From a235494b493f9f457c0e7bfc571e8696cdfde784 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Wed, 10 Jul 2024 23:58:13 +0000 Subject: [PATCH] Auto-Update: 2024-07-10T23:55:18.476732+00:00 --- CVE-2023/CVE-2023-419xx/CVE-2023-41915.json | 10 +- CVE-2024/CVE-2024-266xx/CVE-2024-26621.json | 14 +- CVE-2024/CVE-2024-380xx/CVE-2024-38021.json | 8 +- CVE-2024/CVE-2024-395xx/CVE-2024-39511.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39512.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39513.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39514.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39517.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39518.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39554.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39555.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39556.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39557.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39558.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39559.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39560.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39561.json | 100 ++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39562.json | 104 +++++++++++++++ CVE-2024/CVE-2024-395xx/CVE-2024-39565.json | 108 +++++++++++++++ CVE-2024/CVE-2024-60xx/CVE-2024-6036.json | 56 ++++++++ CVE-2024/CVE-2024-60xx/CVE-2024-6037.json | 56 ++++++++ CVE-2024/CVE-2024-63xx/CVE-2024-6387.json | 10 +- CVE-2024/CVE-2024-66xx/CVE-2024-6650.json | 137 ++++++++++++++++++++ CVE-2024/CVE-2024-66xx/CVE-2024-6652.json | 137 ++++++++++++++++++++ README.md | 52 ++++---- _state.csv | 68 ++++++---- 26 files changed, 2107 insertions(+), 53 deletions(-) create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39511.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39512.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39513.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39514.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39517.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39518.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39554.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39555.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39556.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39557.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39558.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39559.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39560.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39561.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39562.json create mode 100644 CVE-2024/CVE-2024-395xx/CVE-2024-39565.json create mode 100644 CVE-2024/CVE-2024-60xx/CVE-2024-6036.json create mode 100644 CVE-2024/CVE-2024-60xx/CVE-2024-6037.json create mode 100644 CVE-2024/CVE-2024-66xx/CVE-2024-6650.json create mode 100644 CVE-2024/CVE-2024-66xx/CVE-2024-6652.json diff --git a/CVE-2023/CVE-2023-419xx/CVE-2023-41915.json b/CVE-2023/CVE-2023-419xx/CVE-2023-41915.json index ef7959d6c19..db65eabf8f7 100644 --- a/CVE-2023/CVE-2023-419xx/CVE-2023-41915.json +++ b/CVE-2023/CVE-2023-419xx/CVE-2023-41915.json @@ -2,7 +2,7 @@ "id": "CVE-2023-41915", "sourceIdentifier": "cve@mitre.org", "published": "2023-09-09T22:15:09.530", - "lastModified": "2024-07-10T18:15:02.900", + "lastModified": "2024-07-10T23:15:09.923", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -124,6 +124,14 @@ "url": "http://www.openwall.com/lists/oss-security/2024/07/10/3", "source": "cve@mitre.org" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/10/4", + "source": "cve@mitre.org" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/10/6", + "source": "cve@mitre.org" + }, { "url": "https://docs.openpmix.org/en/latest/security.html", "source": "cve@mitre.org", diff --git a/CVE-2024/CVE-2024-266xx/CVE-2024-26621.json b/CVE-2024/CVE-2024-266xx/CVE-2024-26621.json index a798af71a83..d00cfb0df21 100644 --- a/CVE-2024/CVE-2024-266xx/CVE-2024-26621.json +++ b/CVE-2024/CVE-2024-266xx/CVE-2024-26621.json @@ -2,7 +2,7 @@ "id": "CVE-2024-26621", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-03-02T22:15:50.340", - "lastModified": "2024-07-09T07:15:03.463", + "lastModified": "2024-07-10T23:15:10.040", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -45,6 +45,18 @@ "url": "http://www.openwall.com/lists/oss-security/2024/07/09/1", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/10/5", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/10/7", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/10/8", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" diff --git a/CVE-2024/CVE-2024-380xx/CVE-2024-38021.json b/CVE-2024/CVE-2024-380xx/CVE-2024-38021.json index bf28e40b64a..bc78905aa80 100644 --- a/CVE-2024/CVE-2024-380xx/CVE-2024-38021.json +++ b/CVE-2024/CVE-2024-380xx/CVE-2024-38021.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38021", "sourceIdentifier": "secure@microsoft.com", "published": "2024-07-09T17:15:28.323", - "lastModified": "2024-07-09T18:18:38.713", + "lastModified": "2024-07-10T22:15:04.530", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Microsoft Office Remote Code Execution Vulnerability" + "value": "Microsoft Outlook Remote Code Execution Vulnerability" + }, + { + "lang": "es", + "value": "Vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo de Microsoft Office" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39511.