admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-07-09 16:05:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-07-10T23:55:18.476732+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-07-10 23:58:13 +00:00
parent 0983a585f2
commit a235494b49
26 changed files with 2107 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
CVE-2023/CVE-2023-419xx/CVE-2023-41915.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-41915",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-09-09T22:15:09.530",
"lastModified": "2024-07-10T18:15:02.900",
"lastModified": "2024-07-10T23:15:09.923",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -124,6 +124,14 @@
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/4",
"source": "cve@mitre.org"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/6",
"source": "cve@mitre.org"
},
{
"url": "https://docs.openpmix.org/en/latest/security.html",
"source": "cve@mitre.org",

14
CVE-2024/CVE-2024-266xx/CVE-2024-26621.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26621",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-02T22:15:50.340",
"lastModified": "2024-07-09T07:15:03.463",
"lastModified": "2024-07-10T23:15:10.040",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -45,6 +45,18 @@
"url": "http://www.openwall.com/lists/oss-security/2024/07/09/1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

8
CVE-2024/CVE-2024-380xx/CVE-2024-38021.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-38021",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-07-09T17:15:28.323",
"lastModified": "2024-07-09T18:18:38.713",
"lastModified": "2024-07-10T22:15:04.530",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Microsoft Office Remote Code Execution Vulnerability"
"value": "Microsoft Outlook Remote Code Execution Vulnerability"
},
{
"lang": "es",
"value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Office"
}
],
"metrics": {

100
CVE-2024/CVE-2024-395xx/CVE-2024-39511.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39511",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:10.127",
"lastModified": "2024-07-10T23:15:10.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS).\n\nOn running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly.\n\nWhen the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts.\n\nThis issue affects Junos OS:\n * All versions before 20.4R3-S10;\n * 21.2 versions before 21.2R3-S7;\n * 21.4 versions before 21.4R3-S6;\n * 22.1 versions before 22.1R3-S5;\n * 22.2 versions before 22.2R3-S3;\n * 22.3 versions before 22.3R3-S2;\n * 22.4 versions before 22.4R3-S1;\n * 23.2 versions before 23.2R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82976",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39512.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39512",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:10.393",
"lastModified": "2024-07-10T23:15:10.393",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\n\nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\n\nThis issue affects Junos OS Evolved: \n * from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0\n * from 23.4R1-EVO before 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.7,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-1263"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82977",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39513.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39513",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:10.640",
"lastModified": "2024-07-10T23:15:10.640",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS).\n\nWhen a specific \"clear\" command is run, the\u00a0Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts.\n\nThe crash\u00a0impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition.\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 20.4R3-S9-EVO,\u00a0\n * from 21.2-EVO before 21.2R3-S7-EVO,\u00a0\n * from 21.3-EVO before 21.3R3-S5-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S3-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\n * from 23.2-EVO before 23.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82978",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39514.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39514",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:10.877",
"lastModified": "2024-07-10T23:15:10.877",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\n\nThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\n\nThis issue affects Junos OS: \n * All versions before 20.4R3-S10,\u00a0\n * from 21.4 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3,\u00a0\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved: \n * All versions before 20.4R3-S10-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-703"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82980",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39517.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39517",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:11.127",
"lastModified": "2024-07-10T23:15:11.127",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\n\nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\n\nThis issue affects both IPv4 and IPv6 implementations.\nThis issue affects\nJunos OS:\nAll versions earlier than\u00a021.4R3-S7;\n22.1\u00a0versions earlier than 22.1R3-S5;\n22.2 versions earlier than\u00a022.2R3-S3;\n22.3 versions earlier than\u00a022.3R3-S3;\n22.4 versions earlier than\u00a022.4R3-S2;\n23.2 versions earlier than\u00a023.2R2;\n23.4 versions earlier than\u00a023.4R1-S1.\n\nJunos OS Evolved:\nAll versions earlier than\u00a021.4R3-S7-EVO;\n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO;\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n22.3-EVO versions earlier than 22.3R3-S3-EVO;\n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO;\n23.2-EVO versions earlier than\u00a023.2R2-EVO;\n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA79175",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39518.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39518",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:11.363",
"lastModified": "2024-07-10T23:15:11.363",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).\n\nWhen the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.\u00a0\n\nThis issue is only seen when telemetry subscription is active.\n\nThe Heap memory utilization can be monitored using the following command:\n\u00a0 > show system processes extensive\n\nThe following command can be used to monitor the memory utilization of the specific sensor\n\u00a0 > show system info | match sensord\n PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME\n\n 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * from 21.2R3-S5 before 21.2R3-S7,\u00a0\n * from 21.4R3-S4 before 21.4R3-S6,\u00a0\n * from 22.2R3 before 22.2R3-S4,\u00a0\n * from 22.3R2 before 22.3R3-S2,\u00a0\n * from 22.4R1 before 22.4R3,\u00a0\n * from 23.2R1 before 23.2R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA82982",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39554.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39554",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:11.607",
"lastModified": "2024-07-10T23:15:11.607",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the \n\nRouting Protocol Daemon (rpd)\n\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker's control.\u00a0 However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u00a0 Under certain circumstance and with specific timing, this could result in an rpd crash.\n\nThis issue only affects systems with BGP multipath enabled.\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions of 21.1\n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3-S2, \n * from 22.4 before 22.4R3, \n * from 23.2 before 23.2R2.\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions of 21.1-EVO,\n * All versions of 21.2-EVO,\n * from 21.4-EVO before 21.4R3-S6-EVO, \n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO.\n\n\n\nVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\nVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-362"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83014",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39555.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39555",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:11.863",
"lastModified": "2024-07-10T23:15:11.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.\n\nUpon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:\n\nBGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)\n\nOnly systems with segment routing enabled are vulnerable to this issue.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.4R3-S8, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S3, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\u00a0\n\n * All versions before 21.4R3-S8-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S3-EVO, \n * from 23.2-EVO before 23.2R2-S1-EVO, \n * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83015",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39556.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39556",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:12.133",
"lastModified": "2024-07-10T23:15:12.133",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\n\nBy exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\nThis issue affects:\n\n\u00a0Junos OS: \n\n\n * All versions before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 21.4R3-S7-EVO, \n * from 22.1-EVO before 22.1R3-S6-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S2-EVO, \n * from 23.2-EVO before 23.2R2-EVO, \n * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.5,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-121"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83016",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39557.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39557",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:12.370",
"lastModified": "2024-07-10T23:15:12.370",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Uncontrolled Resource Consumption vulnerability in the \n\nLayer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).\n\nCertain MAC table updates cause a small amount of memory to leak.\u00a0 Once memory utilization reaches its limit, the issue will result in a system crash and restart.\n\nTo identify the issue, execute the CLI command:\n \nuser@device> show platform application-info allocations app l2ald-agent\nEVL Object Allocation Statistics:\n \n Node \u00a0 Application \u00a0 \u00a0 Context Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Live \u00a0 Allocs \u00a0 Fails \u00a0 \u00a0 Guids\n re0 \u00a0 l2ald-agent \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 net::juniper::rtnh::L2Rtinfo \u00a0 \u00a0 \u00a0 1069096 1069302 \u00a0 0 \u00a0 \u00a0 \u00a0 \u00a0 1069302\n re0 \u00a0 l2ald-agent \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 net::juniper::rtnh::NHOpaqueTlv \u00a0 \u00a0 114 \u00a0 \u00a0 195 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 \u00a0 195\n\n\n\nThis issue affects Junos OS Evolved: \n\n\n * All versions before 21.4R3-S8-EVO,\n\n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO\u00a0before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83017",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39558.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39558",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:12.617",
"lastModified": "2024-07-10T23:15:12.617",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nThis issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 20.4R3-S10, \n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3, \n * from 22.4 before 22.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 20.4R3-S10 -EVO,\n * from 21.2-EVO before 21.2R3-S7 -EVO,\n * from 21.4-EVO before 21.4R3-S6 -EVO,\n * from 22.1-EVO before 22.1R3-S5 -EVO,\n * from 22.2-EVO before 22.2R3-S3-EVO,\n * from 22.3-EVO before 22.3R3-EVO,\n * from 22.4-EVO before 22.4R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-252"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83018",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39559.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39559",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:12.863",
"lastModified": "2024-07-10T23:15:12.863",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS).\u00a0 The receipt of this packet must occur within a specific timing window outside the attacker's control (i.e., race condition).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects\u00a0dual RE systems with Nonstop Active Routing (NSR) enabled.\nExploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication).\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.2R3-S8-EVO, \n * from 21.4-EVO before 21.4R3-S6-EVO, \n * from 22.1-EVO before 22.1R3-S4-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "AUTOMATIC",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.2,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.2,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83019",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39560.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39560",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:13.140",
"lastModified": "2024-07-10T23:15:13.140",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).\n\nThe kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.\n\nSystem kernel memory can be monitored through the use of the 'show system statistics kernel memory' command as shown below:\n\nuser@router> show system statistics kernel memory\nMemory \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Size (kB) Percentage When\n\u00a0 Active \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 753092 \u00a0 \u00a0 18.4% Now\n\u00a0 Inactive \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 574300 \u00a0 \u00a0 14.0% Now\n\u00a0 Wired\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 443236 \u00a0 \u00a0 10.8% Now\n\u00a0 Cached\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1911204 \u00a0 \u00a0 46.6% Now\n\u00a0 Buf \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 32768\u00a0 \u00a0 \u00a0 0.8% Now\n\u00a0 Free \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 385072\u00a0 \u00a0 \u00a0 9.4% Now\nKernel Memory\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Now\n\u00a0 Data \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 312908\u00a0 \u00a0 \u00a0 7.6% Now\n\u00a0 Text \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2560\u00a0 \u00a0 \u00a0 0.1% Now\n...\n\nThis issue affects:\nJunos OS:\n\n\n * All versions before 20.4R3-S9,\n * from 21.4 before 21.4R3-S5,\n * from 22.1 before 22.1R3-S5,\n * from 22.2 before 22.2R3-S3,\n * from 22.3 before 22.3R3-S2,\n * from 22.4 before 22.4R3,\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved:\n\n\n * All versions before 21.4R3-S5-EVO,\n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "ADJACENT",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "LOW",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.1,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-755"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83020",
"source": "sirt@juniper.net"
}
]
}

