac75c2d46b1759d5204833928b95d85cf667e87,2024-07-03T01:44:37.677000 CVE-2024-0154,0,0,e0c538dbc1a8e60b09b037cacd452435c496c209b1106146ca859e110f3efaa6,2024-03-13T18:15:58.530000 @@ -242378,18 +242378,18 @@ CVE-2024-10005,0,0,994151234745b865e98f1c59b1ec5c9d24ab3ed639b70dbd6289a610481e7 CVE-2024-10006,0,0,18cfd5ef2071f0d6f792ad9964a72fcc3b1008a3d47db75b247fd60b26169623,2024-11-01T12:57:03.417000 CVE-2024-10008,0,0,93a7056d3eedb0f45bdd1f80f18e9d31f27172cc24baaadb6be41dc083092214,2024-10-29T14:34:04.427000 CVE-2024-1001,0,0,481a263280d7671352a0e81cdb22876e1831937aba78d275dcb085f339a7c9b0,2024-05-17T02:35:08.903000 -CVE-2024-10011,0,1,c65457aada34faaf1e6c0516da2186c923ac9223c52e8a5eff532b04914394dd,2024-11-06T16:01:39.573000 +CVE-2024-10011,0,0,c65457aada34faaf1e6c0516da2186c923ac9223c52e8a5eff532b04914394dd,2024-11-06T16:01:39.573000 CVE-2024-10014,0,0,e8d1f2b2bcba8c55790a5ab025cb991579911523f1b20331581610c1fd5c2ad1,2024-10-29T16:58:48.127000 CVE-2024-10016,0,0,21d0091eaff7fe7567d1651c36c431401391330eaae7a5e6c3e21a28cc10ea9f,2024-10-25T12:56:07.750000 CVE-2024-10018,0,0,2aa14605c63d984e9b2fdfd4b3872cd3e6ce36a0ab239799435cd07454bf385f,2024-10-16T18:35:03.460000 CVE-2024-1002,0,0,da9ff0a1d838ebe2cbec1ae9defbaf7310d6b3493363163f0389be14aee69800,2024-05-17T02:35:09.013000 -CVE-2024-10020,0,0,22ded59140a74827de04eeaa66f4518c20f7bbc8276f818a4046b996cf6f7ca8,2024-11-06T07:15:03.377000 +CVE-2024-10020,0,1,411252d187fd44018a9785a70fd4b3b0d9e940b0aca6606f5833281e517732be,2024-11-06T18:17:17.287000 CVE-2024-10021,0,0,6df5b82bec28e371ca7d7ba7f52fc071f45722354fdfe7b2e6f4842f1f48ebe4,2024-10-21T13:13:25.677000 CVE-2024-10022,0,0,92e93478773b21ba9b2d43e5c324e5c622d589913a6faa7f64ee1349beb7c2dd,2024-10-21T13:14:02.203000 CVE-2024-10023,0,0,fb7a2d87c1d01f1c0f753ee2a4448f391382353000e2526f44469dfe5432a49f,2024-10-21T13:14:37.300000 CVE-2024-10024,0,0,341fb3a51358c0d5f83894d8ffa34bc8830630ac4903510ed67f09db34646b2e,2024-10-21T13:15:01.730000 CVE-2024-10025,0,0,19a46c25128674d2a3df76dfa6881dd0177e057f9e034fa6abc2c0a4e8bba033,2024-10-18T12:52:33.507000 -CVE-2024-10028,0,0,493fd09fe997a0d0c0a244e206a2ff4eed837ef7984bf0f133d1110e07bd6a52,2024-11-06T00:15:13 +CVE-2024-10028,0,1,3efb32d0ea3a8f3bb8e9563cfd9c2e219c2c04ec85bc2ed4f5f1bb43fa35dabb,2024-11-06T18:17:17.287000 CVE-2024-1003,0,0,5577a6ad54fba7e1e984add6f75aca7e6ad73817623f9ed150fa33b583cd3fae,2024-05-17T02:35:09.147000 CVE-2024-10033,0,0,e2a4855e02c8a9aa5aec00750ec89db4d8c9b23a9a547fcb7ea42ccd4625cc1e,2024-10-30T18:50:04.137000 CVE-2024-10035,0,0,e1bab51809ac69fa5c75a2d897691dc0f5acda7e478ad5d8b743b12fab524013,2024-11-04T18:50:05.607000 @@ -242415,9 +242415,9 @@ CVE-2024-10078,0,0,2a32e11049e01066fde7387ca375ea057ecc9dffb9aee4dba521fe1d1cadf CVE-2024-10079,0,0,373e7888db951070e423ef6d1503b855c013868b3575c214d882cd52c4cf0816,2024-10-22T16:27:54.577000 CVE-2024-1008,0,0,a9b7d9e2e828ed74dc3f97aef993fcfdb7b13561fd219152455ff7524c8067cd,2024-05-17T02:35:09.680000 CVE-2024-10080,0,0,e70a3cc8d8ca25d9e3db818c04f9b2eeee833bf342884de7579048a734fce30e,2024-10-22T16:27:38.840000 -CVE-2024-10081,1,1,def2632c02d1dcb9b64032462c1b4a89b9084b94388cb71ca9a1f897cf401738,2024-11-06T15:15:11.480000 -CVE-2024-10082,1,1,bb998830be0e60ab819c614ebfb6a72fdccefc358545d925e67868a573b2d1b9,2024-11-06T15:15:11.760000 -CVE-2024-10084,0,0,c02f9832b47ddde0b9f0f9bd4203f19083322b6a1cdea1e533bf8b8bdd88d98f,2024-11-05T22:15:20.680000 +CVE-2024-10081,0,1,02bb4630f1bd07592e1673b83167b1b74439f6fef64e9edeb4466adb088e4166,2024-11-06T18:17:17.287000 +CVE-2024-10082,0,1,1353fffccefb1e0d8d603c4a74d221b2e582bea5f6338afcbdcf09cc3484503a,2024-11-06T18:17:17.287000 +CVE-2024-10084,0,1,6c35f4b944eae2a74d6ccb26affd7a86ccbe9f319e73f030b2b1f9dd7533693e,2024-11-06T18:17:17.287000 CVE-2024-10086,0,0,55dbd034cc5bcfc72ef61558769b28af129c045d8e5e80d55b2abd4a355e138e,2024-11-01T12:57:03.417000 CVE-2024-1009,0,0,97af4237278897e4de60a52c929ac5642d8b709167b278dc1af6a70d4d177e3b,2024-05-17T02:35:09.780000 CVE-2024-10091,0,0,d0b808b13e4ac8a1cdb029b434d2f58c9a91ce65332255a3523a2d40d54e2bbc,2024-10-28T13:58:09.230000 @@ -242458,7 +242458,7 @@ CVE-2024-1014,0,0,8e546db835ee0e62e0f6ed5b95e90d5586231fc78746cbbfef7db3d61b3c5f CVE-2024-10140,0,0,ec9d51c2fc14eea2e4cdb7aa8f8bd180db2ec005ceca8608d4d081404a2e210c,2024-10-22T14:19:08.420000 CVE-2024-10141,0,0,1a2024f75553982bce647b93dbf2bff672eefec5950fa457467c64b98f6e45c7,2024-10-23T20:27:09.370000 CVE-2024-10142,0,0,f8d897c68f0699e753bf4964aa75eec3baa1d06414695c8d5256c262c45a3b84,2024-10-22T18:11:20.450000 -CVE-2024-10148,0,1,83c51017fcaad8303b49e241d62740cf9ee14ff3b98ac6e60e27203bec158551,2024-11-06T16:02:22.120000 +CVE-2024-10148,0,0,83c51017fcaad8303b49e241d62740cf9ee14ff3b98ac6e60e27203bec158551,2024-11-06T16:02:22.120000 CVE-2024-1015,0,0,5516b1d1af5a9d3814b8a6e102d3692fcdb9c463b2e2645787afdcb157946f20,2024-02-02T02:04:13.267000 CVE-2024-10150,0,0,980e5c556ba92cfe6f78a7c5edf14225adf63d1f935caa703239c8f6c3933115,2024-11-05T17:47:35.353000 CVE-2024-10153,0,0,d622b7ea723b18e6ddfc603f2d4acbb1cff3ff02ebe01257835c2e3461165bac,2024-10-22T14:45:04.670000 @@ -242476,7 +242476,7 @@ CVE-2024-10163,0,0,26289a38ca28d6fbf3697cebc7b8e78d717fbaa250d69c3062759b06a1925 CVE-2024-10165,0,0,5e96b8bac045d76007a8a1ccaf66b23094bbe577806718f5c39b95850bfcb648,2024-10-21T21:35:06.987000 CVE-2024-10166,0,0,d38e0eaedffd343f532bd4c1abf13dec4f7eece79809104c00c35d23c5bd77f6,2024-10-21T21:34:52.430000 CVE-2024-10167,0,0,e7ee4350c0d87b98f4009c350ce488d1222a8473f5eed0163be4fcf02375526f,2024-10-21T21:34:25.810000 -CVE-2024-10168,0,0,a16f3a0a04d9c48b4fad3fd0fbb393d0f9afb00a27bf1e0807ad26442e6357ad,2024-11-06T12:15:03.400000 +CVE-2024-10168,0,1,339160409cd0f12c7683b36696f4cb443613ec9efc739e3b680bc936314b782a,2024-11-06T18:17:17.287000 CVE-2024-10169,0,0,1db0b82161d097e04e0d9142501d34c98067446995af0ad4d8dda4cff4f3006d,2024-10-23T15:01:58.987000 CVE-2024-1017,0,0,50b68641acb97d381e6a65107328f0dab0fccf027bea27ef0f379cc058119760,2024-05-17T02:35:10.627000 CVE-2024-10170,0,0,43858dc94e553ea996e2f62171c2a07580bf4384f9d10283ecd355d244289e84,2024-10-21T21:33:49.663000 @@ -242489,7 +242489,7 @@ CVE-2024-10181,0,0,e508d85fb29127dc9615d55a59c4f686aa113b77b39ab8d7dcfaa4fd4cd2c CVE-2024-10183,0,0,120f83031d6b056b9464662cc23a397a8370d5b6b85b4ebf16896e12042e7ae6,2024-10-23T15:12:34.673000 CVE-2024-10184,0,0,82e323cdb696d7fc911e7053501b005fcd00bb282537fcf739cadb894187d0e9,2024-10-29T14:34:04.427000 CVE-2024-10185,0,0,ca6dfd9088b0219f97894c0990b4ec594d404f7f2fe7b73023fa5dc239e3eb40,2024-10-29T14:34:04.427000 -CVE-2024-10186,0,0,8d98d00d5e4317f317623daa0bf76a7d2697352eb8a7e00af128c76c07c6a29c,2024-11-06T13:15:03.163000 +CVE-2024-10186,0,1,4d3fd62519980f28301c21dabc2a1b809b1f9ddb59c1a1919a3b85ca718f63f1,2024-11-06T18:17:17.287000 CVE-2024-10189,0,0,44ab01729f421efaf03808ae973a9923c5f8c6b41f07f8511cb89b2ff9a7419b,2024-10-29T15:27:55.550000 CVE-2024-1019,0,0,9d34fb91efb6a448073ac765944da7eab7ec7fd07c6fef378639c859599f6841,2024-02-20T02:15:49.973000 CVE-2024-10191,0,0,4ecd88c27c34e37b94ed56c347924bf6837bbfb39d55fba1c828925d6337ab29,2024-10-22T14:33:12.313000 @@ -242556,6 +242556,7 @@ CVE-2024-1031,0,0,6576162a78ac686f55e5931a6b8f02ff6c7312ac04792581e6d78da8a91700 CVE-2024-10310,0,0,3b0decb54117e1f6369f0c8a49822eb1c6d4be5cb40b8b5a9079fd842cd0c653,2024-11-04T13:06:20.190000 CVE-2024-10312,0,0,d10f0012149342545ee317e492eeaf284c6b634b254526457f270c7ce4937a16,2024-10-29T14:34:04.427000 CVE-2024-10313,0,0,0a692e743da8a6f5929e9a5e61a16c962249b9fbffffedea4a154098bf7390c0,2024-10-25T12:56:07.750000 +CVE-2024-10318,1,1,06619bb56558e0f10864429c945425b877bba746e9eef82aa6f8f84cae37fa22,2024-11-06T18:17:17.287000 CVE-2024-10319,0,0,5468d886bd968d2a0086e16959cf17c4049ab513bf16fb4e9e7a155b4a959eef,2024-11-05T16:04:26.053000 CVE-2024-1032,0,0,06925fc416f8ceea7fb895efc2e3f765d4f064c5150968a9409448741aa1fb78,2024-05-17T02:35:11.947000 CVE-2024-10327,0,0,5a1546502e73211d148718e818d15cec9bc5841df26bde254740ef77c9d65b28,2024-10-25T12:56:07.750000 @@ -242589,7 +242590,7 @@ CVE-2024-10369,0,0,5a59dc320150c27565cde3d9105528beaf16a536e1981e9f54165bf31963a CVE-2024-1037,0,0,dc80ea945a1c7339fa73e61584161c3f0eb5c7e682984c3146b230e695ed7de9,2024-02-14T19:09:45.253000 CVE-2024-10370,0,0,810741af1a3bf30d10bf8fd3a18c7ee61ae1ab9f3ef9c730b2d4820dea325396,2024-10-30T16:38:40.240000 CVE-2024-10371,0,0,0850681dd0b7affd7117bf912b3d2c475da42ed7b5f5270f8839e339171d9bac,2024-10-30T14:51:07.863000 -CVE-2024-10372,0,1,760e428378ca580a2e8de74a43d8197c447551684d813b2d5044a994602fc947,2024-11-06T16:14:18.327000 +CVE-2024-10372,0,0,760e428378ca580a2e8de74a43d8197c447551684d813b2d5044a994602fc947,2024-11-06T16:14:18.327000 CVE-2024-10374,0,0,59bba53bba8dcb6bcfc375aa5430a3869e7605a1791381fc737854720c5b6516,2024-10-31T00:00:05.510000 CVE-2024-10376,0,0,95e4b2ca1d9478238b6df8568a8067745a807f54c02d8d39506166551c5accfa,2024-11-05T19:41:05.657000 CVE-2024-10377,0,0,a8a18885876ea2b784ebbc0a8c81bdbd2a80a2218b0707e9386d6291df1f6903,2024-11-05T19:41:20.677000 @@ -242679,10 +242680,10 @@ CVE-2024-1049,0,0,bd86fa3ef2f3a9c880f8a662bf41f8b013cc8d0ec2ff1efa897f3a7402b5b9 CVE-2024-10491,0,0,f33441d6c92d87ca16910a8323bc5e8a639fd467cfc850f84d7cafae4ac660c2,2024-11-01T12:57:35.843000 CVE-2024-1050,0,0,f9f89980ca3ef0ce2f5e1044207260b8a92a6effafa867ba6315fdcbfcd0b749,2024-05-06T12:44:56.377000 CVE-2024-10500,0,0,bddae50bc804155e5161a5d251f766fa5e94cb4ca0f1c821cd5c6c71919d4e5d,2024-11-05T21:02:30.333000 -CVE-2024-10501,0,0,a70901ebbe857107cb9bb8409a7ad0d1b2c691f80c6c857ec50d4420c6cf347f,2024-11-01T12:57:03.417000 -CVE-2024-10502,0,0,fce601075c201d64c89f4f21bd8a6e3aff01db0b1bb576e35393eb137d39e4fe,2024-11-01T12:57:03.417000 +CVE-2024-10501,0,1,e92a1c96016022d8025ef3fd666c6c9af09cbae079cb6d8e90c401d3e79e1def,2024-11-06T17:20:32.857000 +CVE-2024-10502,0,1,7aae60a6555a9e6b45f16ad692f35131a0c7b1713c4f2b1d5ad6f885328f5b09,2024-11-06T17:20:59.217000 CVE-2024-10503,0,0,d0938dc9dfcbd9b6af1dd5f7544d5c3c05248ffab7bb7a1061cb91ee8b65adf9,2024-11-01T12:57:03.417000 -CVE-2024-10505,0,1,c2e4dc18acc74e5271db8cb3e15214f9dd0d0109f9bfb244eed546322fc7a27b,2024-11-06T16:38:28.750000 +CVE-2024-10505,0,0,c2e4dc18acc74e5271db8cb3e15214f9dd0d0109f9bfb244eed546322fc7a27b,2024-11-06T16:38:28.750000 CVE-2024-10506,0,0,0939772e626263a52337b63c636fa0ed508985935d55c41e4bf2e3b45cb2569c,2024-11-05T16:22:39.830000 CVE-2024-10507,0,0,f18494a65f96198598cd9275318405539a3d8636ddbe0a37967ba2288eae01ea,2024-11-05T16:23:56.073000 CVE-2024-10509,0,0,a9d05e50f1563ceed5339878fa8c2329eea9e28284f4c0c86984d14b77803f94,2024-11-01T20:52:15.573000 @@ -242691,10 +242692,10 @@ CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef CVE-2024-10523,0,0,0a9da5f6f5fef7b13b15150d455643207cf8fb33d80d9527338aeff92e2045d0,2024-11-04T18:50:05.607000 CVE-2024-10525,0,0,cfad79154f466fe96736eabfa65cac8f6409e21deb7f07d79c02c68ee3f19eb2,2024-11-01T12:57:03.417000 CVE-2024-1053,0,0,3d9e5b8218feb39348551f4e96f20fbacd04f2b39830165bb00a553a3d3c5ccf,2024-02-22T19:07:27.197000 -CVE-2024-10535,0,0,4d5fc084eeddeb807ff84423276774a18b0bf1537bf468f9720de78b576b01d7,2024-11-06T07:15:03.880000 +CVE-2024-10535,0,1,56cdc2e791f3000cab33f46caa279b46ba491ee0301f477bedc871a8b91a9a81,2024-11-06T18:17:17.287000 CVE-2024-1054,0,0,f8e7e53b5707aaecdfe1ea6fba53413ba04bed5cdf673762252b510775f984b1,2024-02-29T13:49:29.390000 CVE-2024-10540,0,0,1885d17d6b705045d75944e7bfd00755cc43fa534a9308c6cf91207b99518e74,2024-11-04T13:18:27.017000 -CVE-2024-10543,0,0,f508723595c06793bcf49434f20a997d5412d024edb1fdd5e1d5812ac0eab163,2024-11-06T07:15:04.160000 +CVE-2024-10543,0,1,016d8cb66c7c5d3fab1f479532a387e4f294c8e7d36ab250ad67d2b955e9ae9b,2024-11-06T18:17:17.287000 CVE-2024-10544,0,0,d84fa7aeaabdc2cfe5861efef74c5b30022ed51487865228c56366868169c4d7,2024-11-01T12:57:03.417000 CVE-2024-10546,0,0,fe7c4bb80388357d2012de9abcf9bdb2510a4d8644b958f5e63299c9a417e4c8,2024-11-01T12:57:03.417000 CVE-2024-1055,0,0,ccc78f7d4bd63bcc448b5e62f7789de0e1a26ab036272b89eca521cba41a35e3,2024-02-14T18:59:33.780000 @@ -242710,7 +242711,7 @@ CVE-2024-1059,0,0,76d1b9b40438f497b680a6494941e57752e942263b38e7996980a78bf67b65 CVE-2024-10594,0,0,015abb205f2a621c92b02e8c535085d082f03901ef52c99004ce024df21aac90,2024-11-05T17:05:10.533000 CVE-2024-10595,0,0,713412cb3481e40d2727869bbf69e43a9603569843cd3c3208811998499997f6,2024-11-01T20:57:26.027000 CVE-2024-10596,0,0,e577a1bc49113e32decc51f28cd54bd130c95b97448380193826560332b3fbe2,2024-11-05T16:20:13.623000 -CVE-2024-10597,0,1,586f7e6419aca9573421f10f5561b525da7bb97b4cb4d10c23f61ebdf726d862,2024-11-06T16:28:48.520000 +CVE-2024-10597,0,0,586f7e6419aca9573421f10f5561b525da7bb97b4cb4d10c23f61ebdf726d862,2024-11-06T16:28:48.520000 CVE-2024-10598,0,0,660edc51f4fc2fa9935095811accaae31a6c26005b25bae3073af9a24ccefd47,2024-11-04T19:44:05.513000 CVE-2024-10599,0,0,42ec1e77225c5fd4ca05825fc485c8d353f9da187c3647e655d8a79fac27eb60,2024-11-04T19:44:59.183000 CVE-2024-1060,0,0,d653064ebc7376d659eeceb53018669b809b93fa1e3915db85367d79da8fa5c6,2024-02-05T20:49:55.413000 @@ -242735,7 +242736,7 @@ CVE-2024-1062,0,0,96fd163b87faa7f96df00eff21b1688e595dd6d409735135ea0e59da2984f8 CVE-2024-10620,0,0,724abc136e85c83fb378f9f08553f42597c7003f31982d5ab3f2f979a65abde0,2024-11-01T12:57:03.417000 CVE-2024-1063,0,0,74a897918202555ab7dea6b1737e329d32a036051a3381cf0244644b537611c7,2024-02-05T18:25:57.167000 CVE-2024-1064,0,0,f25346ba7587521e1585b34f9b82a63a0a8099891451ea7215e7704632eec54a,2024-02-12T18:42:14.777000 -CVE-2024-10647,0,0,330e63a034c2276e9293e58a5787ca23da5b71ee3d45423fc1f3e32b5c62be9a,2024-11-06T02:15:15.930000 +CVE-2024-10647,0,1,3cd7a9e94ae95564602c2f073c039d80eb92a68ceba4d68a4546e1e4784441ea,2024-11-06T18:17:17.287000 CVE-2024-1065,0,0,6b929e111558868b0121ca43ebc298de03b6cbdcab98142e875670ec0e17e759,2024-07-03T01:44:57.727000 CVE-2024-10651,0,0,4020d234a4dc20eeefa40d62db04df21d3fc130e9d8122bd0290808c2b4b15c0,2024-11-01T12:57:03.417000 CVE-2024-10652,0,0,e78eb78c66337c771ed734884436ae7db011d1841627efa41acd490150897405,2024-11-01T12:57:03.417000 @@ -242763,7 +242764,7 @@ CVE-2024-10701,0,0,53baafb789e17d3adca0638e17c429a583b20f9faed929ac230c13977cad3 CVE-2024-10702,0,0,1494650cf24141bf55e997b208eb307166b880baeab6c7ba81f17c35396d74f0,2024-11-05T16:52:11.193000 CVE-2024-1071,0,0,203dd69d50b387b330a57560d4e66e827311506680b4f1e4c4b62b6aa394169c,2024-03-13T18:16:18.563000 CVE-2024-10711,0,0,55dbe18df8608d9e1c1242fc894dfe0ff26164cf1194299faf792f0956a2b568,2024-11-05T16:04:26.053000 -CVE-2024-10715,0,0,9809bc782fb4a0fd3afaa8b64512d1c6468f3bc71edbb0e07ae09e5e05503d2a,2024-11-06T11:15:03.353000 +CVE-2024-10715,0,1,d2c9653d43a32692b03cb0b8a0db12fe1fd5c8614bad27310f2895b65d6f57f6,2024-11-06T18:17:17.287000 CVE-2024-1072,0,0,d1340477909607c729b87fb4231ec3eb5b83c947dd2f9537edfb72049dfc44f6,2024-02-13T19:44:28.620000 CVE-2024-1073,0,0,39b7dc528198b2afbafa91161478b052efb2c858a3c417cf6368bfe809460c5d,2024-02-07T20:56:30.313000 CVE-2024-10730,0,0,8808b0788cc1226811ed98f049f4208abdd990eebdc310df0fd93dc6dcaba5d0,2024-11-04T16:42:33.607000 @@ -242785,13 +242786,13 @@ CVE-2024-10744,0,0,64bccebfaf639429020af7e690002c31cefade96abf59910ac9785197466e CVE-2024-10745,0,0,92716aeb701c8c56ef12634280786717d09ce6379edd07c5017aefcc50b16fb6,2024-11-05T20:13:01.100000 CVE-2024-10746,0,0,4607ab58f3187eda17524aff2a11739d4b85ecbf7f3de8e9f3d5db34a6fe0de4,2024-11-05T20:12:39.477000 CVE-2024-10747,0,0,bf56d8b7d455f19bb2d2cbf7ba2f56925af5db7d6565b739483e1eb3d1dfad26,2024-11-05T20:12:14.937000 -CVE-2024-10748,0,1,1fd02e454095772468edf9e35260c4a72a4ccfbe321c1c6d22cbb6e027ab5125,2024-11-06T15:06:52.077000 -CVE-2024-10749,0,1,9f9574ebdf519eebbacaa573a7a97dc63bac824fa6612fdf73241d718df9d0ca,2024-11-06T15:04:49.497000 +CVE-2024-10748,0,0,1fd02e454095772468edf9e35260c4a72a4ccfbe321c1c6d22cbb6e027ab5125,2024-11-06T15:06:52.077000 +CVE-2024-10749,0,0,9f9574ebdf519eebbacaa573a7a97dc63bac824fa6612fdf73241d718df9d0ca,2024-11-06T15:04:49.497000 CVE-2024-1075,0,0,b19be1823ece9ac4ec825cefa6ea1c80de9a3ed97dd278442b9d4fd30da7b4c5,2024-02-13T19:43:13.480000 CVE-2024-10750,0,0,ac7291ff4e0ba9d18676e979fd2056600eeebf8de907e9707b37f8db746edc27,2024-11-04T18:50:05.607000 -CVE-2024-10751,0,0,708cf1d3706f9ba54f476d4dd9f247daa4104b854e08fb2539fd4f30c5245f0e,2024-11-04T18:50:05.607000 +CVE-2024-10751,0,1,6a49a3c7ad1c6ffcd0b7bcc6cbfa59cfbe62d4c966994df1d83f9666683703f1,2024-11-06T17:34:57.597000 CVE-2024-10752,0,0,6cf2a6a9bc6560e825f8711fb6cd1013c57696598fd870914277d12e4f063991,2024-11-05T17:59:10.257000 -CVE-2024-10753,0,0,75eb25a3f070d044828578f0975e7509cf6e558ad84421cac13ede388c274730,2024-11-04T18:50:05.607000 +CVE-2024-10753,0,1,e47cd45037a1a13b612a69ab32046368824f10d157868477a01b6618688067f5,2024-11-06T17:42:14.277000 CVE-2024-10754,0,0,6e29195349618fa17b12a0b0dfd7fc410a6a8a6e38e5727e8f53b0ab3ca5fe5c,2024-11-05T19:57:39.307000 CVE-2024-10755,0,0,5783d5080b8fcb024205335cda12d068661d3eb98c81cfc589af1cc3b6136e62,2024-11-05T19:57:25.870000 CVE-2024-10756,0,0,2ef6e6d26c504875a8fd5c154500a3be59c898721905f5ea84cf54caf1b93a3d,2024-11-05T19:56:30.777000 @@ -242804,20 +242805,22 @@ CVE-2024-10761,0,0,e55627ca0aefeb59987656a92ae2fe0920723534c3676e4833cbe2ebfab1f CVE-2024-10764,0,0,2019ff7f0926975749df288d065dd4ef04b45307a383083c9552413c9cfb56bf,2024-11-06T14:44:53.410000 CVE-2024-10765,0,0,ff207dbaed362f27d141d8f991437f9efb859b44cbbeb5f387917f93fd11e23b,2024-11-06T14:45:35.600000 CVE-2024-10766,0,0,e35f492b9f66f3ec904d31d42b260648e53321433ee2cae35a4e477e4ef293a0,2024-11-06T14:59:34.303000 -CVE-2024-10768,0,1,594fbdf596dfab7cfec85356d137af72f3f7c97c4f287c31f07abfe79e0c4dc2,2024-11-06T15:04:45.200000 +CVE-2024-10768,0,0,594fbdf596dfab7cfec85356d137af72f3f7c97c4f287c31f07abfe79e0c4dc2,2024-11-06T15:04:45.200000 CVE-2024-1077,0,0,9052c519c4a7de5cf3516fc923116c25b788d5b36a137a2e416fb3d37403344d,2024-07-03T01:44:58.330000 CVE-2024-1078,0,0,88568fa2f20f5ea8de25fda48576808429bbc616448df571a879f056db565620,2024-02-14T18:39:51.437000 CVE-2024-1079,0,0,0a964f4e43e1a2d85a40a4753c5354fe293facf65d0ebcc06031e68ccad95a0f,2024-02-14T19:33:09.977000 -CVE-2024-10791,0,1,a1ab37f8c195110cb663fc7e474028527dca661a169201c0160b30306fac4c75,2024-11-06T15:05:38.240000 +CVE-2024-10791,0,0,a1ab37f8c195110cb663fc7e474028527dca661a169201c0160b30306fac4c75,2024-11-06T15:05:38.240000 CVE-2024-1080,0,0,9acdbacec5fb31283e62a6d3f1b1bde4de3af0ce021840a5a12a8cd06719b667,2024-03-13T18:16:18.563000 CVE-2024-10805,0,0,ddc091f40156d7be36a3b2758fac9ccf7f33399314d26f86dc0266c263cecb5d,2024-11-05T16:04:26.053000 -CVE-2024-10806,0,1,e15ec6423ae1ad698fb4ad5b42c94e3a5d06fef4f5e8a29e70adae83dbef0510,2024-11-06T15:06:48.493000 -CVE-2024-10807,0,1,783f0ac6c475ea7fcbd6f31f293edee7b9729e4af159ee9eb5bd3f13eec67953,2024-11-06T15:07:09.930000 -CVE-2024-10808,0,1,dac986d7fa4c7c52dcde054490fe5f45d88b724de3dc68cd9eaa633ce97a4fdc,2024-11-06T15:14:13.607000 -CVE-2024-10809,0,1,ea652f7f5676144619aa1801e4ca90f6a805fad57a8917b37e98b94898936ddb,2024-11-06T15:14:48.213000 +CVE-2024-10806,0,0,e15ec6423ae1ad698fb4ad5b42c94e3a5d06fef4f5e8a29e70adae83dbef0510,2024-11-06T15:06:48.493000 +CVE-2024-10807,0,0,783f0ac6c475ea7fcbd6f31f293edee7b9729e4af159ee9eb5bd3f13eec67953,2024-11-06T15:07:09.930000 +CVE-2024-10808,0,0,dac986d7fa4c7c52dcde054490fe5f45d88b724de3dc68cd9eaa633ce97a4fdc,2024-11-06T15:14:13.607000 +CVE-2024-10809,0,0,ea652f7f5676144619aa1801e4ca90f6a805fad57a8917b37e98b94898936ddb,2024-11-06T15:14:48.213000 