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39511.json new file mode 100644 index 00000000000..bf577cabefe --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39511.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39511", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:10.127", + "lastModified": "2024-07-10T23:15:10.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Input Validation vulnerability in the 802.1X Authentication (dot1x) Daemon of Juniper Networks Junos OS allows a local, low-privileged attacker with access to the CLI to cause a Denial of Service (DoS).\n\nOn running a specific operational dot1x command, the dot1x daemon crashes. An attacker can cause a sustained DoS condition by running this command repeatedly.\n\nWhen the crash occurs, the authentication status of any 802.1x clients is cleared, and any authorized dot1x port becomes unauthorized. The client cannot re-authenticate until the dot1x daemon restarts.\n\nThis issue affects Junos OS:\n * All versions before 20.4R3-S10;\n * 21.2 versions before 21.2R3-S7;\n * 21.4 versions before 21.4R3-S6;\n * 22.1 versions before 22.1R3-S5;\n * 22.2 versions before 22.2R3-S3;\n * 22.3 versions before 22.3R3-S2;\n * 22.4 versions before 22.4R3-S1;\n * 23.2 versions before 23.2R2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA82976", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39512.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39512.json new file mode 100644 index 00000000000..7a7d2cd62ba --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39512.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39512", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:10.393", + "lastModified": "2024-07-10T23:15:10.393", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Physical Access Control vulnerability in the console port control of Juniper Networks Junos OS Evolved allows an attacker with physical access to the device to get access to a user account.\n\nWhen the console cable is disconnected, the logged in user is not logged out.\u00a0This allows a malicious attacker with physical access to the console to resume a previous session and possibly gain administrative privileges.\n\nThis issue affects Junos OS Evolved: \n * from 23.2R2-EVO before 23.2R2-S1-EVO,\u00a0\n * from 23.4R1-EVO before 23.4R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.0, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-1263" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA82977", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39513.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39513.json new file mode 100644 index 00000000000..47907797975 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39513.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39513", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:10.640", + "lastModified": "2024-07-10T23:15:10.640", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Input Validation vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS Evolved allows a local, low-privileged attacker to cause a Denial of Service (DoS).\n\nWhen a specific \"clear\" command is run, the\u00a0Advanced Forwarding Toolkit manager (evo-aftmand-bt or evo-aftmand-zx) crashes and restarts.\n\nThe crash\u00a0impacts all traffic going through the FPCs, causing a DoS. Running the command repeatedly leads to a sustained DoS condition.\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 20.4R3-S9-EVO,\u00a0\n * from 21.2-EVO before 21.2R3-S7-EVO,\u00a0\n * from 21.3-EVO before 21.3R3-S5-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S4-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S3-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\n * from 23.2-EVO before 23.2R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "AUTOMATIC", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA82978", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39514.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39514.json new file mode 100644 index 00000000000..0e7201e7664 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39514.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39514", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:10.877", + "lastModified": "2024-07-10T23:15:10.877", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Check or Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nAn attacker can send specific traffic to the device, which causes the rpd to crash and restart. Continued receipt of this traffic will result in a sustained DoS condition.\n\nThis issue only affects devices with an EVPN-VPWS instance with IGMP-snooping enabled.\n\nThis issue affects Junos OS: \n * All versions before 20.4R3-S10,\u00a0\n * from 21.4 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3,\u00a0\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved: \n * All versions before 20.4R3-S10-EVO,\u00a0\n * from 21.4-EVO before 21.4R3-S6-EVO,\u00a0\n * from 22.1-EVO before 22.1R3-S5-EVO,\u00a0\n * from 22.2-EVO before 22.2R3-S3-EVO,\u00a0\n * from 22.3-EVO before 22.3R3-S2-EVO,\u00a0\n * from 22.4-EVO before 22.4R3-EVO,\u00a0\n * from 23.2-EVO before 23.2R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-703" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA82980", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39517.