100
CVE-2024/CVE-2024-395xx/CVE-2024-39561.json Normal file
View File

@ -0,0 +1,100 @@
{
"id": "CVE-2024-39561",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:13.383",
"lastModified": "2024-07-10T23:15:13.383",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on \n\nSRX4600 and SRX5000 Series\n\n allows an attacker to send TCP packets with \n\nSYN/FIN or SYN/RST\n\n flags, bypassing the expected blocking of these packets.\n\nA TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path\u00a0are enabled, these TCP packets are unexpectedly transferred to the downstream network.\n\nThis issue affects Junos OS on SRX4600 and SRX5000 Series: \n\n\n * All versions before 21.2R3-S8, \n * from 21.4 before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 6.9,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-754"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA83021",
"source": "sirt@juniper.net"
}
]
}

104
CVE-2024/CVE-2024-395xx/CVE-2024-39562.json Normal file
View File

@ -0,0 +1,104 @@
{
"id": "CVE-2024-39562",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:13.670",
"lastModified": "2024-07-10T23:15:13.670",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.\n\nThe issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and\u00a0Netconf over SSH.\n\nOnce the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.\u00a0 See WORKAROUND section below.\n\nAdministrators can monitor an increase in defunct sshd processes by utilizing the CLI command:\n\n\u00a0 > show system processes | match sshd\n\u00a0 root \u00a0 25219 30901 0 Jul16 ? \u00a0 \u00a0 \u00a0 00:00:00 [sshd] <defunct>\n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 21.4R3-S7-EVO\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO;\n * 23.2-EVO versions prior to 23.2R2-EVO.\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "NONE",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 8.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-772"
}
]
}
],
"references": [
{
"url": "https://supportportal.juniper.net/JSA75724",
"source": "sirt@juniper.net"
},
{
"url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"source": "sirt@juniper.net"
}
]
}

108
CVE-2024/CVE-2024-395xx/CVE-2024-39565.json Normal file
View File

@ -0,0 +1,108 @@
{
"id": "CVE-2024-39565",
"sourceIdentifier": "sirt@juniper.net",
"published": "2024-07-10T23:15:13.940",
"lastModified": "2024-07-10T23:15:13.940",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u00a0execute\u00a0remote commands on the target device.\u00a0\n\nWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\n * from 22.2 before 22.2R3-S4,\n * from 22.3 before 22.3R3-S3,\n * from 22.4 before 22.4R3-S2,\n * from 23.2 before 23.2R2,\n * from 23.4 before 23.4R1-S1, 23.4R2."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:M/U:Amber",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"attackRequirements": "PRESENT",
"privilegesRequired": "NONE",
"userInteraction": "PASSIVE",
"vulnerableSystemConfidentiality": "HIGH",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "HIGH",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "YES",
"recovery": "NOT_DEFINED",
"valueDensity": "CONCENTRATED",
"vulnerabilityResponseEffort": "MODERATE",
"providerUrgency": "AMBER",
"baseScore": 7.7,
"baseSeverity": "HIGH"
}
}
],
"cvssMetricV31": [
{
"source": "sirt@juniper.net",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "sirt@juniper.net",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-643"
}
]
}
],
"references": [
{
"url": "https://support.juniper.net/support/downloads/?p=283",
"source": "sirt@juniper.net"
},
{
"url": "https://supportportal.juniper.net/JSA83023",
"source": "sirt@juniper.net"
},
{
"url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber",
"source": "sirt@juniper.net"
}
]
}

56
CVE-2024/CVE-2024-60xx/CVE-2024-6036.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6036",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-10T23:15:14.227",
"lastModified": "2024-07-10T23:15:14.227",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `\"fn_index\":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db",
"source": "security@huntr.dev"
}
]
}

56
CVE-2024/CVE-2024-60xx/CVE-2024-6037.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-6037",
"sourceIdentifier": "security@huntr.dev",
"published": "2024-07-10T23:15:14.493",
"lastModified": "2024-07-10T23:15:14.493",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption."
}
],
"metrics": {
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e",
"source": "security@huntr.dev"
}
]
}

