Auto-Update: 2024-11-06T19:00:21.748867+00:00

2025-06-19 17:31:42 +00:00 · 2024-11-06 19:03:22 +00:00 · 2024-11-06 19:03:22 +00:00 · 9dc793f03e
commit 9dc793f03e
parent e4b71ed046
225 changed files with 4946 additions and 747 deletions
--- a/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json
+++ b/CVE-2020/CVE-2020-118xx/CVE-2020-11859.json
@ -2,8 +2,8 @@
  "id": "CVE-2020-11859",
  "sourceIdentifier": "security@opentext.com",
  "published": "2024-11-06T14:15:04.963",
-  "lastModified": "2024-11-06T14:15:04.963",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2021/CVE-2021-471xx/CVE-2021-47126.json
+++ b/CVE-2021/CVE-2021-471xx/CVE-2021-47126.json
@ -2,7 +2,7 @@
  "id": "CVE-2021-47126",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-03-15T21:15:07.357",
-  "lastModified": "2024-03-17T22:38:29.433",
+  "lastModified": "2024-11-06T17:35:01.970",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,42 @@
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ipv6: Correcci\u00f3n KASAN: slab-out-of-bounds Leer en fib6_nh_flush_exceptions Reportado por syzbot: HEAD commit: 90c911ad Merge tag 'fixes' de git://git.kernel.org /pub/scm.. \u00e1rbol git: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git enlace del panel maestro: https://syzkaller.appspot.com/bug? extid=123aa35098fd3c000eb7 compilador: Debian clang versi\u00f3n 11.0.1-2 ===================================== ============================= ERROR: KASAN: losa fuera de los l\u00edmites en fib6_nh_get_excptn_bucket net/ipv6/route.c: 1604 [en l\u00ednea] ERROR: KASAN: losa fuera de los l\u00edmites en fib6_nh_flush_exceptions+0xbd/0x360 net/ipv6/route.c:1732 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffff8880145c78f8 por la tarea syz-executor.4/17760 CPU: 0 PID : 17760 Comm: syz-executor.4 No contaminado 5.12.0-rc8-syzkaller #0 Seguimiento de llamadas:  __dump_stack lib/dump_stack.c:79 [en l\u00ednea] dump_stack+0x202/0x31e lib/dump_stack.c:120 print_address_description +0x5f/0x3b0 mm/kasan/report.c:232 __kasan_report mm/kasan/report.c:399 [en l\u00ednea] kasan_report+0x15c/0x200 mm/kasan/report.c:416 fib6_nh_get_excptn_bucket net/ipv6/route.c:1604 [en l\u00ednea] fib6_nh_flush_exceptions+0xbd/0x360 net/ipv6/route.c:1732 fib6_nh_release+0x9a/0x430 net/ipv6/route.c:3536 fib6_info_destroy_rcu+0xcb/0x1c0 net/ipv6/ip6_fib.c:174 rcu_do_batch kernel /rcu/ tree.c:2559 [en l\u00ednea] rcu_core+0x8f6/0x1450 kernel/rcu/tree.c:2794 __do_softirq+0x372/0x7a6 kernel/softirq.c:345 invoke_softirq kernel/softirq.c:221 [en l\u00ednea] __irq_exit_rcu+0x22c/0x260 kernel/softirq.c:422 irq_exit_rcu+0x5/0x20 kernel/softirq.c:434 sysvec_apic_timer_interrupt+0x91/0xb0 arch/x86/kernel/apic/apic.c:1100  asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/ include/asm/idtentry.h:632 RIP: 0010:lock_acquire+0x1f6/0x720 kernel/locking/lockdep.c:5515 C\u00f3digo: f6 84 24 a1 00 00 00 02 0f 85 8d 02 00 00 f7 c3 00 02 00 00 49 bd 00 00 00 00 00 fc ff df 74 01 fb 48 c7 44 24 40 0e 36 e0 45 &lt;4b&gt; c7 44 3d 00 00 00 00 00 4b c7 44 3d 09 00 00 00 00 43 c7 44 3d RSP: 0018:ffffc90009e06560 EFLAGS: 00000206 RAX: 1ffff920013c0cc0 RBX: 0000000000000246 RCX: dffffc0000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000 000000 RBP: ffffc90009e066e0 R08: dffffc0000000000 R09: ffffbfff1f992b1 R10: ffffbfff1f992b1 R11: 00000000000000000 R12: 0000000000000000 R13: dffff c0000000000 R14: 0000000000000000 R15: 1ffff920013c0cb4 rcu_lock_acquire+ 0x2a/0x30 include/linux/rcupdate.h:267 rcu_read_lock include/linux/rcupdate.h:656 [en l\u00ednea] ext4_get_group_info+0xea/0x340 fs/ext4/ext4.h:3231 text4_mb_prefetch+0x123/0x5d0 fs/ext4/mballoc. c:2212 ext4_mb_regular_allocator+0x8a5/0x28f0 fs/ext4/mballoc.c:2379 ext4_mb_new_blocks+0xc6e/0x24f0 fs/ext4/mballoc.c:4982 ext4_ext_map_blocks+0x2be3/0x7210 fs/ext4/extents.c :4238 text4_map_blocks+0xab3/0x1cb0 fs/ext4/inode.c:638 text4_getblk+0x187/0x6c0 fs/ext4/inode.c:848 text4_bread+0x2a/0x1c0 fs/ext4/inode.c:900 text4_append+0x1a4/0x360 fs/ext4/namei.c: 67 ext4_init_new_dir+0x337/0xa10 fs/ext4/namei.c:2768 ext4_mkdir+0x4b8/0xc00 fs/ext4/namei.c:2814 vfs_mkdir+0x45b/0x640 fs/namei.c:3819 ovl_do_mkdir fs/overlayfs/over layfs.h: 161 [en l\u00ednea] ovl_mkdir_real+0x53/0x1a0 fs/overlayfs/dir.c:146 ovl_create_real+0x280/0x490 fs/overlayfs/dir.c:193 ovl_workdir_create+0x425/0x600 fs/overlayfs/super.c:788 ovl_make_workdir+0 fijo/ 0x1140 fs/overlayfs/super.c:1355 ovl_get_workdir fs/overlayfs/super.c:1492 [en l\u00ednea] ovl_fill_super+0x39ee/0x5370 fs/overlayfs/super.c:2035 mount_nodev+0x52/0xe0 fs/super.c:1413 Legacy_get_tree +0xea/0x180 fs/fs_context.c:592 vfs_get_tree+0x86/0x270 fs/super.c:1497 do_new_mount fs/namespace.c:2903 [en l\u00ednea] path_mount+0x196f/0x2be0 fs/namespace.c:3233 do_mount fs/namespace .c:3246 [en l\u00ednea]---truncado---"
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/09870235827451409ff546b073d754a19fd17e2e",
--- a/CVE-2021/CVE-2021-474xx/CVE-2021-47443.json
+++ b/CVE-2021/CVE-2021-474xx/CVE-2021-47443.json
@ -2,7 +2,7 @@
  "id": "CVE-2021-47443",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-22T07:15:09.570",
-  "lastModified": "2024-05-22T12:46:53.887",
+  "lastModified": "2024-11-06T17:35:03.030",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: NFC: digital: corrige una posible p\u00e9rdida de memoria en digital_tg_listen_mdaa() Los 'params' se asignan en digital_tg_listen_mdaa(), pero no est\u00e1n libres cuando falla digital_send_cmd(), lo que provocar\u00e1 una p\u00e9rdida de memoria. Solucionelo liberando 'params' si falla la devoluci\u00f3n de digital_send_cmd()."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/3f2960b39f22e26cf8addae93c3f5884d1c183c9",
--- a/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json
+++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20918.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-20918",
  "sourceIdentifier": "security@android.com",
  "published": "2023-07-13T00:15:23.317",
-  "lastModified": "2023-07-25T18:02:46.967",
+  "lastModified": "2024-11-06T17:35:20.907",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -45,6 +45,16 @@
          "value": "NVD-CWE-Other"
        }
      ]
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ]
    }
  ],
  "configurations": [
--- a/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json
+++ b/CVE-2023/CVE-2023-209xx/CVE-2023-20942.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-20942",
  "sourceIdentifier": "security@android.com",
  "published": "2023-07-13T00:15:23.363",
-  "lastModified": "2023-07-25T17:42:56.930",
+  "lastModified": "2024-11-06T17:35:21.643",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -45,6 +45,16 @@
          "value": "NVD-CWE-noinfo"
        }
      ]
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ]
    }
  ],
  "configurations": [
--- a/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json
+++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21238.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-21238",
  "sourceIdentifier": "security@android.com",
  "published": "2023-07-13T00:15:23.457",
-  "lastModified": "2023-07-25T18:01:59.637",
+  "lastModified": "2024-11-06T17:35:22.390",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -45,6 +45,16 @@
          "value": "NVD-CWE-Other"
        }
      ]
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ]
    }
  ],
  "configurations": [
--- a/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json
+++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21239.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-21239",
  "sourceIdentifier": "security@android.com",
  "published": "2023-07-13T00:15:23.503",
-  "lastModified": "2023-07-25T18:02:14.360",
+  "lastModified": "2024-11-06T17:35:23.130",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -45,6 +45,16 @@
          "value": "NVD-CWE-Other"
        }
      ]
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ]
    }
  ],
  "configurations": [
--- a/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json
+++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21246.json
@ -2,8 +2,8 @@
  "id": "CVE-2023-21246",
  "sourceIdentifier": "security@android.com",
  "published": "2023-07-13T00:15:23.727",
-  "lastModified": "2023-07-25T16:16:17.067",
+  "lastModified": "2024-11-06T18:35:00.933",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -45,6 +45,16 @@
          "value": "CWE-754"
        }
      ]
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-273"
        }
      ]
    }
  ],
  "configurations": [
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29116.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29116.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29116",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:15.307",
-  "lastModified": "2024-11-05T16:15:15.307",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Under certain conditions, through a request directed to the Waybox Enel X web management application, information like Waybox OS version or service configuration details could be obtained."