CVE-2024-1081,0,0,b9ecb327bf229081db54279065262fbdf204fadb84142fe6a647ad5480db67c8,2024-02-22T19:07:27.197000 -CVE-2024-10810,0,1,24dc4cb4af16bbf52a3428afcf948782067630e0ddcd0604e4c08419e6e83436,2024-11-06T15:16:12.497000 +CVE-2024-10810,0,0,24dc4cb4af16bbf52a3428afcf948782067630e0ddcd0604e4c08419e6e83436,2024-11-06T15:16:12.497000 CVE-2024-1082,0,0,1a3a3ef85a9a06621291f657b27812f6a6be683bc843b0137ba9e53485eee330,2024-10-17T15:46:44.327000 +CVE-2024-10826,1,1,e7caea17df9e50303e84eb12f606f4531bb8bb9449a87b4576ba355c7a719f34,2024-11-06T18:17:17.287000 +CVE-2024-10827,1,1,c533f4c70607df301dc68c381588fa8b3325a3d893bbcbb9a6092f250e2c41fa,2024-11-06T18:17:17.287000 CVE-2024-1083,0,0,f65354685ac9d5e6ec0c7d89ef33fa98a96cad0e23da0316206039cbd9c94fda,2024-03-13T18:16:18.563000 CVE-2024-1084,0,0,b38be98d35d4290a3ce2408da5081c91dd802a2448815858b2cd8d2247674e10,2024-10-17T15:46:42.330000 CVE-2024-10840,0,0,7c13b48653833d393d956bfeba05dc2dd9647859d024272e6982bcc84d954739,2024-11-05T16:04:26.053000 @@ -242832,12 +242835,12 @@ CVE-2024-1088,0,0,7487e11aa2518f6cc93d89dd95a39f5c8d6e4a1b2567cf073eed09f7df7825 CVE-2024-1089,0,0,9442709e929187c1b992d082c3eaeec9226480f80fc28198e3a73f4a684640d5,2024-02-29T13:49:29.390000 CVE-2024-1090,0,0,2d0b80c82d6d153c4e0b5412c3fcf892da86ac73a72da4cbf84bfbb064bdcb0c,2024-02-29T13:49:29.390000 CVE-2024-1091,0,0,54ee7e9ca708166212a73aaa10e4715176fe17b55fbce1ee0ea8f95d289d46a5,2024-02-29T13:49:29.390000 -CVE-2024-10914,0,0,9e1b2f0777286d0cb8a602e804700d0b7a218386d359fac5ed22841e73f8a57a,2024-11-06T14:15:05.310000 -CVE-2024-10915,0,0,cfa7f586c14b166c26e02501db4fae7d71ff693eadbe58fa1137bf847b5f82bf,2024-11-06T14:15:05.783000 -CVE-2024-10916,1,1,48297f5100e09aadcf1a899161649b6985258685a27fe9eb9b0b44a8853fc0a5,2024-11-06T16:15:05.450000 -CVE-2024-10919,1,1,2fb0f6e7ed5cd077a1fbeabcc85ef90f7ee0c031ee0e0922f9af858898492078,2024-11-06T16:15:05.610000 +CVE-2024-10914,0,1,09de4b68fa46b7ed0e9bf2c7174fd9e62be01c86f8d95e52add07fd9e2090ba7,2024-11-06T18:17:17.287000 +CVE-2024-10915,0,1,1a895bcc292043e4cf2ec99aead7474b7cdda35c5f81f92e20395d0deafb695c,2024-11-06T18:17:17.287000 +CVE-2024-10916,0,1,53443e54e55c3a54111ef55bbe8925e1700f77a586713f1c8fd853e1c516cf30,2024-11-06T18:17:17.287000 +CVE-2024-10919,0,1,a9eb02ffc877d3649d3e97e181e7b5d396e5513925c1dfbc9593594bbb4efcef,2024-11-06T18:17:17.287000 CVE-2024-1092,0,0,4e514cbeb8cbdb0016fe4cb374f3dffe448e95b35a82b13ed7cb7be1b7fe61c2,2024-02-13T19:43:06.247000 -CVE-2024-10920,1,1,a263c561193ab1cfaf143ffd07331ca0e3b35a723fb14a3e59db8300aaab3ea5,2024-11-06T16:15:05.930000 +CVE-2024-10920,0,1,2a084f5df50e8d62344f7fb5574910af35d9b3838be955d3bbcc07e777ed2e3c,2024-11-06T18:17:17.287000 CVE-2024-1093,0,0,de7ad9b72d87a55cf339c2dc774b7bea1d33bb68e3b932a439fb6fd6a0ef5b53,2024-03-05T13:41:01.900000 CVE-2024-1094,0,0,e9e492360318e20689e515fe6138ed3b8630e834f4abf2efeafd987f7e7b2dc6,2024-06-17T12:42:04.623000 CVE-2024-1095,0,0,e70da3b629cae08421ac3ff6db71fb525bf872b735f906aa9168a1a3feae7dcb,2024-03-05T13:41:01.900000 @@ -243182,7 +243185,7 @@ CVE-2024-1450,0,0,5c78ee7ecaa738b41245290c13db435007588e4f06193084183217b1157cb9 CVE-2024-1451,0,0,06be5f5604355f77fabf82dd57df1f8809446c587ecb10ad9e69cebf8ec03e7a,2024-03-04T20:12:59.223000 CVE-2024-1452,0,0,e53b6badbfb961b470f92bd813c19b81fa9530e5a4fab209b8360590eeab9b44,2024-03-13T18:15:58.530000 CVE-2024-1453,0,0,4c7fdd77bf9774c0b4902debd5fbb9a5a455811c9e20dd37093901421ad05d83,2024-03-01T22:22:25.913000 -CVE-2024-1454,0,1,86521d2a1a4319ab5493fa5552959930ea4792c88a861f24c36b4c22e9af018d,2024-11-06T15:15:14.010000 +CVE-2024-1454,0,0,86521d2a1a4319ab5493fa5552959930ea4792c88a861f24c36b4c22e9af018d,2024-11-06T15:15:14.010000 CVE-2024-1455,0,0,150cf04553026c6d927055f564987fc57df0c743f9421c15918b44f92d1a260f,2024-04-16T12:15:09.230000 CVE-2024-1456,0,0,5b0bf210be135d03b9e0f0aa4d44e1d74b665ecf3cd8074dce271769fca228b4,2024-04-16T13:24:07.103000 CVE-2024-1458,0,0,3592b3461bffe67c8c4bc63c3d6ff327fca1737b7c0b5caa3c39b57cb625a124,2024-04-10T13:24:00.070000 @@ -243445,7 +243448,7 @@ CVE-2024-1742,0,0,ef8e2131c95185fddee2b27fa43b85956207ef471d56b7605b9d2e6a1c53a4 CVE-2024-1743,0,0,483e7e67b70ea440915c26337d00527748cea35503b453ed4beec805a523f208,2024-07-03T01:45:31.390000 CVE-2024-1744,0,0,2bf4c4c8925f4703c92760e64890aeefa2be5dff60889c111ab6ca3c9c83547e,2024-09-13T20:30:09.373000 CVE-2024-1745,0,0,1e43ec903cdd08626f0d20b4612f3ce6507e55e2bd5bb05034398a450502f6f7,2024-08-05T19:35:01.720000 -CVE-2024-1746,0,1,0bc459c098d00c79ea47cf632ecd65dbabfc54048ca8a1cd461b509d77edbc52,2024-11-06T15:35:10.770000 +CVE-2024-1746,0,0,0bc459c098d00c79ea47cf632ecd65dbabfc54048ca8a1cd461b509d77edbc52,2024-11-06T15:35:10.770000 CVE-2024-1747,0,0,62057f23570bb0721b1db5127075f49bb03ce7c371cab177ae217aa948df9df2,2024-08-01T15:35:05.150000 CVE-2024-1748,0,0,225d9c0ba3d2388d2e1d2564afa842c8e38abf8b0b7cfc5e0b1ec6fc81b6c96c,2024-05-17T02:35:34.880000 CVE-2024-1749,0,0,f620be6c4367805be5c83719352e695698d105470ce084642dece004f1c7c3f4,2024-05-17T02:35:35.020000 @@ -243593,7 +243596,7 @@ CVE-2024-1897,0,0,0efb8d9a4d1f85779f8525208eb15fef6382b5b7cf3f1e753843d932081544 CVE-2024-1898,0,0,2048e63a97333551e3764a3fbd061d10d8f595ae0c5039d398dcf763445bbb5e,2024-03-06T15:18:08.093000 CVE-2024-1899,0,0,559b7c50ffa921a98a9a4eb560a9551cb0fd4d6955293dc50c887af682b17f74,2024-08-01T13:46:14.650000 CVE-2024-1900,0,0,828856e93d743641acd2c2c881c69bd3ff69a883b9788aa1ac23c4f5b7196721,2024-11-01T17:35:03.073000 -CVE-2024-1901,0,1,09b3a7f3ee491173d692ac90c8f74183ba0f3fe9e47d1237c95b739b5c6d3cfc,2024-11-06T15:35:11.670000 +CVE-2024-1901,0,0,09b3a7f3ee491173d692ac90c8f74183ba0f3fe9e47d1237c95b739b5c6d3cfc,2024-11-06T15:35:11.670000 CVE-2024-1902,0,0,552aec039b904208185561d339cc67918e0f20cfa46c31de74a1c935a699387c,2024-04-15T18:15:10.070000 CVE-2024-1904,0,0,8cdbbfe376e9acb6ae480565a4c6419f8d15d1ae03e61c5f9b40f8e0bbf3af41,2024-04-10T13:23:38.787000 CVE-2024-1905,0,0,00df28e23b76462feb543d9d013301de19b4acbaa314041b42769067653b7775,2024-04-29T12:42:03.667000 @@ -243956,6 +243959,7 @@ CVE-2024-20367,0,0,0d59cd325b5448a23ac62ba4d011225bdec20c6d4a20e9044f14a66801d96 CVE-2024-20368,0,0,11ba77e6ca928b43fcf33bd9b64c67655ca382b15bfec85a328bbca787a43cf3,2024-04-03T17:24:18.150000 CVE-2024-20369,0,0,e23910e4adf6ac7fe444b246c85eb12e2e56e7b12054f1339b9256c8ec4ec112,2024-05-15T18:35:11.453000 CVE-2024-20370,0,0,9c8d802e115773847851e6a87a7c6331398027635ff6abdb8c313a21d8306cc9,2024-10-25T12:56:36.827000 +CVE-2024-20371,1,1,f7251c015fa79c9d7d243427b41ccc67f0c799dd1ba47a0c8956938a3685f62c,2024-11-06T18:17:17.287000 CVE-2024-20372,0,0,feaf3b98a24bdcf61707d881e5427a56c3f9e9ebde0774029fc1bd7580a0df31,2024-11-05T16:04:41.993000 CVE-2024-20374,0,0,638aea96f5a8f2793180f79bfbc09147af2cc1875a0c35f4bdc3fa0fc97f0c14,2024-10-25T12:56:36.827000 CVE-2024-20375,0,0,a4ae364a987d406a5046b71b718fe2e5ce4da208cd9db67ac24eb19997b1276b,2024-08-21T17:24:59.627000 @@ -244004,6 +244008,7 @@ CVE-2024-20414,0,0,18adcabc3ea83c021e3e42e80805abb0da254bdf76c23740c5471d9c9fa12 CVE-2024-20415,0,0,877e94faab6d2266c2faaa313bee5ba7676639f7c6928a7d38493bfe98132d17,2024-10-31T19:17:54.273000 CVE-2024-20416,0,0,36fba5d0b9a663051d43c2072f34c721bf06b423d2ffa103fc7cf93ef9750d67,2024-07-18T12:28:43.707000 CVE-2024-20417,0,0,2b2621922f4e9896d58ad85f7dd970402245ce4da0539fb0012d7404735b7f45,2024-08-22T12:48:02.790000 +CVE-2024-20418,1,1,8554e8735b42833c9e69f407f99e9fca8c7a15d7b058a2209f0efe8e333cdf1c,2024-11-06T18:17:17.287000 CVE-2024-20419,0,0,0795f6e87845f9b46dc3400495c49fb48a047d8ed4e9d1842a04ff7724f0ad68,2024-08-13T17:15:22.787000 CVE-2024-2042,0,0,148bfce3b5f48e2144e9167826ed5f6f120e539bf15296a435b2ce580e8b1f74,2024-03-17T22:38:29.433000 CVE-2024-20420,0,0,bf5b2e28728b393dc4c68ac30d4f5934f5f4c3a252f289a6ace4b087b2c80ce0,2024-10-31T14:35:05.980000 @@ -244028,6 +244033,7 @@ CVE-2024-20441,0,0,d55f8099b608b8adfd1a6d0d43acd3f45d687b76b8525513869a95df6ac3c CVE-2024-20442,0,0,805aefb18c510621a81c52eaa48c4a81152e7d64b4a9afb06dafc5cccb2f219c,2024-10-07T20:11:48.687000 CVE-2024-20443,0,0,272afbe0465f6648950651b716899dcfcb722318ac954aaaf0e63544fb83de9e,2024-08-23T15:18:06.347000 CVE-2024-20444,0,0,a12fb2570a5698911d0cc6e07bb095dabf95fbf72a3c4e45b591e21f1703dac8,2024-10-08T15:26:38.527000 +CVE-2024-20445,1,1,f698b1f5f5f92fa31b51c02a4a24e272a198b648b861319cc1020d6804265773,2024-11-06T18:17:17.287000 CVE-2024-20446,0,0,e9357eb0aa4f61946fea3c9e67283cca574773e1e525326f07a38ede4840249f,2024-08-29T13:25:27.537000 CVE-2024-20448,0,0,565fdf482c77d5556490294526189aac22203bda3136e1e644d46324e48508c6,2024-10-08T15:25:47.053000 CVE-2024-20449,0,0,316480c4331efb1b0699079802002acf63f93477d88f4712b7f6bca9f927ba75,2024-10-08T15:33:29.210000 @@ -244037,6 +244043,7 @@ CVE-2024-20451,0,0,616ab4cb2b50cee49c462941d4d3e48792a6a3c09b725bd97a134b2f4a53b CVE-2024-20454,0,0,b7df5fe3c7f3ad82ec42e5ba189942703f651e8bba204ff78589b452573f75e5,2024-08-23T18:13:47.510000 CVE-2024-20455,0,0,0eab0e0d21dc4342feafbdcb7840d45bd73b5886ce73a3d40c40f5d3f5d5114a,2024-10-24T19:47:49.750000 CVE-2024-20456,0,0,bf56f0f0f8d3ed0f6616c43fc8ca6a47b6257ec17aaac25185ba7a05790b5cc9,2024-07-11T13:05:54.930000 +CVE-2024-20457,1,1,44b4e7457c5e3eb4faf4a234e69906a47c5c6fd5679e00398bf4bfdce3c9182b,2024-11-06T18:17:17.287000 CVE-2024-20458,0,0,7fb1e55e612ee6c8cc09ba5c55e99526661fa33e17c363c55add3406c5a053f4,2024-10-22T18:03:09.777000 CVE-2024-20459,0,0,5cd54a48218e6b57b046cb69743cb297e897ffabcfc93cde2b5b5db91e60d9df,2024-10-22T18:06:48.333000 CVE-2024-20460,0,0,1680f4feb024550f85cfbc4af79437ce465cc993fb1f24de2a76ac8f316389ea,2024-10-31T14:35:07.573000 @@ -244055,6 +244062,7 @@ CVE-2024-20472,0,0,528b72f3e675c671bcc155955345e40804d792fc1b7521db35acf6a179fc6 CVE-2024-20473,0,0,5ef4807597fe5f900b04e5d005ca94a4800c4e9c9e7b53afbf025fd1374f1a09,2024-11-01T18:09:35.813000 CVE-2024-20474,0,0,810ef346e3194cf6f907da41410620e853cd9a901344bc18179275f363afe6c6,2024-11-01T18:14:56.790000 CVE-2024-20475,0,0,3f291467cc737decf2fac9adb4dea13bddd59923e910f2a0d4abb07dc30557b9,2024-10-03T17:49:17.797000 +CVE-2024-20476,1,1,ec888cc0402f94d8a7068bc8fc574dd4cc5e7fb37d811ee6dbe894f77891cf20,2024-11-06T18:17:17.287000 CVE-2024-20477,0,0,546baafd3f9cb181a62a5bf8f2d6a935693c1d9566bac043856053043d6e851c,2024-10-08T16:00:30.167000 CVE-2024-20478,0,0,7159d6f0353997233b844f180b9acaa4a22410a663dfe8445f14235dd4611029,2024-08-29T13:25:27.537000 CVE-2024-20479,0,0,ced5b461eb6ab05478119ddf8b399bbc19a6ff248adc19d6fde8eab586c6db76,2024-08-23T15:14:45.913000 @@ -244063,8 +244071,10 @@ CVE-2024-20480,0,0,1929c3dc705e1e48392e67050891180fdb659aa9ab6d1d255c10d5b0e58c7 CVE-2024-20481,0,0,767ae1c0f6a7066da50f07948c514a10ef87b2b329ab72db1baf3efae941c3eb,2024-10-29T17:47:44.083000 CVE-2024-20482,0,0,39fabe22066d4edd345c69477b6bf9c7a8eabc0b196d3e7b7cf7589c1a519042,2024-11-01T19:49:21.493000 CVE-2024-20483,0,0,7bbf4d5b1e3697b5bad7f81531333e630361007007985921b04d8f51e2bedc77,2024-10-03T01:44:17.827000 +CVE-2024-20484,1,1,e77577dbb2df65a85cfa5d177121893af0c70cf5a44d88b590a9450fffeb3252,2024-11-06T18:17:17.287000 CVE-2024-20485,0,0,5c9cf5bc0a34e04e4f600a44d27d5c4447132843175c261a9064b9d236bc0028,2024-11-01T19:50:11.107000 CVE-2024-20486,0,0,1ec7a6c2a991b67e11827b3b316fed30b5b5340988b303f9088e0f10e2e894f9,2024-08-22T12:48:02.790000 +CVE-2024-20487,1,1,5d105c186c0511a8fbb7462c76d5e26b4b0e38ad622f579048fba4f4636a1e86,2024-11-06T18:17:17.287000 CVE-2024-20488,0,0,b3c319abc05ee7d52fc498f08ba4c2d91fe7b6f1527a7957b5c4a113170ee559,2024-09-06T17:18:11.813000 CVE-2024-20489,0,0,d68cce5506ad42f67e500e952ef8846db91b43a7e51bd083fc776681145c15d8,2024-10-03T01:40:11.637000 CVE-2024-2049,0,0,398a9eaf0287296877598afba029844504bbde28a3270479d8cbbb594cc11b40,2024-03-12T16:02:33.900000 @@ -244083,14 +244093,18 @@ CVE-2024-20500,0,0,18d63ed549bd4b7192e6c6df79ac972fe597dc59b5724f10b9411d9013e65 CVE-2024-20501,0,0,9b36cf8076d19f9cac9b6d21a8fd8d36733d3f9e22e985de521e4b0062887c7c,2024-10-08T18:28:51.753000 CVE-2024-20502,0,0,571c0a1b63e5c4f466f480825d57e0f49b71734cd1ce5842562738b67cc11255,2024-10-08T18:46:38.437000 CVE-2024-20503,0,0,e85721e4e1cede24d93f2a47467ca55ab63c155dde7e0c41a923091bcc7e874a,2024-09-13T19:24:37.420000 +CVE-2024-20504,1,1,86aa79ce7b404716d99a870970404f9aa62af0456894b1d366eda5f315b95661,2024-11-06T18:17:17.287000 CVE-2024-20505,0,0,3cc28c634084a10df250df318d1f65f6c920a21d5650beb89eb991b35e09151f,2024-09-12T17:28:47.010000 CVE-2024-20506,0,0,b3839959ba904d7db54237791da3f84bfa0eea3b79a536a06b85b587186e3413,2024-09-12T17:26:37.643000 +CVE-2024-20507,1,1,296cc58e6fa4f77e5d58b986cc3093edf65ffbbbb779781b38c28a0e199f2d8a,2024-11-06T18:17:17.287000 CVE-2024-20508,0,0,0768ac64a8260ad45d8462ad7e41dbfa97c47e8f324d81868ad4103c1f94fdd9,2024-10-03T14:43:23.810000 CVE-2024-20509,0,0,5f3f949e87da33ae8e05af8dd043b1b8c4558497e54d60a20d025b6437380c68,2024-10-08T18:45:52.513000 CVE-2024-2051,0,0,7b283f8057b783b668166a17f1e1ff3c63b74d0e0fa3f6b8acdcd7e3ce5a09c9,2024-03-18T19:40:00.173000 CVE-2024-20510,0,0,6fbdd0fde11e7a17f48951ee8a4206d5b5c8d1dcebb95035b098d9f8dc980dca,2024-10-03T14:52:22.627000 +CVE-2024-20511,1,1,2e050831add3e16fa2be1449a7b64ae30c44a7d9aa509ad0013cb1f9b80c40e0,2024-11-06T18:17:17.287000 CVE-2024-20512,0,0,32d210efc259ab5a4a0ffbd125c9a1d01fe465030a671f22a6529c28c3c31d4f,2024-10-18T12:53:04.627000 CVE-2024-20513,0,0,59340ca02e9ac8b2ce467c4f6ba3d60a9250b41442bd8318c0745e7df94f4acd,2024-10-08T21:16:54.820000 +CVE-2024-20514,1,1,7007e1b0cf182bb4695a9ca4218edb4a0b6c2ee1653ecda1228d3bdbcd4136f2,2024-11-06T18:17:17.287000 CVE-2024-20515,0,0,a97b9b776cc799ee1ad03753f84b5adbde8d922a71a988fa6a481a074da42b1e,2024-10-08T16:11:23.440000 CVE-2024-20516,0,0,38173375d3e97a2ca4a3ada633aa8363dffa90658c88f70a1b4706a56888fef7,2024-10-08T13:44:10.840000 CVE-2024-20517,0,0,e16ec70f044330107de46d11fc56880c1e349bbc113ae734e245e91f648488a8,2024-10-08T13:47:52.483000 @@ -244102,9 +244116,23 @@ CVE-2024-20521,0,0,1256f22cccdc014ca7c6dcaf50cda0cfa20b26ee2ae968d316f808a9bafa0 CVE-2024-20522,0,0,4751fc0b46eb3f3442a4302d9aa0da06e525e7320f0f9f33ce2b1091dde97b23,2024-10-08T13:48:19.060000 CVE-2024-20523,0,0,c7bf45998c89086dd758eb4d3eeb25d63406d90c0a145566280d2888a4fab120,2024-10-08T13:48:29.500000 CVE-2024-20524,0,0,1ddae342fccf4faf6880cbe25cc035c1903428edec9e63909e1d89933e06b31e,2024-10-08T13:48:58.273000 +CVE-2024-20525,1,1,c2a0dd06c4506d4603e425d2a7d21eafef99e197e9a0b2db6259e843e1cca6ad,2024-11-06T18:17:17.287000 CVE-2024-20526,0,0,d5fdba07e116955c599b0e877c602ebb6ff11ffa39621c07ebd427a3890514dc,2024-10-31T01:08:26.047000 +CVE-2024-20527,1,1,7a21a0e10bb4a9041d4526c7f7316d7ad10fbc3c5e75b8422c2e62f0336c0608,2024-11-06T18:17:17.287000 +CVE-2024-20528,1,1,feea343663cfd0deaa3316143f11c5ffa04761b9f686af213a719a8822a5c467,2024-11-06T18:17:17.287000 +CVE-2024-20529,1,1,8a4a0f3a3023fd4512fa4a28ed7e5d6f615843cdf41243db46e7557658cff118,2024-11-06T18:17:17.287000 CVE-2024-2053,0,0,0d41c4e474c0960eb5e2399ded25845c51347c47ec843b53809f61d1e3d8fe3e,2024-08-06T15:35:13.397000 +CVE-2024-20530,1,1,7c9646f24c62d54ccf03c82187b6a87770657dd6b000827b7e72ececf1471b10,2024-11-06T18:17:17.287000 +CVE-2024-20531,1,1,723e0c23d02f9f3e0050077c138946d891cb15b20bc9c86ffac9ad5f2eadce1c,2024-11-06T18:17:17.287000 +CVE-2024-20532,1,1,be342e3ff68be849f4d1baefcaaa598c9771c7d7b53fb3ffc1f61ed44ea9b89c,2024-11-06T18:17:17.287000 +CVE-2024-20533,1,1,baaba7262fe1e661bdb92db6e175afe049daf61c214cfe3502b79e881824a0d5,2024-11-06T18:17:17.287000 +CVE-2024-20534,1,1,192aa3c4a2d69352d402cf728070d6a163b3a46dd1c219466c4479b268ee3e1d,2024-11-06T18:17:17.287000 +CVE-2024-20536,1,1,93d71667b63bbf2ca04dae2ef39cb23b3d0792444c57d2d491559da9ab61293b,2024-11-06T18:17:17.287000 +CVE-2024-20537,1,1,3e764b19183672785bcd6a1364d67fb269a85543171b7edc8249850eacf04888,2024-11-06T18:17:17.287000 +CVE-2024-20538,1,1,7f80303f6cba98d48ba00b7277cad0549444ba24766011cd8a4c9b961827be71,2024-11-06T18:17:17.287000 +CVE-2024-20539,1,1,0b9d8c4b97de633b5e90d45bcedbe086483cf12614aa1a35220be14aacce4a11,2024-11-06T18:17:17.287000 CVE-2024-2054,0,0,5af7272a2140be959232b9c889b5facdacd3c4cf8342e14293010d7ec8d01b60,2024-08-05T20:35:09.723000 +CVE-2024-20540,1,1,efa9a20fada26cf282c7de3b10a2db59432834ebb21c905e50af63eb12d2f227,2024-11-06T18:17:17.287000 CVE-2024-2055,0,0,07b933beaff1c6c6636c1d85ffcd111ff83285195075526678d7cb747831ae01,2024-08-26T16:35:08.047000 CVE-2024-2056,0,0,2a38346454eb98b80a7eb163969274208e164120f1a109d344c6cace07c18d78,2024-08-23T21:35:04.537000 CVE-2024-2057,0,0,0c49b54a58bbfae398bea92bd4d174b8750b0b7b8229721504febd8a399d51de,2024-05-17T02:38:00.550000 @@ -245339,7 +245367,7 @@ CVE-2024-2200,0,0,d5a4c544d7b3fb05e31b9bd6329cd0f60f6524be79f4f8737689831ac183f0 CVE-2024-22002,0,0,3f46bf566ffde9830b437d34f578da579affa782f9e33834d952fd66d67c0a78,2024-07-03T01:46:58.073000 CVE-2024-22004,0,0,b52e7465a30d7c5ebe6c493dd6cc2d67cc064cc642f18d912a28d694a4c404f1,2024-04-08T18:49:25.863000 CVE-2024-22005,0,0,02fc8069f8978aa827b292cf9e7ba3e738360e5ceb416fadd3312b055dda6bbb,2024-08-27T15:35:04.370000 -CVE-2024-22006,0,0,9db530d54f3e0b6eeed21f2d20e1fc7569473f02c8a78e672208ec470c1d339f,2024-03-15T20:15:07.573000 +CVE-2024-22006,0,1,7eca74a8bd3ba940481d1279a907303e2e2bda144ba5b8a4070186eddec0c93e,2024-11-06T18:35:05.707000 CVE-2024-22007,0,0,a5e57616c57995f4e1af56cd99e26748eb0b88805922a007b7589d06d0c40e84,2024-11-01T20:35:04.670000 CVE-2024-22008,0,0,6c890483b6824de06d1dd219a50dd94a51e16527823b55b553e6e2498de2507f,2024-08-01T13:46:51.077000 CVE-2024-22009,0,0,b5b916a7d5e03fc859dbc7dc76ad79ca7e20552b5b212df09fe8f4b48b2af77b,2024-08-14T21:35:04.647000 @@ -245738,7 +245766,7 @@ CVE-2024-22430,0,0,0fbcfad09ae917fafc619535160fd24e48aba9341fe8bfdb8a996374862ad CVE-2024-22432,0,0,b19fa3bb449bc265b26e0ae2ae5b0edc461884c2724760506d68e5b43aacfd3f,2024-02-01T17:00:46.647000 CVE-2024-22433,0,0,89380e31e8d2ba57daba774977205dc3d6f0390255572276cb38ad219f4fc9c9,2024-02-13T22:51:37.293000 CVE-2024-22435,0,0,511612f2605d0e801cf93cde72bc2465f2152bebd936072576d1cd9c8e8b7795,2024-04-15T13:15:31.997000 -CVE-2024-22436,0,1,ce9b645a774a5dcf8962bf0abc30c5847d9bbd9ce2118bd6cdd942640a91b902,2024-11-06T16:35:10.220000 +CVE-2024-22436,0,0,ce9b645a774a5dcf8962bf0abc30c5847d9bbd9ce2118bd6cdd942640a91b902,2024-11-06T16:35:10.220000 CVE-2024-22437,0,0,adc89ba7ad1d0a1e4e7eb92e19409a33e8958e9b5cf738c2f8e8a97768b2e9bc,2024-04-15T13:15:31.997000 CVE-2024-22438,0,0,c546f064f96022d9cfcb345a02091ae2e116d064186c8d0e1fc01e2de8eecd50,2024-04-15T13:15:31.997000 CVE-2024-22439,0,0,d7a7b572beee53b66512fc19be17c3d6cb68344acbd1d99f9e2956209263c65c,2024-04-15T13:15:31.997000 @@ -245891,7 +245919,7 @@ CVE-2024-22772,0,0,35784a09a7aa4d3df06ef698391700cca45ffd31c5d362a5b4bf4c5ed4f3c CVE-2024-22773,0,0,03184bf31e9d10ba7deeecae03e4f0f7ba575d9ec1c41ae305e334fb3f079f35,2024-04-29T20:15:08.227000 CVE-2024-22774,0,0,853beb0389c513470cd58906aafec7d14c972ce0d4386b56f01ffafcb0357503,2024-07-03T01:47:21.717000 CVE-2024-22776,0,0,642d619b355fbb2b5cc749a1f87205b7fff1d4b33bb24bffa4b5d84ecbf555b5,2024-08-14T16:35:04.977000 -CVE-2024-22778,0,0,89a1921a33fef4479c5c6a77cb019d2aa004d920cc2201a5cc9c85e65d7ce216,2024-02-22T19:07:27.197000 +CVE-2024-22778,0,1,d6f95e35f4d5924308a8864914d9ade6fdd13564913e1dc9160849aee42c6684,2024-11-06T17:35:29.337000 CVE-2024-22779,0,0,da7d6977832dc3c77efd0828b12672e5165d77aed4664eb8e25534e23467c0f0,2024-07-03T01:47:22.543000 CVE-2024-2278,0,0,cbbe8d95d17074268ce13783e0b396bcd517d6176e85320160a036a53e494096,2024-10-27T15:35:07.657000 