10
CVE-2024/CVE-2024-63xx/CVE-2024-6387.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-6387",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-07-01T13:15:06.467",
"lastModified": "2024-07-10T18:15:05.163",
"lastModified": "2024-07-10T23:15:14.700",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -555,6 +555,14 @@
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/3",
"source": "secalert@redhat.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/4",
"source": "secalert@redhat.com"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/07/10/6",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2024:4312",
"source": "secalert@redhat.com",

137
CVE-2024/CVE-2024-66xx/CVE-2024-6650.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-6650",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-10T23:15:14.930",
"lastModified": "2024-07-10T23:15:14.930",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "NONE",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "NONE",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.1,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Xu-Mingming/cve/blob/main/xss1.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.271058",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.271058",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.370664",
"source": "cna@vuldb.com"
}
]
}

137
CVE-2024/CVE-2024-66xx/CVE-2024-6652.json Normal file
View File

@ -0,0 +1,137 @@
{
"id": "CVE-2024-6652",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-07-10T23:15:15.250",
"lastModified": "2024-07-10T23:15:15.250",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "LOW",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "NONE",
"subsequentSystemIntegrity": "NONE",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
}
}
],
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 6.5
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/littletree7/cve/issues/1",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.271059",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.271059",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?submit.372193",
"source": "cna@vuldb.com"
}
]
}

52
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-07-10T22:00:18.497829+00:00
2024-07-10T23:55:18.476732+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-07-10T21:15:11.520000+00:00
2024-07-10T23:15:15.250000+00:00
```
### Last Data Feed Release
@ -33,39 +33,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
256620
256640
```
### CVEs added in the last Commit
Recently added CVEs: `16`
Recently added CVEs: `20`
- [CVE-2024-25076](CVE-2024/CVE-2024-250xx/CVE-2024-25076.json) (`2024-07-10T20:15:02.933`)
- [CVE-2024-25077](CVE-2024/CVE-2024-250xx/CVE-2024-25077.json) (`2024-07-10T20:15:03.023`)
- [CVE-2024-37148](CVE-2024/CVE-2024-371xx/CVE-2024-37148.json) (`2024-07-10T20:15:03.280`)
- [CVE-2024-37149](CVE-2024/CVE-2024-371xx/CVE-2024-37149.json) (`2024-07-10T20:15:03.543`)
- [CVE-2024-37310](CVE-2024/CVE-2024-373xx/CVE-2024-37310.json) (`2024-07-10T20:15:03.790`)
- [CVE-2024-38353](CVE-2024/CVE-2024-383xx/CVE-2024-38353.json) (`2024-07-10T20:15:04.053`)
- [CVE-2024-38354](CVE-2024/CVE-2024-383xx/CVE-2024-38354.json) (`2024-07-10T20:15:04.293`)
- [CVE-2024-39693](CVE-2024/CVE-2024-396xx/CVE-2024-39693.json) (`2024-07-10T20:15:04.543`)
- [CVE-2024-6148](CVE-2024/CVE-2024-61xx/CVE-2024-6148.json) (`2024-07-10T21:15:10.730`)
- [CVE-2024-6149](CVE-2024/CVE-2024-61xx/CVE-2024-6149.json) (`2024-07-10T21:15:10.830`)
- [CVE-2024-6150](CVE-2024/CVE-2024-61xx/CVE-2024-6150.json) (`2024-07-10T21:15:10.920`)
- [CVE-2024-6151](CVE-2024/CVE-2024-61xx/CVE-2024-6151.json) (`2024-07-10T21:15:11.013`)
- [CVE-2024-6236](CVE-2024/CVE-2024-62xx/CVE-2024-6236.json) (`2024-07-10T21:15:11.120`)
- [CVE-2024-6286](CVE-2024/CVE-2024-62xx/CVE-2024-6286.json) (`2024-07-10T21:15:11.210`)
- [CVE-2024-6663](CVE-2024/CVE-2024-66xx/CVE-2024-6663.json) (`2024-07-10T21:15:11.463`)
- [CVE-2024-6664](CVE-2024/CVE-2024-66xx/CVE-2024-6664.json) (`2024-07-10T21:15:11.520`)
- [CVE-2024-39511](CVE-2024/CVE-2024-395xx/CVE-2024-39511.json) (`2024-07-10T23:15:10.127`)
- [CVE-2024-39512](CVE-2024/CVE-2024-395xx/CVE-2024-39512.json) (`2024-07-10T23:15:10.393`)
- [CVE-2024-39513](CVE-2024/CVE-2024-395xx/CVE-2024-39513.json) (`2024-07-10T23:15:10.640`)
- [CVE-2024-39514](CVE-2024/CVE-2024-395xx/CVE-2024-39514.json) (`2024-07-10T23:15:10.877`)
- [CVE-2024-39517](CVE-2024/CVE-2024-395xx/CVE-2024-39517.json) (`2024-07-10T23:15:11.127`)
- [CVE-2024-39518](CVE-2024/CVE-2024-395xx/CVE-2024-39518.json) (`2024-07-10T23:15:11.363`)
- [CVE-2024-39554](CVE-2024/CVE-2024-395xx/CVE-2024-39554.json) (`2024-07-10T23:15:11.607`)
- [CVE-2024-39555](CVE-2024/CVE-2024-395xx/CVE-2024-39555.json) (`2024-07-10T23:15:11.863`)
- [CVE-2024-39556](CVE-2024/CVE-2024-395xx/CVE-2024-39556.json) (`2024-07-10T23:15:12.133`)
- [CVE-2024-39557](CVE-2024/CVE-2024-395xx/CVE-2024-39557.json) (`2024-07-10T23:15:12.370`)
- [CVE-2024-39558](CVE-2024/CVE-2024-395xx/CVE-2024-39558.json) (`2024-07-10T23:15:12.617`)
- [CVE-2024-39559](CVE-2024/CVE-2024-395xx/CVE-2024-39559.json) (`2024-07-10T23:15:12.863`)
- [CVE-2024-39560](CVE-2024/CVE-2024-395xx/CVE-2024-39560.json) (`2024-07-10T23:15:13.140`)
- [CVE-2024-39561](CVE-2024/CVE-2024-395xx/CVE-2024-39561.json) (`2024-07-10T23:15:13.383`)
- [CVE-2024-39562](CVE-2024/CVE-2024-395xx/CVE-2024-39562.json) (`2024-07-10T23:15:13.670`)
- [CVE-2024-39565](CVE-2024/CVE-2024-395xx/CVE-2024-39565.json) (`2024-07-10T23:15:13.940`)
- [CVE-2024-6036](CVE-2024/CVE-2024-60xx/CVE-2024-6036.json) (`2024-07-10T23:15:14.227`)
- [CVE-2024-6037](CVE-2024/CVE-2024-60xx/CVE-2024-6037.json) (`2024-07-10T23:15:14.493`)
- [CVE-2024-6650](CVE-2024/CVE-2024-66xx/CVE-2024-6650.json) (`2024-07-10T23:15:14.930`)
- [CVE-2024-6652](CVE-2024/CVE-2024-66xx/CVE-2024-6652.json) (`2024-07-10T23:15:15.250`)
### CVEs modified in the last Commit
Recently modified CVEs: `4`
- [CVE-2022-39227](CVE-2022/CVE-2022-392xx/CVE-2022-39227.json) (`2024-07-10T21:15:10.210`)
- [CVE-2023-51105](CVE-2023/CVE-2023-511xx/CVE-2023-51105.json) (`2024-07-10T20:15:02.820`)
- [CVE-2024-6409](CVE-2024/CVE-2024-64xx/CVE-2024-6409.json) (`2024-07-10T20:15:04.853`)
- [CVE-2024-6647](CVE-2024/CVE-2024-66xx/CVE-2024-6647.json) (`2024-07-10T21:15:11.350`)
- [CVE-2023-41915](CVE-2023/CVE-2023-419xx/CVE-2023-41915.json) (`2024-07-10T23:15:09.923`)
- [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-07-10T23:15:10.040`)
- [CVE-2024-38021](CVE-2024/CVE-2024-380xx/CVE-2024-38021.json) (`2024-07-10T22:15:04.530`)
- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-10T23:15:14.700`)
## Download and Usage