    },
    {
      "lang": "es",
      "value": " En determinadas condiciones, a trav\u00e9s de una solicitud dirigida a la aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X, se podr\u00eda obtener informaci\u00f3n como la versi\u00f3n del sistema operativo Waybox o detalles de configuraci\u00f3n del servicio."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29117.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29117.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29117",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:15.543",
-  "lastModified": "2024-11-05T16:15:15.543",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Waybox Enel X web management API authentication could be bypassed and provide administrator\u2019s privileges over the Waybox system."
    },
    {
      "lang": "es",
      "value": " La autenticaci\u00f3n de la API de gesti\u00f3n web de Waybox Enel X podr\u00eda omitirse y proporcionar privilegios de administrador sobre el sistema Waybox."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29118.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29118.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29118",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:15.760",
-  "lastModified": "2024-11-05T16:15:15.760",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Waybox Enel X web management application could execute arbitrary requests on the internal database via\u00a0/admin/versions.php."
    },
    {
      "lang": "es",
      "value": " La aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X podr\u00eda ejecutar solicitudes arbitrarias en la base de datos interna a trav\u00e9s de /admin/versions.php."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29119.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29119.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29119",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:15.983",
-  "lastModified": "2024-11-05T16:15:15.983",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Waybox Enel X web management application could execute arbitrary requests on the internal database via\u00a0/admin/dbstore.php."
    },
    {
      "lang": "es",
      "value": "La aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X podr\u00eda ejecutar solicitudes arbitrarias en la base de datos interna a trav\u00e9s de /admin/dbstore.php."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29120.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29120.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29120",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:16.190",
-  "lastModified": "2024-11-05T16:15:16.190",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Waybox Enel X web management application could be used to execute arbitrary OS commands and provide administrator\u2019s privileges over the Waybox system."
    },
    {
      "lang": "es",
      "value": " La aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X podr\u00eda usarse para ejecutar comandos arbitrarios del sistema operativo y proporcionar privilegios de administrador sobre el sistema Waybox."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29121.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29121.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29121",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:16.377",
-  "lastModified": "2024-11-05T16:15:16.377",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Waybox Enel TCF Agent service could be used to get administrator\u2019s privileges over the Waybox system."
    },
    {
      "lang": "es",
      "value": " El servicio Waybox Enel TCF Agent se puede utilizar para obtener privilegios de administrador en el sistema Waybox."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29122.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29122.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29122",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:16.577",
-  "lastModified": "2024-11-05T16:15:16.577",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Under certain conditions, access to service libraries is granted to account they should not have access to."
    },
    {
      "lang": "es",
      "value": " Bajo ciertas condiciones, se concede acceso a las librer\u00edas de servicios a cuentas a las que no deber\u00edan tener acceso."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29125.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29125.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29125",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:16.770",
-  "lastModified": "2024-11-05T16:15:16.770",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A heap buffer overflow could be triggered by sending a specific packet to TCP port 7700."
    },
    {
      "lang": "es",
      "value": " Se podr\u00eda provocar un desbordamiento de b\u00fafer de almacenamiento din\u00e1mico al enviar un paquete espec\u00edfico al puerto TCP 7700."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-291xx/CVE-2023-29126.json
+++ b/CVE-2023/CVE-2023-291xx/CVE-2023-29126.json
@ -2,13 +2,17 @@
  "id": "CVE-2023-29126",
  "sourceIdentifier": "cve@asrg.io",
  "published": "2024-11-05T16:15:16.950",
-  "lastModified": "2024-11-05T16:15:16.950",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication."
    },
    {
      "lang": "es",
      "value": " La aplicaci\u00f3n de gesti\u00f3n web Waybox Enel X contiene una vulnerabilidad de tipo PHP que puede permitir un proceso de fuerza bruta y bajo ciertas condiciones omitir la autenticaci\u00f3n."
    }
  ],
  "metrics": {
--- a/CVE-2023/CVE-2023-375xx/CVE-2023-37563.json
+++ b/CVE-2023/CVE-2023-375xx/CVE-2023-37563.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-37563",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2023-07-13T03:15:09.927",
-  "lastModified": "2023-08-18T10:15:10.483",
+  "lastModified": "2024-11-06T18:35:04.220",
  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
@ -45,6 +45,16 @@
          "value": "NVD-CWE-noinfo"
        }
      ]
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-922"
        }
      ]
    }
  ],
  "configurations": [
--- a/CVE-2023/CVE-2023-458xx/CVE-2023-45860.json
+++ b/CVE-2023/CVE-2023-458xx/CVE-2023-45860.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-45860",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-16T10:15:08.080",
-  "lastModified": "2024-02-16T13:37:51.433",
+  "lastModified": "2024-11-06T17:35:24.870",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,42 @@
      "value": "En Hazelcast Platform hasta 5.3.4, existe un problema de seguridad dentro de la asignaci\u00f3n SQL para el conector de origen de archivos CSV. Este problema surge de una verificaci\u00f3n inadecuada de permisos, que podr\u00eda permitir que clientes no autorizados accedan a datos de archivos almacenados en el sistema de archivos de un miembro."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/hazelcast/hazelcast/pull/25348",
--- a/CVE-2023/CVE-2023-525xx/CVE-2023-52571.json
+++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52571.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-52571",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-03-02T22:15:49.257",
-  "lastModified": "2024-03-04T13:58:23.447",
+  "lastModified": "2024-11-06T17:35:25.707",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: power: Supply: rk817: reparar la fuga de recuento de nodos Dan Carpenter informa que la advertencia del verificador est\u00e1tico Smatch encontr\u00f3 que hay otra fuga de recuento en la funci\u00f3n de sonda. Si bien of_node_put() se agreg\u00f3 en una de las rutas de retorno, de hecho deber\u00eda agregarse para TODAS las rutas de retorno que devuelven un error y en el momento de eliminar el controlador."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.1,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.2
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/488ef44c068e79752dba8eda0b75f524f111a695",
--- a/CVE-2023/CVE-2023-526xx/CVE-2023-52687.json
+++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52687.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-52687",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-17T15:15:19.810",
-  "lastModified": "2024-05-17T18:35:35.070",
+  "lastModified": "2024-11-06T17:35:25.900",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: safexcel - A\u00f1adir manejo de errores para llamadas a dma_map_sg() La macro dma_map_sg() puede devolver 0 en caso de error. Este parche permite realizar comprobaciones en caso de fallo de la macro y garantiza la eliminaci\u00f3n de la asignaci\u00f3n de b\u00faferes previamente asignados con dma_unmap_sg(). Encontrado por el Centro de verificaci\u00f3n de Linux (linuxtesting.org) con la herramienta de an\u00e1lisis est\u00e1tico SVACE."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/4c0ac81a172a69a7733290915276672787e904ec",