CVE-2024-22780,0,0,51acf3ba46fabf66b7e472aef9a6620d7f0360062b5706dc3d5e6ae6e5bb5394,2024-04-02T18:12:16.283000 @@ -246065,10 +246093,10 @@ CVE-2024-23148,0,0,f163092e189644bb6f69811a212b9b411504f9f98d2b1dd4d6e9852bde1c5 CVE-2024-23149,0,0,7651a42b0863370940c42057e714040687fb0f0a0647b4edfeea6ae3db85c5d5,2024-06-25T12:24:17.873000 CVE-2024-23150,0,0,2ec2a3f5ae0ed899b10a9a3ad1ef287d5eb257340d2b38f86c7e5aa0270d1e52,2024-07-03T01:47:35.010000 CVE-2024-23151,0,0,53d13e8b9ba2cd63d85aa3df3bb17c4d39810557d3e3d9a803388619628364a3,2024-07-11T15:05:24.300000 -CVE-2024-23152,0,1,0e8fa6b6600b8d3f08ca387890587855a0e6e8d15b4239d0aa342d6bdc58521b,2024-11-06T15:35:12.300000 +CVE-2024-23152,0,0,0e8fa6b6600b8d3f08ca387890587855a0e6e8d15b4239d0aa342d6bdc58521b,2024-11-06T15:35:12.300000 CVE-2024-23153,0,0,a9475572f3855658e511a61491406daf3a3db34baa0f7eeec4405b900cc5c36f,2024-07-03T01:47:35.377000 CVE-2024-23154,0,0,602e96827d2a402dbec8eeda4b14e220087b363940e263d35c0ecc3fd1600d12,2024-07-03T01:47:35.613000 -CVE-2024-23155,0,1,4f1dc55b6f05d4b11779f7417b6940039ac18273824bd473845de853da12d3db,2024-11-06T16:35:11.007000 +CVE-2024-23155,0,0,4f1dc55b6f05d4b11779f7417b6940039ac18273824bd473845de853da12d3db,2024-11-06T16:35:11.007000 CVE-2024-23156,0,0,e24cb23ed4ec717877b5c274024621080584b7bbc10a01ea6112a78c48daa1ce,2024-07-03T01:47:35.950000 CVE-2024-23157,0,0,11b0d8091c8fa8dd11dadbcf1fbb903ad812d8f095800e3ccd96bef2996bf47e,2024-07-03T01:47:36.180000 CVE-2024-23158,0,0,7c083896ae118c56bbbf5e942c8384ee2397bcd81ab6e0a549fde13b2ebb526d,2024-07-03T01:47:36.407000 @@ -246194,7 +246222,7 @@ CVE-2024-23285,0,0,5a0d4d7d553005e90735503704fdc16408a5286a022afa1dff47851a5d56c CVE-2024-23286,0,0,f8f0ff0a8076d1acdcd931a303004a0abe139b7ebcc3b6a020d77caf3a452f67,2024-08-01T13:47:15.157000 CVE-2024-23287,0,0,112483d9936a74ffcff3d96013576a1bfbb7b8c01b845a9cbe424d560297f227,2024-03-13T22:15:11.120000 CVE-2024-23288,0,0,4c16d89ff3b357dfdd3be6b8ba218b937b9c0e25620417a442ae558ed820b4e4,2024-08-28T16:35:09.410000 -CVE-2024-23289,0,1,a219b49278d379ddbc476b132c2f2ae57f939e82c98ad474d404f565bf84e643,2024-11-06T16:35:11.190000 +CVE-2024-23289,0,0,a219b49278d379ddbc476b132c2f2ae57f939e82c98ad474d404f565bf84e643,2024-11-06T16:35:11.190000 CVE-2024-2329,0,0,11e6f1e43e05cca18867c7d5c048956c7fecd23b0254816ac97fead1b2517ae0,2024-05-17T02:38:10.443000 CVE-2024-23290,0,0,c464194e225931bf0d2137cac165c36f9146fd1d9e1ad3c4a6426c7b4df4b92d,2024-03-13T22:15:11.280000 CVE-2024-23291,0,0,603b8576259665ad0086d646df8b3529db21f3a13afd1b523a01f728467e2032,2024-11-05T17:35:08.767000 @@ -246508,7 +246536,7 @@ CVE-2024-23670,0,0,2c174ef55070d6d7ec25fe9e60f3b8849c19ddedad7be57714905f097827c CVE-2024-23671,0,0,d72ea2977e3cba03db7439ed23fca8c53c23233817ce483caf32a11e4c2294d8,2024-04-10T13:24:22.187000 CVE-2024-23672,0,0,d4c395f961ce5695d2de251d8893d068c1fa66b561188c81616858891081c9d8,2024-06-23T09:15:10.097000 CVE-2024-23673,0,0,20bc9521299eec29172f9a896aa516a13c8f7f89df683b84e051c7e95644a840,2024-02-14T00:26:41.517000 -CVE-2024-23674,0,0,2c418b1ad788a4db0a08dd5513951f233358dda306bdeadb1d1c67bb44166f23,2024-02-16T13:37:55.033000 +CVE-2024-23674,0,1,a212447b06aff3ed4be79641c1aa590cfebaa930e8ddc1a6da42c265ad7f525a,2024-11-06T18:35:05.950000 CVE-2024-23675,0,0,b94fcfd3ea5b4cd833390e07f81b5852b5769461d495fee03925068c280d47ed,2024-04-10T01:15:18.057000 CVE-2024-23676,0,0,81d5429b6238c8c8411ee84b9ab9decbc31a3dd0efc4ec45e92e01f2b1b7e560,2024-04-10T01:15:18.240000 CVE-2024-23677,0,0,ec294a9ef4bdd2ee24161c3b70c79f0fe11694dc07645f5f195b2581a74c61f3,2024-04-10T01:15:18.390000 @@ -248137,7 +248165,7 @@ CVE-2024-26095,0,0,9f6c7bddb38cd6b8f363ea5c70ef041eaf1840874199b0d4f54fdf8f0f85f CVE-2024-26096,0,0,7fe4823fe2a7b575a3ae0ebf41ef8d560b89c2e0159509c3214f5a6c2615f8b6,2024-03-18T19:40:00.173000 CVE-2024-26097,0,0,cf64c962cadb0fc8f1556505bc07c2350b9f9285ec03ff659cd6a815a0eb0c88,2024-04-10T13:23:38.787000 CVE-2024-26098,0,0,dbbd02b23dacb0109748d3b2fc272a4103fcd271020bb791bb34007edc8f300f,2024-04-10T13:23:38.787000 -CVE-2024-2610,0,1,b027d224535ed46303e9cb28e3c541ff296bc0a756671ac358daf18839ba9117,2024-11-06T16:35:15.013000 +CVE-2024-2610,0,0,b027d224535ed46303e9cb28e3c541ff296bc0a756671ac358daf18839ba9117,2024-11-06T16:35:15.013000 CVE-2024-26101,0,0,a3bcaed7b7153b5cc7bbbc52911724f0db36b199f4ed571b79e387b893a73377,2024-03-18T19:40:00.173000 CVE-2024-26102,0,0,35dbb61e3e6ac12fce2788e2b3706c2ebc69e7be37fd2a337727452fe09da848,2024-03-18T19:40:00.173000 CVE-2024-26103,0,0,8def4a39c13d47b53292840b50c64b12658220aacee9dc293340637f660797b8,2024-03-18T19:40:00.173000 @@ -248355,7 +248383,7 @@ CVE-2024-26314,0,0,f3cacea21befb6fab1c2f5adbf9b7d87324473051fc4cd28a38bbaae7b098 CVE-2024-26318,0,0,e49f81956340b47d12c2b6c8e60e793f3ff0ae30227c439a8cc649c04f3ff703,2024-02-20T19:50:53.960000 CVE-2024-2632,0,0,68039af9d391e4f53fc42bf0bf9c6a75cff13780e172f64ceb26ab23a8a8d5db,2024-03-19T13:26:46 CVE-2024-26327,0,0,30d08d577d44d38c98e8d09a3ca2e28a354f8d84b13e8b7475d667e0aa1a602c,2024-07-03T01:49:38.810000 -CVE-2024-26328,0,1,8e220872ce6fda1bf070a0407dc485e9fea465cf19de6295b3aa4e1694aacee0,2024-11-06T15:35:12.510000 +CVE-2024-26328,0,0,8e220872ce6fda1bf070a0407dc485e9fea465cf19de6295b3aa4e1694aacee0,2024-11-06T15:35:12.510000 CVE-2024-26329,0,0,3b0eb6608df7a74fc8a9d5773ed651310cd73a96d8ef2afac673200b449390fe,2024-04-05T12:40:52.763000 CVE-2024-2633,0,0,5cbc6482108bfabb58a338263ca9ce41f75b102c0fb9b1f68c08206c04598c5e,2024-03-19T13:26:46 CVE-2024-26330,0,0,57903b982740769cb2bfceb4ed7ca578f76569bff9879a33cdaca56e77a02b3c,2024-11-01T20:35:07.497000 @@ -248395,13 +248423,13 @@ CVE-2024-26464,0,0,4ab3cf87be607a3f2e4c00e75552541f89691b136bdc5e46f36bd1de5e4f2 CVE-2024-26465,0,0,3a896709d200549d8e79b89e1e93cd3f7afbd9ee26478bdb4b85743140b25407,2024-02-26T16:32:25.577000 CVE-2024-26466,0,0,6709258f243577bc1f93e1c54519a7b66e4e3ffda1e209724abca2cbfec5238f,2024-10-30T20:35:12.827000 CVE-2024-26467,0,0,c79919be511844338d780cb29a83d8434b9e819bf896bf804be060a155284c12,2024-10-31T15:35:29.323000 -CVE-2024-26468,0,1,888c1400596629f642930ce1dfab915bb89a161094e6e25fcf42a7aafbb78e0f,2024-11-06T15:35:12.710000 +CVE-2024-26468,0,0,888c1400596629f642930ce1dfab915bb89a161094e6e25fcf42a7aafbb78e0f,2024-11-06T15:35:12.710000 CVE-2024-26469,0,0,202a3878dd7ca90a2deb83f9c6068be468c522265741b212613bae7399baf445,2024-03-04T13:58:23.447000 CVE-2024-2647,0,0,dc044af22784e4db6ad7522cd4841e4dbc9efce24abfd075978f936ae875c263,2024-05-17T02:38:23.120000 CVE-2024-26470,0,0,58e234d7e215267230c8a12c548ad8fb022e4ba21a7a856a3f33600c880169c4,2024-08-28T16:35:18.190000 CVE-2024-26471,0,0,638407be95241af8b802e909dd749dda860405db3eaaa59ad63e6686ac6163d0,2024-08-27T20:35:17.533000 CVE-2024-26472,0,0,4c4bad048eb62d0f5c9232a581b443644013f701bfed1b32dc0f1f99e73f7dea,2024-10-31T16:35:08.623000 -CVE-2024-26473,0,1,223bbfc60b0ebde8ab7f29d9fb2cc884267d8700f29798d08073e118ead670c3,2024-11-06T16:35:11.450000 +CVE-2024-26473,0,0,223bbfc60b0ebde8ab7f29d9fb2cc884267d8700f29798d08073e118ead670c3,2024-11-06T16:35:11.450000 CVE-2024-26475,0,0,20ad9200302e3e54b711e4fc6343b6cece119754af3510ad17450c27265394ef,2024-03-15T12:53:06.423000 CVE-2024-26476,0,0,86217df566dd4435b72fd3727298db36201b9d7d0dfc96aa7e00ce9a615454c6,2024-08-12T18:35:32.803000 CVE-2024-2648,0,0,6d89ec31c12e1a6e47d90e233556070db2336168660808ad047eea9b6b7f2532,2024-05-17T02:38:23.220000 @@ -248475,9 +248503,9 @@ CVE-2024-26609,0,0,bb896216d73c7b31d6903ef4a1df35e3e4fcec2e096dd8b8ec48bcb68cced CVE-2024-2661,0,0,85bec5c676623ab88612e891d6756662ddeb6561914c3498ba906c2c5ebd1742,2024-05-02T18:00:37.360000 CVE-2024-26610,0,0,8425e8e399eb443dc4e73b326e7f2e403e8f7ad55f1893ce484ddd817861f917,2024-11-05T10:15:32.837000 CVE-2024-26611,0,0,acc8352b50a4974961b23961ba27e7846557cb5413a446c13e33edf4a52fda06,2024-03-12T12:40:13.500000 -CVE-2024-26612,0,1,6c0d46d3b16bc0608093fa77342af453c350b5062ec44e32e79967035eb38b79,2024-11-06T16:35:12.233000 +CVE-2024-26612,0,0,6c0d46d3b16bc0608093fa77342af453c350b5062ec44e32e79967035eb38b79,2024-11-06T16:35:12.233000 CVE-2024-26613,0,0,887f6e7769115404b4046d42893cc797ad2101f3efa9c8256bb46110b9059d9e,2024-03-12T14:15:07.310000 -CVE-2024-26614,0,1,3387076d5f57227ad03d34cc436f3ee17b04e05fab9e7edbd2d611716c6ecbc3,2024-11-06T15:35:13.547000 +CVE-2024-26614,0,0,3387076d5f57227ad03d34cc436f3ee17b04e05fab9e7edbd2d611716c6ecbc3,2024-11-06T15:35:13.547000 CVE-2024-26615,0,0,af841e8c3bcb1a4fc29161a40cf22a018c1e7a1365188d906491a61f7b4e60ad,2024-11-05T10:15:33.360000 CVE-2024-26616,0,0,a1bea521ef3c112476b0abc0a3ce55cd13d77ed311215d74b104f6752bea437a,2024-03-12T12:40:13.500000 CVE-2024-26617,0,0,67f44cfe230b35c9f33e586980cbef875d117f8c0ca4fad33530037ab6a6f3b0,2024-03-12T12:40:13.500000 @@ -248561,7 +248589,7 @@ CVE-2024-26687,0,0,f5c212369abc84e0767cc3925b15f6cc76be5849536126268bfb9b1d72228 CVE-2024-26688,0,0,2002f874da9a0e8ca78e29f1294da0fb8ce6f0115046cea4da21af152820c4f4,2024-11-05T10:15:41.420000 CVE-2024-26689,0,0,9b3a98daf41208051305b4bd334ec9170bdc6af43d76fdcd9b12dc1de94920ab,2024-11-05T10:15:41.513000 CVE-2024-2669,0,0,0b165dce47fa200064025514d99f09be13049d35ab700e215670a5661ef338dc,2024-05-17T02:38:23.873000 -CVE-2024-26690,0,1,8261281716a061a07471a4343950197113704e78bef4a26e227371019663dfab,2024-11-06T16:35:13.027000 +CVE-2024-26690,0,0,8261281716a061a07471a4343950197113704e78bef4a26e227371019663dfab,2024-11-06T16:35:13.027000 CVE-2024-26691,0,0,ed8b0c4f02ac9ca5ffb1145de8709b749b6738617be1718077c762e1d6edb27f,2024-04-03T17:24:18.150000 CVE-2024-26692,0,0,34cf8b2b4d93fe1548aec17a8481f7531f6d1f0b50c7303924044aca3707f0d4,2024-04-03T17:24:18.150000 CVE-2024-26693,0,0,8a97d5b7fb8da5cd1010f4ad51cb640f0628ffaa41f42a5d43fb97a944ba18e7,2024-04-03T17:24:18.150000 @@ -248744,7 +248772,7 @@ CVE-2024-26853,0,0,827c2cb8caefeecde1c32072d63c4255951fe7e076c638214179f90ffb295 CVE-2024-26854,0,0,71382c729dcbfb61122fea21c2172ded949fa87a0f12accbe08dbcfd7b75a577,2024-07-03T01:49:55.907000 CVE-2024-26855,0,0,a34e4bdb4fadd06ac262bb7cce9b3e41df39c4f9fc51b273cc55b125486dbc93,2024-11-05T10:15:55.273000 CVE-2024-26856,0,0,77cac585d71164109269fb680b58c63753e0f9f102eff7878da70123d077c45b,2024-04-17T12:48:07.510000 -CVE-2024-26857,0,0,ea236b71dac0c12ab38110ecd674929a2e4361395aa0a7faf6d2340e4f268d98,2024-11-05T10:15:55.427000 +CVE-2024-26857,0,1,b637c7a635aa6af3a2b0d4640dadaa860e16c23745d93275bf9596d8be38e284,2024-11-06T17:35:29.517000 CVE-2024-26858,0,0,2c2ae01b570dd0ba686e168dc45629343e8fee7ec8e9b850a8290c12866faf9c,2024-04-17T12:48:07.510000 CVE-2024-26859,0,0,daf42acf9d6b57fe7753f3b337cdea99639c448ef6bad7b3590f8b76c7529a1e,2024-11-05T10:15:55.587000 CVE-2024-2686,0,0,3ed08ea0f22c32181bd5dacb228b7210434d6401ac34959c1ad083c5f1348ee8,2024-05-17T02:38:25.477000 @@ -248808,7 +248836,7 @@ CVE-2024-26911,0,0,8ea2c917a6f00806416f32a6fbb36b2b35e7e18ca96874650f1bec8c514fc CVE-2024-26912,0,0,7c8d0e30edc101bfc2f9acae1bf1398abcf215c4aec3726d727c7375cc839a46,2024-04-29T19:20:57.410000 CVE-2024-26913,0,0,f6996513dbf56b11faea732099eafb372fd99cee02dcccfb4d1926d7bf1badc4,2024-04-29T19:29:54.527000 CVE-2024-26914,0,0,b60bf8a04b17c0ea33f524de7c269b75b58d301f82cdab9a9708a990a2d14dbd,2024-04-17T16:51:07.347000 -CVE-2024-26915,0,0,3aeea9b3b1040d92e3c4fc19c7e143be80147947903ccfd65b166e36804975a5,2024-04-17T16:51:07.347000 +CVE-2024-26915,0,1,9cc0b122bc1076e1ed839de153f283d1572de5b273bee6dec217ec5e8ed992fa,2024-11-06T17:35:29.737000 CVE-2024-26916,0,0,2c15e9b6f09b6b6e09b74c13dd3524379b0f76dc583243b6aec1ac31f122210d,2024-04-17T16:51:07.347000 CVE-2024-26917,0,0,2f71062562aa805ffbbcbe3a9f6ca9c0c20e9055fb468495d281d28c7bb076b3,2024-11-05T10:16:04.390000 CVE-2024-26918,0,0,ce69ac1622eef6980f6643c9ecfc31fb973f75565e256eaf541cc492bb16369c,2024-11-04T19:35:06.627000 @@ -248880,7 +248908,7 @@ CVE-2024-26977,0,0,497654cb7be192f219ce80826de497c17b0440b7c74d50ac35e9e9acebd5f CVE-2024-26978,0,0,a9fbbccc4c6b6a063b057899168ba5ac729b3dc43f3b1b1773b94be1dcc0247a,2024-11-05T10:16:13.170000 CVE-2024-26979,0,0,33d8a117099141e9ac17b778389695861dbfcb2a950ec3472e402d03bd709b88,2024-06-12T16:15:11.147000 CVE-2024-2698,0,0,40bd5a1cdf4bb74113246fbb824eb2e69afabe86a31672736550bc5463d9a867,2024-10-02T15:15:14.603000 -CVE-2024-26980,0,1,a01b0fb4342bdf39b9da77b70e4a19bcbf069006c4205e781ec1da49d5506883,2024-11-06T16:35:13.217000 +CVE-2024-26980,0,0,a01b0fb4342bdf39b9da77b70e4a19bcbf069006c4205e781ec1da49d5506883,2024-11-06T16:35:13.217000 CVE-2024-26981,0,0,b482b645b87a0746c73a4d4320abd2cbdb59b8e0c54a36b544c28c1736ca5091,2024-11-05T10:16:13.467000 CVE-2024-26982,0,0,1a2169fa3b40190b3ed39d1072c0508ff86c68871ae50c9090fd9edb12452c09,2024-05-03T06:15:10.953000 CVE-2024-26983,0,0,97483a2d4faab7e173ea01e5859a765c94f9c9fa4e5a75c83d5014271c246578,2024-05-13T08:15:10.750000 @@ -249145,7 +249173,7 @@ CVE-2024-27231,0,0,cb6c833d389f9377c9592e3868a50b649339743a051bcf66fdda4f2a40b61 CVE-2024-27232,0,0,64ecd9a830c9b30b766707b244dd77aa970adc2152fb16fddd12d23820aced02,2024-04-08T18:49:25.863000 CVE-2024-27233,0,0,4f805b66de1371a2d4417bd116c04ac1324a59b0f4fedad25c9d0195537442f4,2024-08-05T18:35:11.120000 CVE-2024-27234,0,0,1b0ad16da90d4d5fdb81d47fff8f9573f537fbee16c19c1920ac4110156ba7b1,2024-11-04T17:35:12.957000 -CVE-2024-27235,0,1,dda2fe44faf4df1b9d613a056bf0fb67b816bf4db9564d1ea4606c019daa6c18,2024-11-06T16:35:13.410000 +CVE-2024-27235,0,0,dda2fe44faf4df1b9d613a056bf0fb67b816bf4db9564d1ea4606c019daa6c18,2024-11-06T16:35:13.410000 CVE-2024-27236,0,0,42db3b0d6114a0f284786f77acfa731b447b1bbb3d017aeb40a796e6668e1514,2024-08-27T15:35:10.943000 CVE-2024-27237,0,0,229917a4428117370a5145466e677b0c72a40fdcb37122ac8c08e36ef5d19033,2024-03-12T12:40:13.500000 CVE-2024-27238,0,0,d9ed436433ab3962c23812e126d692cedc24517358f04b11084f029c27336d14,2024-07-16T13:43:58.773000 @@ -249317,7 +249345,7 @@ CVE-2024-27409,0,0,fd63625b187ac1922c536567ed4cad7c7a2a229a4e03577c206bdfa5425a0 CVE-2024-2741,0,0,c58e14c9db86d5febd22c63054c705b9a1bf1535b4be83a4099b0636651ed49d,2024-04-11T12:47:44.137000 CVE-2024-27410,0,0,465a7051477bad71e5a3fcfcb38bca95cbd715c5d52a9307cda8fc3eb3b1befc,2024-11-05T10:16:32.150000 CVE-2024-27411,0,0,ad3d246e638fcd25172721c2ba8c32ca339b349bb2bbf81c10ed2ab679a1a0c1,2024-05-17T18:35:35.070000 -CVE-2024-27412,0,1,3a34fbda62d0c9806bd3d07b62d9bb80e481abf6120f9b763af66aa26c152367,2024-11-06T15:35:13.753000 +CVE-2024-27412,0,0,3a34fbda62d0c9806bd3d07b62d9bb80e481abf6120f9b763af66aa26c152367,2024-11-06T15:35:13.753000 CVE-2024-27413,0,0,116aaf0f4c5414df3313e5114987c904fecd875d9ed3a070b0cde77994b2d776,2024-11-05T10:16:32.720000 CVE-2024-27414,0,0,b7084713b9a78bf497f755238a289a570cc349e3151815716d30879405fb942d,2024-11-05T10:16:32.853000 CVE-2024-27415,0,0,3f821482910f24f318c2dd9a0587454ec6131f46fbcfb2e3e48ca26e774e9f41,2024-05-17T18:35:35.070000 @@ -249342,7 +249370,7 @@ CVE-2024-27431,0,0,9e81766152810c605c671c929871f31b15308881028ef21e1bec46fa5085f CVE-2024-27432,0,0,5adfd53e7c7b1e4e0cdd83f244838b35ae843625de51e278b8673967226dec4c,2024-05-17T18:35:35.070000 CVE-2024-27433,0,0,df881851a60ed8d7570675825de2a9dc65d35dd1b068dbbb750b3899bad98f2f,2024-05-17T18:35:35.070000 CVE-2024-27434,0,0,1f6c02e41dec096e8d8a3aad3815eba137d3c6211e0c5dd9dd2a15d8e31791cf,2024-05-17T18:35:35.070000 -CVE-2024-27435,0,0,2690a889bc459707c25ab4085b583533db620df0a7e855ff048ee9efb5a3e77a,2024-05-17T18:35:35.070000 +CVE-2024-27435,0,1,5652267c01fb626d607be1c12bf9f8677bba59a1b84939acd33c7f56dd6c8e9d,2024-11-06T17:35:29.977000 CVE-2024-27436,0,0,af06b4bcad58d24cb7331259686f549dfd0a1c5ba64e8d3dbe49d7c3c4923d5c,2024-11-05T10:16:34.793000 CVE-2024-27437,0,0,20c50197270e498efa966e3d498e976cc48d3a4df35987ee5132614b5b95110d,2024-11-05T10:16:34.953000 CVE-2024-27438,0,0,84f83f5dae675a14c68d7e9e091a476b07ec9d8bffa6e40cc89145e2f8bf3eb5,2024-08-01T13:48:27.240000 @@ -249370,7 +249398,7 @@ CVE-2024-27462,0,0,2177b080bf16597b1d3af90d404590cae7bb441b9367c276a25f840d3e6c7 CVE-2024-2747,0,0,baae2e4ad262224b7bd783539f8781ff29c46a1f8cdc1bd24812f0d29f991485,2024-08-23T16:30:43.417000 CVE-2024-27474,0,0,4a390a0a495b528719cdfad3c5cdbeeb4b25b7052e56b9b2bf54d8bb9762dcc1,2024-08-21T21:35:05.010000 CVE-2024-27476,0,0,7a4663f499ee23e08c2a048515f5b6745ec9423d99e38efec54dd0ceaf59a3fa,2024-08-01T13:48:28.390000 -CVE-2024-27477,0,1,6439d801913ce62631c8417c9fb48312b080056a58607cc361704ef0ce1212c4,2024-11-06T16:35:14.220000 +CVE-2024-27477,0,0,6439d801913ce62631c8417c9fb48312b080056a58607cc361704ef0ce1212c4,2024-11-06T16:35:14.220000 CVE-2024-2748,0,0,a5981f926316e727f1bb9455ec311db801fabdd6fc8350d94a1fb8a2edb4a89a,2024-03-21T12:58:51.093000 CVE-2024-27488,0,0,bfdf15a6c63aa1a91ac337c65bb16cee3d64b1e4a0cba0b13044ecc27d04a86f,2024-08-22T17:35:01.813000 CVE-2024-27489,0,0,fae6db07f37367cac095792be5d6f831e097964d9738fbc71b73f8a7056182d5,2024-08-01T13:48:29.187000 @@ -249944,7 +249972,7 @@ CVE-2024-28253,0,0,6e8461e40b16f7a7e21f345b9017d5d833ff7721594b87aca36576f26867e CVE-2024-28254,0,0,ba6384e5d24a90ea0036dcbe7f89cd48d629aea12c2d3808708fa9f619d07a5b,2024-03-21T02:52:24.507000 CVE-2024-28255,0,0,6c24108715789a8632f6c0bd979cbf84c1a0fc93616c3274aff96eb04aa324ca,2024-03-17T22:38:29.433000 CVE-2024-2826,0,0,1eaaedd13dccddb76dc5a703640573b39f5461bfbad9053e70af360d65f8cdee,2024-05-17T02:38:32.910000 -CVE-2024-28265,0,0,efa38f57fb06f75f1f5ddab895eb0305a2c5a77edcc346c550cea41876502fe0,2024-11-01T20:24:53.730000 +CVE-2024-28265,0,1,68043754461cd8d978ab6ae94abf5ad9b8f99b7c5733a558b89ebbb2fdc3a0a6,2024-11-06T17:35:30.180000 CVE-2024-28269,0,0,b7dba037dfa057d99dedf14ed710d84a658c9775dd875bb28a1c5e4a54714ee3,2024-07-03T01:51:32.517000 CVE-2024-2827,0,0,8a3b8a600b66b6a1d493b06795e5ff420fded15847345b5fd4692002caac1e89,2024-05-17T02:38:33.003000 CVE-2024-28270,0,0,d31e1c2434769794f7fdbd96bb87b1e9def96007379aac5531dfd1dd843aefb6,2024-08-01T14:35:06.503000 @@ -252514,7 +252542,7 @@ CVE-2024-31966,0,0,e813fbcff3c742b22ff3620e22028114e0bd0dc18f84922743926ac1c5508 CVE-2024-31967,0,0,d11e85355b08311754a29e0c672ae95e7ac529a4f49e30497f6cb09093fb91b0,2024-07-03T01:55:40.527000 CVE-2024-3197,0,0,324c7a8dc9ccea612ec0432519a90414016d01b55429c0b6dc09fc2cc5af230b,2024-05-02T18:00:37.360000 CVE-2024-31970,0,0,dc760428323022074304e6c9bb04a280cd725057b022c5a2ca8dd65247ed99d9,2024-09-03T21:15:15.603000 -CVE-2024-31971,0,1,534e1755af1f324ccaa688e6e242d3683ed9a82b34b076f929af707436430892,2024-11-06T16:35:15.840000 +CVE-2024-31971,0,0,534e1755af1f324ccaa688e6e242d3683ed9a82b34b076f929af707436430892,2024-11-06T16:35:15.840000 CVE-2024-31972,0,0,f9241b9f06175c965ad284b5c2136f1f7f8e377bc5d6b68f231b17656172b319,2024-11-01T12:57:03.417000 CVE-2024-31973,0,0,c3480f733abb332799fc1f07ef143103e9de0ed931d381c037c7e12d5a9eb78d,2024-11-01T12:57:03.417000 CVE-2024-31974,0,0,eb64c7f63099840683d53752791541217d3c4d0792dfc9b0d9b46ea3d72b30e4,2024-07-03T01:55:41.323000 @@ -252696,7 +252724,7 @@ CVE-2024-32236,0,0,d5871b893c68bbd3751dce630253c79d1c30665f824c9666c275163dd9ec4 CVE-2024-32238,0,0,2e383d4cf27763d4a2e4c78aa0cd5794584e416efc1aa13fdb576cfd26ca2359,2024-07-03T01:55:55.820000 CVE-2024-3224,0,0,5cb76873d21890ad6afc0804dc7e9ce4b6d28fdd7bfda362c8cc03368f50e1a6,2024-05-17T02:39:47.717000 CVE-2024-3225,0,0,40aa66a8e68f888608b499541fb92a4691409488858b4efe5c0a0411aebb7f11,2024-05-17T02:39:47.810000 -CVE-2024-32254,0,1,cd4f1a5551a5c9822f757a7d2238dda17ee8a1fa8cc0f96cbea15de331abf612,2024-11-06T15:35:15.373000 +CVE-2024-32254,0,0,cd4f1a5551a5c9822f757a7d2238dda17ee8a1fa8cc0f96cbea15de331abf612,2024-11-06T15:35:15.373000 