68
_state.csv
View File

@ -205371,7 +205371,7 @@ CVE-2022-39222,0,0,d5c5959de85d8399f7df5df7fe710a9317d7041d9b0b4b33bf3ae297bcc6e
CVE-2022-39224,0,0,74ea89dc06f9e57b983f75ca05855fc4f4cb512ab1741b0a4530707b87a7d9ec,2022-09-26T13:41:40.930000
CVE-2022-39225,0,0,1ffacad34887b15c068e75426ef754e90dae5870ac74bcf9503b989bb98b1547,2022-09-28T13:50:43.977000
CVE-2022-39226,0,0,acbe605eedc5b8513fa1a9550dfce48c9078a9ebdc3877e2da3d43c5379e7076,2022-10-05T21:16:28.857000
CVE-2022-39227,0,1,019614e57b7ad104fb5797fe27fc61c9be6c1561596ea79fd21f3c74865f95f5,2024-07-10T21:15:10.210000
CVE-2022-39227,0,0,019614e57b7ad104fb5797fe27fc61c9be6c1561596ea79fd21f3c74865f95f5,2024-07-10T21:15:10.210000
CVE-2022-39228,0,0,9ac109f41184e5b247f5400110c9db7bb5e2c50a63cd3683f4750827719518ad,2023-11-07T03:50:22.207000
CVE-2022-39229,0,0,15c32822b0b02ba916b7978b1911da429757ff74dff8754a1162c942ec0c715d,2022-10-19T14:10:31.537000
CVE-2022-3923,0,0,c8833e201274cfbe638e6a0e7d3dae3aac2f4aae1f4ceb74dd47079222d175e6,2023-11-07T03:51:58.120000
@ -231314,7 +231314,7 @@ CVE-2023-41910,0,0,ddadb74f9e50737d21120f0b88022d8c15ee68cc56eb3c4577229fb7986d3
CVE-2023-41911,0,0,c370f1652ab4a7704bdb8c1c18b508b07e9446ea3a6134c45133ba3207c3be67,2023-10-02T19:02:19.277000
CVE-2023-41913,0,0,ac6a5dec8a2ef981599760c1bd584c0a3e1984d30935032e705f83162150cb05,2024-06-11T04:15:10.863000
CVE-2023-41914,0,0,27c5c2c3c84cd968ddce119075b7bda7c87709505c9fb5104442489dec8eacba,2023-11-09T22:11:29.870000
CVE-2023-41915,0,0,36dcb97e8e88c3fa222716fa41549145bf1bf8e3b34064739182cd4dfb8684ab,2024-07-10T18:15:02.900000
CVE-2023-41915,0,1,ca0a079d97dd9f25e9b1363dbc30e209a10f89677e357ff69efeae8b50de45f1,2024-07-10T23:15:09.923000
CVE-2023-41917,0,0,f3161e8d6c620e45be8c901747b972f5e1c375ee92e6d63bc7e00bef339a5387,2024-07-02T12:09:16.907000
CVE-2023-41918,0,0,0856e5fa41285db5b029ff0214e8d51ede0087304c24a711546183f0175c9d9e,2024-07-02T12:09:16.907000
CVE-2023-41919,0,0,6807d33f550dbbb2d90b8f4fce9a8f7ee1053b0fb9f312837bd90277e545973a,2024-07-02T12:09:16.907000
@ -237542,7 +237542,7 @@ CVE-2023-51101,0,0,715bd2375e465539f78b9589de724a3b44b5b751f2a2bdeeadbb172b19954
CVE-2023-51102,0,0,43e4885799f2da8dffd65a72e501f08b192ea7fe94ed89bfde6db81b2efa7f22,2023-12-30T03:19:15.973000
CVE-2023-51103,0,0,71cf8eb36c512e4486b80f2008e48d245df5f090a9237a985a5b7ec951e695d4,2024-01-05T16:25:15.997000
CVE-2023-51104,0,0,4e7f57d88a96c53c8983850e0ce64f7f7f64d18b84efb70425e41eb2b5c6ccf2,2024-07-09T21:15:11.690000
CVE-2023-51105,0,1,4abe2872b1e377f4ee0d31e3315aedcd1a647380c8a18113bab0a1851833e7a2,2024-07-10T20:15:02.820000
CVE-2023-51105,0,0,4abe2872b1e377f4ee0d31e3315aedcd1a647380c8a18113bab0a1851833e7a2,2024-07-10T20:15:02.820000
CVE-2023-51106,0,0,2ad42e3fc60bf937fccd789a94702f6663bceff82ffdd09e8001ab565c4bd666,2024-03-18T04:15:08.790000
CVE-2023-51107,0,0,c5d5f3f75be31a12b33532bfd4bfc63c33f71406b1ed3956b0081dc9f8320e93,2024-01-05T17:14:48.820000
CVE-2023-5111,0,0,9aa75e6a8b2cdd2372d791a9a0def8ce9e9d4923ff9c71c4dfed5da5d92d1561,2023-10-06T17:58:29.377000
@ -245614,8 +245614,8 @@ CVE-2024-25064,0,0,1c648660fe74d25bd4bc9587030796b3cc77cb44c915d4df3e4024ac11525
CVE-2024-25065,0,0,f671f82a7697d47568409b085db18a169bcbb80a6a570c1657ffbf02010a7804,2024-02-29T13:49:29.390000
CVE-2024-2507,0,0,ea9c85786faadd0442f075fa7cedcc51f34924f4764686abb8afe0beed882661,2024-04-10T13:23:38.787000
CVE-2024-25075,0,0,8f1ad7795ac9be7789e9412ad24a6f478ed4bba46ede8202f16d701d6f470c93,2024-04-03T12:38:04.840000
CVE-2024-25076,1,1,d66bc17d91809cc2f78f3102ffe32b214bc987b6cd580c79f6170144ca43d7b5,2024-07-10T20:15:02.933000
CVE-2024-25077,1,1,1f8486cd645938c03e21e9baea1f7aad5d57b438c9e14c7dfeed86cd8586c3f4,2024-07-10T20:15:03.023000
CVE-2024-25076,0,0,d66bc17d91809cc2f78f3102ffe32b214bc987b6cd580c79f6170144ca43d7b5,2024-07-10T20:15:02.933000
CVE-2024-25077,0,0,1f8486cd645938c03e21e9baea1f7aad5d57b438c9e14c7dfeed86cd8586c3f4,2024-07-10T20:15:03.023000
CVE-2024-25078,0,0,14ea593bbd760f1a861775a7e6100acb3fd7a8f88d884ae3f61694ec3c2b2927,2024-07-03T01:48:39.997000
CVE-2024-25079,0,0,df3a5b95b7f6f4370caee005112754774cb6bfa4fa30f82a6ed48ecf2a7fc17d,2024-07-03T01:48:40.830000
CVE-2024-25080,0,0,b71676650e0fe980740d0ba2f09b4ab96eab09f2522aeb1c79a8cba30e06c62f,2024-04-01T12:49:00.877000
@ -246642,7 +246642,7 @@ CVE-2024-26618,0,0,b4ee02e43411773445d9502213c0c8ee13dbb28e9adadb6062e2443b8f287