--- a/CVE-2023/CVE-2023-526xx/CVE-2023-52699.json
+++ b/CVE-2023/CVE-2023-526xx/CVE-2023-52699.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-52699",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-19T11:15:47.507",
-  "lastModified": "2024-11-04T13:16:47.650",
+  "lastModified": "2024-11-06T17:35:26.090",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: sysv: no llame a sb_bread() con pointers_lock retenido syzbot informa suspensi\u00f3n en contexto at\u00f3mico en el sistema de archivos SysV [1], porque sb_bread() se llama con rw_spinlock retenido. Un error \"write_lock(&amp;pointers_lock) =&gt; read_lock(&amp;pointers_lock) deadlock\" y un error \"sb_bread() with write_lock(&amp;pointers_lock)\" fueron introducidos por \"Reemplazar BKL para bloqueo de cadena con sysvfs-private rwlock\" en Linux 2.5.12. Luego, \"[PATCH] err1-40: correcci\u00f3n de bloqueo de sysvfs\" en Linux 2.6.8 solucion\u00f3 el error anterior moviendo el bloqueo pointers_lock a las personas que llaman, pero en su lugar introdujo un error \"sb_bread() con read_lock(&amp;pointers_lock)\" (que hizo que esto problema m\u00e1s f\u00e1cil de abordar). Al Viro sugiri\u00f3 que por qu\u00e9 no hacer lo que hace get_branch()/get_block()/find_shared() en el sistema de archivos Minix. Y hacer eso es casi una reversi\u00f3n de \"[PATCH] err1-40: correcci\u00f3n de bloqueo de sysvfs\", excepto que get_branch() de find_shared() se llama sin write_lock(&amp;pointers_lock)."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/13b33feb2ebddc2b1aa607f553566b18a4af1d76",
--- a/CVE-2023/CVE-2023-528xx/CVE-2023-52862.json
+++ b/CVE-2023/CVE-2023-528xx/CVE-2023-52862.json
@ -2,7 +2,7 @@
  "id": "CVE-2023-52862",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-21T16:15:23.150",
-  "lastModified": "2024-05-21T16:53:56.550",
+  "lastModified": "2024-11-06T17:35:26.283",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,42 @@
      "value": " En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: drm/amd/display: corrige la desreferencia del puntero null en el mensaje de error. Este parche corrige una desreferencia del puntero null en el mensaje de error que se imprime cuando el Display Core (DC) no se inicializa. El mensaje original incluye el n\u00famero de versi\u00f3n del DC, que no est\u00e1 definido si el DC no est\u00e1 inicializado."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 4.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/0c3601a2fbfb265ce283651480e30c8e60459112",
--- a/CVE-2024/CVE-2024-01xx/CVE-2024-0134.json
+++ b/CVE-2024/CVE-2024-01xx/CVE-2024-0134.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-0134",
  "sourceIdentifier": "psirt@nvidia.com",
  "published": "2024-11-05T19:15:05.203",
-  "lastModified": "2024-11-05T19:15:05.203",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. The name and location of the files cannot be controlled by an attacker. A successful exploit of this vulnerability might lead to data tampering."
    },
    {
      "lang": "es",
      "value": " NVIDIA Container Toolkit y NVIDIA GPU Operator para Linux contienen una vulnerabilidad de UNIX en la que una imagen de contenedor especialmente manipulada puede provocar la creaci\u00f3n de archivos no autorizados en el host. El nombre y la ubicaci\u00f3n de los archivos no pueden ser controlados por un atacante. Una explotaci\u00f3n exitosa de esta vulnerabilidad podr\u00eda provocar la manipulaci\u00f3n de datos."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-100xx/CVE-2024-10020.json
+++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10020.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-10020",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-06T07:15:03.377",
-  "lastModified": "2024-11-06T07:15:03.377",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.1.35. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, if they have access to the email and the user does not have an already-existing account for the service returning the token. An attacker cannot authenticate as an administrator by default, but these accounts are also at risk if authentication for administrators has explicitly been allowed via the social login."
    },
    {
      "lang": "es",
      "value": "El complemento de WordPress Heateor Social Login para WordPress es vulnerable a la omisi\u00f3n de la autenticaci\u00f3n en todas las versiones hasta la 1.1.35 incluida. Esto se debe a que el token de inicio de sesi\u00f3n social no verifica lo suficiente el usuario que devuelve. Esto hace posible que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, si tienen acceso al correo electr\u00f3nico y el usuario no tiene una cuenta ya existente para el servicio que devuelve el token. Un atacante no puede autenticarse como administrador de forma predeterminada, pero estas cuentas tambi\u00e9n corren riesgo si se ha permitido expl\u00edcitamente la autenticaci\u00f3n para administradores a trav\u00e9s del inicio de sesi\u00f3n social."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-100xx/CVE-2024-10028.json
+++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10028.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-10028",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-06T00:15:13.000",
-  "lastModified": "2024-11-06T00:15:13.000",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.13 via the exposed process stats file during the backup process. This makes it possible for unauthenticated attackers to obtain an archive file name and download the site's backup."
    },
    {
      "lang": "es",
      "value": "El complemento Everest Backup \u2013 WordPress Cloud Backup, Migration, Restore &amp; Cloning Plugin para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.2.13 incluida a trav\u00e9s del archivo de estad\u00edsticas del proceso expuesto durante el proceso de copia de seguridad. Esto permite que atacantes no autenticados obtengan un nombre de archivo y descarguen la copia de seguridad del sitio."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-100xx/CVE-2024-10081.json
+++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10081.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10081",
  "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
  "published": "2024-11-06T15:15:11.480",
-  "lastModified": "2024-11-06T15:15:11.480",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-100xx/CVE-2024-10082.json
+++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10082.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10082",
  "sourceIdentifier": "85b1779b-6ecd-4f52-bcc5-73eac4659dcf",
  "published": "2024-11-06T15:15:11.760",
-  "lastModified": "2024-11-06T15:15:11.760",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-100xx/CVE-2024-10084.json
+++ b/CVE-2024/CVE-2024-100xx/CVE-2024-10084.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-10084",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-05T22:15:20.680",
-  "lastModified": "2024-11-05T22:15:20.680",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Contact Form 7 \u2013 Dynamic Text Extension plugin for WordPress is vulnerable to Basic Information Disclosure in all versions up to, and including, 4.5 via the CF7_get_post_var shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract the titles and text contents of private and password-protected posts, they do not own."
    },
    {
      "lang": "es",
      "value": " El complemento Contact Form 7 \u2013 Dynamic Text Extension para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n b\u00e1sica en todas las versiones hasta la 4.5 incluida a trav\u00e9s del c\u00f3digo corto CF7_get_post_var. Esto permite que atacantes autenticados, con acceso de nivel de colaborador o superior, extraigan los t\u00edtulos y el contenido de texto de publicaciones privadas y protegidas con contrase\u00f1a que no son de su propiedad."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json
+++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10168.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10168",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-06T12:15:03.400",
-  "lastModified": "2024-11-06T12:15:03.400",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json
+++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10186.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10186",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-06T13:15:03.163",
-  "lastModified": "2024-11-06T13:15:03.163",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json
+++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10318.json
@ -0,0 +1,100 @@
 {
  "id": "CVE-2024-10318",
  "sourceIdentifier": "f5sirt@f5.com",
  "published": "2024-11-06T17:15:13.680",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they can force the session to associate it with the attacker-controlled account, leading to potential misuse of the victim's session."