CVE-2024-32256,0,0,d73ccc721413fd8760cf4b0bafcea5475f35ae263cabc205ad24f200b9e298f1,2024-04-17T12:48:31.863000 CVE-2024-32258,0,0,5dae54230a1765016eb565e9e25d82cfb7f4d23860857f1e9a3317d31d41442b,2024-07-03T01:55:56.647000 CVE-2024-3226,0,0,ec3ef7f04eda709a41c6882e051ba63d6f97210f0092ab0d07f256b6e32ea9c3,2024-05-17T02:39:47.900000 @@ -252721,7 +252749,7 @@ CVE-2024-3230,0,0,eecee83995bffa0c7057e3fda1f43ad336332e5244900dd85e5490610f2a52 CVE-2024-32301,0,0,0c0ebf0edbfb8781cf3c608cb1c32e3b8289cc4b1242588359512d2fce94904f,2024-10-25T21:35:06.520000 CVE-2024-32302,0,0,bd1ac90688cfcc6be84f8824a7ca0d43ddb624d319b101804bb272446e0e3b78,2024-08-01T13:51:27.897000 CVE-2024-32303,0,0,f0bc1654c3d620aa1be591d810cc4b864298fb65d4403b208969a299da948b54,2024-08-01T13:51:28.717000 -CVE-2024-32305,0,1,69fdb882d0e96e1fe90665eea9ff94027687431835bcb3ed0f0f35307298a2f9,2024-11-06T16:35:16.710000 +CVE-2024-32305,0,0,69fdb882d0e96e1fe90665eea9ff94027687431835bcb3ed0f0f35307298a2f9,2024-11-06T16:35:16.710000 CVE-2024-32306,0,0,3216c07ec117e1fbeaffcf62eac6a3e3d7a0764d75335094f2ef3b1b39747031,2024-07-03T01:56:04.840000 CVE-2024-32307,0,0,c14b05e00d92ae79fe5540e9799479f963d5751864afc7788062931c71c6d33d,2024-08-09T15:35:04.790000 CVE-2024-3231,0,0,40b79fec38d814f8dec0227cb5eb4c317595ad0e1f97fbfd99981190ed0e6e2f,2024-11-01T20:35:12.910000 @@ -252853,7 +252881,7 @@ CVE-2024-32491,0,0,d30474497268ba8f1eca4a0213eacdfe653c7390c8a6bb0f205ad6c8bcf6d CVE-2024-32492,0,0,b8f37fd95afd9f3c0db9b82f19324f4f73a560600fb9ed3392952c1c91bb381c,2024-07-03T01:56:38.510000 CVE-2024-32493,0,0,ffb6c116d41e9a5c89f19db9ee55928315a8849f99630d88960b7d23ca7c5aa5,2024-07-03T01:56:39.257000 CVE-2024-32498,0,0,4150ddec7485ee60f86cf73abf90bf3a9807f984aae3d33df3ff29289588e17e,2024-10-30T20:35:19.110000 -CVE-2024-3250,0,1,bc0df59e255e09c1b51bdce7e4201d7888630a606eb470d651b12017b1e341a6,2024-11-06T16:35:18 +CVE-2024-3250,0,0,bc0df59e255e09c1b51bdce7e4201d7888630a606eb470d651b12017b1e341a6,2024-11-06T16:35:18 CVE-2024-32501,0,0,d42ed0435c08425f1f3c26cf3652d7447e84f5c1d3745ddf8954f1f688bd1c7e,2024-08-27T15:35:15.213000 CVE-2024-32502,0,0,6c01a3b4b5868656f3d57f70bafd56da976a1e8c28c0eec374ff444b607fb7d0,2024-08-08T15:35:08.940000 CVE-2024-32503,0,0,c69792145ae689a248325da35f7a774598c93088c517597b4569240a45140901,2024-08-19T15:35:05.037000 @@ -253268,7 +253296,7 @@ CVE-2024-32910,0,0,96fa2d9d7d031cd1f9c1fc15158945931873ec9256f8a9c2c7692b9920960 CVE-2024-32911,0,0,3a0fef0abd5eab29360573b4c903482bbebef01629598c289909e1af8d4e6f74,2024-09-06T23:35:02.557000 CVE-2024-32912,0,0,fd994f36adaadcf11decff8c54cb9ed9dfd2529041b080833bc870baeef2b9e7,2024-07-16T14:56:26.787000 CVE-2024-32913,0,0,996f6595bdd5fe8c40fd4536473f9753d8a3be1f0d10e2434d28fb6144612388,2024-08-19T14:35:08.433000 -CVE-2024-32914,0,1,72488c67f1a97ff63718bcec61ee77a9703eb559e3173c34676eb8709cdb62b8,2024-11-06T15:35:16.180000 +CVE-2024-32914,0,0,72488c67f1a97ff63718bcec61ee77a9703eb559e3173c34676eb8709cdb62b8,2024-11-06T15:35:16.180000 CVE-2024-32915,0,0,4c1d20a9ebe8b814b723ab8c358028576e2a48f20441baee31fe76310539badc,2024-11-04T18:35:09.293000 CVE-2024-32916,0,0,d8831ef74b688a9a11e24f411d0b273555821e16e14587caff484bd0789da6eb,2024-11-04T17:35:16.763000 CVE-2024-32917,0,0,6d583d8ab79c5333a5d03cc2ab6bba8eb02ee95c890cd04661d7dbc4855b1773,2024-08-15T16:35:09.653000 @@ -254027,7 +254055,7 @@ CVE-2024-34043,0,0,53746d879667589cb2311df11a4aae652da57dcc560b773c0549055163d48 CVE-2024-34044,0,0,3bf550daebff9661b99c320a41c6714394baf6dc397c76dfc83e0b8999ac3eeb,2024-04-30T13:11:16.690000 CVE-2024-34045,0,0,79bd65de67c0efbec24a2f08a1536c9cc87b90b692934d062800de780d7b669e,2024-07-03T01:59:18.230000 CVE-2024-34046,0,0,3af63485a8307d182b057fc6835d7e7e37c1dbc1f2b63b0c05e957ed68af1c33,2024-11-01T16:35:17.327000 -CVE-2024-34047,0,1,e066e60743914316ea4d7d917884e0cba407f608337595ec8ca6f0119046db4a,2024-11-06T16:35:17.080000 +CVE-2024-34047,0,0,e066e60743914316ea4d7d917884e0cba407f608337595ec8ca6f0119046db4a,2024-11-06T16:35:17.080000 CVE-2024-34048,0,0,6bcfd91d2ac0aad4340ee02989fa8d65e252733c090996087cd8967c875f55f4,2024-08-27T15:35:16.013000 CVE-2024-34049,0,0,3df614830d71e8ac5fba93ebf68fe707e589f258fbe295336d0f23b1e1107caa,2024-08-20T18:35:06.130000 CVE-2024-3405,0,0,1a36e7936640d8ee3b950dcf5e1524049898a441fb6f4e16f7e747a8431e73fe,2024-05-15T16:40:19.330000 @@ -254531,17 +254559,17 @@ CVE-2024-3467,0,0,cacb4fff60c492ce28d24c855ee87196a20d1b51cff8acadb6d43f71f0e4e4 CVE-2024-34670,0,0,c7f7a5e478bc1a10ace61979abf21c947b061684824f9606c72fa122e8a61c6e,2024-10-10T12:57:21.987000 CVE-2024-34671,0,0,a08598303b7cc44bc7ce36474bf6973e3d3c57f08611bad7aa18ef971deedc26,2024-10-10T12:57:21.987000 CVE-2024-34672,0,0,5b999fcfa370bba972f9e6370e3179075f4c5c678a82b2140b4d119a0d64c655,2024-10-10T12:56:30.817000 -CVE-2024-34673,0,0,955e7fdcf466d883b33c569efd41a03913b34266aa94c856b1dda8f742171c2c,2024-11-06T03:15:03.257000 -CVE-2024-34674,0,0,4233c6de2743e86ade719bea8b2789408ca5055fa389399e597306f6076b9c6e,2024-11-06T03:15:03.473000 -CVE-2024-34675,0,0,388297320e6976125e80eee9943e59b47d113044d97ca69252ef439d63032e00,2024-11-06T03:15:03.643000 -CVE-2024-34676,0,0,1a3666d1632dca93cbec6d6636b6a9e9b447a9e8a969e50c5ca197e5efe3630d,2024-11-06T03:15:03.820000 -CVE-2024-34677,0,0,e4b674fe72ad8e998c3fc1626177aa8713e1dce066119c7416b9be6db31d0ee0,2024-11-06T03:15:03.980000 -CVE-2024-34678,0,0,f2d70aae83c64552081a79c35b1e5473e40076d3a00219f12fb3fbe3302833b7,2024-11-06T03:15:04.153000 -CVE-2024-34679,0,0,1847dc0a8bc7208fb1324afbc997fd0c9f68ceb89cbcb2c4dda97d339e1a6293,2024-11-06T03:15:04.317000 +CVE-2024-34673,0,1,9de9124b3e6733657b2f439d2108f71ea5d98405c070045bb8baf4be7a7657f0,2024-11-06T18:17:17.287000 +CVE-2024-34674,0,1,b89c12295bfc8c7cf5cbf2125dc337a0e4f98189bf73a6af476d0918d33896b1,2024-11-06T18:17:17.287000 +CVE-2024-34675,0,1,ad6a63c1fd7ea32c1d80296a27be8f7af3e820ae9345ac14db43da41b1a37431,2024-11-06T18:17:17.287000 +CVE-2024-34676,0,1,86f9716a9dde97bf2579aedaf124d499a0782fe0815dbf5d45c08bb8cad56b92,2024-11-06T18:17:17.287000 +CVE-2024-34677,0,1,e8c86fea3b3a848bd1a9ca1e58b9562e2cb3f458b4fa89648319950ca5818a83,2024-11-06T18:17:17.287000 +CVE-2024-34678,0,1,5f7318e86be23e86f8886d280846ec52d56cf2e8d72c724a85baba890b9bd9fa,2024-11-06T18:17:17.287000 +CVE-2024-34679,0,1,dea06bd12b0a9ea94ac70075c28aaf6d5c35b585cd9bbf2981c58d2cdfc3404b,2024-11-06T18:17:17.287000 CVE-2024-3468,0,0,b143f709020bfa0c4d31a3d3e75dcacae5f0344d8dcf22b8e7a02c60ed5e45e0,2024-06-13T18:36:09.010000 -CVE-2024-34680,0,0,e95da3d998f7f18d9c903c5ee91d80269afae3bcea766a756737985e6e7b6854,2024-11-06T03:15:04.477000 -CVE-2024-34681,0,0,735785311d8ec8ec643d9f93b4f6ab3bed0cc0cbdc5dfe3600cd77ed0baddc28,2024-11-06T03:15:04.643000 -CVE-2024-34682,0,0,b9f85269f913754abd1dcdb31cc10e762dd6b0f5bf741762cb45e44af03bdc4c,2024-11-06T03:15:04.807000 +CVE-2024-34680,0,1,b15b7a995cb28b4fb17ce582b201e97b2bde890a698c3eaf0e3657e2dd0f53ca,2024-11-06T18:17:17.287000 +CVE-2024-34681,0,1,c40d2bef6103cfdc5c3bdcef7f64079880f481f862165fed2ff7a0daf469c79a,2024-11-06T18:17:17.287000 +CVE-2024-34682,0,1,c6fce8ee8a33bc0c9947fa150cb1376c7ae2c452b9c50ddd14146ff1bf1e37f6,2024-11-06T18:17:17.287000 CVE-2024-34683,0,0,9d29c0ceca80aeb9ddf34072d48291a9d5d5d5decac1bcbe5defe30bff14c867,2024-08-09T20:04:44.060000 CVE-2024-34684,0,0,e8c75614bfdf726402b2e2e5ba5b4d9d3d56d8e0e55be88a08ea86e305e764ec,2024-08-09T19:15:17.677000 CVE-2024-34685,0,0,7b2238e6c0d6ba01f5b0c43be9387a7356e22cab609b2b92ef07aa910b7a9a4c,2024-08-29T19:29:14.440000 @@ -254799,7 +254827,7 @@ CVE-2024-3514,0,0,3ed2667128afb9e047ea43d977eb1ed71e90bed358f504ad5e2322f1a22b19 CVE-2024-35140,0,0,f651bda48ef3720086b4e55e66eab6a11168ee8b067c959fc6ebc63397794d8e,2024-05-31T19:14:47.793000 CVE-2024-35142,0,0,eff9915c7a0945f0e06d680eabc808e5d5a4e4e1bca0bc89129e9dc0c0bf4eef,2024-05-31T19:14:47.793000 CVE-2024-35143,0,0,91b6eeb88ab78f0a68d664e29510e254e5a4274c3ef1d98eec625c8db65a7df1,2024-09-11T14:34:13.590000 -CVE-2024-35146,1,1,eb28c0b2afa28cf50d8219845d669d4462584637c51ba6bdf6290fed2c4d7ce2,2024-11-06T15:15:19.247000 +CVE-2024-35146,0,1,677d9601db9ab67d985a537039948f286c2d846a8ec76867b2d02896d2828cd1,2024-11-06T18:17:17.287000 CVE-2024-3515,0,0,8fd4dcadec7780b53436525af06eb6126290740e496ba02261842790bcfc4cf4,2024-07-03T02:06:19.180000 CVE-2024-35151,0,0,50c46c119b543968ed958ecfb5b487a6d2fa4303602c68e6298210cebc9f30c1,2024-08-23T15:32:15.270000 CVE-2024-35152,0,0,6405a901c2a07c460de1a6dfaec77aa83ec13bcce14e649bd5403dd2210dc6bc,2024-08-23T18:57:54.717000 @@ -255358,7 +255386,7 @@ CVE-2024-35884,0,0,0418b0b0622e67bcfccaa3ca16a8b3d41db014ac48f586f447a4c361a5d7f CVE-2024-35885,0,0,ef8c5dae214c297bcbba3dbfea16b01a78e240693742288cb509601060b6dd61,2024-05-20T13:00:04.957000 CVE-2024-35886,0,0,4e96b3fbf790311bc0bdedd23699eb9cfbd5e320714559e717b7676530375718,2024-11-05T10:16:49.100000 CVE-2024-35887,0,0,af04a6eca093265e7066437a356142444e8febaef6e44aeeb3a8ded9091bf9c4,2024-05-20T13:00:04.957000 -CVE-2024-35888,0,1,cbe636461befde99b4b9875c805d59434e461e7e856fe1251f13600ecf2e09d2,2024-11-06T16:35:17.350000 +CVE-2024-35888,0,0,cbe636461befde99b4b9875c805d59434e461e7e856fe1251f13600ecf2e09d2,2024-11-06T16:35:17.350000 CVE-2024-35889,0,0,d5802c02f80a3434de5bac779dcf7d946a88394c4dccabf4801a8c63c1773b39,2024-05-20T13:00:04.957000 CVE-2024-35890,0,0,c9e041330da31f6b1d7b23542034dc0e37c90e764366e19a0a1a3d2e27288ea1,2024-05-20T13:00:04.957000 CVE-2024-35891,0,0,020345e2d6b07ed9ebb9279a6d9a2dea40c65eb51e6d3fc0c5cd350efe2fc0df,2024-05-20T13:00:04.957000 @@ -255488,7 +255516,7 @@ CVE-2024-36003,0,0,f9005b31592e6b6194456598a8873f9c20a1e8d9e87fb91b635fc0c9da09f CVE-2024-36004,0,0,694d59734ad567b78c4da69b0042f0a002f3bdf164ccd3dc541a073b7650376a,2024-11-05T10:17:02.900000 CVE-2024-36005,0,0,e5cccac414c2efe2394d034c55a62d5352db26046c50073d7deb66458c2e014f,2024-11-05T10:17:03.090000 CVE-2024-36006,0,0,ca0e710f7db5615595ea1c32ca16d59fee2b5edd96e50e1a341e75896151bfc1,2024-11-05T10:17:03.263000 -CVE-2024-36007,0,1,72652f8ad8b10a76a5b294852c23c605957db9948311c41c4cfa5897cf8fb627,2024-11-06T15:35:17.003000 +CVE-2024-36007,0,0,72652f8ad8b10a76a5b294852c23c605957db9948311c41c4cfa5897cf8fb627,2024-11-06T15:35:17.003000 CVE-2024-36008,0,0,9eface0471b3288598c8219f28ada34f5a3635cf25017b1c9ad6285bb4569286,2024-11-05T10:17:03.423000 CVE-2024-36009,0,0,33c4d5b3f8aaf1b98451b4bc63f30722643dcf423af4b90bc618b2e92bf18197,2024-11-05T10:17:03.653000 CVE-2024-3601,0,0,4b8ff2c08218a4971fd273eec5975df722bc63a52a4499b1a01b853dcc7e0a3c,2024-05-02T18:00:37.360000 @@ -255531,7 +255559,7 @@ CVE-2024-36043,0,0,3bd225f8561cef578aaa027f6bceef70b4450bc22a2e5dc039a9b76782f71 CVE-2024-36048,0,0,5a5a6da2bab77110717de4a83cf2fd38c948b3573f3cee73605d8d6a5534fd54,2024-08-08T15:35:13.937000 CVE-2024-36049,0,0,16195e94e554c9cc2e1c5fb6b057cc3b79bc050cdc5b42034b6e0554be23efca,2024-08-26T16:35:09.153000 CVE-2024-3605,0,0,905473bba2f4b1f833e3696e0eb3a1556acdfbc79f67c22a9c6f82f499950cc7,2024-07-15T17:12:36.967000 -CVE-2024-36050,0,0,c50ac6e5d9529aacb1e334d114a2f6f4418d441c20a736ae9e48551abc3029b2,2024-05-22T16:15:10.777000 +CVE-2024-36050,0,1,d225f4fe3bb4f0a3c7ee2c8e0ec480a682c31b97b1c62a8d39d03c981e7091d0,2024-11-06T17:35:31.217000 CVE-2024-36051,0,0,06185d929bcef5b726eebc24c04947ea1ae42bf1c0763bf9aef66e711c162238,2024-10-11T21:15:06.843000 CVE-2024-36052,0,0,083dfa6efec8c8b05eaad2f1b8dc2dc652acb748c2d4396b452843d815f40c28,2024-08-20T15:35:18.753000 CVE-2024-36053,0,0,2b26adadb1e10190c0e2e5708c64683c631febead0f4dd9529189a0425d50810,2024-07-03T02:02:43.043000 @@ -256078,7 +256106,7 @@ CVE-2024-36924,0,0,722016b5aa1f648be979dccde19b766f08e47852e0ff5d1f03fc49ddd7362 CVE-2024-36925,0,0,543e4bcc0a06758631d44ececc18e5b4a3dbbb64ef6bd2f8d29ab7065b328619,2024-06-10T19:21:01.693000 CVE-2024-36926,0,0,44a79207e2295dd595b2107f8ce477f75e3fe4a37f25fec68904bc438c80d6aa,2024-07-03T02:03:51.367000 CVE-2024-36927,0,0,c8857756cf5c59847d4049cece8ad3c796ac212829e8034b92ceb9c1ff1517ad,2024-05-30T18:18:58.870000 -CVE-2024-36928,0,1,014bea42731f8956d812ddb40aba01d5411a6eb4a51636fe337c04b501b32989,2024-11-06T16:35:17.740000 +CVE-2024-36928,0,0,014bea42731f8956d812ddb40aba01d5411a6eb4a51636fe337c04b501b32989,2024-11-06T16:35:17.740000 CVE-2024-36929,0,0,9a76d599e4e35a266c4fd2d75c7105cec4a283e2d08e4e624637ad798600687a,2024-11-05T10:17:14.357000 CVE-2024-36930,0,0,b16cc7ee8f6e31cc74d2eff7d33efd0d24e8244410e5729e1e90e960809a9965,2024-06-10T19:20:48.797000 CVE-2024-36931,0,0,58df5b3f5de260fc92833c79da33f3a325c3f5f6a74acaf2a91f7a5f4cbf477e,2024-05-30T18:18:58.870000 @@ -256094,7 +256122,7 @@ CVE-2024-36940,0,0,0c1f728378cf31ce94657d69a031c717caf85806910834107ad5606a62ac7 CVE-2024-36941,0,0,182c90f0496f1ad5dd3b05700f55a11a5b5d5e89dce64f515e81c7cd207684c5,2024-11-05T10:17:15.980000 CVE-2024-36942,0,0,a1f487da43d76062b936dfbfddb1e440c765caaf5954435f74a1f90033ad270f,2024-05-30T18:18:58.870000 CVE-2024-36943,0,0,e5c40aba1ed70134ee05bf192a02557b4cdd81058c30e2f573675623409cf05a,2024-05-30T18:18:58.870000 -CVE-2024-36944,0,0,d6ef19eb0fc86c341a01ec384f1ee29a0e400d6196ba41a7d8fe88a3fd46df6f,2024-05-30T18:18:58.870000 +CVE-2024-36944,0,1,bd6e47c693844b0e04d972e184d47d9f3fa8cf6e333e8f95e03ac21e835f2086,2024-11-06T17:35:31.387000 CVE-2024-36945,0,0,9b5a728f2714238570cb854b4612a6756ba0089725c4553d6c9a0b0041554f67,2024-05-30T18:18:58.870000 CVE-2024-36946,0,0,6c4f663040dcdaac170c1bfaf39bd626cc294015218996b58e401d1bb85f9e0c,2024-11-05T10:17:16.490000 CVE-2024-36947,0,0,e0261fdaf7f972eab4922928c54ed807bc6e818e525babb20ad05bcd48715ecd,2024-05-30T18:18:58.870000 @@ -256758,7 +256786,7 @@ CVE-2024-37856,0,0,9302de460a4c7027c66921d13cd3a230b84232625cf00fe0e308c5a1ad114 CVE-2024-37857,0,0,bbbf66c5ae4e5b03452facf52d12302119ab17f8211a271346d66e2be4704782,2024-08-01T13:54:22.703000 CVE-2024-37858,0,0,145fe3af0cfa4378739729061c766f5fc42f47de0fdaa3c5429a9c029f707705,2024-08-01T13:54:23.510000 CVE-2024-37859,0,0,f5d379e1ba1283dae4ab2dc1c57e5283f78e28f480e0128f7f21d0c8376c4bed,2024-08-01T13:54:24.283000 -CVE-2024-3786,0,1,a963646959871b60ce1ae81d3ccf29669858a2babd4934482c95c06778cfb627,2024-11-06T15:35:17.487000 +CVE-2024-3786,0,0,a963646959871b60ce1ae81d3ccf29669858a2babd4934482c95c06778cfb627,2024-11-06T15:35:17.487000 CVE-2024-37865,0,0,00a1e3f7fea3591aaf817972a94b29032e0211df514cba52a943a6d6522976a1,2024-10-28T21:35:08.833000 CVE-2024-37868,0,0,b200b5b69302bc86aab1201eed9ccbe3a2f0410aa787e7727268399cedaa1ded,2024-10-08T18:16:07.383000 CVE-2024-37869,0,0,dc1a2df6f9aff9d4f42328b451c0fe9131e20530cd415d66856f986d59187a1e,2024-10-08T18:15:54.250000 @@ -257281,7 +257309,7 @@ CVE-2024-38443,0,0,f13f48a0a21a67520512a3ec2ab6e073a68af4c8b774478a4c1ef20277a5f CVE-2024-38446,0,0,bcbc8806462503026d7b2e3469fa747e31484a5cd7b81cc43c13603d1dfcefc9,2024-07-18T12:28:43.707000 CVE-2024-38447,0,0,dc0c3b62165311852f5f4a13a21078e5dfd8bc2d9ee81f1ecc9e29b0cca300ce,2024-08-01T13:54:50.470000 CVE-2024-38448,0,0,ba1871b7e0fa187923744d63be4c60396badf8afd9c3275c2e47e89175ed02ba,2024-07-03T02:05:03.433000 -CVE-2024-38449,0,0,8da6f80ac88bb7ae3e1140e6ee8382a2d6cd1d0a7f86d02f23b41c1048f2d2ac,2024-06-20T12:44:22.977000 +CVE-2024-38449,0,1,48192325d460427651474f80a5ecc1829dfa104cbbe619c2b4b351092648dd60,2024-11-06T17:35:31.553000 CVE-2024-3845,0,0,a979e2b537f528e4ac50f6006d078d735fa62fe4b7376a25443b79e4c194cadd,2024-07-03T02:06:42.887000 CVE-2024-38453,0,0,08958525d96155b2873daad7721dd5cb57bde45d4e8e94a2b3e4a3f3b7e8c89f,2024-07-09T16:22:44.900000 CVE-2024-38454,0,0,72d14562f500903ed20ecf4e44aff777a96cc5f26825831fa62629cb8dc6e476,2024-07-26T14:11:13.043000 @@ -257369,7 +257397,7 @@ CVE-2024-38540,0,0,e32a7f449ff8ae3014191cf278de61d18b1d635bb56b0abc92a1fbb7af071 CVE-2024-38541,0,0,023c6a7426f76d21c921b964034a52048d8ae62a75126b3da24f432830a3ec3b,2024-07-03T02:05:10.090000 CVE-2024-38542,0,0,236a852b17e8e7df2d96d10cd55624c3d6e510828a8ba906df9761c44c8d7f98,2024-06-20T12:44:01.637000 CVE-2024-38543,0,0,9904319b3841ba05d0649764b91a7dcf20e3aad22e44c835db1259658176f833,2024-08-29T02:24:30.617000 -CVE-2024-38544,0,0,01d53f2730d2506cdaf980d4d4284d0dfeca5941433692a32c17616c82c40e24,2024-10-17T14:15:06.360000 +CVE-2024-38544,0,1,bcedcd71122299f29823b1ebe7d97095ea4974bc03780498d9d07719a691151d,2024-11-06T17:35:32.340000 CVE-2024-38545,0,0,261dbfbb482829eb8a10c5dffc48966eeb2cd7f072fdb8cd547b02f5851c26f0,2024-10-17T14:15:06.450000 CVE-2024-38546,0,0,eea58266196a873fad4b4b919d579fb6ca82bf25773f04562985e9491c7b0b55,2024-08-27T20:03:18.263000 CVE-2024-38547,0,0,0fd46903a324a4303feb1a86ea138cad132aadfdd07434ca776aa7fc69875c87,2024-08-27T19:56:36.727000 @@ -257423,7 +257451,7 @@ CVE-2024-3859,0,0,f6a57f468f9800b8da982d83af2ac389f3f4d8b059886951b49765f213c508 CVE-2024-38590,0,0,e86d866c4a784c218f3833027c6ac202a6fe2ae81492fa7703f76f725c6070b1,2024-09-19T13:18:23.443000 CVE-2024-38591,0,0,9995c38906c89d4c26c4d73a9253c7dc172d1edb03657ec8d80bc3d1b50a2d04,2024-08-27T18:36:09.777000 CVE-2024-38592,0,0,37134037ea24ea3ecf9f937f4db71a7eaa477c8ce6aa02c104d4a8d758f347b0,2024-06-20T12:44:01.637000 -CVE-2024-38593,0,0,5810f9929219cd255d4f41416ce4d085acded54a81aae5569c879799f8b25fb1,2024-06-20T12:44:01.637000 +CVE-2024-38593,0,1,349617769aeade4fc944e04b0a5be20214cc6c056feed7d3b19c902383b822da,2024-11-06T18:35:06.780000 CVE-2024-38594,0,0,61f31c6a41b5aad2b3d7c37bc6281d847f99b83d56bc16594319e9d666befebf,2024-10-10T12:15:04.243000 CVE-2024-38595,0,0,832124134b5143ac4403d9ade527324b6e9e4e54c882604e73080b5bf34116c4,2024-06-20T12:44:01.637000 CVE-2024-38596,0,0,46720e55bcd9267a5978001cdabf468fbd47d88589f87bfbfc0df091a72949cf,2024-07-15T07:15:11.600000 @@ -259037,7 +259065,7 @@ CVE-2024-41135,0,0,ab6562ed5444edf91b52483668091e684a5544a948bbbda66cdb2112f2157 CVE-2024-41136,0,0,8f446ea9871083b3a95029887a8da843c2a4ca88057378bb01d114fc26c12217,2024-08-01T13:58:22.270000 CVE-2024-41139,0,0,bdbde1cdec8d54982e9a23b2fe9e10007aefb60cb58693a874090f6e5b97533d,2024-08-01T13:58:22.960000 CVE-2024-4114,0,0,387f9ca6df27ba000d0f44d990ccd6bb074258bb946c87938379db9652dc0a14,2024-05-17T02:40:15.917000 -CVE-2024-41141,0,0,66e666e17c3fd137fec7c9da37ae1ceec042d1fec499bcfa85959d0b047331a3,2024-07-30T13:32:45.943000 +CVE-2024-41141,0,1,9a59aff9bb6d3c417b366f53bd23c60398fe3019757d08ddc2a26b9ee7fb9c30,2024-11-06T17:35:32.520000 CVE-2024-41143,0,0,e8899d473fa3a8ea11660d6f2ba88aff617e29347ef6b002447e4155241e1772,2024-09-12T21:27:44.307000 CVE-2024-41144,0,0,a99ced5ff39791199789f8b7404cf70d5ada3bff5c6dc65a7803cc1121e905e5,2024-09-04T17:25:48.123000 CVE-2024-4115,0,0,89bc89df66a101d446d6568b359dec67345256fa579984420e2e2fe7ea4994ac,2024-06-04T19:20:29.937000 @@ -259954,7 +259982,7 @@ CVE-2024-42505,0,0,2fcd58f857ce6c82725ed74b63d72047c82b9583f361cc1246e436db45ee2 CVE-2024-42506,0,0,a50836bc4b1264acacafbcc6caa08df43b3dfb5e0abc0c4e6db32750472d07f5,2024-09-26T13:32:02.803000 CVE-2024-42507,0,0,b57055df85850f2ee370e2a3273bd68424b888342bc78e94d00bb509124921a9,2024-09-26T13:32:02.803000 CVE-2024-42508,0,0,2c3ef74dc61a212f49afeae18d3d774e8682eccbc5f7d8b0e3beb27e142f7cd6,2024-10-29T17:38:49.330000 -CVE-2024-42509,0,1,f652e055cb8a287bb445d9fab4d2bc214db4115b4f0a9056909b17bb46e5e891,2024-11-06T16:35:18.743000 +CVE-2024-42509,0,1,7e5e766d42629dcd17e93fc89359fde8ceec919dd272a7a267959d151cfe5121,2024-11-06T18:17:17.287000 CVE-2024-4251,0,0,4911c8bef2a1e60ace7e3694403733ed66cd48ed80870211c4240e0e24584389,2024-06-04T19:20:34.297000 CVE-2024-42514,0,0,a1f5f6b924755707c5bb385a67dc5d2ee260ba09c0f77899dd6a3e1d47eee9c5,2024-10-07T19:37:19.973000 