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39517.json new file mode 100644 index 00000000000..dd02dcba3d7 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39517.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39517", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:11.127", + "lastModified": "2024-07-10T23:15:11.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the\u00a0Layer 2 Address Learning Daemon (l2ald) on Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause Denial of Service (DoS).\n\nIn an EVPN/VXLAN scenario, when a high amount specific Layer 2 packets are processed by the device, it can cause the Routing Protocol Daemon (rpd) to utilize all CPU resources which causes the device to hang. A manual restart of the rpd is required to restore services.\n\nThis issue affects both IPv4 and IPv6 implementations.\nThis issue affects\nJunos OS:\nAll versions earlier than\u00a021.4R3-S7;\n22.1\u00a0versions earlier than 22.1R3-S5;\n22.2 versions earlier than\u00a022.2R3-S3;\n22.3 versions earlier than\u00a022.3R3-S3;\n22.4 versions earlier than\u00a022.4R3-S2;\n23.2 versions earlier than\u00a023.2R2;\n23.4 versions earlier than\u00a023.4R1-S1.\n\nJunos OS Evolved:\nAll versions earlier than\u00a021.4R3-S7-EVO;\n22.1-EVO versions earlier than\u00a022.1R3-S5-EVO;\n22.2-EVO versions earlier than\u00a022.2R3-S3-EVO;\n22.3-EVO versions earlier than 22.3R3-S3-EVO;\n22.4-EVO versions earlier than\u00a022.4R3-S2-EVO;\n23.2-EVO versions earlier than\u00a023.2R2-EVO;\n23.4-EVO versions earlier than\u00a023.4R1-S1-EVO, 23.4R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA79175", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39518.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39518.json new file mode 100644 index 00000000000..d8b31b48282 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39518.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39518", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:11.363", + "lastModified": "2024-07-10T23:15:11.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Heap-based Buffer Overflow vulnerability in the telemetry sensor process (sensord) of Juniper Networks Junos OS on MX240, MX480, MX960 platforms using MPC10E causes a steady increase in memory utilization, ultimately leading to a Denial of Service (DoS).\n\nWhen the device is subscribed to a specific subscription on Junos Telemetry Interface, a slow memory leak occurs and eventually all resources are consumed and the device becomes unresponsive. A manual reboot of the Line Card will be required to restore the device to its normal functioning.\u00a0\n\nThis issue is only seen when telemetry subscription is active.\n\nThe Heap memory utilization can be monitored using the following command:\n\u00a0 > show system processes extensive\n\nThe following command can be used to monitor the memory utilization of the specific sensor\n\u00a0 > show system info | match sensord\n PID NAME MEMORY PEAK MEMORY %CPU THREAD-COUNT CORE-AFFINITY UPTIME\n\n 1986 sensord 877.57MB 877.57MB 2 4 0,2-15 7-21:41:32\n\n\nThis issue affects Junos OS:\u00a0\n\n\n\n * from 21.2R3-S5 before 21.2R3-S7,\u00a0\n * from 21.4R3-S4 before 21.4R3-S6,\u00a0\n * from 22.2R3 before 22.2R3-S4,\u00a0\n * from 22.3R2 before 22.3R3-S2,\u00a0\n * from 22.4R1 before 22.4R3,\u00a0\n * from 23.2R1 before 23.2R2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-122" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA82982", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39554.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39554.json new file mode 100644 index 00000000000..55baf7d75e0 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39554.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39554", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:11.607", + "lastModified": "2024-07-10T23:15:11.607", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability the \n\nRouting Protocol Daemon (rpd)\n\n of Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to inject incremental routing updates when BGP multipath is enabled, causing rpd to crash and restart, resulting in a Denial of Service (DoS). Since this is a timing issue (race condition), the successful exploitation of this vulnerability is outside the attacker's control.\u00a0 However, continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nOn all Junos OS and Junos OS Evolved platforms with BGP multipath enabled, a specific multipath calculation removes the original next hop from the multipath lead routes nexthop-set. When this change happens, multipath relies on certain internal timing to record the update.\u00a0 Under certain circumstance and with specific timing, this could result in an rpd crash.\n\nThis issue only affects systems with BGP multipath enabled.\n\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions of 21.1\n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3-S2, \n * from 22.4 before 22.4R3, \n * from 23.2 before 23.2R2.\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions of 21.1-EVO,\n * All versions of 21.2-EVO,\n * from 21.4-EVO before 21.4R3-S6-EVO, \n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO.\n\n\n\nVersions of Junos OS before 21.1R1 are unaffected by this vulnerability.\nVersions of Junos OS Evolved before 21.1R1-EVO are unaffected by this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA83014", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39555.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39555.json new file mode 100644 index 00000000000..945f5f2f4f0 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39555.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39555", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:11.863", + "lastModified": "2024-07-10T23:15:11.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Handling of Exceptional Conditions vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an attacker sending a specific malformed BGP update message to cause the session to reset, resulting in a Denial of Service (DoS). Continued receipt and processing of these malformed BGP update messages will create a sustained Denial of Service (DoS) condition.\n\nUpon receipt of a BGP update message over an established BGP session containing a specifically malformed tunnel encapsulation attribute, when segment routing is enabled, internal processing of the malformed attributes within the update results in improper parsing of remaining attributes, leading to session reset:\n\nBGP SEND Notification code 3 (Update Message Error) subcode 1 (invalid attribute list)\n\nOnly systems with segment routing enabled are vulnerable to this issue.\n\nThis issue affects eBGP and iBGP, in both IPv4 and IPv6 implementations, and requires a remote attacker to have at least one established BGP session.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 21.4R3-S8, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S3, \n * from 23.2 before 23.2R2-S1, \n * from 23.4 before 23.4R1-S2, 23.4R2.\n\n\nJunos OS Evolved:\u00a0\n\n * All versions before 21.4R3-S8-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S3-EVO, \n * from 23.2-EVO before 23.2R2-S1-EVO, \n * from 23.4-EVO before 23.4R1-S2-EVO, 23.4R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "AUTOMATIC", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA83015", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39556.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39556.json new file mode 100644 index 00000000000..eff5fece8fe --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39556.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39556", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:12.133", + "lastModified": "2024-07-10T23:15:12.133", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Stack-Based Buffer Overflow vulnerability in Juniper Networks Junos OS and Juniper Networks Junos OS Evolved may allow a local, low-privileged attacker with access to the CLI the ability to load a malicious certificate file, leading to a limited Denial of Service (DoS) or privileged code execution.\n\nBy exploiting the 'set security certificates' command with a crafted certificate file, a malicious attacker with access to the CLI could cause a crash of the command management daemon (mgd), limited to the local user's command interpreter, or potentially trigger a stack-based buffer overflow.\n\n\nThis issue affects:\n\n\u00a0Junos OS: \n\n\n * All versions before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 21.4R3-S7-EVO, \n * from 22.1-EVO before 22.1R3-S6-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-S2-EVO, \n * from 23.2-EVO before 23.2R2-EVO, \n * from 23.4-EVO before 23.4R1-S1-EVO, 23.4R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA83016", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39557.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39557.json new file mode 100644 index 00000000000..0f935fc0b59 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39557.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39557", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:12.370", + "lastModified": "2024-07-10T23:15:12.370", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Uncontrolled Resource Consumption vulnerability in the \n\nLayer 2 Address Learning Daemon (l2ald)\n\n of Juniper Networks Junos OS Evolved allows an unauthenticated, adjacent attacker to cause a memory leak, eventually exhausting all system memory, leading to a system crash and Denial of Service (DoS).\n\nCertain MAC table updates cause a small amount of memory to leak.\u00a0 Once memory utilization reaches its limit, the issue will result in a system crash and restart.\n\nTo identify the issue, execute the CLI command:\n \nuser@device> show platform application-info allocations app l2ald-agent\nEVL Object Allocation Statistics:\n \n Node \u00a0 Application \u00a0 \u00a0 Context Name \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Live \u00a0 Allocs \u00a0 Fails \u00a0 \u00a0 Guids\n re0 \u00a0 l2ald-agent \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 net::juniper::rtnh::L2Rtinfo \u00a0 \u00a0 \u00a0 1069096 1069302 \u00a0 0 \u00a0 \u00a0 \u00a0 \u00a0 1069302\n re0 \u00a0 l2ald-agent \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 net::juniper::rtnh::NHOpaqueTlv \u00a0 \u00a0 114 \u00a0 \u00a0 195 \u00a0 \u00a0 \u00a0 0 \u00a0 \u00a0 \u00a0 \u00a0 195\n\n\n\nThis issue affects Junos OS Evolved: \n\n\n * All versions before 21.4R3-S8-EVO,\n\n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO\u00a0before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "AUTOMATIC", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA83017", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39558.