    }
  ],
  "metrics": {
    "cvssMetricV40": [
      {
        "source": "f5sirt@f5.com",
        "type": "Secondary",
        "cvssData": {
          "version": "4.0",
          "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "attackRequirements": "NONE",
          "privilegesRequired": "NONE",
          "userInteraction": "ACTIVE",
          "vulnerableSystemConfidentiality": "LOW",
          "vulnerableSystemIntegrity": "LOW",
          "vulnerableSystemAvailability": "NONE",
          "subsequentSystemConfidentiality": "NONE",
          "subsequentSystemIntegrity": "NONE",
          "subsequentSystemAvailability": "NONE",
          "exploitMaturity": "NOT_DEFINED",
          "confidentialityRequirements": "NOT_DEFINED",
          "integrityRequirements": "NOT_DEFINED",
          "availabilityRequirements": "NOT_DEFINED",
          "modifiedAttackVector": "NOT_DEFINED",
          "modifiedAttackComplexity": "NOT_DEFINED",
          "modifiedAttackRequirements": "NOT_DEFINED",
          "modifiedPrivilegesRequired": "NOT_DEFINED",
          "modifiedUserInteraction": "NOT_DEFINED",
          "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
          "modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
          "modifiedVulnerableSystemAvailability": "NOT_DEFINED",
          "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
          "modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
          "modifiedSubsequentSystemAvailability": "NOT_DEFINED",
          "safety": "NOT_DEFINED",
          "automatable": "NOT_DEFINED",
          "recovery": "NOT_DEFINED",
          "valueDensity": "NOT_DEFINED",
          "vulnerabilityResponseEffort": "NOT_DEFINED",
          "providerUrgency": "NOT_DEFINED",
          "baseScore": 5.1,
          "baseSeverity": "MEDIUM"
        }
      }
    ],
    "cvssMetricV31": [
      {
        "source": "f5sirt@f5.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5
      }
    ]
  },
  "weaknesses": [
    {
      "source": "f5sirt@f5.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-384"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://my.f5.com/manage/s/article/K000148232",
      "source": "f5sirt@f5.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-105xx/CVE-2024-10501.json
+++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10501.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10501",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-10-30T01:15:03.107",
-  "lastModified": "2024-11-01T12:57:03.417",
+  "lastModified": "2024-11-06T17:20:32.857",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -61,6 +61,26 @@
      }
    ],
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
@ -120,22 +140,55 @@
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://flowus.cn/share/95cc2cb9-7ab2-4eba-969f-f836fac1deb4?code=G8A6P3",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://vuldb.com/?ctiid.282441",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ]
    },
    {
      "url": "https://vuldb.com/?id.282441",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://vuldb.com/?submit.427398",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
 }
--- a/CVE-2024/CVE-2024-105xx/CVE-2024-10502.json
+++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10502.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10502",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-10-30T01:15:03.377",
-  "lastModified": "2024-11-01T12:57:03.417",
+  "lastModified": "2024-11-06T17:20:59.217",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -61,6 +61,26 @@
      }
    ],
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      },
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
@ -120,22 +140,55 @@
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:esafenet:cdg:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "94F213FF-17EB-4B99-9621-80792AD14A74"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://flowus.cn/share/f1f8c6bd-057f-406b-9421-ab6cee169980?code=G8A6P3",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://vuldb.com/?ctiid.282442",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required",
        "VDB Entry"
      ]
    },
    {
      "url": "https://vuldb.com/?id.282442",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    },
    {
      "url": "https://vuldb.com/?submit.427399",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ]
    }
  ]
 }
--- a/CVE-2024/CVE-2024-105xx/CVE-2024-10535.json
+++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10535.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-10535",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-06T07:15:03.880",
-  "lastModified": "2024-11-06T07:15:03.880",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Video Gallery for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the remove_unused_thumbnails() function in all versions up to, and including, 1.31. This makes it possible for unauthenticated attackers to delete thumbnails in the video-wc-gallery-thumb directory."
    },
    {
      "lang": "es",
      "value": "El complemento Video Gallery for WooCommerce para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n remove_unused_thumbnails() en todas las versiones hasta la 1.31 incluida. Esto permite que atacantes no autenticados eliminen miniaturas en el directorio video-wc-gallery-thumb."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-105xx/CVE-2024-10543.json
+++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10543.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-10543",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-06T07:15:04.160",
-  "lastModified": "2024-11-06T07:15:04.160",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Tumult Hype Animations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the hypeanimations_getcontent function in all versions up to, and including, 1.9.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve animation information."
    },
    {
      "lang": "es",
      "value": "El complemento Tumult Hype Animations para WordPress es vulnerable al acceso no autorizado a los datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n hypeanimations_getcontent en todas las versiones hasta la 1.9.14 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, recuperen informaci\u00f3n de las animaciones."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-106xx/CVE-2024-10647.json
+++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10647.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-10647",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-06T02:15:15.930",
-  "lastModified": "2024-11-06T02:15:15.930",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WS Form LITE \u2013 Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.9.244. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link."
    },
    {
      "lang": "es",
      "value": "El complemento WS Form LITE \u2013 Drag &amp; Drop Contact Form Builder for WordPress para WordPress es vulnerable a ataques de Cross-Site Scripting reflejado debido al uso de remove_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 1.9.244 incluida. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json
+++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10715.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10715",
  "sourceIdentifier": "security@wordfence.com",
  "published": "2024-11-06T11:15:03.353",
-  "lastModified": "2024-11-06T11:15:03.353",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-107xx/CVE-2024-10751.json
+++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10751.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-10751",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-11-04T02:15:14.993",
-  "lastModified": "2024-11-04T18:50:05.607",
+  "lastModified": "2024-11-06T17:34:57.597",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in Codezips ISP Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file pay.php. The manipulation of the argument customer leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
    },
    {
      "lang": "es",
      "value": " Se encontr\u00f3 una vulnerabilidad en Codezips ISP Management System 1.0 y se clasific\u00f3 como cr\u00edtica. Este problema afecta a algunas funciones desconocidas del archivo pay.php. La manipulaci\u00f3n del argumento customer conduce a una inyecci\u00f3n SQL. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
    }
  ],
  "metrics": {
@ -57,6 +61,26 @@
      }
    ],
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      },
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
@ -105,6 +129,16 @@
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    },
    {
      "source": "cna@vuldb.com",
      "type": "Secondary",
@ -116,22 +150,52 @@
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:codezips:isp_management_system:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF6890C-7A61-46EA-AF5D-FAB569F6DAD2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/JiangJiangCC/CVE/issues/1",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://vuldb.com/?ctiid.282920",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://vuldb.com/?id.282920",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://vuldb.com/?submit.436296",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
 }
--- a/CVE-2024/CVE-2024-107xx/CVE-2024-10753.json
+++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10753.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-10753",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-11-04T02:15:15.613",
-  "lastModified": "2024-11-04T18:50:05.607",
+  "lastModified": "2024-11-06T17:42:14.277",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
    },
    {
      "lang": "es",
      "value": "Se ha encontrado una vulnerabilidad en PHPGurukul Online Shopping Portal 2.0. Se ha declarado como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. La manipulaci\u00f3n del argumento scripts de conduce a cross site scripting. El ataque se puede iniciar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse."