CVE-2024-26619,0,0,4bc519bd153c025ad692ee69af117d5945ba0b94f5c3e5862c457953e2f5d4bd,2024-03-12T12:40:13.500000
CVE-2024-2662,0,0,f67fa5f3bbbaf2e8acff0e892a68fc06e4217f99a75dec53361b235392202bd4,2024-05-14T16:13:02.773000
CVE-2024-26620,0,0,d9644d90006553a6ef7df3ce5b7de0b26190c676351738b9b2539bec3ef4ee61,2024-03-12T12:40:13.500000
CVE-2024-26621,0,0,ae174ab63b89076d7a9ceec8eb1daf44db9a15c3dd214e36a51556f5f92d37bd,2024-07-09T07:15:03.463000
CVE-2024-26621,0,1,b7ecfb322a157dec7618566e7b66e107324db99cc27d9506a03d658275c424bb,2024-07-10T23:15:10.040000
CVE-2024-26622,0,0,429b8c79ac7bc8a6f352b05f3ec787ee7dce1baf63c22803c7866fe6ab98869f,2024-06-25T22:15:19.240000
CVE-2024-26623,0,0,5692b1c30d07fd10d73a2d8d099143935e519ebf33db10f9328fbf12228012a8,2024-03-06T15:18:08.093000
CVE-2024-26624,0,0,9575e38401ed951dd513d0e1852942215c7c9e9bc3c5371fd0da3ac3a0eac967,2024-03-27T14:15:10.163000
@ -253648,8 +253648,8 @@ CVE-2024-37141,0,0,b03df6d0d6f897b221dc842eaee3003cdd6e5a584378ab9df9bc91aaf0755
CVE-2024-37145,0,0,5c583bad753181323e403ceb6f4418c69209cee6463fe8ada19cf90c7991fb5f,2024-07-02T12:09:16.907000
CVE-2024-37146,0,0,d5817f16e70393732c114867d4a0a6a7a44408de06d35e1f4b6b81d6827c298f,2024-07-02T12:09:16.907000
CVE-2024-37147,0,0,7a31258544a4e88adf524ac1293ead93cd96672924da2d1697b8fab4e9cdc221,2024-07-10T19:15:10.930000
CVE-2024-37148,1,1,d34a4e96289a16ca2babafd1684df282e85bccbb8fc2fc0400b81e026d541ad3,2024-07-10T20:15:03.280000
CVE-2024-37149,1,1,b981686ad01124fa84f3021eb2d86d5c07e4a35cbc3f848d00608f80820f520b,2024-07-10T20:15:03.543000
CVE-2024-37148,0,0,d34a4e96289a16ca2babafd1684df282e85bccbb8fc2fc0400b81e026d541ad3,2024-07-10T20:15:03.280000
CVE-2024-37149,0,0,b981686ad01124fa84f3021eb2d86d5c07e4a35cbc3f848d00608f80820f520b,2024-07-10T20:15:03.543000
CVE-2024-3715,0,0,902861be5261e2c029ed83a5c6920fde180817c53e05bb93208dc31c820658c5,2024-05-02T18:00:37.360000
CVE-2024-37150,0,0,97cf533630a2e81b430f11fe12ccc7be397791e2299035e9f7d7a243e494791c,2024-06-07T14:56:05.647000
CVE-2024-37152,0,0,d5beb8b2bc90de99efc40fac5a89948f3b2a0d50610a65220e35a91d41ce9369,2024-06-07T14:56:05.647000
@ -253737,7 +253737,7 @@ CVE-2024-37307,0,0,307a9077f465a844bb3929ae05a1dcebcb701d8b2ae344b6539171566dfcc
CVE-2024-37308,0,0,789ac1ee79bf50a380c8842b793e1f03cbcea96755a8db8c09ad817d1922f353,2024-06-13T18:35:19.777000
CVE-2024-37309,0,0,665df876b2164bd39f49af0dbd8eb55d8bda11b715021fb1a958468109ece0ed,2024-06-13T18:35:19.777000
CVE-2024-3731,0,0,bdcc8f677627b7b108ec8e839a01e7cc6ba34354d6004394dff79046d7838f40,2024-04-19T13:10:25.637000
CVE-2024-37310,1,1,b89dce05a6fcfa197b0f3591505fabefb6ccff051d6496173d06bbcf5f585311,2024-07-10T20:15:03.790000
CVE-2024-37310,0,0,b89dce05a6fcfa197b0f3591505fabefb6ccff051d6496173d06bbcf5f585311,2024-07-10T20:15:03.790000
CVE-2024-37312,0,0,ba4f355e4f74a8bde30dcfd48ce758e7796e43079453cb77192f0999aacce83a,2024-06-17T12:42:04.623000
CVE-2024-37313,0,0,bad34f14f8fcac47115250f6ec4bbac8493c061a0b49da4b4fbe2645f7a82474,2024-06-17T12:42:04.623000
CVE-2024-37314,0,0,bbb529e96a1bf18f91583a0e4981cbc0e945b7a77e11c3672e59d0ae8b6a6421,2024-06-17T12:42:04.623000
@ -254034,7 +254034,7 @@ CVE-2024-38017,0,0,73290933abbcecd5d36371e14a73a0c61df248f2b886d97acbc4fc5522ff2
CVE-2024-38019,0,0,e82228040e66d2c2532ef58389cbb59007365a7bf6c6085235aca728e5a61148,2024-07-09T18:18:38.713000
CVE-2024-3802,0,0,aaa997a68afe711762ac8536c5d0fad15740edaa6785e851a1495f0cf1f43e75,2024-06-04T02:15:49.290000
CVE-2024-38020,0,0,bd7252602fb74ca11537d67660e517112b86ed47ec6e539cb60f3b6f51021a94,2024-07-09T18:18:38.713000
CVE-2024-38021,0,0,4272adbfd7fcd9f761a08865d5bf8e0072fd2fb2720e257e8b6aa3fa42bc35df,2024-07-09T18:18:38.713000
CVE-2024-38021,0,1,d2d70a48d6f9e5bd45005274a68113448acbc50ece7ebe1ffa9d448cca9f421b,2024-07-10T22:15:04.530000
CVE-2024-38022,0,0,741e925f1c88410970e421ad8e0c1008c9a613060613b619d3e51dbb26055bda,2024-07-09T18:18:38.713000
CVE-2024-38023,0,0,26aa830c0b687f2c026d2426ae46c898f634eeada2488acf5012ff575bf5f330,2024-07-09T18:18:38.713000
CVE-2024-38024,0,0,18c866607aa343d89e10112e531316720d7d5da3994742c51add368374a58c90,2024-07-09T18:18:38.713000
@ -254163,8 +254163,8 @@ CVE-2024-38347,0,0,4d613454dc1780690a10a13a7c4d0d38fa70bfa9e6afa8cdcbdd33d7a9b43