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39558.json new file mode 100644 index 00000000000..e2ccafdd25f --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39558.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39558", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:12.617", + "lastModified": "2024-07-10T23:15:12.617", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Unchecked Return Value vulnerability in the Routing Protocol Daemon (rpd) on Juniper Networks Junos OS and Juniper Networks Junos OS Evolved allows a logically adjacent, unauthenticated attacker sending a specific PIM packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS), when PIM is configured with Multicast-only Fast Reroute (MoFRR). Continued receipt and processing of this packet may create a sustained Denial of Service (DoS) condition.\n\nThis issue is observed on Junos and Junos Evolved platforms where PIM is configured along with MoFRR. MoFRR tries to select the active path, but due to an internal timing issue, rpd is unable to select the forwarding next-hop towards the source, resulting in an rpd crash.\n\nThis issue affects:\n\nJunos OS: \n\n\n * All versions before 20.4R3-S10, \n * from 21.2 before 21.2R3-S7, \n * from 21.4 before 21.4R3-S6, \n * from 22.1 before 22.1R3-S5, \n * from 22.2 before 22.2R3-S3, \n * from 22.3 before 22.3R3, \n * from 22.4 before 22.4R2;\u00a0\n\n\n\n\nJunos OS Evolved: \n\n\n * All versions before 20.4R3-S10 -EVO,\n * from 21.2-EVO before 21.2R3-S7 -EVO,\n * from 21.4-EVO before 21.4R3-S6 -EVO,\n * from 22.1-EVO before 22.1R3-S5 -EVO,\n * from 22.2-EVO before 22.2R3-S3-EVO,\n * from 22.3-EVO before 22.3R3-EVO,\n * from 22.4-EVO before 22.4R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "AUTOMATIC", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-252" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA83018", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39559.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39559.json new file mode 100644 index 00000000000..14017ba25e2 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39559.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39559", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:12.863", + "lastModified": "2024-07-10T23:15:12.863", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in packet processing of Juniper Networks Junos OS Evolved may allow a network-based unauthenticated attacker to crash the device (vmcore) by sending a specific TCP packet over an established TCP session with MD5 authentication enabled, destined to an accessible port on the device, resulting in a Denial of Service (DoS).\u00a0 The receipt of this packet must occur within a specific timing window outside the attacker's control (i.e., race condition).\n\nContinued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition.\n\nThis issue only affects\u00a0dual RE systems with Nonstop Active Routing (NSR) enabled.\nExploitation can only occur over TCP sessions with MD5 authentication enabled (e.g., BGP with MD5 authentication).\n\nThis issue affects Junos OS Evolved:\u00a0\n\n\n\n * All versions before 21.2R3-S8-EVO, \n * from 21.4-EVO before 21.4R3-S6-EVO, \n * from 22.1-EVO before 22.1R3-S4-EVO, \n * from 22.2-EVO before 22.2R3-S4-EVO, \n * from 22.3-EVO before 22.3R3-S3-EVO, \n * from 22.4-EVO before 22.4R2-S2-EVO, 22.4R3-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:A/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "AUTOMATIC", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.2, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA83019", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39560.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39560.json new file mode 100644 index 00000000000..57d75197847 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39560.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39560", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:13.140", + "lastModified": "2024-07-10T23:15:13.140", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a logically adjacent downstream RSVP neighbor to cause kernel memory exhaustion, leading to a kernel crash, resulting in a Denial of Service (DoS).\n\nThe kernel memory leak and eventual crash will be seen when the downstream RSVP neighbor has a persistent error which will not be corrected.\n\nSystem kernel memory can be monitored through the use of the 'show system statistics kernel memory' command as shown below:\n\nuser@router> show system statistics kernel memory\nMemory \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Size (kB) Percentage When\n\u00a0 Active \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 753092 \u00a0 \u00a0 18.4% Now\n\u00a0 Inactive \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 574300 \u00a0 \u00a0 14.0% Now\n\u00a0 Wired\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 443236 \u00a0 \u00a0 10.8% Now\n\u00a0 Cached\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 1911204 \u00a0 \u00a0 46.6% Now\n\u00a0 Buf \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 32768\u00a0 \u00a0 \u00a0 0.8% Now\n\u00a0 Free \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 385072\u00a0 \u00a0 \u00a0 9.4% Now\nKernel Memory\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Now\n\u00a0 Data \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 312908\u00a0 \u00a0 \u00a0 7.6% Now\n\u00a0 Text \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2560\u00a0 \u00a0 \u00a0 0.1% Now\n...