    }
  ],
  "metrics": {
@ -57,6 +61,26 @@
      }
    ],
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      },
      {
        "source": "cna@vuldb.com",
        "type": "Secondary",
@ -116,26 +140,59 @@
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:phpgurukul:online_shopping_portal:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E358155-68C0-4C86-8359-49F37445DC44"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(dom_data_two_headers.php).md",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://phpgurukul.com/",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Product"
      ]
    },
    {
      "url": "https://vuldb.com/?ctiid.282922",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Permissions Required"
      ]
    },
    {
      "url": "https://vuldb.com/?id.282922",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory"
      ]
    },
    {
      "url": "https://vuldb.com/?submit.436375",
-      "source": "cna@vuldb.com"
+      "source": "cna@vuldb.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
 }
--- a/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json
+++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10826.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-10826",
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "published": "2024-11-06T17:15:13.930",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use after free in Family Experiences in Google Chrome on Android prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "chrome-cve-admin@google.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://issues.chromium.org/issues/370217726",
      "source": "chrome-cve-admin@google.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json
+++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10827.json
@ -0,0 +1,60 @@
 {
  "id": "CVE-2024-10827",
  "sourceIdentifier": "chrome-cve-admin@google.com",
  "published": "2024-11-06T17:15:14.030",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use after free in Serial in Google Chrome prior to 130.0.6723.116 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "chrome-cve-admin@google.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-416"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://chromereleases.googleblog.com/2024/11/stable-channel-update-for-desktop.html",
      "source": "chrome-cve-admin@google.com"
    },
    {
      "url": "https://issues.chromium.org/issues/375065084",
      "source": "chrome-cve-admin@google.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json
+++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10914.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10914",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-11-06T14:15:05.310",
-  "lastModified": "2024-11-06T14:15:05.310",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json
+++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10915.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10915",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-11-06T14:15:05.783",
-  "lastModified": "2024-11-06T14:15:05.783",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json
+++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10916.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10916",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-11-06T15:15:12.123",
-  "lastModified": "2024-11-06T16:15:05.450",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-109xx/CVE-2024-10919.json
+++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10919.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10919",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-11-06T16:15:05.610",
-  "lastModified": "2024-11-06T16:15:05.610",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-109xx/CVE-2024-10920.json
+++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10920.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-10920",
  "sourceIdentifier": "cna@vuldb.com",
  "published": "2024-11-06T16:15:05.930",
-  "lastModified": "2024-11-06T16:15:05.930",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-203xx/CVE-2024-20371.json
+++ b/CVE-2024/CVE-2024-203xx/CVE-2024-20371.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20371",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:14.187",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the access control list (ACL) programming of Cisco Nexus 3550-F Switches could allow an unauthenticated, remote attacker to send traffic that should be blocked to the management interface of an affected device.&nbsp;\r\n\r\nThis vulnerability exists because ACL deny rules are not properly enforced at the time of device reboot. An attacker could exploit this vulnerability by attempting to send traffic to the management interface of an affected device. A successful exploit could allow the attacker to send traffic to the management interface of the affected device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-3550-acl-bypass-mhskZc2q",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-204xx/CVE-2024-20418.json
+++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20418.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20418",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:14.453",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Industrial Wireless Software for Cisco Ultra-Reliable Wireless Backhaul (URWB) Access Points could allow an unauthenticated, remote attacker to perform command injection attacks with root privileges on the underlying operating system.\r\n\r\nThis vulnerability is due to improper validation of input to the web-based management interface. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the underlying operating system of the affected device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-backhaul-ap-cmdinj-R7E28Ecs",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-204xx/CVE-2024-20445.json
+++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20445.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20445",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:14.830",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 7800 and 8800 Series, and Cisco Video Phone 8875 could allow an unauthenticated, remote attacker to access sensitive information on an affected device.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web UI of Session Initiation Protocol (SIP)-based phone loads. An attacker could exploit this vulnerability by browsing to the IP address of a device that has Web Access enabled. A successful exploit could allow the attacker to access sensitive information, including incoming and outgoing call records.\r\nNote: Web Access is disabled by default."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-phone-infodisc-sbyqQVbG",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-204xx/CVE-2024-20457.json
+++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20457.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20457",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:15.107",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the logging component of Cisco Unified Communications Manager IM &amp; Presence Service (Unified CM IM&amp;P) could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to the storage of unencrypted credentials in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system and obtaining credentials that they may not normally have access to. A successful exploit could allow the attacker to access sensitive information from the device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-imp-inf-disc-cUPKuA5n",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-204xx/CVE-2024-20476.json
+++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20476.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20476",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:15.337",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions.\r\n\r\nThis vulnerability is due to lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to upload files to a location that should be restricted. To exploit this vulnerability, an attacker would need valid Read-Only Administrator&nbsp;credentials."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-602"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-204xx/CVE-2024-20484.json
+++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20484.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20484",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:15.580",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the External Agent Assignment Service (EAAS) feature of Cisco Enterprise Chat and Email (ECE) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of Media Routing Peripheral Interface Manager (MR PIM) traffic that is received by an affected device. An attacker could exploit this vulnerability by sending crafted MR PIM traffic to an affected device. A successful exploit could allow the attacker to trigger a failure on the MR PIM connection between Cisco ECE and Cisco Unified Contact Center Enterprise (CCE), leading to a DoS condition on EAAS that would prevent customers from starting chat, callback, or delayed callback sessions. Note: When the attack traffic stops, the EAAS process must be manually restarted to restore normal operation. To restart the process in the System Console, choose Shared Resources &gt; Services &gt; Unified CCE &gt; EAAS, then click Start."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ece-dos-Oqb9uFEv",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-204xx/CVE-2024-20487.json
+++ b/CVE-2024/CVE-2024-204xx/CVE-2024-20487.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20487",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:15.833",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vulns-AF544ED5",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20504.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20504.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20504",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:16.053",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability is due to insufficient validation of user input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-wsa-sma-xss-zYm3f49n",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20507.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20507.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20507",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:16.257",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the logging subsystem of Cisco Meeting Management could allow an authenticated, remote attacker to view sensitive information in clear text on an affected system.\r\n\r\nThis vulnerability is due to improper storage of sensitive information within the web-based management interface of an affected device. An attacker could exploit this vulnerability by logging in to the web-based management interface. A successful exploit could allow the attacker to view sensitive data that is stored on the affected device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-info-disc-9ZEMAhGA",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20511.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20511.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20511",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:16.467",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-SVCkMMW",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20514.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20514.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20514",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:16.687",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager (EPNM) and Cisco Prime Infrastructure could allow an authenticated, low-privileged, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-epnmpi-sxss-yyf2zkXs",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20525.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20525.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20525",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:16.927",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20527.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20527.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20527",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:17.147",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20528.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20528.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20528",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:17.373",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to upload files to arbitrary locations on the underlying operating system of an affected device. To exploit this vulnerability, an attacker would need valid Super&nbsp;Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to upload custom files to arbitrary locations on the underlying operating system, execute arbitrary code, and elevate privileges to root."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 3.8,
          "baseSeverity": "LOW"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 2.5