CVE-2024-38348,0,0,6e5ce391b6cb124e038ae8273d56ab90f89cf43a2075c68d341d5350c665dadb,2024-07-03T02:04:55.710000
CVE-2024-38351,0,0,fc316049b1243ceecf4f16bb932622b3d32a9ec242887e0258f3f20fe77446f1,2024-06-20T12:44:01.637000
CVE-2024-38352,0,0,13a6e81e4d4d40a0591843c161ee638c75aac348990bf4d2603a4c2fb8cf2a30,2024-06-19T18:15:11.507000
CVE-2024-38353,1,1,eb08852e451b97fe5122a1a9fd19cf3f0fa69e538523a9e0cadf1b54c38e5960,2024-07-10T20:15:04.053000
CVE-2024-38354,1,1,1a991e4e7ebf191a695b1f99de82173b0105016b21d5ba679577ef4299e69da5,2024-07-10T20:15:04.293000
CVE-2024-38353,0,0,eb08852e451b97fe5122a1a9fd19cf3f0fa69e538523a9e0cadf1b54c38e5960,2024-07-10T20:15:04.053000
CVE-2024-38354,0,0,1a991e4e7ebf191a695b1f99de82173b0105016b21d5ba679577ef4299e69da5,2024-07-10T20:15:04.293000
CVE-2024-38355,0,0,548f855fd76fea3ae91cbde1441c70071a7c7d1a3d657b48a4999a1a744b1672,2024-06-20T12:43:25.663000
CVE-2024-38356,0,0,4d5684a2a5b21833c79b0d8355427fc3daf538540dd8f7d1cfa341630e75ced1,2024-06-20T12:43:25.663000
CVE-2024-38357,0,0,db932e7bd44b2292bed66681b7d77a847d541a79cdeb9df0d08a424975405801,2024-06-20T12:43:25.663000
@ -254627,10 +254627,26 @@ CVE-2024-39491,0,0,d2975a109e73a4d679d1de3277f449b0b59355c75959a87b79fec0fa339af
CVE-2024-39492,0,0,936737ac4a5aa51c6dd2775e7e8ab10104463739019f0e5149175b556e6d42ae,2024-07-10T08:15:11.360000
CVE-2024-39493,0,0,95ca26deac88a48a13f8b40620d0ff25df1c825b903366bd7b44a58ddff0741b,2024-07-10T08:15:11.427000
CVE-2024-3951,0,0,d1eb572088193a792816003caae4c8900ea1808fb70b3f34eb162771a0d73b1e,2024-05-08T17:05:24.083000
CVE-2024-39511,1,1,7b05ce65731563c79294bee284ea4e6fa7d2301386141c03e1bff49ed7b8e0e8,2024-07-10T23:15:10.127000
CVE-2024-39512,1,1,d7ca02e8f1592f1f31469ff4cd629b2fee1360dbe4e597a26bb73ed38f025794,2024-07-10T23:15:10.393000
CVE-2024-39513,1,1,d8dc2351a0d98e5d4a578083ced931c7795fc8f4e60ad60f6ccc63d8ea7de867,2024-07-10T23:15:10.640000
CVE-2024-39514,1,1,47631a8fe330006491f00cde3fb12f18c01c9baec830839535ae8ae7f97eaa93,2024-07-10T23:15:10.877000
CVE-2024-39517,1,1,3c46ada663d8ffbdb4b88b4cfe0983c3e028f059ce81b2046e63dd2f8a33eef7,2024-07-10T23:15:11.127000
CVE-2024-39518,1,1,eaa635a80528e7483e3e9921835314962ff00c79b39e854d1340c3887ad34e76,2024-07-10T23:15:11.363000
CVE-2024-3952,0,0,92f1da274771947c3cb4a43546670c1af8a997980dc361a71cd2fb07f162ad15,2024-05-14T16:11:39.510000
CVE-2024-3954,0,0,45f1b348fcace6f84e3157e2d0f8a54fc4228bb396d26e03c9556cd235947f43,2024-05-14T16:11:39.510000
CVE-2024-3955,0,0,1980afc805b9b5d168ea6a08c34d1a9d581fd505fecdd9c097016e585c054b35,2024-07-03T02:06:56.087000
CVE-2024-39554,1,1,4591eb30484b22ebd9118f4d062e90e49def2b0738f44fc3235b87fd007b9900,2024-07-10T23:15:11.607000
CVE-2024-39555,1,1,305803290d325fbcf3904271dce4385739256bb1824a023c6217ab8fbc632707,2024-07-10T23:15:11.863000
CVE-2024-39556,1,1,03c8f7c9137bec821e13e27aa521c7a86a0f92820ddbfc1911cc0b6f362d4839,2024-07-10T23:15:12.133000
CVE-2024-39557,1,1,8b6aefdeffc4849a2ec6d1dcca3a3eb4cba066b045df25dbe36ee6b0b93937c8,2024-07-10T23:15:12.370000
CVE-2024-39558,1,1,2919edc34f42d8e103bdaf3d303d1679bf706fc60e9f5307313b09387b615fed,2024-07-10T23:15:12.617000
CVE-2024-39559,1,1,ad430b23b18533cda3ddcfb241b9e2b35159b8281b37e4672c8f81f2b4ba7ea6,2024-07-10T23:15:12.863000
CVE-2024-3956,0,0,84c84e343f731479baad188521c68e2e10d428da5ee4bd61443cf640ccedc17a,2024-05-14T16:11:39.510000
CVE-2024-39560,1,1,bff3d5ca0d1eeb898e1cde0c803b22bee5a652c60b70765c8a025e16b03b372b,2024-07-10T23:15:13.140000
CVE-2024-39561,1,1,f04824838d32be9decc2affabee320bbb1df44f48491aa0e7ea7bd5df6540d63,2024-07-10T23:15:13.383000
CVE-2024-39562,1,1,58e90e30c0db46bbb2aca8592ee3ce66358ecdc6223d7a942f023502538b998d,2024-07-10T23:15:13.670000
CVE-2024-39565,1,1,7a40433b02cc0a7925d467cb898396367286e89939dabbf756204a268c184845,2024-07-10T23:15:13.940000
CVE-2024-39567,0,0,7b194844163bcf526e5adc38cee5e584dfd615ab7311f788e296e35db5f76246,2024-07-09T18:19:14.047000
CVE-2024-39568,0,0,155da4fcd07a352c9fe4061336a48a1bfe3bd89ed7e98a66130b41e632263aa3,2024-07-09T18:19:14.047000
CVE-2024-39569,0,0,52889f68709bb42505429361fd8cbaa37b3cfa3fede130db2e5e3c1d1167ce5b,2024-07-09T18:19:14.047000
@ -254664,7 +254680,7 @@ CVE-2024-39687,0,0,1f0dde45c697bd142eb547e4c25395e40bc6f58804b4b24f10fa4126a251a
CVE-2024-39689,0,0,86295f6760848f0b510226e65028fed1b62502a931685ba6acf948103d5d29cb,2024-07-08T15:49:22.437000