\n\nThis issue affects:\nJunos OS:\n\n\n * All versions before 20.4R3-S9,\n * from 21.4 before 21.4R3-S5,\n * from 22.1 before 22.1R3-S5,\n * from 22.2 before 22.2R3-S3,\n * from 22.3 before 22.3R3-S2,\n * from 22.4 before 22.4R3,\n * from 23.2 before 23.2R2;\n\n\nJunos OS Evolved:\n\n\n * All versions before 21.4R3-S5-EVO,\n * from 22.1-EVO before 22.1R3-S5-EVO, \n * from 22.2-EVO before 22.2R3-S3-EVO, \n * from 22.3-EVO before 22.3R3-S2-EVO, \n * from 22.4-EVO before 22.4R3-EVO, \n * from 23.2-EVO before 23.2R2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "ADJACENT", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "LOW", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.1, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-755" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA83020", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39561.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39561.json new file mode 100644 index 00000000000..1656c4e04c6 --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39561.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-39561", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:13.383", + "lastModified": "2024-07-10T23:15:13.383", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on \n\nSRX4600 and SRX5000 Series\n\n allows an attacker to send TCP packets with \n\nSYN/FIN or SYN/RST\n\n flags, bypassing the expected blocking of these packets.\n\nA TCP packet with SYN/FIN or SYN/RST should be dropped in flowd. However, when no-syn-check and Express Path\u00a0are enabled, these TCP packets are unexpectedly transferred to the downstream network.\n\nThis issue affects Junos OS on SRX4600 and SRX5000 Series: \n\n\n * All versions before 21.2R3-S8, \n * from 21.4 before 21.4R3-S7, \n * from 22.1 before 22.1R3-S6, \n * from 22.2 before 22.2R3-S4, \n * from 22.3 before 22.3R3-S3, \n * from 22.4 before 22.4R3-S2, \n * from 23.2 before 23.2R2, \n * from 23.4 before 23.4R1-S1, 23.4R2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "LOW", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-754" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA83021", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39562.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39562.json new file mode 100644 index 00000000000..241574d02cf --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39562.json @@ -0,0 +1,104 @@ +{ + "id": "CVE-2024-39562", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:13.670", + "lastModified": "2024-07-10T23:15:13.670", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A Missing Release of Resource after Effective Lifetime vulnerability the xinetd process, responsible for spawning SSH daemon (sshd) instances, of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial of Service (DoS) by blocking SSH access for legitimate users. Continued receipt of these connections will create a sustained Denial of Service (DoS) condition.\n\nThe issue is triggered when a high rate of concurrent SSH requests are received and terminated in a specific way, causing xinetd to crash, and leaving defunct sshd processes. Successful exploitation of this vulnerability blocks both SSH access as well as services which rely upon SSH, such as SFTP, and\u00a0Netconf over SSH.\n\nOnce the system is in this state, legitimate users will be unable to SSH to the device until service is manually restored.\u00a0 See WORKAROUND section below.\n\nAdministrators can monitor an increase in defunct sshd processes by utilizing the CLI command:\n\n\u00a0 > show system processes | match sshd\n\u00a0 root \u00a0 25219 30901 0 Jul16 ? \u00a0 \u00a0 \u00a0 00:00:00 [sshd] \n\nThis issue affects Juniper Networks Junos OS Evolved:\n * All versions prior to 21.4R3-S7-EVO\n * 22.3-EVO versions prior to 22.3R2-S2-EVO, 22.3R3-S2-EVO;\n * 22.4-EVO versions prior to 22.4R3-EVO;\n * 23.2-EVO versions prior to 23.2R2-EVO.\n\n\n\nThis issue does not affect Juniper Networks Junos OS Evolved 22.1-EVO nor 22.2-EVO." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-772" + } + ] + } + ], + "references": [ + { + "url": "https://supportportal.juniper.net/JSA75724", + "source": "sirt@juniper.net" + }, + { + "url": "https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-395xx/CVE-2024-39565.json b/CVE-2024/CVE-2024-395xx/CVE-2024-39565.json new file mode 100644 index 00000000000..a53c0050d9e --- /dev/null +++ b/CVE-2024/CVE-2024-395xx/CVE-2024-39565.json @@ -0,0 +1,108 @@ +{ + "id": "CVE-2024-39565", + "sourceIdentifier": "sirt@juniper.net", + "published": "2024-07-10T23:15:13.940", + "lastModified": "2024-07-10T23:15:13.940", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to\u00a0execute\u00a0remote commands on the target device.\u00a0\n\nWhile an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device.