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20529.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20529.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20529",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:17.593",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20530.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20530.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20530",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:17.793",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20531.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20531.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20531",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:18.043",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device and conduct a server-side request forgery (SSRF) attack through an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing XML input. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read arbitrary files on the underlying operating system or conduct an SSRF attack through the affected device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20532.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20532.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20532",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:18.270",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the API of Cisco ISE could allow an authenticated, remote attacker to read and delete arbitrary files on an affected device. To exploit this vulnerability, the attacker would need valid Super Admin credentials.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied parameters in API requests. An attacker could exploit this vulnerability by sending a crafted API request to an affected device. A successful exploit could allow the attacker to read or delete arbitrary files on the underlying operating system."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multi-vuln-DBQdWRy",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20533.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20533.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20533",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:18.700",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20534.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20534.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20534",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:18.927",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web UI of Cisco Desk Phone 9800 Series, Cisco IP Phone 6800, 7800, and 8800 Series, and Cisco Video Phone 8875 with Cisco Multiplatform Firmware could allow an authenticated, remote attacker to conduct stored cross-site scripting (XSS) attacks against users.\r\n\r\nThis vulnerability exists because the web UI of an affected device does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.\r\nNote: To exploit this vulnerability, Web Access must be enabled on the phone and the attacker must have Admin credentials on the device. Web Access is disabled by default."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mpp-xss-8tAV2TvF",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20536.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20536.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20536",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:19.140",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in a REST API endpoint and web-based management interface of Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, remote attacker with read-only privileges to execute arbitrary SQL commands on an affected device.\r\n\r\nThis vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to a specific REST API endpoint or web-based management interface. A successful exploit could allow the attacker to read, modify, or delete arbitrary data on an internal database, which could affect the availability of the device.&nbsp;"
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ndfc-sqli-CyPPAxrL",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20537.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20537.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20537",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:19.350",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific administrative functions.\r\n\r\nThis vulnerability is due to a lack of server-side validation of Administrator permissions. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected system. A successful exploit could allow the attacker to conduct administrative functions beyond their intended access level. To exploit this vulnerability, an attacker would need Read-Only Administrator credentials."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20538.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20538.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20538",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:19.563",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an unauthenticated, remote attacker to conduct an XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface on an affected system to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20539.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20539.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20539",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:19.767",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to conduct a stored XSS attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker would need valid administrative credentials on an affected device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "HIGH",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.8,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.7,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-auth-bypass-BBRf7mkE",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-205xx/CVE-2024-20540.json
+++ b/CVE-2024/CVE-2024-205xx/CVE-2024-20540.json
@ -0,0 +1,56 @@
 {
  "id": "CVE-2024-20540",
  "sourceIdentifier": "ykramarz@cisco.com",
  "published": "2024-11-06T17:15:19.977",
  "lastModified": "2024-11-06T18:17:17.287",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.\r\n\r\nThis vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into a specific page of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information. To exploit this vulnerability, the attacker must have at least a Supervisor role on an affected device."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "ykramarz@cisco.com",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "ykramarz@cisco.com",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-sxss-qBTDBZDD",
      "source": "ykramarz@cisco.com"
    }
  ]
 }
--- a/CVE-2024/CVE-2024-220xx/CVE-2024-22006.json
+++ b/CVE-2024/CVE-2024-220xx/CVE-2024-22006.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-22006",
  "sourceIdentifier": "dsap-vuln-management@google.com",
  "published": "2024-03-11T19:15:47.187",
-  "lastModified": "2024-03-15T20:15:07.573",
+  "lastModified": "2024-11-06T18:35:05.707",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "El kernel de Android permite la divulgaci\u00f3n de informaci\u00f3n."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://source.android.com/security/bulletin/pixel/2024-03-01",
--- a/CVE-2024/CVE-2024-227xx/CVE-2024-22778.json
+++ b/CVE-2024/CVE-2024-227xx/CVE-2024-22778.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-22778",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-21T15:15:09.270",
-  "lastModified": "2024-02-22T19:07:27.197",
+  "lastModified": "2024-11-06T17:35:29.337",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "HackMD CodiMD &lt;2.5.2 es vulnerable a la denegaci\u00f3n de servicio."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://github.com/hackmdio/codimd/issues/1846",
--- a/CVE-2024/CVE-2024-236xx/CVE-2024-23674.json
+++ b/CVE-2024/CVE-2024-236xx/CVE-2024-23674.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-23674",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-15T23:15:08.827",
-  "lastModified": "2024-02-16T13:37:55.033",
+  "lastModified": "2024-11-06T18:35:05.950",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,42 @@
      "value": "El esquema de identificaci\u00f3n electr\u00f3nica Online-Ausweis-Funktion en el documento nacional de identidad alem\u00e1n hasta el 15 de febrero de 2024 permite omitir la autenticaci\u00f3n mediante suplantaci\u00f3n de identidad. Un atacante intermediario puede asumir la identidad de la v\u00edctima para acceder a recursos gubernamentales, m\u00e9dicos y financieros, y tambi\u00e9n puede extraer datos personales de la tarjeta, tambi\u00e9n conocido como el problema \"sPACE (establecimiento de conexi\u00f3n autenticada con contrase\u00f1a suplantada)\". Esto ocurre debido a una combinaci\u00f3n de factores, como la entrada insegura del PIN (para lectores b\u00e1sicos) y los enlaces profundos eid://. La v\u00edctima debe estar utilizando un kernel de eID modificado, lo que puede ocurrir si se enga\u00f1a a la v\u00edctima para que instale una versi\u00f3n falsa de una aplicaci\u00f3n oficial. NOTA: la posici\u00f3n de BSI es \"garantizar un entorno operativo seguro en el lado del cliente es una obligaci\u00f3n del propietario de la tarjeta de identificaci\u00f3n\"."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.6,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 6.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-290"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1",
--- a/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json
+++ b/CVE-2024/CVE-2024-268xx/CVE-2024-26857.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-26857",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-04-17T11:15:08.787",
-  "lastModified": "2024-11-05T10:15:55.427",
+  "lastModified": "2024-11-06T17:35:29.517",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: geneve: aseg\u00farese de extraer el encabezado interno en geneve_rx() syzbot desencaden\u00f3 un error en geneve_rx() [1] El problema es similar al que solucion\u00e9 en la confirmaci\u00f3n 8d975c15c0cd (\"ip6_tunnel: aseg\u00farese de extraer el encabezado interno en __ip6_tnl_rcv()\"). Tenemos que guardar skb-&gt;network_header en una variable temporal para poder volver a calcular el puntero network_header despu\u00e9s de una llamada a pskb_inet_may_pull(). pskb_inet_may_pull() se asegura de que los encabezados necesarios est\u00e9n en skb-&gt;head. [1] ERROR: KMSAN: valor uninit en IP_ECN_decapsulate include/net/inet_ecn.h:302 [en l\u00ednea] ERROR: KMSAN: valor uninit en geneve_rx drivers/net/geneve.c:279 [en l\u00ednea] ERROR: KMSAN: uninit -valor en geneve_udp_encap_recv+0x36f9/0x3c10 drivers/net/geneve.c:391 IP_ECN_decapsulate include/net/inet_ecn.h:302 [en l\u00ednea] geneve_rx drivers/net/geneve.c:279 [en l\u00ednea] geneve_udp_encap_recv+0x36f9/0x3c10 drivers/ net/geneve.c:391 udp_queue_rcv_one_skb+0x1d39/0x1f20 net/ipv4/udp.c:2108 udp_queue_rcv_skb+0x6ae/0x6e0 net/ipv4/udp.c:2186 udp_unicast_rcv_skb+0x184/0x4b0 net/ipv4/udp. c:2346 __udp4_lib_rcv +0x1c6b/0x3010 net/ipv4/udp.c:2422 udp_rcv+0x7d/0xa0 net/ipv4/udp.c:2604 ip_protocol_deliver_rcu+0x264/0x1300 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x2b8/0x440 net/ ipv4/ ip_input.c:233 NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip_local_deliver+0x21f/0x490 net/ipv4/ip_input.c:254 dst_input include/net/dst.h:461 [en l\u00ednea] ip_rcv_finish net/ipv4/ ip_input.c:449 [en l\u00ednea] NF_HOOK include/linux/netfilter.h:314 [en l\u00ednea] ip_rcv+0x46f/0x760 net/ipv4/ip_input.c:569 __netif_receive_skb_one_core net/core/dev.c:5534 [en l\u00ednea] __netif_receive_skb+ 0x1a6/0x5a0 net/core/dev.c:5648 Process_backlog+0x480/0x8b0 net/core/dev.c:5976 __napi_poll+0xe3/0x980 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [en l\u00ednea] net_rx_action+0x8b8/0x1870 net/core/dev.c:6778 __do_softirq+0x1b7/0x7c5 kernel/softirq.c:553 do_softirq+0x9a/0xf0 kernel/softirq.c:454 __local_bh_enable_ip+0x9b/0xa0 kernel/softirq. c:381 local_bh_enable include/linux/bottom_half.h:33 [en l\u00ednea] rcu_read_unlock_bh include/linux/rcupdate.h:820 [en l\u00ednea] __dev_queue_xmit+0x2768/0x51c0 net/core/dev.c:4378 dev_queue_xmit include/linux/netdevice. h:3171 [en l\u00ednea] paquete_xmit+0x9c/0x6b0 net/packet/af_packet.c:276 paquete_snd net/packet/af_packet.c:3081 [en l\u00ednea] paquete_sendmsg+0x8aef/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/ socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea] __se_sys_sendto net/socket.c:2199 [en l\u00ednea] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe+0x63 / 0x6b Uninit se cre\u00f3 en: slab_post_alloc_hook mm/slub.c:3819 [en l\u00ednea] slab_alloc_node mm/slub.c:3860 [en l\u00ednea] kmem_cache_alloc_node+0x5cb/0xbc0 mm/slub.c:3903 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff .c:560 __alloc_skb+0x352/0x790 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1296 [en l\u00ednea] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6394 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2783 paquete_alloc_skb net/packet/af_packet.c:2930 [en l\u00ednea] paquete_snd net/packet/af_packet.c:3024 [en l\u00ednea] paquete_sendmsg+0x70c2/0x9f10 net/packet/af_packet.c:3113 sock_sendmsg_nosec net/socket.c:730 [en l\u00ednea] __sock_sendmsg net/socket.c:745 [en l\u00ednea] __sys_sendto+0x735/0xa10 net/socket.c:2191 __do_sys_sendto net/socket.c:2203 [en l\u00ednea] __se_sys_sendto net/socket.c :2199 [en l\u00ednea] __x64_sys_sendto+0x125/0x1c0 net/socket.c:2199 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xcf/0x1e0 arch/x86/entry/common.c:83 Entry_SYSCALL_64_after_hwframe + 0x63/0x6b"
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/048e16dee1fc609c1c85072ccd70bfd4b5fef6ca",
--- a/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json
+++ b/CVE-2024/CVE-2024-269xx/CVE-2024-26915.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-26915",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-04-17T16:15:08.143",
-  "lastModified": "2024-04-17T16:51:07.347",
+  "lastModified": "2024-11-06T17:35:29.737",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Restablecer el bit IH OVERFLOW_CLEAR Tambi\u00e9n nos permite detectar desbordamientos posteriores del b\u00fafer en anillo IH."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/2827633c9dab6304ec4cdbf369363219832e605d",
--- a/CVE-2024/CVE-2024-274xx/CVE-2024-27435.json
+++ b/CVE-2024/CVE-2024-274xx/CVE-2024-27435.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-27435",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-17T13:15:58.073",
-  "lastModified": "2024-05-17T18:35:35.070",
+  "lastModified": "2024-11-06T17:35:29.977",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: nvme: se corrigi\u00f3 el error de reconexi\u00f3n debido a la asignaci\u00f3n de etiquetas reservadas. Encontramos un problema en el entorno de producci\u00f3n al usar NVMe sobre RDMA, la reconexi\u00f3n de admin_q fall\u00f3 para siempre mientras el objetivo remoto y la red est\u00e1n bien. Despu\u00e9s de investigarlo, descubrimos que puede deberse a un punto muerto de ABBA debido a la asignaci\u00f3n de etiquetas. En mi caso, la etiqueta estaba retenida por una solicitud de mantenimiento en espera dentro de admin_q, ya que desactivamos admin_q mientras reiniciamos Ctrl, por lo que la solicitud se realiz\u00f3 como inactiva y no se procesar\u00e1 antes de que el reinicio se realice correctamente. Como fabric_q comparte el conjunto de etiquetas con admin_q, mientras reconectamos el objetivo remoto, necesitamos una etiqueta para el comando de conexi\u00f3n, pero la \u00fanica etiqueta reservada estaba mantenida por el comando Keep Alive que esperaba dentro de admin_q. Como resultado, no pudimos volver a conectar admin_q para siempre. Para solucionar este problema, creo que deber\u00edamos mantener dos etiquetas reservadas para la cola de administraci\u00f3n."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/149afee5c7418ec5db9d7387b9c9a5c1eb7ea2a8",
--- a/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json
+++ b/CVE-2024/CVE-2024-282xx/CVE-2024-28265.json
@ -2,16 +2,55 @@
  "id": "CVE-2024-28265",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-11-01T16:15:08.277",
-  "lastModified": "2024-11-01T20:24:53.730",
+  "lastModified": "2024-11-06T17:35:30.180",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "IBOS v4.5.5 has an arbitrary file deletion vulnerability via \\system\\modules\\dashboard\\controllers\\LoginController.php."