CVE-2024-3969,0,0,793622b6641cb8c2dc34802adf1ab9ece645cce7d321b9faf1a6b76d5e28ec78,2024-05-28T17:11:55.903000
CVE-2024-39691,0,0,5b1b13e200d826d3f40f75a75371b183af197da1146b1c1721e666feddcea9c6,2024-07-08T15:49:22.437000
CVE-2024-39693,1,1,2bedde3e8044c66cb2a446cc4094e8e76f63af8ced7065586d84c6768c76810b,2024-07-10T20:15:04.543000
CVE-2024-39693,0,0,2bedde3e8044c66cb2a446cc4094e8e76f63af8ced7065586d84c6768c76810b,2024-07-10T20:15:04.543000
CVE-2024-39695,0,0,fbaaa4e185fc8d8718a1bd681584149a106333fea090ef242205e9fceffe21eb,2024-07-09T14:47:19.767000
CVE-2024-39696,0,0,48bfab7e50339e1ca25125b7d36bfdf66ca4035d9f4c1ba7b967c71b544827af,2024-07-08T15:49:22.437000
CVE-2024-39697,0,0,9186fda2eab5f78df936964a06e0cbab87d706d772078d108f219ea7a02555a3,2024-07-09T18:19:14.047000
@ -256335,6 +256351,8 @@ CVE-2024-6015,0,0,b5dd732698ac918c4f9a100a042e5587c72b21ba3272e6fc136fa01311e31f
CVE-2024-6016,0,0,c54c9dea249da6152524c81283c2e2c500a502b8999814b114c6434b99c2c3ed,2024-06-17T14:15:12.487000
CVE-2024-6027,0,0,b2fd57616c7b740fff1978bda2368fdc3959192a2c78f320629b1920784145fa,2024-06-24T19:17:50.240000
CVE-2024-6028,0,0,a53cebc0801a7944b049693d6e4ba090f6ff8943c9a085ad6c29614624cd6988,2024-06-25T12:24:17.873000
CVE-2024-6036,1,1,9c40c5bcd05d9b6168425666513e1b805aecf8096340a0971d6e55598f8c851b,2024-07-10T23:15:14.227000
CVE-2024-6037,1,1,06d4d8b656bd7649ce96f1e8400293777fe64cfb344d03821531ca32c2859265,2024-07-10T23:15:14.493000
CVE-2024-6038,0,0,4dff4db125482f9ecedc7a5fd577549dfaebc98ad18a8caa631a9c29113f6e8d,2024-06-27T19:25:12.067000
CVE-2024-6039,0,0,266923799676f8be01eee28d4a84714045ee9a927bc992eaf897cc5b748105d7,2024-06-17T14:15:12.620000
CVE-2024-6041,0,0,a295768a83c71f46593370532a5a859cd3d130f4e3527299fc42bdf02397e4d4,2024-06-17T14:15:12.733000
@ -256403,10 +256421,10 @@ CVE-2024-6144,0,0,282f248ec161eadd8599a33b6d11a75bd4ed1ccd1aa15e9b959a4a72d41d30
CVE-2024-6145,0,0,74f99a0157ef2eb5160bc64159bab3cd3614efb0f0cae9420b13288ce6d516ff,2024-06-20T12:44:01.637000
CVE-2024-6146,0,0,835232b778d7e80b1c73cad2f19f1275692bff270d5e664fd4c7fc64973110ef,2024-06-20T12:44:01.637000
CVE-2024-6147,0,0,4a4919271ad23db4250af2d646dfd99f64704c8a0c63e163a55ff156915fc472,2024-06-21T11:22:01.687000
CVE-2024-6148,1,1,dcd83a245e39fa43db402f0637ad356b0d0e0667882f01d90e6c3c6107206e98,2024-07-10T21:15:10.730000
CVE-2024-6149,1,1,a9578230ee145225e434c626fca85a259f303801ec1a7121abf0ec884010a742,2024-07-10T21:15:10.830000
CVE-2024-6150,1,1,6ad8b9667f4da237273307618c00aa9adad0e60508a636fb2e1e33190d440247,2024-07-10T21:15:10.920000
CVE-2024-6151,1,1,135328139a2a1eaf24b04738d199c3901e649153e54ef8d081a281ad2900fd4d,2024-07-10T21:15:11.013000
CVE-2024-6148,0,0,dcd83a245e39fa43db402f0637ad356b0d0e0667882f01d90e6c3c6107206e98,2024-07-10T21:15:10.730000
CVE-2024-6149,0,0,a9578230ee145225e434c626fca85a259f303801ec1a7121abf0ec884010a742,2024-07-10T21:15:10.830000
CVE-2024-6150,0,0,6ad8b9667f4da237273307618c00aa9adad0e60508a636fb2e1e33190d440247,2024-07-10T21:15:10.920000
CVE-2024-6151,0,0,135328139a2a1eaf24b04738d199c3901e649153e54ef8d081a281ad2900fd4d,2024-07-10T21:15:11.013000
CVE-2024-6153,0,0,a3cbabebaa196b7fc704a5b9ef76e592e68ec6c4195aa6f7531f701a27a837d5,2024-06-21T11:22:01.687000
CVE-2024-6154,0,0,14c261dad2c658f3f85287831ecf663ba772d4a017166d6d5d3cda8ce8388677,2024-06-21T11:22:01.687000
CVE-2024-6160,0,0,e0e9df11502e0f78d6d764c03981bde61fa7fdce13ce5e8e72c2edbfe567293b,2024-06-24T12:57:36.513000
@ -256455,7 +256473,7 @@ CVE-2024-6225,0,0,05da1495d7d116987721ea4d8dad783669e833db8afd42c6e9b9d7b3635825
CVE-2024-6227,0,0,6448b237469b4af8add5bea6ce3efd3ec79e9126dca5090705d4ceeb86be54e2,2024-07-09T18:19:14.047000
CVE-2024-6229,0,0,8c75c4089f9bb2b690871cceb6de9502d8662dbaa4dc8109053b9a0e9bdfb643,2024-07-08T15:49:22.437000
CVE-2024-6235,0,0,e3c37bb4fde984e1ccadb66beb9f2d57535be87aa4e3d6539029d59968be2e76,2024-07-10T19:15:11.973000
CVE-2024-6236,1,1,959a1f53fbd24ac8bbba6562ae5b94299031a022f324a67305fde8f021d5c507,2024-07-10T21:15:11.120000
CVE-2024-6236,0,0,959a1f53fbd24ac8bbba6562ae5b94299031a022f324a67305fde8f021d5c507,2024-07-10T21:15:11.120000
CVE-2024-6237,0,0,8eb889363f8a87d3bb3f430f1da56ccf68ff66b11eeffce13455da0850e4107b,2024-07-09T18:18:38.713000
CVE-2024-6238,0,0,01bce4fcd5bf21099e3fa29fb7e34bf0d2a461d152d0ae3d9b913c1fb46d1451,2024-06-25T18:50:42.040000