\nThis issue affects Junos OS:\u00a0\n\n\n\n * All versions before 21.2R3-S8,\u00a0\n * from 21.4 before 21.4R3-S7,\n * from 22.2 before 22.2R3-S4,\n * from 22.3 before 22.3R3-S3,\n * from 22.4 before 22.4R3-S2,\n * from 23.2 before 23.2R2,\n * from 23.4 before 23.4R1-S1, 23.4R2." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:C/RE:M/U:Amber", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "YES", + "recovery": "NOT_DEFINED", + "valueDensity": "CONCENTRATED", + "vulnerabilityResponseEffort": "MODERATE", + "providerUrgency": "AMBER", + "baseScore": 7.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "sirt@juniper.net", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "sirt@juniper.net", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-643" + } + ] + } + ], + "references": [ + { + "url": "https://support.juniper.net/support/downloads/?p=283", + "source": "sirt@juniper.net" + }, + { + "url": "https://supportportal.juniper.net/JSA83023", + "source": "sirt@juniper.net" + }, + { + "url": "https://www.first.org/cvss/calculator/v4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/AU:Y/R:I/V:C/RE:L/U:Amber", + "source": "sirt@juniper.net" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6036.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6036.json new file mode 100644 index 00000000000..a08efd43515 --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6036.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-6036", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-07-10T23:15:14.227", + "lastModified": "2024-07-10T23:15:14.227", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows any user to restart the server at will by sending a specific request to the `/queue/join?` endpoint with `\"fn_index\":66`. This unrestricted server restart capability can severely disrupt service availability, cause data loss or corruption, and potentially compromise system integrity." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/e9eaaea9-5750-4955-9142-2f12ad4b06db", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-60xx/CVE-2024-6037.json b/CVE-2024/CVE-2024-60xx/CVE-2024-6037.json new file mode 100644 index 00000000000..b11f9861086 --- /dev/null +++ b/CVE-2024/CVE-2024-60xx/CVE-2024-6037.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-6037", + "sourceIdentifier": "security@huntr.dev", + "published": "2024-07-10T23:15:14.493", + "lastModified": "2024-07-10T23:15:14.493", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240410 allows an attacker to create arbitrary folders at any location on the server, including the root directory (C: dir). This can lead to uncontrolled resource consumption, resulting in resource exhaustion, denial of service (DoS), server unavailability, and potential data loss or corruption." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "security@huntr.dev", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security@huntr.dev", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://huntr.com/bounties/eca6904f-f9fd-40c8-9e85-96f54daf405e", + "source": "security@huntr.dev" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-63xx/CVE-2024-6387.json b/CVE-2024/CVE-2024-63xx/CVE-2024-6387.json index d3ef015dabc..455d23da1e0 100644 --- a/CVE-2024/CVE-2024-63xx/CVE-2024-6387.json +++ b/CVE-2024/CVE-2024-63xx/CVE-2024-6387.json @@ -2,7 +2,7 @@ "id": "CVE-2024-6387", "sourceIdentifier": "secalert@redhat.com", "published": "2024-07-01T13:15:06.467", - "lastModified": "2024-07-10T18:15:05.163", + "lastModified": "2024-07-10T23:15:14.700", "vulnStatus": "Modified", "cveTags": [], "descriptions": [ @@ -555,6 +555,14 @@ "url": "http://www.openwall.com/lists/oss-security/2024/07/10/3", "source": "secalert@redhat.com" }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/10/4", + "source": "secalert@redhat.com" + }, + { + "url": "http://www.openwall.com/lists/oss-security/2024/07/10/6", + "source": "secalert@redhat.com" + }, { "url": "https://access.redhat.com/errata/RHSA-2024:4312", "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6650.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6650.json new file mode 100644 index 00000000000..8ff0031bf68 --- /dev/null +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6650.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-6650", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-07-10T23:15:14.930", + "lastModified": "2024-07-10T23:15:14.930", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this issue is the function save_designation of the file /classes/Master.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-271058 is the identifier assigned to this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.4, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 0.9, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "NONE", + "integrityImpact": "PARTIAL", + "availabilityImpact": "NONE", + "baseScore": 3.3 + }, + "baseSeverity": "LOW", + "exploitabilityScore": 6.4, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/Xu-Mingming/cve/blob/main/xss1.md", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.271058", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.271058", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.370664", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-66xx/CVE-2024-6652.json b/CVE-2024/CVE-2024-66xx/CVE-2024-6652.json new file mode 100644 index 00000000000..137a2931245 --- /dev/null +++ b/CVE-2024/CVE-2024-66xx/CVE-2024-6652.