    },
    {
      "lang": "es",
      "value": " IBOS v4.5.5 tiene una vulnerabilidad de eliminaci\u00f3n arbitraria de archivos a trav\u00e9s de \\system\\modules\\dashboard\\controllers\\LoginController.php."
    }
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-459"
        }
      ]
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://gitee.com/ibos/IBOS",
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34673.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34673.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34673",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:03.257",
-  "lastModified": "2024-11-06T03:15:03.257",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service."
    },
    {
      "lang": "es",
      "value": "La validaci\u00f3n de entrada incorrecta en IpcProtocol en m\u00f3dems anteriores a SMR Nov-2024 Release 1 permite que atacantes locales provoquen denegaci\u00f3n de servicio."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34674.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34674.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34674",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:03.473",
-  "lastModified": "2024-11-06T03:15:03.473",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles."
    },
    {
      "lang": "es",
      "value": "El control de acceso inadecuado en Contactos anteriores a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes f\u00edsicos accedan a datos de m\u00faltiples perfiles de usuario."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34675.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34675.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34675",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:03.643",
-  "lastModified": "2024-11-06T03:15:03.643",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen."
    },
    {
      "lang": "es",
      "value": "El control de acceso inadecuado en el modo Dex anterior a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes f\u00edsicos accedan temporalmente a la pantalla desbloqueada."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34676.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34676.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34676",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:03.820",
-  "lastModified": "2024-11-06T03:15:03.820",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability."
    },
    {
      "lang": "es",
      "value": "La escritura fuera de los l\u00edmites en el an\u00e1lisis del archivo de subt\u00edtulos en libsubextractor.so anterior a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que los atacantes locales provoquen da\u00f1os en la memoria. Se requiere la interacci\u00f3n del usuario para activar esta vulnerabilidad."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34677.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34677.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34677",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:03.980",
-  "lastModified": "2024-11-06T03:15:03.980",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate."
    },
    {
      "lang": "es",
      "value": "La exposici\u00f3n de informaci\u00f3n confidencial en la interfaz de usuario del sistema antes de la versi\u00f3n 1 de SMR de noviembre de 2024 permite a los atacantes locales hacer que las aplicaciones maliciosas parezcan leg\u00edtimas."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34678.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34678.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34678",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:04.153",
-  "lastModified": "2024-11-06T03:15:04.153",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption."
    },
    {
      "lang": "es",
      "value": "La escritura fuera de los l\u00edmites en libsapeextractor.so anterior a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes locales provoquen da\u00f1os en la memoria."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34679.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34679.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34679",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:04.317",
-  "lastModified": "2024-11-06T03:15:04.317",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege."
    },
    {
      "lang": "es",
      "value": "Los permisos predeterminados incorrectos en Crane antes de SMR Nov-2024 Release 1 permiten a atacantes locales acceder a archivos con privilegios de tel\u00e9fono."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34680.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34680.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34680",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:04.477",
-  "lastModified": "2024-11-06T03:15:04.477",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information."
    },
    {
      "lang": "es",
      "value": "El uso de intenci\u00f3n impl\u00edcita para comunicaciones confidenciales en WlanTest antes de SMR Nov-2024 Release 1 permite que atacantes locales obtengan informaci\u00f3n confidencial."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34681.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34681.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34681",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:04.643",
-  "lastModified": "2024-11-06T03:15:04.643",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch."
    },
    {
      "lang": "es",
      "value": "La validaci\u00f3n de entrada incorrecta en BluetoothAdapter anterior a SMR Nov-2024 Release 1 permite que atacantes locales provoquen una denegaci\u00f3n de servicio permanente local en Galaxy Watch."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-346xx/CVE-2024-34682.json
+++ b/CVE-2024/CVE-2024-346xx/CVE-2024-34682.json
@ -2,13 +2,17 @@
  "id": "CVE-2024-34682",
  "sourceIdentifier": "mobile.security@samsung.com",
  "published": "2024-11-06T03:15:04.807",
-  "lastModified": "2024-11-06T03:15:04.807",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode."
    },
    {
      "lang": "es",
      "value": "La autorizaci\u00f3n incorrecta en las configuraciones anteriores a la versi\u00f3n 1 de SMR de noviembre de 2024 permite que atacantes f\u00edsicos accedan a la contrase\u00f1a de WiFi almacenada en el modo de mantenimiento."
    }
  ],
  "metrics": {
--- a/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json
+++ b/CVE-2024/CVE-2024-351xx/CVE-2024-35146.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-35146",
  "sourceIdentifier": "psirt@us.ibm.com",
  "published": "2024-11-06T15:15:19.247",
-  "lastModified": "2024-11-06T15:15:19.247",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json
+++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36050.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-36050",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-05-18T22:15:07.460",
-  "lastModified": "2024-05-22T16:15:10.777",
+  "lastModified": "2024-11-06T17:35:31.217",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "Nix hasta 2.22.1 maneja mal cierto uso de cach\u00e9s hash, lo que facilita que los atacantes reemplacen el c\u00f3digo fuente actual con c\u00f3digo fuente controlado por el atacante al atraer a un mantenedor para que acepte una solicitud de extracci\u00f3n maliciosa."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
  "references": [
    {
      "url": "https://discourse.nixos.org/t/nixpkgs-supply-chain-security-project/34345",
--- a/CVE-2024/CVE-2024-369xx/CVE-2024-36944.json
+++ b/CVE-2024/CVE-2024-369xx/CVE-2024-36944.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-36944",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-05-30T16:15:17.387",
-  "lastModified": "2024-05-30T18:18:58.870",
+  "lastModified": "2024-11-06T17:35:31.387",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: Vuelva a aplicar \"drm/qxl: simplificar qxl_fence_wait\" Esto revierte el commit 07ed11afb68d94eadd4ffc082b97c2331307c5ea. Stephen Rostedt informa: \"Fui a ejecutar mis pruebas en mis m\u00e1quinas virtuales y las pruebas se colgaron al arrancar. Desafortunadamente, lo m\u00e1ximo que obtuve fue: [ 93.607888] Probando evento de initcall del sistema: OK [ 93.667730] Ejecutando pruebas en todos los eventos de seguimiento : [93.669757] Probando todos los eventos: OK [95.631064] ------------[ cortar aqu\u00ed ]------------ Se agot\u00f3 el tiempo de espera despu\u00e9s de 60 segundos\" y m\u00e1s puntos de depuraci\u00f3n a una posible dependencia de bloqueo circular entre el bloqueo del propietario de la consola y el bloqueo del grupo de trabajadores. Revertir el commit permite que la m\u00e1quina virtual de Steve se inicie nuevamente. [Obviamente, esto puede provocar que aparezcan nuevamente los mensajes \"[TTM] Error en el desalojo del b\u00fafer\", que fue el motivo de la reversi\u00f3n original. Pero en este punto esto parece preferible a un sistema sin arranque...]"