CVE-2024-42515,0,0,66dcceef311373a35ba4e831215995cdb4f7e029306e1c3ea8202ae369fa7137,2024-11-01T16:35:25.690000 @@ -260104,7 +260132,7 @@ CVE-2024-4277,0,0,ec975a6ab8cd435ccab2b915965095df8c992e1e8e765cf73bc6d545aa3b1e CVE-2024-42770,0,0,ccf27258059742f30039f25eabe805a716273ffffea4887a407f7c06ff126127,2024-08-23T16:18:28.547000 CVE-2024-42771,0,0,5fdcb56cf08499a310f992440d0313771a9be4d7b03efd3bc89c6197593aef49,2024-08-23T16:18:28.547000 CVE-2024-42772,0,0,696b421ee5330a21266b6aa072d94bc1e6999c999020a22e65be5a516d7a0228,2024-08-23T16:18:28.547000 -CVE-2024-42773,0,1,8b3e052fd8a0be401647cfc1ee63a01bf26ab3105ae5ed21b8a2f3ee61b91847,2024-11-06T15:35:18.200000 +CVE-2024-42773,0,0,8b3e052fd8a0be401647cfc1ee63a01bf26ab3105ae5ed21b8a2f3ee61b91847,2024-11-06T15:35:18.200000 CVE-2024-42774,0,0,27b7ef559df712c1e02dab261626cae6adfc4f6835af7e4e148c48a0c674d991,2024-08-23T16:18:28.547000 CVE-2024-42775,0,0,297e3ca5ab15f5eef0dab7843e2d79e7376219bea97dae70bd476621f2410adc,2024-08-23T16:18:28.547000 CVE-2024-42776,0,0,49df09a24f284e86d715f5abaeb464734905bffafaa3c39e989586ce48e5c098,2024-08-23T16:18:28.547000 @@ -260899,7 +260927,7 @@ CVE-2024-43920,0,0,4fe0b9b4bdc3c773cef62ba0a55678a848520d2f26b7c394fdfed7064f320 CVE-2024-43921,0,0,8cb3a8317d91fe8c86f2a088d9aae7d066ad8cdfd297a2cc1e6c90830f46e738,2024-09-04T14:12:12.957000 CVE-2024-43922,0,0,1bda9e09eeb9cf761058baff2572a8d05071b30f4dbb7675f13cebb74973fb9f,2024-09-19T21:44:49.453000 CVE-2024-43923,0,0,f3c6428e712e5ddffcaebb42dad83fbe64d10e843af076eec47526ecb719be88,2024-11-01T20:24:53.730000 -CVE-2024-43924,0,0,bb2efaa4f19a90f6ad938fb6ac6c2fcde87a4755a2a040a9391dc5aa61d478fc,2024-10-23T15:12:34.673000 +CVE-2024-43924,0,1,f4c232d5f7541d1030f4431c6fd8b2d52bd38910980d7fed5b8d5cc784463639,2024-11-06T17:03:52.480000 CVE-2024-43925,0,0,fa212103d9cf9e4356950a14068757395285300b22b90ac9f0be4ad0dcd1cf41,2024-11-01T20:24:53.730000 CVE-2024-43926,0,0,afe6ba4a11196449e0acf87526616d8bc217e24dbfcd1f8bfd3b6ef863d1044f,2024-09-03T15:15:45.160000 CVE-2024-43928,0,0,a1c9eb78c1947c002cdd99d49ac8524997c196b334f44cf893d6df2a11b17b3f,2024-11-01T20:24:53.730000 @@ -261635,7 +261663,7 @@ CVE-2024-45159,0,0,315bbe3853593d217ddbcd9fba2e9d9003cbd4c00b52b441be6179268e6c4 CVE-2024-4516,0,0,7413b58d03a0a8938a8f9c3b85a26b19cfb41e2c50a00216b0df80496b4b87e3,2024-06-04T19:20:40.930000 CVE-2024-45160,0,0,5448512f93e2c872a5532bb6e7925e6443ae5601b38aa00ad59c4de27ffce9e0,2024-10-10T12:51:56.987000 CVE-2024-45163,0,0,d1b8d71b55c9c05a6535a6d473b973daf564bdfb091297232be0a5c5759d6390,2024-08-22T15:35:12.750000 -CVE-2024-45164,0,1,2852bfcc7394516a4341ca8860ebed7513fa3f677598e4f001d7d9dcadba839a,2024-11-06T15:51:17.410000 +CVE-2024-45164,0,1,7ba8ad959dfaf2c0daa91e49e19d7ab54183d6730e89cfc2f962a50065e9147d,2024-11-06T17:35:33.437000 CVE-2024-45165,0,0,c95c37e8403c42b6535ee3db172ebed1de2af8ddabba72579971a9771877b8f5,2024-10-31T19:35:08.327000 CVE-2024-45166,0,0,a776bd2559e4bed9a84a577a682c1ac93ea07fab716da8fcb660f8b43cc91ea2,2024-08-22T14:35:13.183000 CVE-2024-45167,0,0,6f3847a892b75be18a24e1374ef352424a8d56284d9550373f08d0a52ea49aa9,2024-08-22T20:35:24.417000 @@ -261656,7 +261684,7 @@ CVE-2024-4518,0,0,64c3b6e6e74f6d9fd929463119875b686279109a997143c5dd3ad8e2c1af13 CVE-2024-45180,0,0,08348c7b1382a66372a71879585bc4b470bbbe0e7bc2a628091dcf790778caba,2024-09-13T19:55:54.477000 CVE-2024-45181,0,0,c1b3f50892c5ad2964a42f2f7c4bb1e591fc78d268d80e02244df3b7c3d3d502,2024-09-18T20:26:26.873000 CVE-2024-45182,0,0,e32901d25899173bbdbcd4da8de2dfd78b6a7db5248414eaa56acb1cb3e78104,2024-10-29T21:35:21.720000 -CVE-2024-45184,0,0,2cf234e0a6e14825f232aaef12e4c1aaad3da08547a4333f332ffe8186f4ef37,2024-10-15T12:57:46.880000 +CVE-2024-45184,0,1,4b6497f365552ae587c6f2bb1b9a699bbd0812ac854bb52824296d2cb32eb74f,2024-11-06T17:35:34.223000 CVE-2024-45185,0,0,f91bcd296fab9eca0cb12d8092bb91fc0115bb527c7bddeab96b312d1df82b71,2024-11-05T16:04:26.053000 CVE-2024-45186,0,0,77c3f8977c3993383fb80894e402f55d5d22584cb41b5e73c31c8d88ae8792cc,2024-10-04T13:50:43.727000 CVE-2024-45187,0,0,b29c34a9281e147a1f2b33bdd2a8c272cd39081d36dd9d0273787cf191e54024,2024-08-26T12:47:20.187000 @@ -261992,7 +262020,7 @@ CVE-2024-45771,0,0,754a0f27219aa2eb6179ec627ac31099e8e2882043a643cfa7921ddb03dbb CVE-2024-45772,0,0,d4fcff511ac9c702d11d2981d4f53f578a5b533222a07c5c21d8a62a8451fded,2024-10-04T13:20:58.327000 CVE-2024-45773,0,0,fa80a32ca25578799d772108a6e7f2b87164fbdfd3820c41dab7e96e6c83084e,2024-09-30T12:45:57.823000 CVE-2024-4578,0,0,de2bf1ab8b65cf8119579f63d8e64a9383c9519828d1fae8ddac21d6dcb5605a,2024-06-27T19:25:12.067000 -CVE-2024-45785,0,0,c767e1e69b364ed84b851902a8d56f0251237479eaa5f11db06d1a32eb1c957c,2024-10-25T12:56:07.750000 +CVE-2024-45785,0,1,edaf655206685301bfa1d23b3961ca90e190821a2f1da23140bfad50572d7731,2024-11-06T17:08:40.507000 CVE-2024-45786,0,0,1027a4a71b54e4ed926e7c4d82608ed7bf7290e7e8486a1ac94d8f7e4edfad02,2024-09-18T20:12:47.337000 CVE-2024-45787,0,0,46f8564066b3f70e712610c0aca9059d9bda6862d53c941af56b2ef72737a51d,2024-09-18T18:15:07.650000 CVE-2024-45788,0,0,7ba304e58f1e132a77e708ed9119516e49dd167750ae6faec1e1736fde9ea7d4,2024-09-18T19:57:10.203000 @@ -262703,12 +262731,12 @@ CVE-2024-47130,0,0,9e52b34ecc84aeecf5485cad45360e89ca586e91e062db722158986b68611 CVE-2024-47134,0,0,c469be51a68158c099c563ecb132d768058c9b0b7de566d173182963980dd322,2024-10-16T13:50:32.607000 CVE-2024-47135,0,0,59ae1232976c8e51aae73aa97b8d4fb50a4b33eb7aa7372298dfcd77c19c0bd9,2024-10-15T18:21:04.813000 CVE-2024-47136,0,0,b3835ea7cec22b9e908913d2c98cbfff753b1b672a4d126777b942724ad7f9c9,2024-10-15T18:20:40.387000 -CVE-2024-47137,0,1,38d76056c2c56179858c1dc650327a239f8dc0242e0e92dccd143c09e90bf593,2024-11-06T15:26:35.547000 +CVE-2024-47137,0,0,38d76056c2c56179858c1dc650327a239f8dc0242e0e92dccd143c09e90bf593,2024-11-06T15:26:35.547000 CVE-2024-47139,0,0,0f452582d50349cfcaf670d7aa9a268535f2e93bfbde13d87a7977ed414d8f97,2024-10-16T16:38:14.557000 CVE-2024-4714,0,0,d7e9d9d95d84a12a856ae94c0b47f221a8b241db6b1f0d94ea74b84fa1b36764,2024-06-04T19:20:47.027000 CVE-2024-47145,0,0,1a35765c26b04b61b861cee47b184170021783241b94fd51efafd1127befdb57,2024-09-26T18:42:33.550000 CVE-2024-4715,0,0,8280b54df57d141f79c5c5ba7edbd4b8610f06a30ecbd5ba39cd6c268b4b3f05,2024-06-04T19:20:47.130000 -CVE-2024-47158,0,0,f2b07804e93b4946fc2c922f961cd9157a70eb2e9ba678b6ee9d7207447bb2ed,2024-10-25T12:56:07.750000 +CVE-2024-47158,0,1,a89bf72b8da5aa3a4da3668acb53b50c9d8d4b5e480bba3479406a7440c7d561,2024-11-06T17:10:03.857000 CVE-2024-47159,0,0,f629ab8645ae2d3b373e84498ebe22f56e42f569db9052d68376aa856c847502,2024-09-24T18:09:50.877000 CVE-2024-4716,0,0,17dd73abada87214ed7c4da9787dcdd43aa5089416e4d3395c3029d4b8a776fa,2024-06-04T19:20:47.230000 CVE-2024-47160,0,0,c1aad4fed9b1c25a1ac730f435c0afe6164d933ac9e43b9a1caf75e24768ef64,2024-09-24T18:03:48.370000 @@ -262890,8 +262918,8 @@ CVE-2024-47395,0,0,90e43e7601880e084e28158fd0f757d2c1e8d3077c69265838f948abdb4cd CVE-2024-47396,0,0,6e476c6cf26f38283e3d61fa442a94302635b62a84c847a353123b5fa4f97bed,2024-10-04T13:51:25.567000 CVE-2024-4740,0,0,439bcc64d74362dfc2e1f6f7e2fb88748e7e0a568332807fb055a46f95bae835,2024-10-18T15:13:42.123000 CVE-2024-47401,0,0,8a5e86c64c6250f94cf1f6a4606f4c5ff007b348a25f8869f6f018d7119e028e,2024-10-29T14:34:04.427000 -CVE-2024-47402,0,1,7317d7851c48d928403b85ae519b306bf5cf2471e643c5955156c069ced0d83a,2024-11-06T15:26:23.290000 -CVE-2024-47404,0,1,803edf639eed2c823e89b500bd8828e4b5948de9457114b2a2c12c0006396574,2024-11-06T15:25:24.887000 +CVE-2024-47402,0,0,7317d7851c48d928403b85ae519b306bf5cf2471e643c5955156c069ced0d83a,2024-11-06T15:26:23.290000 +CVE-2024-47404,0,0,803edf639eed2c823e89b500bd8828e4b5948de9457114b2a2c12c0006396574,2024-11-06T15:25:24.887000 CVE-2024-47406,0,0,84061db2b724de731237f8782f9c677d123be7cab95d085f5d8375f0a77ff4a6,2024-11-05T19:36:13.840000 CVE-2024-47410,0,0,42b59896d371aa29c83e01a1ce08752b8288a889a8db3630a5c6ba7966f3731c,2024-10-10T18:26:44.857000 CVE-2024-47411,0,0,5875ac529772763bf76adfec6337ced119d16dc7bedac06df0488c853721b19e,2024-10-10T18:26:54.153000 @@ -262915,11 +262943,11 @@ CVE-2024-4744,0,0,f2a62275342fb4e02e31ad60fb7b37b3a8ac2b2376213a1fba752ece8166ef CVE-2024-4745,0,0,54a19ac018881ab94cc09206a38557755449249c459a354d473ddea48bafd7eb,2024-06-12T16:23:34.197000 CVE-2024-47459,0,0,dc476e38be60b6a1efda7726261f4c9f051d293bb6f4f7193aea3c1108a67e3c,2024-10-23T14:17:23.557000 CVE-2024-4746,0,0,764da2d2faf52d5d8b005efc01764a8e4bfb42f0a65f0b328618a43b312322fb,2024-06-12T16:17:42.223000 -CVE-2024-47460,0,1,d6be4dd929baea5650b9cb58973cf2628f61aa3f6d83f8923b7194f7dfbb6b3c,2024-11-06T16:35:19.473000 -CVE-2024-47461,0,1,262706e89835ca9158326131be848e5d6390a2dac7e15062086a1408d0425e3e,2024-11-06T16:35:20.197000 -CVE-2024-47462,0,0,322f1e1dc17dab9ea74b69d94deff6e298802e8d7acb920e8a2101464235a196,2024-11-05T23:15:03.957000 -CVE-2024-47463,0,0,e2ab829b4ff4baaea1ac21ba28c4488bf256dece761a95e5a7c7eaadf55c6020,2024-11-05T23:15:04.123000 -CVE-2024-47464,0,1,1ee5eb546fce99c4bbcae62e1080cf3c49a31f316efdac5ef5c873fd612fdabc,2024-11-06T16:35:21.100000 +CVE-2024-47460,0,1,946f764f812f97a57e8d995c98f9d8feee9df1e1204facd7e314537096c19b1b,2024-11-06T18:17:17.287000 +CVE-2024-47461,0,1,67bb90f10b0c215afc7f1041806c1da67e219c78331d230e0db4661cfbaf43aa,2024-11-06T18:17:17.287000 +CVE-2024-47462,0,1,be6c9453989893d3dcfbe5bdc6e676b393ed9c49111f1ece54054c135b42f16f,2024-11-06T18:17:17.287000 +CVE-2024-47463,0,1,2c716c4d7f29d4820a72727f94c0dd565fcb88d49fc25a376e2306f9f47f5669,2024-11-06T18:17:17.287000 +CVE-2024-47464,0,1,236d04a0c7d407559b9f7742340111549ca9237c3d8e53730db19cfca87c0db1,2024-11-06T18:17:17.287000 CVE-2024-4747,0,0,071c88b133efa29a5bceaf4f1781edaa635d35ede69008d4aad9361c37e95f56,2024-05-14T16:11:39.510000 CVE-2024-4748,0,0,5ce71114653bf2c9cc6586a0117b72827b192c4aa4e8e27ac2b81ed4a0b190af,2024-10-10T16:15:08.630000 CVE-2024-47481,0,0,83505b26fa6eb758ddde8dc521f672e8bc2bacfc2db0ee1df66890f0ab8642bc,2024-10-31T00:01:40.487000 @@ -263169,7 +263197,7 @@ CVE-2024-47789,0,0,5cca8aa9572eb6cd0c059882137f083cb8544427e147bc3f1f0eab6346cef CVE-2024-4779,0,0,7a9d6158e8d260b03b3581dd37b23bd10d59ba6243714ad236ba79968e8d9b16,2024-05-24T01:15:30.977000 CVE-2024-47790,0,0,d4701041e3b7826b48d6d13bc4c86004b58b4b8b272120def31051056a8f0260,2024-10-14T11:15:11.930000 CVE-2024-47793,0,0,9908766d9802c80c9f07e38bc1dd6d38dc8823614346066184a43b3d9b28a705,2024-10-21T21:25:36.697000 -CVE-2024-47797,0,1,33c4997ae4057f3ee3a7a27f532a8c67312598a72be5d687fb49b6e9959476d3,2024-11-06T15:24:53.210000 +CVE-2024-47797,0,0,33c4997ae4057f3ee3a7a27f532a8c67312598a72be5d687fb49b6e9959476d3,2024-11-06T15:24:53.210000 CVE-2024-4780,0,0,4aec24b958d50bff73d14c7bd2f67b2a9793d4893d5ddbdba18f0fb02ea18cc9,2024-07-16T13:43:58.773000 CVE-2024-47801,0,0,e103685798e8b2dbc73e6876d080a93ca119ff0fe2d3b72153089026c306290a,2024-11-05T19:34:53.927000 CVE-2024-47803,0,0,e1d97b5f24ae71b6bd2435048764e12dedac3de98ce838d43be96ca9d7087e5f,2024-10-04T13:50:43.727000 @@ -263271,7 +263299,7 @@ CVE-2024-47968,0,0,7e915c4ce8b4cc184858ffd5de47da321d6409bef5e0e59e44252c5892ef1 CVE-2024-47969,0,0,42caa26e0162ef680ada66c42523fbc92cba1cbb5412ae4a9030c1b9eb7a8d82,2024-11-01T15:35:18.530000 CVE-2024-4797,0,0,0e4696a184ba6dbc49929e4ce9c47a26c4e841b1ccb4a5975e3c36e38faab420,2024-05-17T02:40:37.683000 CVE-2024-47971,0,0,534d5d54d79d2918bba754e46b72e551e8a383f4547c31054409d42c679203f5,2024-10-10T12:57:21.987000 -CVE-2024-47972,0,0,e9b35fd24d99baa059963425b162ad00cc0a462f2ffbc38c3c5c9d106848940f,2024-10-17T22:15:03.113000 +CVE-2024-47972,0,1,c51dd9e1341809ae399cb39ea0189b7b0a6d2fe40044bbfd3067e338fc5fdc1c,2024-11-06T17:35:35.073000 CVE-2024-47973,0,0,3a0aa017e97ae06d1cf3d1bc086b0dc9ef048219777341e2d17989996ce6923a,2024-10-10T12:57:21.987000 CVE-2024-47974,0,0,cbdc8a9a2e83552d2f94c63a65f1c8a65099c8459c544321dce3d0dd12f5f7b2,2024-10-31T13:35:11.790000 CVE-2024-47975,0,0,f2fcfe13d795ec593199978d9bd2ccef6b74c32b8404475a2a1a928dd974eded,2024-10-11T20:15:05.143000 @@ -263350,7 +263378,7 @@ CVE-2024-48153,0,0,ed2a32bb2c14f00255ae97ac8d2c6b7371ced6a3b47f478082697408eb2ec CVE-2024-4816,0,0,8565abd2d0a6378ede6981ddf7bac1f2251b8eaa5cb7a310b72a2f14c255bb14,2024-06-04T19:20:51.290000 CVE-2024-48168,0,0,0fd63dbc86b3cb12d110bd22d9d904e3f3202d39864d2923ce46e572ac34fcfc,2024-10-15T16:35:11.240000 CVE-2024-4817,0,0,34b565d993de0f23b2da3e66a459da3d9e976182c7f2db8f77c4f90d033797ec,2024-06-04T19:20:51.393000 -CVE-2024-48176,0,1,63dba1d13405b9eaec072718f258536b3d756678f6e14b62acdb897159ada5be,2024-11-06T16:35:21.810000 +CVE-2024-48176,0,1,3b21c6e668897d47d729bf07e33129d1d6ba5edc0ca2af7a8da63cc5a05fe123,2024-11-06T18:17:17.287000 CVE-2024-48177,0,0,7a10e5b3acd69a20c763e5cb319cb3d376fabf6248f72931a19fe63fc5f7ce5e,2024-10-30T17:35:11.637000 CVE-2024-48178,0,0,913e74839dde0ee44e9a1ace5875330bdbe3118a0df5d44956599d3793bfa29c,2024-10-30T18:35:13.637000 CVE-2024-4818,0,0,3fe1d5f18f9b194d5b3db8480cedce43b94847211b0e14441f0f1578988c6d95,2024-06-04T19:20:51.510000 @@ -263414,7 +263442,7 @@ CVE-2024-48289,0,0,3c17d5bd38424fa0af920fbe41958bfb5ff6ab46e45b8d73a90e0bb1a9946 CVE-2024-48291,0,0,3c4533b920a9f2edb3f01b1757898b30516db1528ffb114ee1df5dcc338084ea,2024-10-29T14:34:50.257000 CVE-2024-48307,0,0,935ee3e0328307bbb03111416c4595c4eff3ac408a08578a24f622dddb9d0c64,2024-11-01T12:57:03.417000 CVE-2024-48311,0,0,354d288e073d9064d21602cf2204c79fdbedf6cf54999e8a50b7d788e057c63f,2024-11-01T12:57:03.417000 -CVE-2024-48312,0,0,4016196879f9b2bc3e41822005630ca9d4e32b7ffc0ed78ff8b64aef8e060a6d,2024-11-05T20:35:24.200000 +CVE-2024-48312,0,1,ed565171c6e4291e871155bd5278a308c07670573cfb5e604423e67b93f19726,2024-11-06T18:17:17.287000 CVE-2024-48336,0,0,ceb20642f87b45ae345232a2a331752a7382b0137ef1494f458e4bcdd5d57c2f,2024-11-04T20:35:10.193000 CVE-2024-48342,0,0,cab27a7526b8debabab042631051135b3c12f9f8dc84e657f2f251a3750f9436,2024-11-04T07:15:11.437000 CVE-2024-48343,0,0,6b50c2f4f6b1096ee0c17db257557835a9194bfca6ac184c217bfb38c59667b0,2024-10-29T19:35:23.657000 @@ -263540,7 +263568,7 @@ CVE-2024-48735,0,0,aa134cb71eec050b9e0ec9fc38dfda524a75b12ece7317a32efa232ed7d64 CVE-2024-4874,0,0,4b5967df7915507c9b0020b0ee4984332d2c23e37a57b9a262a2ae6c5b300f4b,2024-06-24T19:41:12.293000 CVE-2024-48743,0,0,e34f375e468f7c410c7d8c60761e70f3ee3d5b15b7109d5d939d88a21b51dbc6,2024-10-29T19:35:25.777000 CVE-2024-48744,0,0,424c481c5fd1d12d1736019bf9f8804bc723e4ae30a5fde28dbb02cb380182de,2024-10-16T18:35:07.013000 -CVE-2024-48746,0,0,fd81789059fc55b5ff6b34546c5121602463b3317e9b52f429c900f293685ff6,2024-11-05T23:15:04.553000 +CVE-2024-48746,0,1,cc71971d0c35eb6ede5bd98dffa458b269b0f1ad6fe183bb1ac7ae9499973876,2024-11-06T18:17:17.287000 CVE-2024-4875,0,0,5a9bf10de46e2f944321ed00fa6d17c799716a219001f5797c9cce4abb6a2b7b,2024-05-21T12:37:59.687000 CVE-2024-48758,0,0,a0017ffb6fab9626ea62b98de0c6903a7dbb8c74f73f1e588de68b4bc17a833d,2024-10-18T12:53:04.627000 CVE-2024-4876,0,0,6c7ef7cd93a9d659be2199330000de11a6027348fd6a9308e40ba12083e70d2c,2024-05-21T12:37:59.687000 @@ -263618,8 +263646,8 @@ CVE-2024-48927,0,0,23a6232a362c7fb17e2b0c22da571a466ad2d8607917844c1edab564eae3b CVE-2024-48929,0,0,9634f8a920413f581a19c3b63c79c0b9d222c6607f7ac0361bee3f54dbad7500,2024-10-25T16:12:15.897000 CVE-2024-4893,0,0,c4900f559bdc4a1c952ec15ffc0a407a7d0fc758594c29af597940962bf437f6,2024-05-15T16:40:19.330000 CVE-2024-48930,0,0,c7b6cd0340da2631ccf07a7015b8cf581a1e5f29f6a6b1ff9f3168b16f8d9c48,2024-10-21T17:09:45.417000 -CVE-2024-48931,0,1,fb2b6f83ccc13e29cf0e7d7cf443e6c383726c0fbd9501334dffcc637e70cfac,2024-11-06T15:46:23.067000 -CVE-2024-48932,0,1,df43e7a2728142dec482ddfa8a1eb9613cccf01c9d35289d409ad4e755574ae8,2024-11-06T15:25:41.470000 +CVE-2024-48931,0,0,fb2b6f83ccc13e29cf0e7d7cf443e6c383726c0fbd9501334dffcc637e70cfac,2024-11-06T15:46:23.067000 +CVE-2024-48932,0,0,df43e7a2728142dec482ddfa8a1eb9613cccf01c9d35289d409ad4e755574ae8,2024-11-06T15:25:41.470000 CVE-2024-48933,0,0,eab55cc4133fd12eb852707496206c0c064cf1bfef188e95346821cf2dadf897,2024-10-15T18:56:52.363000 CVE-2024-48936,0,0,202c3a156bee1b2512b5fe2822e4aae4f593d6287e38823043400d9ff6e54ff7,2024-10-30T21:35:10.387000 CVE-2024-48937,0,0,53216fc8a6fbe5febb4c086d6958028e95a58513bdf6caced98eaac34038db0e,2024-10-17T19:48:11.163000 @@ -263798,18 +263826,18 @@ CVE-2024-49334,0,0,bcc2db18f40dffe6c4f8472b0ef26870ffad9612f58222d9017252998c694 CVE-2024-49335,0,0,64cc1bcb12301e7e8f03bc857d01393c7ba079fd3a08962dcf26c673c0054a8c,2024-10-24T14:50:16.557000 CVE-2024-4934,0,0,fd5d4b9709dde517f56a9aae7369c165c45ceba9bcf88bee680213c2fc56b62f,2024-08-01T13:59:37.220000 CVE-2024-49340,0,0,37285f025630fd9eb79c4269f84ef859e190bfac2e34728b5f3d3dbad2273eb0,2024-10-16T16:38:14.557000 -CVE-2024-49357,0,1,6503b40a74a6613085cacc3815bfdb01e01bab8ce0bff54535ea857ed7d26be9,2024-11-06T15:28:38.160000 -CVE-2024-49358,0,1,df99e254916c8dff27bc118ecfd140161a54ef4581a6841d720c531a5bf44aba,2024-11-06T15:27:26.637000 -CVE-2024-49359,0,1,cc09522176dca55ed443e811571748ebfc3f0f5a4f89d4ec44c17a0a8a645881,2024-11-06T15:27:02.347000 +CVE-2024-49357,0,0,6503b40a74a6613085cacc3815bfdb01e01bab8ce0bff54535ea857ed7d26be9,2024-11-06T15:28:38.160000 +CVE-2024-49358,0,0,df99e254916c8dff27bc118ecfd140161a54ef4581a6841d720c531a5bf44aba,2024-11-06T15:27:26.637000 +CVE-2024-49359,0,0,cc09522176dca55ed443e811571748ebfc3f0f5a4f89d4ec44c17a0a8a645881,2024-11-06T15:27:02.347000 CVE-2024-4936,0,0,51b2c41822c3ce01e84bd55c02328ac3499013d52d632d2af56d406c35d5a658,2024-08-06T18:29:27.013000 CVE-2024-49361,0,0,f551e9abf09d421b2a081416ae11d1d19a91d21656c86d2519f1c7f0e281007d,2024-10-21T17:10:22.857000 CVE-2024-49366,0,0,aa37188721af357c851b7fc33379d0188a960b9f96974610014dea2671948c2a,2024-10-23T15:13:58.783000 CVE-2024-49367,0,0,c9b869d3df961cbe6cd45089af2bd9e7675369053a02cc6adaf7052174946b00,2024-10-23T15:13:58.783000 -CVE-2024-49368,0,0,7653bacc44e12cb471d1297a98c3c2ed197407d61a2b90effa86f38f0c320729,2024-10-23T15:13:58.783000 +CVE-2024-49368,0,1,8be4e296ee1ec30084981da91255270e2fb2a840014ea77ee3103f7dcd091363,2024-11-06T18:28:54.440000 CVE-2024-49370,0,0,53182a6ce2637f054e6cf92c623239d8b52a4ad6590d2f00fca7214b8ca5b926,2024-10-25T12:56:36.827000 CVE-2024-49373,0,0,4aa9cfdbe744fd3ae046ca1eeb4ecc11fd5a7b167271bdbcafbe01dffbbbe75a,2024-10-30T21:16:59.213000 CVE-2024-49376,0,0,190dbce5bcb7aada06f0c8b342eac2772846cf5d2a5dcc8eecc468a0b9c5d5e3,2024-10-28T13:58:09.230000 -CVE-2024-49377,0,0,2310c1b835cd3ae44f9e0f72704ed8e4891177de09cf63c48dd2d396a53dc01f,2024-11-05T19:15:05.737000 +CVE-2024-49377,0,1,f0a66be903c1ae0848c0330b2ecd5bcb10926f277636c57c6f6f956b317ea158,2024-11-06T18:17:17.287000 CVE-2024-49378,0,0,09a13f2bc12578e659c5acb1c73f93e5796dca0b69672708f3a85d0256e97128,2024-10-28T13:58:09.230000 CVE-2024-49380,0,0,f56d412280c28c68a65e58c4bcb66239a0fd300a5ecc1079da487338d842284a,2024-10-28T13:58:09.230000 CVE-2024-49381,0,0,71a4e67e3ddb71af567e4cb5c0191b43844be30550e97b50591f623ef518effd,2024-10-28T13:58:09.230000 @@ -263830,15 +263858,15 @@ CVE-2024-49398,0,0,1964f2918f2b62a12a26449777ec3d512771c9e0a90e6a92142f1221cf2a6 CVE-2024-49399,0,0,280599d675596d0a62f92142e8a452afef09a7da5cc6b00dfa86815a1f9a12f9,2024-10-18T12:52:33.507000 CVE-2024-4940,0,0,4accffc853c801fe14d0f801549945291e8d9583e559383dea39b767fc7e6ff0,2024-06-24T12:57:36.513000 CVE-2024-49400,0,0,4447b6d98624a8004ac0954b08a6ad26989e2084cf92d73c9f3d9262ea896967,2024-11-01T19:35:28.673000 -CVE-2024-49401,0,0,27cafe6619f5c73e23dc8ce64897e729d0bfbda66d53b9fcef1e409b2786e52e,2024-11-06T03:15:04.973000 -CVE-2024-49402,0,0,d053aef3b40e6722dc221818b4854eacf474aabc3799e20c248c7589a779e252,2024-11-06T03:15:05.153000 -CVE-2024-49403,0,0,7f5d28940f2f7a7bd6b84dd19e0ee7a2d5d278c6787e8ea0dde19716e9369f4c,2024-11-06T03:15:05.323000 -CVE-2024-49404,0,0,547948f2505deb9536c38a1e82cf743518dc101d479a60b5d8b5e2c32afcd00c,2024-11-06T03:15:05.490000 -CVE-2024-49405,0,0,ef6d2c414b509cb1cf9fb9c1fb3d5ca65beddce401850bcb770f5173bba8838e,2024-11-06T03:15:05.660000 -CVE-2024-49406,0,0,1181b5d2d0cb02836dbbe3453cc05ba2b40b063516afd66d324b47d7949d9d55,2024-11-06T03:15:05.833000 -CVE-2024-49407,0,0,cf66f32ff5ad0708e8b1aecc488cb8eca2bcbe4acfa9ad5106ce2534a1cf609c,2024-11-06T03:15:05.990000 -CVE-2024-49408,0,0,9238b36a8fe372c1fc512139341356dc980443dcb0b6402fa1e5868c7d7a37db,2024-11-06T03:15:06.157000 -CVE-2024-49409,0,0,2846c26bacb06dcc30c4dc5bfe74f68b4fc87876fa3c6fa86a09c75a900b56c6,2024-11-06T03:15:06.317000 +CVE-2024-49401,0,1,07acd0ec6492ef4a6a2d576dd24e9c5a48cd8fb488b0956928cb7230e66cff25,2024-11-06T18:17:17.287000 +CVE-2024-49402,0,1,20e8fd539de047331e4c2368c92cd069528abe840aa6623391c5926836e0f3b1,2024-11-06T18:17:17.287000 +CVE-2024-49403,0,1,fe40e78f5676aa63e5a493c73d9420579ad681e2182836e702fb22f09e253b4d,2024-11-06T18:17:17.287000 +CVE-2024-49404,0,1,f0b4f7f48050585ae9f5cd035aabe0fcde338a70982a3394ab5a57f9336c45ed,2024-11-06T18:17:17.287000 +CVE-2024-49405,0,1,4f3e580c378048f9b3aef0e712982e33d84f5471bfc9f28046d4e4633525cf7f,2024-11-06T18:17:17.287000 +CVE-2024-49406,0,1,075282cbd5b281b1a2c35af43b944dd1b9c094fc1531e5ff905e3db1afda183b,2024-11-06T18:17:17.287000 +CVE-2024-49407,0,1,2f1fe7535aef1ec5401881558c20c865bb7467e76bd156c1a2d63f1673f8f81d,2024-11-06T18:17:17.287000 +CVE-2024-49408,0,1,44bc469226d0fcdf008f2192d16cb7dcedf12b3f14011cccf665fc3342c4d28a,2024-11-06T18:17:17.287000 +CVE-2024-49409,0,1,b94fd5e8c7d42ca2210066cc68305f148c2abec12636112d2a2515554c597138,2024-11-06T18:17:17.287000 CVE-2024-4941,0,0,4a44b53eeef21b9bcc4a70f0f12e019011a282ac818fbf5410cd9bce445ce09d,2024-10-09T16:24:24.433000 CVE-2024-4942,0,0,ec40ecb2c6f2c92030124cf4a899658443926a41ec90982de736f0fdfba6bcb7,2024-07-23T21:09:15.900000 CVE-2024-4943,0,0,c3255ca69e7d3076031772cbfca36198fc76d9c4ad7b4e1b0b2d1944b2bfd408,2024-05-21T12:37:59.687000 @@ -263850,7 +263878,7 @@ CVE-2024-4948,0,0,b89edbe3d3547ee2159af9ec22fd67b98f6c6885f88dc0c929a5ea68a98b8f CVE-2024-4949,0,0,5c7ef1902f4beea866d1c7d9373440674707dc0a06c9e278c0f4652ccc170adc,2024-07-03T02:08:21.370000 CVE-2024-4950,0,0,e5fcb740f07c681c8eb3b4901aae32c365007c0ebdd7c7b0ee473dbffae68af1,2024-07-03T02:08:22.150000 CVE-2024-49501,0,0,34e661795ed7c329d9becb8743e23a77cfe5f584b40ddeff12deceac0863410a,2024-11-01T12:57:03.417000 -CVE-2024-49522,0,0,f5ec56cddce1f75293a3a1aa17a8dc0c09abd32ec4cf23e8109063fabd75f6c6,2024-11-05T17:15:06.173000 +CVE-2024-49522,0,1,9b29eff1eb28614aa27eff1fe0c4768ad648c29c0fb95e6dce03cd26cc3edab0,2024-11-06T18:17:17.287000 CVE-2024-4956,0,0,319b39cd7f80ef1a8cfcc633b91e7d5f141facd950994947b42a7565c106a7a4,2024-05-17T18:36:31.297000 CVE-2024-4957,0,0,e3bb8e47c8dfba146bed7647eff25fc6cc8427bb0bd54429262b4324d627abed,2024-07-03T02:08:22.473000 CVE-2024-49579,0,0,85b8fb1168559e66181366d5ecd0a3cbf5d9385b3a23eb2296d97e9422fe6782,2024-10-18T12:52:33.507000 @@ -263965,7 +263993,7 @@ CVE-2024-49755,0,0,b1c1713e62d1c6cff006bddd32caeacb7a00a5abd98bfdd4887a4a4fcdb03 CVE-2024-49756,0,0,17e2aa8675de07a9bb36aad326a0b90c2e6105df968303ed06bc9a1149a476bc,2024-10-25T12:56:36.827000 CVE-2024-49757,0,0,41883c0db2190e07eb75f1500b6be8583d0953bfe5f6820811285d92db2c4bda,2024-10-28T13:58:09.230000 CVE-2024-4976,0,0,fc4df77a0f9a74699614d42497ce42eb6f6db7897f4ce74b0071ab4cbdb2d9cf,2024-05-16T13:03:05.353000 -CVE-2024-49760,0,1,ab1d2b1d3d6f87001d0ec0c674554d145fba544f43978860ab9f315317a9615d,2024-11-06T15:01:01.013000 +CVE-2024-49760,0,0,ab1d2b1d3d6f87001d0ec0c674554d145fba544f43978860ab9f315317a9615d,2024-11-06T15:01:01.013000 CVE-2024-49761,0,0,cc77d1f33b16264261b43a7d1baebc02063ded1f31c9ab42da049e2bed05a708,2024-11-05T16:41:46.660000 CVE-2024-49762,0,0,e267f4df9b55b0cddd8b82283d5a577158c52194b354f86421be17fb0c5fcf65,2024-10-25T12:56:07.750000 CVE-2024-49766,0,0,5a8c5c0a2bd94e828f2c3a22888613b17d32cf5a4207ce143b3606496d9774b9,2024-10-28T13:58:09.230000 @@ -263975,9 +264003,9 @@ CVE-2024-49769,0,0,d49161a5652c2ef7170a42137ef51a74f4d05dba80251037705703249ce14 CVE-2024-4977,0,0,f1472b15d6219c627718fd70559881283845ced10173940d62dfa6e1d38696a9,2024-08-01T13:59:37.487000 CVE-2024-49770,0,0,e139253d4206279d60332f6c15cf6c38eaa01808a4afba5b24efe9b5918d6e65,2024-11-01T20:24:53.730000 CVE-2024-49771,0,0,e1b8e33c9beff5e15c760e02f136747e5a30aef91dfde0840d1776c2c5b9964b,2024-10-29T14:34:50.257000 -CVE-2024-49772,0,0,fc5c7d987684608b1d6304c79c6ad6a403b2a10bbfc1a8b538a1163de1b63b8b,2024-11-05T19:15:05.970000 -CVE-2024-49773,0,0,be7b3208258bec71ef934c775319a5d2ce95530af9cb6d89cc296f26ae57542d,2024-11-05T19:15:06.200000 -CVE-2024-49774,0,0,1cee4b014443473b0e6aa5be0a6d296765f03671df62ded92e5c2bdc65f33cdd,2024-11-05T19:15:06.410000 +CVE-2024-49772,0,1,cd4964aa097caacdaf510147a3d3d38eb66383df99969ecbfb54a28b854a3c5a,2024-11-06T18:17:17.287000 +CVE-2024-49773,0,1,9dbb622b65d5b87f341e7e02f26bc3444ff5c980c220269a8a504f537cb800c1,2024-11-06T18:17:17.287000 +CVE-2024-49774,0,1,a5850576ecdb582b3fbf7765a4612b8882742fa42a454af93fab760ba3a926df,2024-11-06T18:17:17.287000 CVE-2024-4978,0,0,5928c3b846f5437fa931d5f8f8094b6c99b5e796eec27a2a5602f4b07774db40,2024-05-31T16:03:52.247000 CVE-2024-4980,0,0,1d2b61808b4cae121d6a29c34adc83b7ce102dcc100d7578fef807794b8506ae,2024-05-22T12:46:53.887000 CVE-2024-4983,0,0,47e5eccd768078063df4e275a1ffdcd617ddbc2b7b8451c89e2e261cf23ec523,2024-06-27T12:47:19.847000 @@ -264234,61 +264262,61 @@ CVE-2024-50085,0,0,a57d9cdadbbc5cf4e1ca2a641bfe5ff538d06a7e75b6cba1f85d47ffcf3a2 CVE-2024-50086,0,0,4899fd1fcdb0e30e29828cc31e053f57e8ba7925a7a6cc27c5825af59bd564e5,2024-10-30T14:46:09.080000 CVE-2024-50087,0,0,d932d9a6f4bd94c5995e2295fafce534f1c32d33268701370882a6d9c7fefc9a,2024-10-30T14:40:16.377000 CVE-2024-50088,0,0,ea08007d0f6bf2f5d06a9203c599c43ba3b7b13f77698553a8827e36297f21dd,2024-11-01T16:05:44.403000 -CVE-2024-50089,0,0,e29d79c488fe70c4e855f631c97165faaf62649f6ab75f51e17041e25c84d9e1,2024-11-05T17:15:06.410000 +CVE-2024-50089,0,1,0bb381177efcf5c886e605f0857680c3c742615a3e867288abd3b8284e992983,2024-11-06T18:17:17.287000 CVE-2024-5009,0,0,4fd7bfd86519955de695550b550ff6287bae2637bb330aab0edb8e0b318761f0,2024-09-06T22:43:04.747000 -CVE-2024-50090,0,0,7e9a2fb5e28ffe4b6505eccb00ececbbc652bcd8cfed9bb5203fd5e7c2940f22,2024-11-05T17:15:06.477000 -CVE-2024-50091,0,0,a1cd3c90c445881654eae7a583ff37c9e8a4d53fc3c265ef29f61b3e632987fb,2024-11-05T17:15:06.533000 -CVE-2024-50092,0,0,1c6bcfe9156a17d0ab14357c65b2cd8111288af3a36273764ae9e1565873253c,2024-11-05T17:15:06.597000 -CVE-2024-50093,0,0,e3578c9f9807c80270f1ba632f152b02e857ba686c370196a27ca4718fd0ba81,2024-11-05T17:15:06.663000 -CVE-2024-50094,0,0,69905ec5afa030474f53d706b1be772bc5b45987963cf7c693bf9bb1efa8e902,2024-11-05T17:15:06.733000 -CVE-2024-50095,0,0,0c8f897ddd8eee43bf3940d5a090d05c0866e33edafb365f025fdc4de93df9e6,2024-11-05T17:15:06.797000 -CVE-2024-50096,0,0,6e0fd282ef7140b8352908b2e97b56ecd044aa5a96b1b80647fd068b8ca11e0c,2024-11-05T17:15:06.870000 -CVE-2024-50097,0,0,62b6b16ae4f1e17e59e39a54f524169197fd0f61a9917890aebee0b9824e70fa,2024-11-05T17:15:06.937000 -CVE-2024-50098,0,0,17fa7759a61b8f9dd442137afaaeddce125ea4a4fb0f50c9b7d45378e52c8db7,2024-11-05T18:15:13.620000 -CVE-2024-50099,0,0,4b35f6d140a0ce58e1c7a4a447ad240ebbf919c98c76d93e6201151040299a77,2024-11-05T18:15:13.690000 +CVE-2024-50090,0,1,4083762ea13756f29eafd801049837164a3eafa89ab15688019a97f8f91bb3d0,2024-11-06T18:17:17.287000 +CVE-2024-50091,0,1,78a39fb3c465e28c120508c287c54f842efe7fbd3389c5d4e97feb6ecbd6f07d,2024-11-06T18:17:17.287000 +CVE-2024-50092,0,1,2c6c6a03a0610f9267ab15dc07e85e396a8491e91788cec83b413ebdcc3753b2,2024-11-06T18:17:17.287000 +CVE-2024-50093,0,1,6489a4d2f2ad5df628e90aa1a6929998f4dea0ae6010ac05c125938930106b19,2024-11-06T18:17:17.287000 +CVE-2024-50094,0,1,2b94d4e661b5e2db0b85e820583c74624edd363a99a1f36ca793811b4261d399,2024-11-06T18:17:17.287000 +CVE-2024-50095,0,1,bb2eeffa59fce47b91c742fc8aef17b9bbd010b7f06c8f719c7cb64fc1f627c8,2024-11-06T18:17:17.287000 +CVE-2024-50096,0,1,046d9676860374683e11eaa4345fd3eee70b2f0ba522e80b3cc75f24872dbcc7,2024-11-06T18:17:17.287000 +CVE-2024-50097,0,1,293694d387dc428847db645177fd1a702bb10103f939b46e01f2e6f02df39ec7,2024-11-06T18:17:17.287000 +CVE-2024-50098,0,1,9f927047e2c9a61071315643d6b3b2dbd5c97c589b2f7becd2a6a2850be36cd1,2024-11-06T18:17:17.287000 +CVE-2024-50099,0,1,bb40b5f49cf397c6e7f3ba5ce415aec3fbaa8f699ce90603a0f87807b472dc4e,2024-11-06T18:17:17.287000 CVE-2024-5010,0,0,3c850c266940942fbe09adbb4c98bc7afc61c3edf80ecba9d04f15eeefca6109,2024-09-06T22:42:39.017000 -CVE-2024-50100,0,0,c6d99bdf9e79d5c50856b98b68c86552c7e58af1425e0202c0446022fc6f6563,2024-11-05T18:15:13.757000 -CVE-2024-50101,0,0,abb12e3fc8ffbc7cb378d994508351f239dc7919a0e7afa8318f68c72f57bf65,2024-11-05T18:15:13.813000 -CVE-2024-50102,0,0,a62547cb8697d431e71b8a7c5e082b3cd2d77876a991511d48d6d2fcf1ae92e8,2024-11-05T18:15:13.877000 -CVE-2024-50103,0,0,452f07c5d1513e240ec9333d85e84831731381e4f41271135704eb7ada6f58df,2024-11-05T18:15:13.930000 -CVE-2024-50104,0,0,b05095c8f8c628c3eb148c2e81ea92f9a5897d65aeaba40b975ec10e2cc56af8,2024-11-05T18:15:13.993000 -CVE-2024-50105,0,0,1c3798eb08decb263bf59663fe904c4fa71b44cb88853b1d271f90ee751966da,2024-11-05T18:15:14.063000 -CVE-2024-50106,0,0,c25bcd727a9370bf6cdb3bccb05943812f0f529130bf778c4e97637250fa666a,2024-11-05T18:15:14.120000 -CVE-2024-50107,0,0,df398e93a2ec0ec5370e1476de887ee06018c28a7d297abee880fbd826381a51,2024-11-05T18:15:14.177000 -CVE-2024-50108,0,0,654a16dea21fdbe89e5dfb95c855317bdfdb7e93123774705e3c7872fcfd05a5,2024-11-05T18:15:14.247000 -CVE-2024-50109,0,0,4f127bb04542a2bc5969cd226a3de1adf557009a10649d7f75318028e0f5dc6e,2024-11-05T18:15:14.317000 +CVE-2024-50100,0,1,1665ee6d3d56a6d79bffff8fb45e568fb48b0956cd2860c99aa71d82534ab39f,2024-11-06T18:17:17.287000 +CVE-2024-50101,0,1,fa0723d276731ae4f9c6398e7f18fa6e4ecfe8b02f442a187cae950f0ddfdeb2,2024-11-06T18:17:17.287000 +CVE-2024-50102,0,1,c6e0521547f3a6ed3061ec53619a2691370708c6b90985b641fa8cb86c983ba1,2024-11-06T18:17:17.287000 +CVE-2024-50103,0,1,f5bdb8498d19fc29a2f78f6c675f1788b067e6547d6fefcd8d38e2771ed12c5f,2024-11-06T18:17:17.287000 +CVE-2024-50104,0,1,7ad334838874ace6dda2aa5d94076b1692e1c5b0f3ba16cf1870b81d95a6f617,2024-11-06T18:17:17.287000 +CVE-2024-50105,0,1,895ed21531906d4a6a12490debf36b6629a6c140958d0b80c03e5b2f0e03364a,2024-11-06T18:17:17.287000 +CVE-2024-50106,0,1,00665ac9b5911056fa611c9e33a8f920343d35dc5ceabef255c34799f5345e46,2024-11-06T18:17:17.287000 +CVE-2024-50107,0,1,ccd08de8b643ac96010fd0881f95c322cea1c537f23a14ef76e9a8db2e84700a,2024-11-06T18:17:17.287000 +CVE-2024-50108,0,1,9b25c0597cd700705d45770a0bfdd24acd11ca78362272482ce4aa71a6fe458d,2024-11-06T18:17:17.287000 +CVE-2024-50109,0,1,df2b9a1ec1063086c960ea9343e24a17d134d4cb9a79d773e5518122bed5380e,2024-11-06T18:17:17.287000 CVE-2024-5011,0,0,4026c0ac2cac7aea5c94096b029296404a58ceafdfae2ce6d40eb650db37ee86,2024-09-06T22:41:46.253000 -CVE-2024-50110,0,0,7f3da2c61c2d6f3bb0dae541123a6b3b22acc6c31ea984e1246b979d51ab35cc,2024-11-05T18:15:14.370000 -CVE-2024-50111,0,0,360d711e48bca0b86fc4a47ee16f954871803cd5329099bf4981be0f363920ce,2024-11-05T18:15:14.433000 -CVE-2024-50112,0,0,0eab0790f5ec55d6e4b71e8daf950b5a83386ee594c6477cdf791ff614e2f6c6,2024-11-05T18:15:14.497000 -CVE-2024-50113,0,0,ea5b8644a4b36fe8a56b5773de59298e1b8b58a9f605167a2bc4652105a8e9ad,2024-11-05T18:15:14.560000 -CVE-2024-50114,0,0,c9d516206dec0e11b42ad832906ef00c311520ddf749d6e984eee607418ebb2e,2024-11-05T18:15:14.630000 -CVE-2024-50115,0,0,1381dced93e44965de33e0fb22605f681fa04b5f1771661e5cf646c90ebd37bc,2024-11-05T18:15:14.700000 -CVE-2024-50116,0,0,0d514b6663ca305634749aeb763060ebd24307174969655a94d58fe6089de140,2024-11-05T18:15:14.763000 -CVE-2024-50117,0,0,c86d5d6e124fe46c15065dd2213bbad75d44e27b93a01ab078a9d7959472524e,2024-11-05T18:15:14.823000 -CVE-2024-50118,0,0,f7725583dcc76aae85623445e68f621d8a987c64549ebd6095a2892b27135784,2024-11-05T18:15:14.887000 -CVE-2024-50119,0,0,64bfe463a4dfa2fe1252f09123dfaabbeffac4faaf7ec1e5b31e2e6047872cb0,2024-11-05T18:15:14.957000 +CVE-2024-50110,0,1,cbe7f4e3c6b7528b14d48dfe1a33fd10f9ff826f19bf117ea7fb34e0cb39be28,2024-11-06T18:17:17.287000 +CVE-2024-50111,0,1,a9d75a6635130270df679ebde5cf075269db2da0265027785a678ad2c262d847,2024-11-06T18:17:17.287000 +CVE-2024-50112,0,1,c2e351089afa06f8acf23d0863b94e10b1e0ac1643be17fe93f443c74c091043,2024-11-06T18:17:17.287000 +CVE-2024-50113,0,1,6eb35a553b2b6aeedf3cb28837b9742ceab2d86bc13c8b7dbe9f97578986499e,2024-11-06T18:17:17.287000 +CVE-2024-50114,0,1,07fa8b8fa2c8988fe81cf7ba3ceb40700a5705006e738222483f058f866cde18,2024-11-06T18:17:17.287000 +CVE-2024-50115,0,1,7b917b4f9abbe05b7658a3b157fd5920c690d333c95fefeadfe864ff14443803,2024-11-06T18:17:17.287000 +CVE-2024-50116,0,1,3af559202a633a30c10669891a5f5e9ac7a4d0cc542461ad5546d86fed35c617,2024-11-06T18:17:17.287000 +CVE-2024-50117,0,1,fccf12ab8f5f6d58c82f44788a917f54c270c51713f2da501d04760aebb45acb,2024-11-06T18:17:17.287000 +CVE-2024-50118,0,1,3bf9e0f6d28fa6096e73bffebd075daae14e3f5b1bdb2df6b2c31ebb718ef920,2024-11-06T18:17:17.287000 +CVE-2024-50119,0,1,bb78dd9f78de61189382879324420a12d74b7293fc4e8acdb32c2cbc2aa48b5c,2024-11-06T18:17:17.287000 CVE-2024-5012,0,0,5697b5fa6ba20e1501d7704fc1f19cf57893d5f71753b80662113f567a057a81,2024-08-21T13:34:41.107000 -CVE-2024-50120,0,0,9aa86ca96de1968dd81e752ae37d6166b00193492ee011f8f2394a1d344ff61c,2024-11-05T18:15:15.023000 -CVE-2024-50121,0,0,34462cb4d089283cb7861bb5d1f16cb0390fef7eb125e9b81438426e77a8858d,2024-11-05T18:15:15.080000 -CVE-2024-50122,0,0,17be05ec75cb99a14768914e439a1234acba1693140e7c78aec44e28ecb1821a,2024-11-05T18:15:15.210000 -CVE-2024-50123,0,0,8895a0c5d924ddbae8555e7d228945e202ae802dc78c9f2855877c4bb77e5eb4,2024-11-05T18:15:15.367000 -CVE-2024-50124,0,0,258fcee786dee1199586bcca89fbe66d9d3de14b76bfc8d9024b9741114b6cc1,2024-11-05T18:15:15.487000 -CVE-2024-50125,0,0,e96eb0ce5322c0dd3e3a237fb8ae62a871bdbd4dc9caccf2edc17f27c43a39ad,2024-11-05T18:15:15.550000 -CVE-2024-50126,0,0,98debef33fb52304a5dbac095a825a8bba0cc1c4eb115504ec66338dbed924fd,2024-11-05T18:15:15.607000 -CVE-2024-50127,0,0,dcefd61f8715f4e3a33d45ef5f5240544f325aa5a4fae0514c0e5081cd65036d,2024-11-05T18:15:15.670000 -CVE-2024-50128,0,0,3a37d90fff738c8fd5c707f531137e941feffea959c503a154d124147b4dfb9f,2024-11-05T18:15:15.730000 -CVE-2024-50129,0,0,80d91e99b28bc5d7bdd795d73b0242c03c43f67f30307ed376e2b810702c963f,2024-11-05T18:15:15.797000 +CVE-2024-50120,0,1,9d1fb3f27429997651b85aaaaeeaf39909ed2ca051a99f6dfba337d4a73ae593,2024-11-06T18:17:17.287000 +CVE-2024-50121,0,1,dc1f5801a608ac8b4a071c0f520b30978e179c425cb9312e34e1bbaa97fa9d04,2024-11-06T18:17:17.287000 +CVE-2024-50122,0,1,ebd98f84f7130eac7bd8c59889d8d2e18bd993f9e28f00cb4c13176d017714bb,2024-11-06T18:17:17.287000 +CVE-2024-50123,0,1,e2cde16061cde027bc4844bed960fb732534205c1c83bc416fa4fed983240834,2024-11-06T18:17:17.287000 +CVE-2024-50124,0,1,506f432eaa878feb4eb3ecd9d2bac1f26c93260123325b9ad5ff0725a208e2e1,2024-11-06T18:17:17.287000 +CVE-2024-50125,0,1,5f0be9486f40c35967c2ee6455a6d4fe0ac35ffbf8ff0b0d320dabcd0e3ca09e,2024-11-06T18:17:17.287000 +CVE-2024-50126,0,1,6ac779325acaaf56a179818c17a4be5cb1a19d43f533f5b99e809cea4dddba97,2024-11-06T18:17:17.287000 +CVE-2024-50127,0,1,77161d3536ca21c57229529f7e05e127882320a6f4ad21ec91f2eea48b6d7073,2024-11-06T18:17:17.287000 +CVE-2024-50128,0,1,2f1950a4507da9eb1f8208b4a471eecc23eb9071ab38f9dd3a38a4a6ca79fa9a,2024-11-06T18:17:17.287000 +CVE-2024-50129,0,1,022efdba510c7899f8d076dfdd94082cd8aa93bd65d741edc6cb5a2f6ca3f7b3,2024-11-06T18:17:17.287000 CVE-2024-5013,0,0,2b6e46c5c558997322ab16e56ac5bd13f8f3890cf64227402cfe38f28e8502bf,2024-08-21T13:35:28.750000 -CVE-2024-50130,0,0,1a29cc7c18928406b491c34a6f73dd93089350bbc9d54dfe2ebc2385d1b8f7c8,2024-11-05T18:15:15.850000 -CVE-2024-50131,0,0,12de82ce00f45658f01288be7523c7916327d7587e648288d623afa6882382af,2024-11-05T18:15:15.917000 -CVE-2024-50132,0,0,cf60297e1c394f331fbcab60a47f87785e5913039b22e2ab0a4d2051f728d19d,2024-11-05T18:15:15.973000 -CVE-2024-50133,0,0,b2927bf5991d528dfa7e67733080d00479ae4db0f99c34b6a32bab4c8af55f41,2024-11-05T18:15:16.030000 -CVE-2024-50134,0,0,ea30bf43b993fd0f40770a9bd4474a7fd52fed368e0e994da6a4d74394bb8fe6,2024-11-05T18:15:16.093000 -CVE-2024-50135,0,0,5e9692d7c0b68da9cda8e416b1f2ef91be8a2b549cc6e88a20b2ee14d097decf,2024-11-05T18:15:16.153000 -CVE-2024-50136,0,0,46f0baf171084b3f92c645bfe8d7fa5b687e16215def51a089627c19c8e69502,2024-11-05T18:15:16.213000 -CVE-2024-50137,0,0,9893e4516a0c590b868fbe6f9f23d0ffa369bac5692851aace0a3a5d677ef314,2024-11-05T18:15:16.277000 -CVE-2024-50138,0,0,45759f9589425a8a4e718092c4396e26580c617ee65bce7bf374fd8e56069014,2024-11-05T18:15:16.337000 +CVE-2024-50130,0,1,a62c582ff4ebbcabac7c3cf1749760a02602d60543408016a14d17a4c1f9a0fc,2024-11-06T18:17:17.287000 +CVE-2024-50131,0,1,80041e805f9d06a565a40bfe4364d1fa8a8190d92a858a962564cd10dd06e4fe,2024-11-06T18:17:17.287000 +CVE-2024-50132,0,1,0a9016a87c15a108f9ab2c976559677c780f0bcf15c7229c8c66c6aae14e3db6,2024-11-06T18:17:17.287000 +CVE-2024-50133,0,1,25e9d94f01e77434424b282d6c57702624dcdd1fc3e1f3c8d33b0c4662b145cb,2024-11-06T18:17:17.287000 +CVE-2024-50134,0,1,8f636a39fefc7de81a9be707cac7a0c3cd1d8016b203847bf044a7bbc8f9b285,2024-11-06T18:17:17.287000 +CVE-2024-50135,0,1,9972c5d7d0a24415da6886e35958cd71afe721e86e8ee7698c1a989879f47432,2024-11-06T18:17:17.287000 +CVE-2024-50136,0,1,40bb8c97d67d13b09155ec1ac715e4bea892322feee1818b2971a3e2e4b7911c,2024-11-06T18:17:17.287000 +CVE-2024-50137,0,1,fae36a612306ccff07522242ed28dfbe3426bb745160d8c5c3697571631f8ba4,2024-11-06T18:17:17.287000 +CVE-2024-50138,0,1,f2f80617b10f9b1b6ff737b66b3fba9dd1be4a8f3422b6d4da5d0c72828376d6,2024-11-06T18:17:17.287000 CVE-2024-5014,0,0,a159cfb950f4667dfac650da1dbd95c7b0726154dc655b46619c19dd5e035fa0,2024-08-21T13:36:06.417000 CVE-2024-5015,0,0,57e7561ea7b4a22dc47e95fb948c2e633eea845a4a10c36b8de173108bb8285f,2024-08-21T13:37:02.370000 CVE-2024-5016,0,0,99504ccb587052e75d99d9fcbf07f0a52b025e8122dba2c854727d3b50b1c62e,2024-08-21T13:38:32.480000 @@ -264305,12 +264333,13 @@ CVE-2024-50307,0,0,6d2dcfccb50c0c30fd7d9bda3b36490982da8110db31d087befc4509a1d36 CVE-2024-5031,0,0,5b0fce1eabb88a37a871d927606cb4ca5166c3808ddca60f777848c692bab12e,2024-05-22T12:46:53.887000 CVE-2024-50311,0,0,a911784e609d4ab74e0290e5d915dbb7b1471b8d97b5435937a13bc8c9811bb6,2024-10-30T18:39:40.617000 CVE-2024-50312,0,0,8b68d956a110cf88efd2db7bdd6fdd3dc5b02186497d9ae2cbca0852915a398f,2024-10-30T18:35:56.753000 +CVE-2024-50315,1,1,4cc2faf3d8c489bc195ea9b1b71e3db71fb7f18259f91c4f6bf82e911f7ad06a,2024-11-06T18:15:06.173000 CVE-2024-5032,0,0,e2dd01f18d9397a3c892e6f9436384b2c9baea7d6f6081290ca836f05f0fc527,2024-08-01T13:59:38.540000 CVE-2024-5033,0,0,34cd1f889798bbfeb338d8d711a920994993596df17d9daf9b428477bffed7c1,2024-08-01T13:59:38.730000 -CVE-2024-50332,0,0,c729177f5263a9a2c40bfaf03e77727e0a7c597fa31b1dc7ccb75a316628132f,2024-11-05T19:15:06.623000 -CVE-2024-50333,0,0,6344b6b048ecf25fdf6809996b3c490b62053790bc4640c3fc9aa35b5c505007,2024-11-05T19:15:06.840000 +CVE-2024-50332,0,1,1a42ed8004554770ddf6287db232f683a70aa788adf4f5377695a69da9577e8f,2024-11-06T18:17:17.287000 +CVE-2024-50333,0,1,dec570600936fbd1d13d82c721e514d60fa6e5733b1c9746045163c28aeb4e6b,2024-11-06T18:17:17.287000 CVE-2024-50334,0,0,15b97ca0de89b7422ca1338a576d4ef71067410db416afc03dccd883f0aa73cd,2024-11-01T12:57:35.843000 -CVE-2024-50335,0,0,4b8461bc0cd2e31d3f3bc0c71f5dd83acb059d9965776cd2d9f33bd2d0aa0aba,2024-11-05T19:15:07.060000 +CVE-2024-50335,0,1,d56c49b3f816f27a07e453cd7f51250fd71a85087fc2558a07e34513c66fcd1a,2024-11-06T18:17:17.287000 CVE-2024-5034,0,0,ecc1ebd0e8a7a2aea01c9ce5ac07669525947175e7e55790f4a8e8a0b317bae8,2024-08-01T13:59:38.920000 CVE-2024-50344,0,0,01bf6c563fd2a47d8f1655926ebf620cef86a1d975ff50e33bcc2ca54db6ff27,2024-11-01T12:57:03.417000 CVE-2024-50346,0,0,fb25cbb7b8a23f8bc4a8f048afe511d7d942fe5a9bb027a602dbfa956ec82a3d,2024-11-05T16:04:26.053000 @@ -264437,15 +264466,15 @@ CVE-2024-50510,0,0,c20bcf79645964cfe7d1f097e44f43edf8fcb1f8c86258043a8f25edf3a0b CVE-2024-50511,0,0,d2405bceb5490caa25d48c9eaccd1b135c0f31fb2801d8eda1baf830c34ba921,2024-11-01T12:57:03.417000 CVE-2024-50512,0,0,d3eb5beba15659e24233a17e23ff12b2ae18a8a0e2a2662e84998527ef3378d4,2024-11-01T12:57:03.417000 CVE-2024-5052,0,0,1db4612270fc4085b1cc808dfe93eaa2dc99045707c3296716068fcb2c40c936,2024-05-17T18:35:35.070000 -CVE-2024-50523,0,1,9dc64520b14d8d5fcbb0c8efcb510b29b3e2269a6933f1788aab4d5518713a80,2024-11-06T15:46:32.907000 -CVE-2024-50525,0,1,e457a4e5f2a29e6ea2dab28cfa0e8d818a3a9d2aa36a168e705f164fa4d6dd20,2024-11-06T15:42:52.993000 -CVE-2024-50526,0,0,03a7d9df8f257120dfb13e4d6b00d372da8f716ca3024e20226448de93f04a84,2024-11-04T18:50:05.607000 -CVE-2024-50527,0,0,b40bbc326cd3bb104307caa75aac26386f5b990c97a95e2ad88fd937af33800f,2024-11-04T18:50:05.607000 -CVE-2024-50528,0,0,735185d7fb10e77bade7bb3697db3987e43d0912aefe11cadcd5d03af3be0d8d,2024-11-04T18:50:05.607000 -CVE-2024-50529,0,0,9454ba0143df47276a2a2afdadcf79fd69d6699ca42e671d69642156f7b867e3,2024-11-04T18:50:05.607000 +CVE-2024-50523,0,0,9dc64520b14d8d5fcbb0c8efcb510b29b3e2269a6933f1788aab4d5518713a80,2024-11-06T15:46:32.907000 +CVE-2024-50525,0,0,e457a4e5f2a29e6ea2dab28cfa0e8d818a3a9d2aa36a168e705f164fa4d6dd20,2024-11-06T15:42:52.993000 +CVE-2024-50526,0,1,a38a0e990ccb8f0f5df4c3fd67cc6acb2ad0edab97bd70b44583c49c064fc336,2024-11-06T17:07:02.417000 +CVE-2024-50527,0,1,6eb8801b6392b9232c5e9383943c0eafecf0046409f67ab436e320236953f3aa,2024-11-06T17:06:23.250000 +CVE-2024-50528,0,1,1999852559552e445e528bd0c0cae655d217830c2ad1429553c70302537ec6ec,2024-11-06T17:06:03.840000 +CVE-2024-50529,0,1,575f9a44d1152b0df164fc3f7b58f5425e3a00c3302d62a94d397aedcef7930c,2024-11-06T17:04:57.810000 CVE-2024-5053,0,0,85ba036ea0ce8a641df5f4bb0e9116ce37b7603e5543e179441180f635dd17ca,2024-10-04T16:02:22.037000 -CVE-2024-50530,0,0,63e06adfa4fafa8114bfe1b8a141066c3ff787daf64f4e571e9b63ebb6d24141,2024-11-04T18:50:05.607000 -CVE-2024-50531,0,1,6a1304599f087ca8d0e7c0cd6930e198fee602ac0bb303da7eb267c873904896,2024-11-06T16:34:13.990000 +CVE-2024-50530,0,1,379afb3cd5bb6212bb350d557f04d1566104563b1c4ae420a09ed615234ec789,2024-11-06T17:02:05.543000 +CVE-2024-50531,0,0,6a1304599f087ca8d0e7c0cd6930e198fee602ac0bb303da7eb267c873904896,2024-11-06T16:34:13.990000 CVE-2024-5055,0,0,346404cc585681a2fe5319ad3cd387f2171e7718710adaf135152ad352635ebd,2024-05-17T18:35:35.070000 CVE-2024-50550,0,0,0d2291a684da454f82b0b3876a679625fedb67aa405d9eb4df12eeb34adbbab4,2024-10-29T14:34:04.427000 CVE-2024-5056,0,0,b09a6a74de5b053675f9afc4f104e067ee8a59f791091ecbf85080c4327f1e74,2024-08-23T16:04:14.643000 @@ -264477,6 +264506,7 @@ CVE-2024-5062,0,0,1dce1f93ce1b9242e76ae9cf090eb76ee6afadb656622c6eb5a578a5eb7601 CVE-2024-50623,0,0,71c6fad96d3194eba7d5d7edd081f9ad30cc6decd08744ac71e97f086f12f546,2024-10-30T21:35:11.373000 CVE-2024-50624,0,0,2f6d7cbc06ddd09de063e5bd0feef072f438fbd478c20a099bcf6256ed039f90,2024-10-30T21:35:12.223000 CVE-2024-5063,0,0,3ea00cb3f53084b2393e5a818811e5957f116b348338ce87a59f64292b187a9f,2024-06-04T19:20:57.760000 +CVE-2024-50637,1,1,cc498d094f65cd1f540e40206324339adccd376db55a73143311dba5ebb95a97,2024-11-06T18:17:17.287000 CVE-2024-5064,0,0,d857d2e0ee5316e135c4045ce3a7ab1579933a9b029d66480995681ffcc21c71,2024-06-04T19:20:57.870000 CVE-2024-5065,0,0,0430cc7c42876b1507fe619bbbc6ece1ba2c878f57a5564022a1efa295cd852d,2024-06-04T19:20:57.977000 CVE-2024-5066,0,0,afaa043e18b083dd4b11b301517b086f80728c1a74393b687f88875df4970445,2024-05-20T13:00:34.807000 @@ -264561,12 +264591,12 @@ CVE-2024-5108,0,0,b8eaa0c49e3b7a0772fb8d227eefbcd229b705e71c1ea537a10c0b9ca28950 CVE-2024-5109,0,0,ceb18a5d96497e9a6ac7740a19ad17f4e12924c64b1533f15150f5dd2571e331,2024-06-04T19:20:59.803000 CVE-2024-5110,0,0,97ec9134be0ff29c231012cbb3632c9becbf0944f1a706861520a2aec58057e2,2024-05-20T13:00:04.957000 CVE-2024-5111,0,0,1e1510502a884c6f23b18cee848205aa75aeed3171cb87569d39e4078bf9232b,2024-06-04T19:20:59.907000 -CVE-2024-51115,0,0,7d57383078618fee4ae0108cf1667dcf1a018fa50f269c898af39eb1e6d3a49e,2024-11-05T23:15:04.630000 -CVE-2024-51116,0,0,a69185613b58bd63cc117bdb2656a78d1b7f3343cf1c1787f7a860c81eb8e565,2024-11-05T22:15:21.477000 +CVE-2024-51115,0,1,141fdcdabaf7c1ec8339c92338cf4045ebea4dbb9cb424f39276d597a3da7892,2024-11-06T18:17:17.287000 +CVE-2024-51116,0,1,628a52b9257b50cdd3ccc07e8442fee438bd4b142b1a9d47d166ffcd98ae2965,2024-11-06T18:17:17.287000 CVE-2024-5112,0,0,689c76c95598a2f86ee6cadbc1c25854cf35ada5e2d2725de4638c44d7f73797,2024-06-04T19:21:00.007000 CVE-2024-51127,0,0,af77c41f3e695b35e5d7d2a014102e22ccd34cd96f4a1eb4289d1e174ab59ec8,2024-11-04T18:50:05.607000 CVE-2024-5113,0,0,d52da1935c57c4016d19b1f0658aa6603ac8563b2af10cf87d5ce42568a3ed96,2024-06-04T19:21:00.113000 -CVE-2024-51132,0,0,ffe9cf33ce01da4208f17be1865756fc4a6df2c05043de69eb825a6b1d600406,2024-11-05T17:15:07.310000 +CVE-2024-51132,0,1,c73c0880567b2f4923c35c16509e056884238eb9763dfc090e80ec360fa8dfc2,2024-11-06T18:17:17.287000 CVE-2024-51136,0,0,7fc9563802ba7aef500722f47c3671afa3c604e790b7cd7a69fc81c1b7438afd,2024-11-05T21:35:12.783000 CVE-2024-5114,0,0,51655375bf74d88d0b44bf3106775b49d83b04b179d3446b4a92ffe727b17b66,2024-06-04T19:21:00.217000 CVE-2024-5115,0,0,566281473e2daa2487dd251e202869dc3059aeec07f7c63daa38b65c3bae3de7,2024-06-04T19:21:00.323000 @@ -264581,7 +264611,7 @@ CVE-2024-5121,0,0,98477bc3a7c67683bd43da705ad15db6f590ce85a12aaf89110d94461e6c3b CVE-2024-5122,0,0,b102c5894de9c993bdf361c85aa63dd17cb454ea5ed33d3ad3120a6c50356b5e,2024-06-04T19:21:00.963000 CVE-2024-5123,0,0,c6ee92320f25e8ca50da0e044240269e2ddcb04724d5d630d165dc261fdc83ba,2024-06-04T19:21:01.063000 CVE-2024-5124,0,0,ddf4d98394e08878019bd952c44f2cfd27f047274d82fb0e14f997780f16638c,2024-11-04T11:15:06.937000 -CVE-2024-51240,0,0,24cbf9c00eaa8b8766060fc2321d5c1f065f988582bc5cbec63bdad12062dd8a,2024-11-05T19:15:07.283000 +CVE-2024-51240,0,1,0cc051effd1acf8f19048075d0e9b3b802a2bed7ad602fbce5dbbb944039e4c8,2024-11-06T18:17:17.287000 CVE-2024-51242,0,0,e088a83b7d97849945ef8e4d907ce1041a9c29e696b96e8d85eb2989ae73aa7b,2024-11-01T12:57:03.417000 CVE-2024-51243,0,0,dc9a3bcceef7b79b773664e490e9177d288abe6b5bfadf448f185196016ec54c,2024-11-01T12:57:03.417000 CVE-2024-51244,0,0,1da847cb94e7afadbe7e923335974b45b31004bfdcaa7db1bb1325dae7dc5743,2024-11-05T19:28:09.403000 @@ -264612,24 +264642,24 @@ CVE-2024-51301,0,0,50e23c850160cb1168fecb7636516cc977715139705058d2de9e569c4aa7d CVE-2024-51304,0,0,7a3dee26145f52820ecad3ae3aa1a89e8c75c8ec87878c3a22e391c73ebfd301,2024-11-01T12:57:03.417000 CVE-2024-5131,0,0,9b223a3704656a88e804c16f004e4517a5aad70b85be149c86a7a2071dad5534,2024-11-03T17:15:14.743000 CVE-2024-5132,0,0,1e1b0edf57956ef222afc7fdedc2f2211203f4402428303961b463cfc0ea97cb,2024-06-07T17:15:51.840000 -CVE-2024-51326,0,1,86a38e3ec445ab1743629a943074bd136cc3a19613d33223b8410daa71b7467f,2024-11-06T15:02:12.403000 -CVE-2024-51327,0,1,6dff1d9ddb8570601185ec672ddf11cc5295d3cdce074e30aa360a3024bc5c57,2024-11-06T15:02:55.710000 +CVE-2024-51326,0,0,86a38e3ec445ab1743629a943074bd136cc3a19613d33223b8410daa71b7467f,2024-11-06T15:02:12.403000 +CVE-2024-51327,0,0,6dff1d9ddb8570601185ec672ddf11cc5295d3cdce074e30aa360a3024bc5c57,2024-11-06T15:02:55.710000 CVE-2024-51328,0,0,768f8be19425d8bf4cf9b5b89b937b298b5cc7b18ce12eea5265b64902006bbb,2024-11-04T19:35:16.150000 CVE-2024-51329,0,0,ffd838be6de7a0ab5443624c9246cd93be3f6abb8e199f6e47e2222d3fd24065,2024-11-05T21:35:13.890000 CVE-2024-5133,0,0,ce2c3261ccf7a6af3656f0cd319a645240f50aa81e714a3f3634cc2f14d7c857,2024-10-17T16:41:53.717000 CVE-2024-5134,0,0,58696e79550f0b90695fd0ef5882cdbbda645a91799b45ef9d447d20546faa19,2024-06-04T19:21:01.167000 CVE-2024-5135,0,0,2e8010a5b25d8168b9552f9cffde1de1e433efa7269af046a0453f1985b50c89,2024-05-20T13:00:04.957000 -CVE-2024-51358,0,0,43d73e511f31fb5c522b5c157fa62ee973e6bba81eade18be99972129a911978,2024-11-05T23:15:04.707000 +CVE-2024-51358,0,1,be0f7decc72be7973be0b54dbe7f4f5d0c6692a8b1099b27d3347b7c8184f47f,2024-11-06T18:17:17.287000 CVE-2024-5136,0,0,00acd0d99ac180a457379231db172c8713de0958aea5d4d69a24c44371050460,2024-06-04T19:21:01.267000 -CVE-2024-51362,0,0,d45a6305d6331a4963089bf854a5a335fd84a77eaa69cd35c0d1674b2dec8fea,2024-11-05T17:15:07.383000 +CVE-2024-51362,0,1,bcbc063975bf3048dd48d712ca081615a04100f9004391f80bd5eef1d3b81a06,2024-11-06T18:17:17.287000 CVE-2024-5137,0,0,1c94e90fa849c62df03c5c4f490c71de8dac579e548f5eda16234216f611cd2a,2024-06-04T19:21:01.370000 CVE-2024-51377,0,0,27e24251b8fbb0cd40dc4b3232759f12cbe7946bd501f1e15145c4cb45ca2b57,2024-11-04T21:35:12.543000 CVE-2024-51378,0,0,25041eea06e8de15fb868a226604237e266234c162cafb1c59832cc50427a9bb,2024-11-01T12:57:03.417000 -CVE-2024-51379,0,0,6cac9cc1c1f6b85dfca14d420f508a17ce23bf8839c3c7a860a09f5ccc541138,2024-11-05T19:15:07.373000 +CVE-2024-51379,0,1,2ac9e22a4ada4c046a62bb7cfce4898a690b6639726f7e96ec64275e3571bb6f,2024-11-06T18:17:17.287000 CVE-2024-5138,0,0,47c03094386326d2315f3415dc7d3ef94b00cbe65c94e42ace003fc1a8714791,2024-09-06T20:35:18.950000 -CVE-2024-51380,0,0,97441f06f86a696436c1c7a9f94aa23def23d64bc31b3e01628bf1d6d2d09619,2024-11-05T19:15:07.470000 -CVE-2024-51381,0,0,b8543f48ddf42f6f60b58f58ad2f1a800825fbfedde8e759f6c5347e183bf7c4,2024-11-05T19:15:07.550000 -CVE-2024-51382,0,0,299e5ac2f24c74866ec9493da73a35eb6c4520649d1c671ba56cb2107c805eac,2024-11-05T19:15:07.640000 +CVE-2024-51380,0,1,f14cbfd3bfbc558498abdac43f5bd2dd3434adc287319fdcc829b18876bf6370,2024-11-06T18:17:17.287000 +CVE-2024-51381,0,1,48266fcd3d5d251133da5545339f627c78a1e737b4aff3174668b7c00a6ba1ec,2024-11-06T18:17:17.287000 +CVE-2024-51382,0,1,42c1b3b6f1d85f3d8a1735c587963b50e3a4c8f96ad0e9f865f7fe083c48f82b,2024-11-06T18:17:17.287000 CVE-2024-51398,0,0,bf1065b8a7633fd26fe8d4034a94a303b4ea5c6fbbe5b2babb7e5454f0dc9974,2024-11-05T18:35:17.420000 CVE-2024-51399,0,0,fc9a4f7feccdf87ac1072a742df0a1dc4f133fcfd9c1bf1ed214d196e18abc1b,2024-11-05T18:35:18.260000 CVE-2024-51406,0,0,219f1a907dc34e3139e40d74617f86db24d4b43908c87f25fb1a00f5ef8165d9,2024-11-04T19:35:17.410000 @@ -264656,7 +264686,7 @@ CVE-2024-51482,0,0,bfd63cd113518065a1bebad51613f86054f6e228acaf54013add2bd0a434c CVE-2024-51483,0,0,c5a29f482fccda0bbec81ed3810d60d0c6db87bfa31f80af39598738138d1407,2024-11-01T20:24:53.730000 CVE-2024-5149,0,0,35aba13432990695b4ab26ada33d31578be519ff456b8edf807a15027d0b18f5,2024-06-06T14:15:01.960000 CVE-2024-51492,0,0,f7707382e20ae0a5d0691f1765aba2ab231ce799ae0324009e67aec7e287f95a,2024-11-01T21:15:15.080000 -CVE-2024-51493,0,0,e1910a989dd96425cc88bb1748ed77ed731832eec9a2ce355741d156865abf6d,2024-11-05T19:15:07.730000 +CVE-2024-51493,0,1,905ca061a7e2249944cb0aec37c9054b75e237343bc05a733cf47492ea8f9f1d,2024-11-06T18:17:17.287000 CVE-2024-51498,0,0,a215c64a461c357224f24d4e16a3f3f3214ac081278e197bc9556945ad303f5e,2024-11-05T16:04:26.053000 CVE-2024-5150,0,0,af277f2642e60b6f0769d64573990279b6b64286b8d76d1359b09a52e223643b,2024-05-29T13:02:09.280000 CVE-2024-51500,0,0,42c2a285903076a2664ebb01d93e2fe7be0196e6180cfa0174e85e23f0ae008b,2024-11-05T16:04:26.053000 @@ -264698,12 +264728,12 @@ CVE-2024-51558,0,0,a77ea5523c72e594fcc04a4ffd32e7543c28774ad7dad1bb59369369d2e3c CVE-2024-51559,0,0,c67bedfc7d7a4c2ba774f93c80aec83ca69ade0ef57eca0543a1b55b832734bb,2024-11-04T18:50:05.607000 CVE-2024-5156,0,0,15fe916f4b576f7b7dc0d841e2e4a8f8e08add666a82cde7e5fe7e09d48d907a,2024-06-20T16:07:50.417000 CVE-2024-51560,0,0,9f02ceb8504d368daba1c91c898aa5843478addd73c9ec30709d112c4db8e01d,2024-11-04T18:50:05.607000 -CVE-2024-51561,0,1,d71b2d828707663b98815777acaed98461639611e766153c60c99f137da7ec5c,2024-11-06T15:59:22.287000 +CVE-2024-51561,0,0,d71b2d828707663b98815777acaed98461639611e766153c60c99f137da7ec5c,2024-11-06T15:59:22.287000 CVE-2024-51567,0,0,fb22eca2665672d2aff69a30826055432e216f3624d9c34f21d445174b67e450,2024-11-01T12:57:03.417000 CVE-2024-51568,0,0,ef96c64ab696ce1dd0f4d9f421838b3895b55219506da5bc264e22e1b5e0e5b2,2024-11-01T12:57:03.417000 CVE-2024-5157,0,0,24d31b037c5fbef35f77d9be746cd537f78e6f1e98b9c21955d97a62fe59949f,2024-07-03T02:08:34.407000 CVE-2024-5158,0,0,b58e7eaee1d1dd9c5e85390b8596c36aa736d240ceb0715ad1a8e256309daea1,2024-09-15T19:35:04.757000 -CVE-2024-51582,0,1,9c6a2abc6ff39ea954384c7b38779cdbe6d44511f3a75194c8ab9223c55c709b,2024-11-06T15:47:13.077000 +CVE-2024-51582,0,0,9c6a2abc6ff39ea954384c7b38779cdbe6d44511f3a75194c8ab9223c55c709b,2024-11-06T15:47:13.077000 CVE-2024-5159,0,0,6487690749e64572084b0b1ffb84b7950e8b682c3129ca3d21d0dbc204e9ec91,2024-10-25T19:35:15.010000 CVE-2024-5160,0,0,761bdadb9ac3f89d156978519ca326c5704c62592c7f03e703ecc7e802a865d7,2024-07-03T02:08:36.807000 CVE-2024-5161,0,0,f120c7db938e25c7983d6c400da502880d5ffbc93ab4e5e05351c3fca8fbd038,2024-07-24T17:54:42.387000 @@ -264730,18 +264760,18 @@ CVE-2024-5171,0,0,dd574bf92e93c62d270c5e3b0cb384556e01dba1d43a5b9db2a02845fa564c CVE-2024-5172,0,0,b469524ff2309ced9aec08b056578c23e8b8b5248adb8fcea2b38cb214c81275,2024-07-05T14:05:48.213000 CVE-2024-5173,0,0,e808cbd0ff507575dfa32503bcc3a2123c9461298f1a4a4ef8cd294367da6464,2024-06-26T12:44:29.693000 CVE-2024-51734,0,0,1cd13d8635d39c437cbb33b350735ec8f4fced2309825670ef2275f584df030b,2024-11-05T20:35:26.167000 -CVE-2024-51735,0,0,dd1ffb4a73ba6b503950d246654094844886001f9fd2dd80ad386e2411f391d9,2024-11-05T19:15:07.947000 -CVE-2024-51739,0,0,d3dd929ee094e338b0af0a7bb8ab359b1df31f17d433e2cc20fd707858511c01,2024-11-05T18:15:16.547000 -CVE-2024-51740,0,0,63ab0a9837340ecfe7231594863d330b3d03ab4c9bd41de9b2b1a474fa17a257,2024-11-05T19:15:08.087000 +CVE-2024-51735,0,1,4d68a755141918a79130284871e942292c9f37924aba0b94103b08a16b1df114,2024-11-06T18:17:17.287000 +CVE-2024-51739,0,1,ee203b09953b612bf98226788bae2c648a3d93de0cc3326880af2a364d5bb790,2024-11-06T18:17:17.287000 +CVE-2024-51740,0,1,8049b8be1065b4b8406a50a1cfde4cf3f6d43a64ebf12ea9e23c06d353369d55,2024-11-06T18:17:17.287000 CVE-2024-51744,0,0,df641a1b86566e97bb7074f2d337c50f51346569211bd554409b057e4c4da639,2024-11-05T16:04:26.053000 -CVE-2024-51745,0,0,27b7e9c926c43bd52736ccdf71fbe999d626d2c3c901c395be7513b504f467ca,2024-11-05T22:15:21.643000 -CVE-2024-51746,0,0,1548101a8f7f9c4f0f70be5b3afa808e21ae174f698dfdbded4b94a3cd10e0d4,2024-11-05T19:15:08.300000 -CVE-2024-51752,0,0,627fc984a3c910231de32e5a66e36c4e3dc9dcf223c95ee18b6c922c07170da1,2024-11-05T20:15:15.167000 -CVE-2024-51753,0,0,9adbc9c06ea5759fc7e78e207de0653d4fa8ecadaa2d79f6e86841213ad0fc90,2024-11-05T20:15:15.300000 -CVE-2024-51756,0,0,3544a0f112e00fcdb968e28d3a7e100c7fbf96969d2fad4c625c4c77ae3ebbef,2024-11-05T22:15:21.817000 +CVE-2024-51745,0,1,37db28606ad10f651e6f62f94e51def5fb50b1cfae8314bc96328b8b65ad324b,2024-11-06T18:17:17.287000 +CVE-2024-51746,0,1,3cd98a267aedbbeeb4ad193a68e5bacd0a1a46a62f6ccca5880e9520a47fbe14,2024-11-06T18:17:17.287000 +CVE-2024-51752,0,1,e4bd7dfff09e294fe713d9b76aba7fd50689256bee0d75d076093e0fe4805888,2024-11-06T18:17:17.287000 +CVE-2024-51753,0,1,bf33e866ff4adcdc8169c4272817d8f4f57258218421ea7cafddbf38a1c6e30a,2024-11-06T18:17:17.287000 +CVE-2024-51756,0,1,7e7db3439c4e45c36bf53dc70dbe779b982ce3f3056b8757e470dab737dd37ba,2024-11-06T18:17:17.287000 CVE-2024-5176,0,0,095b03ddd1cdcd739bbe8693b41d7d6e416f60f9815e0be55e0b3850508434d9,2024-06-05T15:15:12.620000 CVE-2024-5177,0,0,4596ccdb96b84f0f6003dc91187b58acc558e0743564be9aa6ad28db4e46749c,2024-05-24T01:15:30.977000 -CVE-2024-51774,0,0,6b9ad01ae39e28e730652b71db4c41fab661cbf3a8f11904f5f832a6412e27be,2024-11-04T14:27:25.593000 +CVE-2024-51774,0,1,669a599ada079f107ff827e67143f083d374e9861d23daa36ef167763e62d529,2024-11-06T17:35:41.767000 CVE-2024-5178,0,0,bd0c2f144426314e1167d96790d03a45b87cc8b4eeec82d66437d8c03cef924c,2024-07-11T22:15:02.467000 CVE-2024-5179,0,0,ea665152b8c9953ad6e84eb904f7eac78af7e075a45f2a4da51451b13f6b9cb3,2024-10-09T16:57:08.317000 CVE-2024-5181,0,0,bbf6825e1d5f360a1a58b67dff2bf4d85afbf0a93fef4d4bb8dfd7975bcf0e60,2024-06-26T12:44:29.693000 @@ -264782,7 +264812,7 @@ CVE-2024-52029,0,0,6604d73dfa925d8021d81d835bc825971fe44d6336112cf5acceb9e667d92 CVE-2024-5203,0,0,e867d44b31fa735ecaef1844aba382841138e742c9b7e957e6089969316cab00,2024-09-13T11:15:10.197000 CVE-2024-52030,0,0,f299083111a88bfbb33be7c61ad60009afd7ae12eaace08cfe4a696ed0f18397,2024-11-05T16:35:58.320000 CVE-2024-5204,0,0,87eb5b753d379a1bd1ef79b260f2b73c84b7ff9a4b79082cf351323e04c98a6d,2024-05-29T13:02:09.280000 -CVE-2024-52043,0,0,859d4f4abcedc8c9ef85b33b2c7674856fa86630e56c2d00d7aba51640447ec1,2024-11-06T11:15:04.140000 +CVE-2024-52043,0,1,6b6b2ad5477820bd40293c1accbc34d447ceee1ad5e162fa1db3e9ff6960d998,2024-11-06T18:17:17.287000 CVE-2024-5205,0,0,4921ed356d4f56252ffbf3c608cb3301846a77ee8cc9c08ec7f0a543467e385d,2024-05-24T13:03:11.993000 CVE-2024-5206,0,0,b3f524211e1d68f8da056248f629dbe7f435bd9f6a2b4ba4133bd7fb2ec50998,2024-10-24T19:48:31.637000 CVE-2024-5207,0,0,181dd5a561a1ca6cee33a4a5369908472f122edb94b0d0fa7d6cd5b5e2958e5a,2024-05-30T13:15:41.297000 @@ -265128,7 +265158,7 @@ CVE-2024-5574,0,0,e718295307eca06b04fb56f70dfb8daf0ce4b10163936e86fc3b21a6f71a44 CVE-2024-5575,0,0,1d8c4bc7bfefa9359f03236311a531b02997d0972adc424dea9dbc344e7a3ded,2024-08-01T13:59:54.197000 CVE-2024-5576,0,0,fb4e227ac1bca19b4b9b0346951bcae4e9457605b7b3160f8ccda6cb8cea0d35,2024-08-20T15:44:20.567000 CVE-2024-5577,0,0,5dd16baf94f18e7abae39f40d89c75af3dba9492f2b1af50e3d8516c5413b1e4,2024-06-17T12:42:04.623000 -CVE-2024-5578,0,1,803e49e4a519ffa70762c0109940488b122b9f91097cc2e07b82deb54f350de3,2024-11-06T15:44:19.040000 +CVE-2024-5578,0,0,803e49e4a519ffa70762c0109940488b122b9f91097cc2e07b82deb54f350de3,2024-11-06T15:44:19.040000 CVE-2024-5582,0,0,3868d6c914880d2428453bd960a7aeb89cb5bb99f0fc09b9de444e14a34c6012,2024-07-19T16:05:10.290000 CVE-2024-5583,0,0,ade347dd1ad43ece826c5e86f2da2c910a5ba35590f61bd781f2121412e26d71,2024-09-27T00:47:36.233000 CVE-2024-5584,0,0,7705ff7ae1b4fd1342d12756cedf379ac85bb5a3b8398b6b986f5e220e43afde,2024-06-11T13:54:12.057000 @@ -265283,7 +265313,7 @@ CVE-2024-5760,0,0,84cde3c23d2d2e368735b1ee1e1e7d1f39f88e3f7859decf6fc372d134ed6f CVE-2024-5761,0,0,1fdad964c86313b412878f67fac5999c9a1ea015b844614bc58b000414661a53,2024-06-07T19:15:24.467000 CVE-2024-5762,0,0,d5bc2d8a653cdaa83874769146506405c53a3f453aeae45d89ba66c89c40de90,2024-08-23T16:43:19.497000 CVE-2024-5763,0,0,d5febd3ba0b5169f42bc622129fe03814ec411b220c3b4a777b37231365ea7a6,2024-09-03T20:31:30.480000 -CVE-2024-5764,0,1,01457adff20c2851b9d629a9fae6ddbe513a970349a8b48fd15e40abaf9a90e4,2024-11-06T16:41:00.277000 +CVE-2024-5764,0,0,01457adff20c2851b9d629a9fae6ddbe513a970349a8b48fd15e40abaf9a90e4,2024-11-06T16:41:00.277000 