CVE-2024-6239,0,0,4d98a21d53ef2e5917897cadc254a12ee654ff1e3575a82a15151981272f61b5,2024-06-24T19:06:27.537000
@ -256485,7 +256503,7 @@ CVE-2024-6280,0,0,4e5bdd720fdc6d68a51312dcfd366ac88ed5daebd5ed348aefe6d5aa74c577
CVE-2024-6283,0,0,84796e0660e5beb3ad885e74e117108f941d8d6090497e3b6867080b852b92df,2024-06-28T13:37:44.763000
CVE-2024-6284,0,0,73ccbe59cd13df171bbc79ab6b910254c728a7cb44133bad73b07b9d4dc26d5e,2024-07-05T12:55:51.367000
CVE-2024-6285,0,0,e2996efda4e983a3551e96b4c79fe85947d0c5facb8b6e94cf5ae2183076f6f4,2024-06-26T14:24:38.113000
CVE-2024-6286,1,1,465273d6f75a4d4193bc59c5929b52288f5d34220942ae74fab2f5d29f1b2acf,2024-07-10T21:15:11.210000
CVE-2024-6286,0,0,465273d6f75a4d4193bc59c5929b52288f5d34220942ae74fab2f5d29f1b2acf,2024-07-10T21:15:11.210000
CVE-2024-6287,0,0,91ea920d50ec75aef59aca2b29908a9542c1a59d5111a1068e10d538d24873e6,2024-06-26T14:36:08.507000
CVE-2024-6288,0,0,759e3147da1b3805ee22c246688b7816f816dcaacd990c0e2025b974262129c2,2024-06-28T10:27:00.920000
CVE-2024-6290,0,0,f38106d9e1179e3770e59e6eaa72c9e7b486c800903b3806d0d60fbc8ab354e0,2024-07-03T02:09:49.960000
@ -256539,13 +256557,13 @@ CVE-2024-6376,0,0,2eceea6553f0e47a0e34ab01650b7781a20682f6799be39f9cd1e64f3f1985
CVE-2024-6381,0,0,2822fb12d769fe1cca32125b45cae52ba3e5807419213b6087c6db8de8d2b326,2024-07-03T12:53:24.977000
CVE-2024-6382,0,0,9f140af24f460b4413fa844f95383cc153754360a136939b8743c2d8327ebf99,2024-07-03T12:53:24.977000
CVE-2024-6383,0,0,4622f4fc90fbde51d6570a14e2ee494e3e71659c68201475e4e4eb659c036ac0,2024-07-05T12:55:51.367000
CVE-2024-6387,0,0,b1fbdb98f6e404bd38c8139822d83a145f2d2f6b94a3b15541c37a70e5fde04f,2024-07-10T18:15:05.163000
CVE-2024-6387,0,1,d09628973709e7a093c86098796bdfaece0581c1a3c82c4d0cf5675777927be4,2024-07-10T23:15:14.700000
CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a84738,2024-06-27T17:11:52.390000
CVE-2024-6391,0,0,7ce7aeffa0d0436a5dc8c66236e9fdb421bf2fd0e842089663d3cb7d1491a998,2024-07-09T18:19:14.047000
CVE-2024-6402,0,0,795485c4534407e246daec51c1daaa33b95f6651688fed743a8fb9054cdaedba,2024-07-01T12:37:24.220000
CVE-2024-6403,0,0,e44b9cfa8d9ae367e624a8cdf179ef52ea1e98c2115d7a956299d17747a6a56b,2024-07-01T12:37:24.220000
CVE-2024-6405,0,0,fdb62e3d2213e21f6cf3d269e158ee31cc07c01f1a5a460b466ccce5203f82ee,2024-07-01T12:37:24.220000
CVE-2024-6409,0,1,9bc68adee8126d980e539ed0340617319811b9c1ec91d5c6d49c8bedd8ee2b95,2024-07-10T20:15:04.853000
CVE-2024-6409,0,0,9bc68adee8126d980e539ed0340617319811b9c1ec91d5c6d49c8bedd8ee2b95,2024-07-10T20:15:04.853000
CVE-2024-6410,0,0,4a23711af9b75fd5d9c836acb666fb2c064959ce225737e22ec0f19711868ab5,2024-07-10T05:15:12.313000
CVE-2024-6411,0,0,c411733ced490230d62545353c4c7ed0b98f77df3ab30f2e11b0169200346139,2024-07-10T05:15:12.497000
CVE-2024-6414,0,0,ae0d661be5f3239fdfe6f0d08030fef27c03212dc1e12675bcf532fd90369002,2024-07-01T12:37:24.220000
@ -256615,7 +256633,9 @@ CVE-2024-6642,0,0,8d96c1180af1047f7b667e53dd25106a95583c9fef6033b783f527ef0b9e4e
CVE-2024-6644,0,0,4ac0927b6bee710b6d7aa47a319df161deab572b53510067cbeff9a5913bdd4c,2024-07-10T17:15:12.980000
CVE-2024-6645,0,0,8ee317125a412d226c217d8aa7e29bf02176cbf9e3265855272fdc48170e0bd4,2024-07-10T17:15:13.320000
CVE-2024-6646,0,0,01c30e39566e822aad5b619eab7c1cda5be4c04760003ec04ead5d5505b412a8,2024-07-10T18:15:05.480000
CVE-2024-6647,0,1,d85de7e2a89b23bef0d7c402bdb84b5d7bcecaf5214acb2011ddba0aeacad46c,2024-07-10T21:15:11.350000
CVE-2024-6647,0,0,d85de7e2a89b23bef0d7c402bdb84b5d7bcecaf5214acb2011ddba0aeacad46c,2024-07-10T21:15:11.350000
CVE-2024-6649,0,0,ba27e99c640a915a148c2cc576aa13e58beea119b44959dc391310f141dd2bdb,2024-07-10T19:15:12.070000
CVE-2024-6663,1,1,7facb2637e12709d4a455340194f194dba2537cb44d31c2262ed1aa6b9ebcf89,2024-07-10T21:15:11.463000
CVE-2024-6664,1,1,7dcdbd9efac1143da422ef778b0a605b2e75ff3874c65ca5b8e519e1d8523278,2024-07-10T21:15:11.520000
CVE-2024-6650,1,1,bcdf1da4f730173ec0ef176b961ebc45fd74db5710c1b540fd5342347455e8ad,2024-07-10T23:15:14.930000
CVE-2024-6652,1,1,bb195bcf49fd2fd72b66d8f572cddf80628a2817e7552a8b1e09e5044328f1ca,2024-07-10T23:15:15.250000
CVE-2024-6663,0,0,7facb2637e12709d4a455340194f194dba2537cb44d31c2262ed1aa6b9ebcf89,2024-07-10T21:15:11.463000
CVE-2024-6664,0,0,7dcdbd9efac1143da422ef778b0a605b2e75ff3874c65ca5b8e519e1d8523278,2024-07-10T21:15:11.520000

Can't render this file because it is too large.