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/148ed8b4d64f94ab079c8f0d88c3f444db97ba97",
--- a/CVE-2024/CVE-2024-384xx/CVE-2024-38449.json
+++ b/CVE-2024/CVE-2024-384xx/CVE-2024-38449.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-38449",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-06-17T19:15:58.567",
-  "lastModified": "2024-06-20T12:44:22.977",
+  "lastModified": "2024-11-06T17:35:31.553",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,42 @@
      "value": "Una vulnerabilidad de Directory Traversal en KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 y posiblemente versiones anteriores permite a atacantes remotos autenticados explorar directorios principales y leer el contenido de archivos fuera del alcance de la aplicaci\u00f3n."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "CHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 4.0
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://github.com/kasmtech/KasmVNC/issues/254",
--- a/CVE-2024/CVE-2024-385xx/CVE-2024-38544.json
+++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38544.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-38544",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-06-19T14:15:14.687",
-  "lastModified": "2024-10-17T14:15:06.360",
+  "lastModified": "2024-11-06T17:35:32.340",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: RDMA/rxe: corrige la falla de segmentaci\u00f3n en rxe_comp_queue_pkt En rxe_comp_queue_pkt(), un paquete de respuesta entrante skb se pone en cola en la cola resp_pkts y luego se toma una decisi\u00f3n si se ejecuta la tarea de finalizaci\u00f3n en l\u00ednea o programarla. Finalmente, se elimina la referencia al skb para aumentar un contador de rendimiento 'hw'. Esto es incorrecto porque si la tarea de finalizaci\u00f3n ya se est\u00e1 ejecutando en un hilo separado, es posible que ya haya procesado el skb y lo haya liberado, lo que puede causar una falla de segmentaci\u00f3n. Esto se ha observado con poca frecuencia en pruebas a gran escala. Este parche soluciona este problema cambiando el orden de poner en cola el paquete hasta que se accede al contador."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "HIGH",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.2
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/21b4c6d4d89030fd4657a8e7c8110fd941049794",
--- a/CVE-2024/CVE-2024-385xx/CVE-2024-38593.json
+++ b/CVE-2024/CVE-2024-385xx/CVE-2024-38593.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-38593",
  "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
  "published": "2024-06-19T14:15:19.387",
-  "lastModified": "2024-06-20T12:44:01.637",
+  "lastModified": "2024-11-06T18:35:06.780",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,30 @@
      "value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: net: micrel: Se corrigi\u00f3 la recepci\u00f3n de la marca de tiempo en el framework para lan8841. El commit culpable comenz\u00f3 a usar la cola de trabajo ptp para obtener la segunda parte de la marca de tiempo. Y cuando se establece el puerto, esta cola de trabajo se detiene. Pero si la opci\u00f3n de configuraci\u00f3n NETWORK_PHY_TIMESTAMPING no est\u00e1 habilitada, entonces ptp_clock no se inicializa, por lo que se bloquear\u00e1 cuando intente acceder al trabajo retrasado. Entonces, b\u00e1sicamente, al configurar y luego desactivar el puerto, fallar\u00eda. La soluci\u00f3n consiste en comprobar si el ptp_clock est\u00e1 inicializado y s\u00f3lo entonces cancelar el trabajo retrasado."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6
      }
    ]
  },
  "references": [
    {
      "url": "https://git.kernel.org/stable/c/3ddf170e4a604f5d4d9459a36993f5e92b53e8b0",
--- a/CVE-2024/CVE-2024-411xx/CVE-2024-41141.json
+++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41141.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-41141",
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "published": "2024-07-30T09:15:04.070",
-  "lastModified": "2024-07-30T13:32:45.943",
+  "lastModified": "2024-11-06T17:35:32.520",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,42 @@
      "value": " Existe una vulnerabilidad de  cross-site scripting almacenado en EC-CUBE Web API Plugin. Cuando hay varios usuarios que utilizan la funci\u00f3n de administraci\u00f3n de OAuth y uno de ellos ingresa alg\u00fan valor dise\u00f1ado en la p\u00e1gina de administraci\u00f3n de OAuth, se puede ejecutar un script arbitrario en el navegador web del otro usuario que accedi\u00f3 a la p\u00e1gina de administraci\u00f3n."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "CHANGED",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://jvn.jp/en/jp/JVN26225832/",
--- a/CVE-2024/CVE-2024-425xx/CVE-2024-42509.json
+++ b/CVE-2024/CVE-2024-425xx/CVE-2024-42509.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-42509",
  "sourceIdentifier": "security-alert@hpe.com",
  "published": "2024-11-05T23:15:03.423",
-  "lastModified": "2024-11-06T16:35:18.743",
+  "lastModified": "2024-11-06T18:17:17.287",
-  "vulnStatus": "Received",
+  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
--- a/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json
+++ b/CVE-2024/CVE-2024-439xx/CVE-2024-43924.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-43924",
  "sourceIdentifier": "audit@patchstack.com",
  "published": "2024-10-23T08:15:03.453",
-  "lastModified": "2024-10-23T15:12:34.673",
+  "lastModified": "2024-11-06T17:03:52.480",
-  "vulnStatus": "Awaiting Analysis",
+  "vulnStatus": "Analyzed",
  "cveTags": [],
  "descriptions": [
    {
@ -17,6 +17,26 @@
  ],
  "metrics": {
    "cvssMetricV31": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9
      },
      {
        "source": "audit@patchstack.com",
        "type": "Secondary",
@ -51,10 +71,31 @@
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:dfactory:responsive_lightbox:*:*:*:*:*:wordpress:*:*",
              "versionEndExcluding": "2.4.8",
              "matchCriteriaId": "5B4EC304-97DA-4442-8934-88FDAE1C23B2"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://patchstack.com/database/vulnerability/responsive-lightbox/wordpress-responsive-lightbox-gallery-plugin-2-4-7-broken-access-control-vulnerability?_s_id=cve",
-      "source": "audit@patchstack.com"
+      "source": "audit@patchstack.com",
      "tags": [
        "Third Party Advisory"
      ]
    }
  ]
 }
--- a/CVE-2024/CVE-2024-451xx/CVE-2024-45164.json
+++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45164.json
@ -2,8 +2,8 @@
  "id": "CVE-2024-45164",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-11-04T14:15:14.677",
-  "lastModified": "2024-11-06T15:51:17.410",
+  "lastModified": "2024-11-06T17:35:33.437",
-  "vulnStatus": "Analyzed",
+  "vulnStatus": "Modified",
  "cveTags": [],
  "descriptions": [
    {
@ -36,6 +36,26 @@
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2
      },
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "attackVector": "NETWORK",
          "attackComplexity": "LOW",
          "privilegesRequired": "LOW",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4
      }
    ]
  },
@ -49,6 +69,16 @@
          "value": "CWE-863"
        }
      ]
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-732"
        }
      ]
    }
  ],
  "configurations": [
--- a/CVE-2024/CVE-2024-451xx/CVE-2024-45184.json
+++ b/CVE-2024/CVE-2024-451xx/CVE-2024-45184.json
@ -2,7 +2,7 @@
  "id": "CVE-2024-45184",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-10-11T21:15:06.947",
-  "lastModified": "2024-10-15T12:57:46.880",
+  "lastModified": "2024-11-06T17:35:34.223",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
@ -15,7 +15,42 @@
      "value": "Se descubri\u00f3 un problema en Samsung Mobile Processor, Wearable Processor, and Modems with chipset 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, m\u00f3dem 5123 y Modem 5300. Una escritura fuera de los l\u00edmites de USAT debido a un desbordamiento del b\u00fafer del mont\u00f3n puede provocar una denegaci\u00f3n de servicio."
    }
  ],
-  "metrics": {},
+  "metrics": {
    "cvssMetricV31": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary",
        "cvssData": {
          "version": "3.1",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "NONE",
          "scope": "UNCHANGED",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "availabilityImpact": "HIGH",
          "baseScore": 6.2,
          "baseSeverity": "MEDIUM"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 3.6
      }
    ]
  },
  "weaknesses": [
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/",
--- a/Show More
+++ b/Show More