CVE-2024-5765,0,0,79117abfade54ce3ab13d72bbbbedb2fc58ed3797b29d0ebf953e2abb4b24073,2024-08-01T13:59:59.193000 CVE-2024-5766,0,0,c4b2a7095ab67585b1893996d05df089aec00266a42f0775d299cc926148917f,2024-11-01T13:44:29.343000 CVE-2024-5767,0,0,8d9d357fa8f1e1cae5533e88ea0736375963b6a4fbe13fa9a151a36ba280f19a,2024-07-09T16:23:07.280000 @@ -266031,7 +266061,7 @@ CVE-2024-6611,0,0,102d605bb189ea442954feec50cbc1b79d4cb5728b389bfc836cc71d32e19f CVE-2024-6612,0,0,d34a2e10bc1c43655aa28f997fd8d7918b9d5919fcfded6bd9a7bc48a40520a0,2024-07-16T18:15:09.667000 CVE-2024-6613,0,0,2c9248a7ca42e8738ab702e9dc188d19870d6e260e6ad7403e7b1f4010624eaa,2024-07-16T18:15:09.747000 CVE-2024-6614,0,0,7b1ab431dd00d0b77013ef22ffc7ae9ad28e8d90c8eb9568e6ea3ce7f8df225d,2024-10-29T20:35:39.450000 -CVE-2024-6615,0,1,db73149dfefe469331b6c7671268581e0622a12ecb0de49c8c38a3fe2726edd5,2024-11-06T15:35:19.120000 +CVE-2024-6615,0,0,db73149dfefe469331b6c7671268581e0622a12ecb0de49c8c38a3fe2726edd5,2024-11-06T15:35:19.120000 CVE-2024-6617,0,0,5909931dadcbc2469c78c33ae14eaaff085d3be701252e008f4f95589a185469,2024-09-27T21:28:35.543000 CVE-2024-6618,0,0,e35778534e5c89186065378dfc4e3df4bed15c4f9d7950adea6d3cb891d47959,2024-08-14T02:07:05.410000 CVE-2024-6619,0,0,f3a91e3a6a10b3f4f501b46572779a0f05e320927845dcf9e15b84cacb4a9100,2024-08-14T02:07:05.410000 @@ -266039,7 +266069,7 @@ CVE-2024-6620,0,0,64e06f08829405566592b044b4a90e5d81b7212d27ff82e69e11d8e82efebd CVE-2024-6621,0,0,71019530e7c55904f5b2394b1c9d479065b5c59dd563b9ca2f648901520dca49,2024-08-07T22:17:37.553000 CVE-2024-6624,0,0,d641d0598d5f0d62f69b2f0bb30153f1263b9aa17a64dd7567b42517a1bc6027,2024-07-12T16:51:31.487000 CVE-2024-6625,0,0,b913737eefce9f28c47dc537f0edd398b1eeb297cd2eb30c69b59c3401317130,2024-07-12T12:49:07.030000 -CVE-2024-6626,0,0,9bc5629ba2658e002809168c70b22a775c928df854a0d9c0557a6d7b940b37b2,2024-11-06T07:15:04.460000 +CVE-2024-6626,0,1,65e5d6b86f35f385f30a8828970b635c174b92d1b17c2700b563091b24eb940d,2024-11-06T18:17:17.287000 CVE-2024-6627,0,0,c1ab91b855386d03fb23ec47d7ea95469618609ded94a66bedffee95371608e8,2024-07-29T14:12:08.783000 CVE-2024-6629,0,0,e7fb6a99ed3ad0ead40ca75ee8e19034c6248a18a082e5cb8e8eaa0368a38b0a,2024-08-14T19:26:41.113000 CVE-2024-6630,0,0,7742b604143993a9d769b9ab9c3e5aab85337a51e6772bb186961af80d29fee2,2024-07-10T18:15:05.407000 @@ -266221,7 +266251,7 @@ CVE-2024-6853,0,0,bfc770724a0cf755cd219c2fcd6258a625eb83bca7472f15162225f6a8c2c1 CVE-2024-6855,0,0,747d35631c84525ad9c2f1282cefb607972b06ed8ec8bcfcc6cf90db5747a736,2024-09-11T16:21:38.833000 CVE-2024-6856,0,0,19b5d479e1e69973e8f497d2ae00f38aea8ffd7644169a9718f707450440aae4,2024-09-11T16:20:45.503000 CVE-2024-6859,0,0,5a84bd798224932fef849d8b4793f644b651b362a6172317aad467bf1bad3991,2024-09-11T16:19:18.517000 -CVE-2024-6861,1,1,32d06f12cb246101fac9c89ba831a5bb5edce16f28cd1ce5e35dbdf9a670fcdc,2024-11-06T15:15:20.187000 +CVE-2024-6861,0,1,314cf52e1bceec4bfa3d7c50fb27ed38d7472e968b12b542f08309921098668a,2024-11-06T18:17:17.287000 CVE-2024-6862,0,0,073f5a8c1f8e2bec8087db878aed60d70af4b3c11209547716a8f3a82485e7e6,2024-09-19T18:37:20.910000 CVE-2024-6864,0,0,469a0ad039e39ca71e90d0d65b529134e06346783388106a10d2fa7d0b356379,2024-09-03T20:22:16.433000 CVE-2024-6865,0,0,cb8e3c3258edaecfb2408f04adfa69a3419179f287cf4fd0248689bfb8e952c7,2024-08-05T14:15:34.847000 @@ -266709,7 +266739,7 @@ CVE-2024-7452,0,0,9b0d7a5910a43cd09bce0b4f25c71bf821fcb49ab8aff5df5dd61e0e89344b CVE-2024-7453,0,0,f2c4667c8170dc75e7077d140353e4eeaf477c703ac59ccb9e7527c380af5025,2024-08-20T15:50:32.013000 CVE-2024-7454,0,0,4712572b581c0f95ec507820dd6ae54db95b8cd6f012b1428bd88c89e3f08a9e,2024-09-07T12:56:42.300000 CVE-2024-7455,0,0,601db2e3c344f8919ac22403f9206b02f1ef01887e912751e702c2d237802e62,2024-08-29T02:57:57.903000 -CVE-2024-7456,0,1,9ce89058ee164db318c20e54ca808dbecadc265326f88d8a022606d442901121,2024-11-06T15:45:58.993000 +CVE-2024-7456,0,0,9ce89058ee164db318c20e54ca808dbecadc265326f88d8a022606d442901121,2024-11-06T15:45:58.993000 CVE-2024-7458,0,0,2c9d4dd630ee9d646df3107c9eafd0e6cad217e61388b41410f8713d27f85974,2024-08-06T17:12:28.250000 CVE-2024-7459,0,0,53c79cef732ccbff6adb36bb342854abc83915346c054d98b70903c7c6347372,2024-08-06T17:14:16.667000 CVE-2024-7460,0,0,d48d1421ea3ce9fda403f952725d01106181045f180d1b45462656996088205d,2024-08-06T17:19:25.597000 @@ -267056,10 +267086,10 @@ CVE-2024-7869,0,0,82563860e96b853488a742e0621cb13c9d5e162d563b05569e214e530009e5 CVE-2024-7870,0,0,2836216d393e794b4828cb37dfdee043bfdf58d1b6ab4bb6d4918022aecdc961,2024-10-07T12:29:19.203000 CVE-2024-7871,0,0,d47ede6ca23d1578a9b705a8257da890832c1e69392e6414a190c6fb054ce14f,2024-09-04T17:34:14.630000 CVE-2024-7873,0,0,206d8282726d748a6a41b367b674a966213f9d6e3053dc261b740ef29ffe8ab7,2024-09-20T12:30:51.220000 -CVE-2024-7876,0,1,418e778940cf36c6f7e6078b70d86315614007666b7ea0a8bc25c85e567b15ea,2024-11-06T15:42:37.723000 -CVE-2024-7877,0,1,dce2620877837bcc0dca592338bde1c9c5eec5ebfb08768a28ba3c2724236802,2024-11-06T15:42:19.343000 +CVE-2024-7876,0,0,418e778940cf36c6f7e6078b70d86315614007666b7ea0a8bc25c85e567b15ea,2024-11-06T15:42:37.723000 +CVE-2024-7877,0,0,dce2620877837bcc0dca592338bde1c9c5eec5ebfb08768a28ba3c2724236802,2024-11-06T15:42:19.343000 CVE-2024-7878,0,0,1d855258734eb9301ec3064cb052aacfe2a08aa75ea8a20fdcb8aa8f30181ac0,2024-10-02T17:41:44.133000 -CVE-2024-7879,0,1,99f06761da8801848f6738511f6ce1759c8e25b5a40ff10bfae8f0381d0b2904,2024-11-06T16:35:22.967000 +CVE-2024-7879,0,1,5601310bab32c84a1e3bb5570938b6febfd0ace49dd9b8bc2f0b84fa27f77423,2024-11-06T18:17:17.287000 CVE-2024-7883,0,0,a3a2b3516fa75baae0f9793ea599317aaafd583c850715f7d93bc13d6d1cd9ad,2024-11-01T12:57:03.417000 CVE-2024-7884,0,0,785c516d1dabe55fa31f7695706ba6a05f994a8f8d63c46081a0777ad4e173ab,2024-09-12T20:47:13.387000 CVE-2024-7885,0,0,e2150db115995e6873d7f6cbf78400b2118c17b58478683565f8b50d49fc70e9,2024-10-07T21:15:19.217000 @@ -267159,7 +267189,7 @@ CVE-2024-7991,0,0,03ae63d5b1351d9a8557d683ec6834f72775d9da4330f4a2a082e876e3f19b CVE-2024-7992,0,0,3b26e0e196b81cc5be7af125c16773e816453e267f4f880c3177869fe0f38928,2024-11-01T16:26:35.113000 CVE-2024-7993,0,0,f5d8ce4e740e416affd8e0aa81b49c04864f17ee770befacf4a96c4d9988583c,2024-10-21T18:27:01.950000 CVE-2024-7994,0,0,5869f45b11df8c023b86ee171f284a639849bded2dfdba799d5d6a2b878c2a64,2024-10-21T18:35:55.397000 -CVE-2024-7995,0,0,35050503aa899863683da70f14ca4a722edfe3b311124daff1ef38a8dea51f59,2024-11-05T20:15:15.423000 +CVE-2024-7995,0,1,9b722cec7fe5ddfbfa2ed97d7d4fe0f5947f1a72064ec24ff3d88276777efbc5,2024-11-06T18:17:17.287000 CVE-2024-7998,0,0,8aa3505a1b6ed462573d7b65c55c5633ff88a81168885ae03bec6b1db69a2167,2024-08-21T12:30:33.697000 CVE-2024-8003,0,0,1eb6cc8bd16248d54ed281136e233da0a723cb74879af6e3337c9532a3caf8e1,2024-08-21T15:51:28.397000 CVE-2024-8004,0,0,6053860c0b4fdc62f3a7122a051813b35afd677f12aaae8780fae160750aa789,2024-09-04T14:56:46.947000 @@ -267385,7 +267415,7 @@ CVE-2024-8319,0,0,19bee7e43deb1719502aef7eb4c05b0fb28cffea0ae04999821f01ddbcc0e2 CVE-2024-8320,0,0,67cff6908a40f6de0a5d55f45cee63784fe7b54f56159b5877dcd792142b0c2f,2024-09-12T21:51:58.960000 CVE-2024-8321,0,0,595129502821252825346a9a34e636ff1fd5806e1274bb50a0e529e9f41ab2d6,2024-09-12T21:53:22.677000 CVE-2024-8322,0,0,b55b95a67ef7974aa4139f663f04b216243350777f41a8ecf84d71c9fac2a097,2024-09-12T21:56:43.673000 -CVE-2024-8323,0,0,0a66f0e3aab58990309e48663c03dc2633a4a535de200e9eda5e5207e3256957,2024-11-06T12:15:03.950000 +CVE-2024-8323,0,1,0104f3d1edc4ac897f940afdb48ef970b121b41a7e158df9deac5484ae1c0f03,2024-11-06T18:17:17.287000 CVE-2024-8324,0,0,6518d473c1aa4b475f6dfda0657752435a4222117c73b6cdc744a1f3e192bfb0,2024-10-04T13:51:25.567000 CVE-2024-8325,0,0,7621afb4d5f72b3f894f792bb62b31b3ae60fff1ef7fb199ef11a396c0bd3fb4,2024-10-07T12:37:58.740000 CVE-2024-8327,0,0,6596679653e59e232d9a636653bb7ef76ebcd0b7674f3704360634000a96dff3,2024-09-04T17:11:23.533000 @@ -267608,8 +267638,8 @@ CVE-2024-8609,0,0,abc618d0d5885aaa0308adb05d31ead671e5c2779c8ca59665e4b82717c05b CVE-2024-8610,0,0,9284b474db1beea95bd52a2a34ba37d6ccf26129d36f3b91404a653005c49f87,2024-09-17T18:48:12.130000 CVE-2024-8611,0,0,3d63bb09edc11ef6327fe857dfe381551fd3ed233dd119eaa741dce3b9b25e8e,2024-09-18T17:24:34.163000 CVE-2024-8612,0,0,7904070a64ce6b0c617a391de31eeccb03d9f0e9421f89781a9fa23b513c6a78,2024-09-26T13:32:55.343000 -CVE-2024-8614,0,0,36d1a1a6b42d05cf143ff042294b3caf5c79ff490927e6ae08fa5f0482d90b52,2024-11-06T09:15:04.520000 -CVE-2024-8615,0,0,9e20a5031c3889cbee6ecf8ab74840d66fe4ef84481de4b0e133f0ea5f1fba9c,2024-11-06T09:15:04.773000 +CVE-2024-8614,0,1,1db7c9c6f644970c171909265e74667256ec6266a325319004a6d93b18f39a41,2024-11-06T18:17:17.287000 +CVE-2024-8615,0,1,3e079ada3f124a51ec5993ffaac8f9058f1853696b23eb3c968658b7bddb7a37,2024-11-06T18:17:17.287000 CVE-2024-8621,0,0,da11617ee187bea39361c3e736358efdd8e000970ca04e836eaac8c5eeb75dea,2024-10-02T16:10:27.313000 CVE-2024-8622,0,0,3dd68829fc11e22f0c21c42ebfb82eece7f179bcaa47d99ccdf324ecdb81f1e2,2024-09-26T14:59:27.770000 CVE-2024-8623,0,0,b38d11e5ea040f7d1c1df76eb8b329847342918d3746a88d315f2eac79041136,2024-09-26T16:46:28.590000 @@ -267923,7 +267953,7 @@ CVE-2024-9104,0,0,f385a86c4e79d8e7c230b3abab8efa50d3fc3e822b1c69d01886fe4dbcd67c CVE-2024-9105,0,0,0cdbd87fc1daf91e234d9d55d0a069fe1f153017fe382631f31d8e30d345615f,2024-10-16T16:38:14.557000 CVE-2024-9106,0,0,e27db71c396a4ccaf2c72a333395893b81bc19abafa7c4f380f448da576e2d26,2024-10-04T13:51:25.567000 CVE-2024-9108,0,0,a5bd0d20b10740e2633e894f79cde5eedf60bb1d894cbb8ab0abf2750035a6b9,2024-10-04T13:51:25.567000 -CVE-2024-9109,0,0,92ffc81317d04a5f58ae681583509b482d53f08c836f7e996194793f616d35bb,2024-10-25T12:56:07.750000 +CVE-2024-9109,0,1,ec61dc2450c54fef95e338be24d5065a8347a8851153518ae87fc77bce29b565,2024-11-06T17:18:48.363000 CVE-2024-9110,0,0,1a461867668dc133a20a6da6763cb89c61062d9d68bd15e880bd01b64cd8f13f,2024-11-01T12:57:03.417000 CVE-2024-9115,0,0,1c4e70138ee9590ca65c2e328b29e5a87d064a3f49c7286913d14c3952d00fc4,2024-10-01T13:47:25.403000 CVE-2024-9116,0,0,6ad6ee3b57ea62c4d5b3e8fc83d1f8a6dcbcd94ec854a42b3db11ddd2d087efb,2024-10-28T13:58:09.230000 @@ -267947,7 +267977,7 @@ CVE-2024-9142,0,0,143ad6ae744fa593642be06138ba59f5a3ac64fb0a6f22e5d0ade004fddfc1 CVE-2024-9143,0,0,72af6f2ce64369da19b732394a82c347f40298441d275f9835e3a379d1574e5a,2024-10-18T12:53:04.627000 CVE-2024-9145,0,0,666aa1000539c0391187e882757d18372cd0bce4cc6b153bd670793f8325f34a,2024-10-04T13:51:25.567000 CVE-2024-9146,0,0,dd225bf1435696d6b519369d4a8422b91a9f46c7eecd30c6fd592ac6ec22d53f,2024-10-07T17:48:28.117000 -CVE-2024-9147,0,1,3a33a718467f731b72e0f69a04f8eda797545eaeb470c9e7e9e76f15b66ec5e3,2024-11-06T15:53:59.983000 +CVE-2024-9147,0,0,3a33a718467f731b72e0f69a04f8eda797545eaeb470c9e7e9e76f15b66ec5e3,2024-11-06T15:53:59.983000 CVE-2024-9148,0,0,54e87e3f2b6f69d5080b11c080fcfce17264899c6147cd6032f168b6e8923e92,2024-09-30T17:34:12.760000 CVE-2024-9155,0,0,e7852dec1d1a0cf6fb02c65df23cf83432ff26399350f16bb6b49f28f4d3005e,2024-09-30T12:46:20.237000 CVE-2024-9156,0,0,a219412140ed669efa4745f4f28cc6c7900dfc19ec3ad1e09069c0d323d2ba8e,2024-10-15T14:40:45.093000 @@ -268042,7 +268072,7 @@ CVE-2024-9302,0,0,9de4e700962fe1bd854a6484dbbc0b4e296d1fb8e2431e70c82506d2214283 CVE-2024-9304,0,0,f4e2b697051bb54ba85260a74446cf2ab04e7ed5a9a99551a585b1547839152d,2024-10-04T13:51:25.567000 CVE-2024-9305,0,0,9356de917540d014bb0920dd5c70c4a746534e64b108e65259378d7cd6bc9209,2024-10-16T16:38:14.557000 CVE-2024-9306,0,0,ac26ad903bb36889edec0c6ea9a2822945801fec7c4fdd4634c75606f4fc1bfd,2024-10-08T16:25:29.877000 -CVE-2024-9307,0,0,22fb7f78e295a5cf9ceda6548400f276f3ea321034a9e77ba2a6b1d7d1e77f01,2024-11-06T07:15:04.717000 +CVE-2024-9307,0,1,02792e0e4133c71b30a91f94b0a45b88cbe6e3834fa4bdd18e452f0533d871d6,2024-11-06T18:17:17.287000 CVE-2024-9312,0,0,65fdcc0be3189c3ff0a528696e09ee6d93e5e818e1f4d380b9150324071206f9,2024-10-15T12:58:51.050000 CVE-2024-9313,0,0,8eab8e6a12fcb7dddda62f8c34fd34d547229d6ef4cec2e38f61189642da0e5f,2024-10-04T13:50:43.727000 CVE-2024-9314,0,0,00d364d543c4cb2126acf6cc95de2d0f1b151f0a7217d33f64bbbac89a01f5f5,2024-10-07T17:48:28.117000 @@ -268139,7 +268169,7 @@ CVE-2024-9454,0,0,e0a54a80b6d0251ef607f4148add63a26c7f5ec0cd907194ef73988f726f48 CVE-2024-9455,0,0,70bc73495623b6fab8931499505a6be70a8937392cffccc260a57663b280a262,2024-10-07T17:48:28.117000 CVE-2024-9456,0,0,32e971f93ac67b7dc136ac73dad60b7dab2a314c3fc73b1f49c543da51c18681,2024-10-28T13:58:09.230000 CVE-2024-9457,0,0,9e423d4cda70891a0b74c4852459db88bd5163f875d32e19ac8dac4b758e8eeb,2024-10-15T14:23:57.307000 -CVE-2024-9459,0,1,1fbdede460e96050e57c7e9c9e816080ef38c79a77a32c58edefa452d0fd7056,2024-11-06T15:29:04.917000 +CVE-2024-9459,0,0,1fbdede460e96050e57c7e9c9e816080ef38c79a77a32c58edefa452d0fd7056,2024-11-06T15:29:04.917000 CVE-2024-9460,0,0,d6ff22c922d7573d861145a9f9c7a3aa2a44b6806bef76282f2615732b02479a,2024-10-08T14:33:42.703000 CVE-2024-9462,0,0,da874134bd4c6d4628ad3a17d1671b7f5c2018935fed477a57fc0d0990ff5d0e,2024-10-28T13:58:09.230000 CVE-2024-9463,0,0,833fbe5400df3e16652b73757d66400db6c2e58ea10075ce0e9e52ee535a69f7,2024-10-15T15:05:25.997000 @@ -268217,7 +268247,7 @@ CVE-2024-9573,0,0,58c75dd5695e86f3dd5971604e3d0b5f4fa9518dd900d56e54c2dcc37c5c33 CVE-2024-9574,0,0,a60670a65a4470a80e62c618e77fec3e5e5071e32e3c874874eb23f89671df72,2024-10-08T18:45:13.147000 CVE-2024-9575,0,0,902a179ba291c73f1ff19f974c0569ed05c8dbb3d8914c4f7409455feb2bd5d7,2024-10-14T08:15:02.970000 CVE-2024-9576,0,0,7a96a155cd09492144b259aa00c523497a7aeb66fdb84ed492d68f7654aa3880,2024-10-07T17:47:48.410000 -CVE-2024-9579,0,0,4555926f845627c67044cd8f8e5abfea5268b63fc6990d830c85b9bfa9402c20,2024-11-05T17:15:07.667000 +CVE-2024-9579,0,1,167ee6e9b251f0f97c79ffb7928bfa8f969038a5eeb63f16d36452b47b30c5f5,2024-11-06T18:17:17.287000 CVE-2024-9581,0,0,fb1d34fab9f94525003a0f26c830b830dcb7b4bdc92dd8a95590c26db891e7c3,2024-10-15T14:28:35.283000 CVE-2024-9582,0,0,6ec198135418f168eaebdeafd2e2fe73c3f44201fb3d949937a7b4e70c974bf6,2024-10-16T16:38:14.557000 CVE-2024-9583,0,0,04369671dcdc0ba41b402439013a80918f2a6c5ddfb5fc47088dd1f892929f97,2024-10-25T16:28:17.497000 @@ -268270,10 +268300,10 @@ CVE-2024-9675,0,0,37422127447344bf3ed37f2b97cceac689d57dfe308b187cd608d9922ee098 CVE-2024-9676,0,0,5106efc260335d5b89c81a279b45ed1786fc4f7066f6e2ce2194ea92536797d7,2024-11-06T10:15:05.683000 CVE-2024-9677,0,0,944e049c847e061867c66e6b586a0cd99260b04bc2e2059d736567bf47cae00c,2024-10-23T15:12:34.673000 CVE-2024-9680,0,0,db0e4e19e09673238ffe3dfbb8e95974e9346a75b4fd6d9319c03e5970bb644e,2024-10-16T15:07:36.123000 -CVE-2024-9681,0,0,49632cbd9cae711bd8beda2a509c30d59e3f243f8fc7985b3a523f3199c17a7c,2024-11-06T08:15:03.740000 +CVE-2024-9681,0,1,5184b45d0c5be56c6e66f5f4d21584d3fd220046fb9bac6604ac868b54d81bd8,2024-11-06T18:17:17.287000 CVE-2024-9683,0,0,a648737766df3deb74ddc86e7dcd00883598b7b3c943d9054e11451b5f185407,2024-10-18T12:52:33.507000 CVE-2024-9685,0,0,a93c724a8b2ee6ce4a46c54a35028c939ad55b1fb441a5b479f473edc57de420,2024-10-15T14:30:00.483000 -CVE-2024-9686,0,1,8a91e1ae5070fa70337820c934475166fa3e061411ab7464abf260ed961a0668,2024-11-06T16:19:04.333000 +CVE-2024-9686,0,0,8a91e1ae5070fa70337820c934475166fa3e061411ab7464abf260ed961a0668,2024-11-06T16:19:04.333000 CVE-2024-9687,0,0,ae8c4791dae243694c67044fa0088a221548cce6d43bc08144a537d590a79ff2,2024-10-17T21:11:14.197000 CVE-2024-9689,0,0,b432e79c2cee48f627788f25456c3c20a5780eae75d8c6f5d4e4334afcdc67c5,2024-11-05T16:36:00.010000 CVE-2024-9692,0,0,6637a78c6a5a322d069f0f0384d674a49925fbfbbf719ba95a3af042d35fdc19,2024-10-25T12:56:07.750000 @@ -268350,7 +268380,7 @@ CVE-2024-9868,0,0,59a2aba846ee436405b49879e5b0c69be3ddd01e601615061714bd006d4f2a CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000 CVE-2024-9873,0,0,54e1b937a83aa8c512a9ce3ab381594073150b73716fb01cf60c5f6e4db0c415,2024-10-16T16:38:14.557000 CVE-2024-9878,0,0,5422198cd269edc0ee3b7f216da99125e9e9e49bf52d5ede38b6a55027753940,2024-11-05T16:04:26.053000 -CVE-2024-9883,0,0,4d07128348612ad3e67ef73f504d9c703af44b6bf7164a044ac9d0c630fbd4a2,2024-11-05T16:36:00.220000 +CVE-2024-9883,0,1,3d8bffa6f00f1635d66365d71fac3209d831583acb3bbea648179300cb3b5f9b,2024-11-06T17:32:17.477000 CVE-2024-9884,0,0,757f98f3275a3bf4e9b1e819bb018e139225ae1ebee044e7c027a7c44897e089,2024-11-01T12:57:03.417000 CVE-2024-9885,0,0,eba2ae86e119460d513882eefada4208486dcdf1501994be9aa95d7bb726e2cd,2024-11-01T12:57:03.417000 CVE-2024-9886,0,0,2d0240a7ec94642b6f1f1ed4572b40ffdd3dbdf8ae33aee8a7b267be1166a129,2024-11-01T12:57:03.417000 @@ -268366,7 +268396,7 @@ CVE-2024-9896,0,0,09339b3269859e496224a4ee93cb949746eeb659cdbf7ff07d2c92a00e93ed CVE-2024-9897,0,0,c000f038202bbdf161648c8f1d74fa0a88aad69aa13c730474d96a3fd2473014,2024-11-01T15:27:56.797000 CVE-2024-9898,0,0,34647a8f54872789fb9d153b7e32e611f940664cb6907ab09e4df7e32cdaa8ba,2024-10-18T12:52:33.507000 CVE-2024-9899,0,0,6c76ba1fcc7597d7958a7e74c7de009221352c8fe34414d847a1d4d85ee09e27,2024-10-23T21:15:15.050000 -CVE-2024-9902,0,0,7b1b9e06adc7e03882eae99ab4498fcaa7dc2330b24a66f60eb7ab4877ede92a,2024-11-06T10:15:06.200000 +CVE-2024-9902,0,1,8a0202848b8c7f7e072473e318f653c58c24d4bccf807cec92e70b0347f2927e,2024-11-06T18:17:17.287000 CVE-2024-9903,0,0,244e0ad624c75743e190bc7da6a1b45fe195aaf738d59f8decfde97c8722448f,2024-10-15T12:57:46.880000 CVE-2024-9904,0,0,b8f5bdf1fde920247f061f9c3939c42469f53e3148abd589ac11ba36d4728079,2024-10-15T12:57:46.880000 CVE-2024-9905,0,0,09e20420cf063b331c2f2444287faaf461bdb42e483d150bc77bc6c327c543d3,2024-10-16T22:12:18.153000 @@ -268393,13 +268423,13 @@ CVE-2024-9930,0,0,2e94c1b1c2d8f47dab5a0085f731b617edc3eb172311f1bc2011ba2b1f6ff8 CVE-2024-9931,0,0,4f99602a22e228cc69b801ddff8bd876efec1042ee86fb7a5c3c9f1dd271a722,2024-10-28T13:58:09.230000 CVE-2024-9932,0,0,8a190221d1ff5cf55bd50d44ac85bae930613a4d1f53087f12b10cdd4dba5757,2024-10-28T13:58:09.230000 CVE-2024-9933,0,0,98d3817270b49f8a3306f52253709f2dd1831527ba3d2429bf8c82695141e455,2024-10-28T13:58:09.230000 -CVE-2024-9934,0,1,384376e802bbe95f3d3612792f3652623ceb6e3fdaae1e2734ed44e91a6a8ded,2024-11-06T16:35:23.160000 -CVE-2024-9936,0,0,9b9410743fe1ca2f5a844c24ad20043ec989ced54414fa626e93bdc74b6425ff,2024-10-15T12:57:46.880000 +CVE-2024-9934,0,1,6c9699e32fd3b33a577f551ec288ec7eeb811b43db7ed80ffc7c14ab7b49b826,2024-11-06T18:17:17.287000 +CVE-2024-9936,0,1,e24713274a06b54c6fb1a28ab183fd20a2323a432a191511c12e0c56155c7d8b,2024-11-06T17:35:42.870000 CVE-2024-9937,0,0,4e7ae54d6a9c5099857ac0a66ba44c96220fc2ab3e1844c918c371d4dbb6d38d,2024-10-16T16:38:14.557000 CVE-2024-9940,0,0,0591f213f2bec6924fef18017d23419024c9c5bdc4c598c1e0fd80a492ebb13b,2024-10-18T12:53:04.627000 CVE-2024-9943,0,0,2b1bd0bf17ad8265b1c648445115c5e7c1a49eb398158e5a8ef4b45ea9c6d38b,2024-10-25T12:56:07.750000 CVE-2024-9944,0,0,0b8e9f26d6b78f71e8a64eb7650f72f57e1c6a31a17ce0fafe5b6b8377b71371,2024-10-17T20:47:35.817000 -CVE-2024-9946,0,0,dd31e55b0781c8a141d6e7b93b89d44847765b242fff084b09fb097b0e5cdb45,2024-11-06T07:15:04.977000 +CVE-2024-9946,0,1,d86f0be3f61dab42af6da9b822bf5e8fe192af05377135caf2f4b99a63447764,2024-11-06T18:17:17.287000 CVE-2024-9947,0,0,88ec45aa6bd99a52db1c3f2ce1757c1650b55146fad6304733cc20a8df4a46b2,2024-10-25T16:53:12.867000 CVE-2024-9949,0,0,7baff7b9a9118e82abe3afe4a5ae476b8e56ff4f2cbd456d4ba563053750f9b6,2024-10-25T12:56:07.750000 CVE-2024-9951,0,0,5d941c75af8c4072e469beaa1d6ae2855b0ca23ecdce87314ecd326f6a54014a,2024-10-18T12:52:33.507000