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-6652", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-07-10T23:15:15.250", + "lastModified": "2024-07-10T23:15:15.250", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability was found in itsourcecode Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file manage_member.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-271059." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/littletree7/cve/issues/1", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.271059", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.271059", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.372193", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 93a6f5143d0..9994e82eb35 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-07-10T22:00:18.497829+00:00 +2024-07-10T23:55:18.476732+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-07-10T21:15:11.520000+00:00 +2024-07-10T23:15:15.250000+00:00 ``` ### Last Data Feed Release @@ -33,39 +33,43 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -256620 +256640 ``` ### CVEs added in the last Commit -Recently added CVEs: `16` +Recently added CVEs: `20` -- [CVE-2024-25076](CVE-2024/CVE-2024-250xx/CVE-2024-25076.json) (`2024-07-10T20:15:02.933`) -- [CVE-2024-25077](CVE-2024/CVE-2024-250xx/CVE-2024-25077.json) (`2024-07-10T20:15:03.023`) -- [CVE-2024-37148](CVE-2024/CVE-2024-371xx/CVE-2024-37148.json) (`2024-07-10T20:15:03.280`) -- [CVE-2024-37149](CVE-2024/CVE-2024-371xx/CVE-2024-37149.json) (`2024-07-10T20:15:03.543`) -- [CVE-2024-37310](CVE-2024/CVE-2024-373xx/CVE-2024-37310.json) (`2024-07-10T20:15:03.790`) -- [CVE-2024-38353](CVE-2024/CVE-2024-383xx/CVE-2024-38353.json) (`2024-07-10T20:15:04.053`) -- [CVE-2024-38354](CVE-2024/CVE-2024-383xx/CVE-2024-38354.json) (`2024-07-10T20:15:04.293`) -- [CVE-2024-39693](CVE-2024/CVE-2024-396xx/CVE-2024-39693.json) (`2024-07-10T20:15:04.543`) -- [CVE-2024-6148](CVE-2024/CVE-2024-61xx/CVE-2024-6148.json) (`2024-07-10T21:15:10.730`) -- [CVE-2024-6149](CVE-2024/CVE-2024-61xx/CVE-2024-6149.json) (`2024-07-10T21:15:10.830`) -- [CVE-2024-6150](CVE-2024/CVE-2024-61xx/CVE-2024-6150.json) (`2024-07-10T21:15:10.920`) -- [CVE-2024-6151](CVE-2024/CVE-2024-61xx/CVE-2024-6151.json) (`2024-07-10T21:15:11.013`) -- [CVE-2024-6236](CVE-2024/CVE-2024-62xx/CVE-2024-6236.json) (`2024-07-10T21:15:11.120`) -- [CVE-2024-6286](CVE-2024/CVE-2024-62xx/CVE-2024-6286.json) (`2024-07-10T21:15:11.210`) -- [CVE-2024-6663](CVE-2024/CVE-2024-66xx/CVE-2024-6663.json) (`2024-07-10T21:15:11.463`) -- [CVE-2024-6664](CVE-2024/CVE-2024-66xx/CVE-2024-6664.json) (`2024-07-10T21:15:11.520`) +- [CVE-2024-39511](CVE-2024/CVE-2024-395xx/CVE-2024-39511.json) (`2024-07-10T23:15:10.127`) +- [CVE-2024-39512](CVE-2024/CVE-2024-395xx/CVE-2024-39512.json) (`2024-07-10T23:15:10.393`) +- [CVE-2024-39513](CVE-2024/CVE-2024-395xx/CVE-2024-39513.json) (`2024-07-10T23:15:10.640`) +- [CVE-2024-39514](CVE-2024/CVE-2024-395xx/CVE-2024-39514.json) (`2024-07-10T23:15:10.877`) +- [CVE-2024-39517](CVE-2024/CVE-2024-395xx/CVE-2024-39517.json) (`2024-07-10T23:15:11.127`) +- [CVE-2024-39518](CVE-2024/CVE-2024-395xx/CVE-2024-39518.json) (`2024-07-10T23:15:11.363`) +- [CVE-2024-39554](CVE-2024/CVE-2024-395xx/CVE-2024-39554.json) (`2024-07-10T23:15:11.607`) +- [CVE-2024-39555](CVE-2024/CVE-2024-395xx/CVE-2024-39555.json) (`2024-07-10T23:15:11.863`) +- [CVE-2024-39556](CVE-2024/CVE-2024-395xx/CVE-2024-39556.json) (`2024-07-10T23:15:12.133`) +- [CVE-2024-39557](CVE-2024/CVE-2024-395xx/CVE-2024-39557.json) (`2024-07-10T23:15:12.370`) +- [CVE-2024-39558](CVE-2024/CVE-2024-395xx/CVE-2024-39558.json) (`2024-07-10T23:15:12.617`) +- [CVE-2024-39559](CVE-2024/CVE-2024-395xx/CVE-2024-39559.json) (`2024-07-10T23:15:12.863`) +- [CVE-2024-39560](CVE-2024/CVE-2024-395xx/CVE-2024-39560.json) (`2024-07-10T23:15:13.140`) +- [CVE-2024-39561](CVE-2024/CVE-2024-395xx/CVE-2024-39561.json) (`2024-07-10T23:15:13.383`) +- [CVE-2024-39562](CVE-2024/CVE-2024-395xx/CVE-2024-39562.json) (`2024-07-10T23:15:13.670`) +- [CVE-2024-39565](CVE-2024/CVE-2024-395xx/CVE-2024-39565.json) (`2024-07-10T23:15:13.940`) +- [CVE-2024-6036](CVE-2024/CVE-2024-60xx/CVE-2024-6036.json) (`2024-07-10T23:15:14.227`) +- [CVE-2024-6037](CVE-2024/CVE-2024-60xx/CVE-2024-6037.json) (`2024-07-10T23:15:14.493`) +- [CVE-2024-6650](CVE-2024/CVE-2024-66xx/CVE-2024-6650.json) (`2024-07-10T23:15:14.930`) +- [CVE-2024-6652](CVE-2024/CVE-2024-66xx/CVE-2024-6652.json) (`2024-07-10T23:15:15.250`) ### CVEs modified in the last Commit Recently modified CVEs: `4` -- [CVE-2022-39227](CVE-2022/CVE-2022-392xx/CVE-2022-39227.json) (`2024-07-10T21:15:10.210`) -- [CVE-2023-51105](CVE-2023/CVE-2023-511xx/CVE-2023-51105.json) (`2024-07-10T20:15:02.820`) -- [CVE-2024-6409](CVE-2024/CVE-2024-64xx/CVE-2024-6409.json) (`2024-07-10T20:15:04.853`) -- [CVE-2024-6647](CVE-2024/CVE-2024-66xx/CVE-2024-6647.json) (`2024-07-10T21:15:11.350`) +- [CVE-2023-41915](CVE-2023/CVE-2023-419xx/CVE-2023-41915.json) (`2024-07-10T23:15:09.923`) +- [CVE-2024-26621](CVE-2024/CVE-2024-266xx/CVE-2024-26621.json) (`2024-07-10T23:15:10.040`) +- [CVE-2024-38021](CVE-2024/CVE-2024-380xx/CVE-2024-38021.json) (`2024-07-10T22:15:04.530`) +- [CVE-2024-6387](CVE-2024/CVE-2024-63xx/CVE-2024-6387.json) (`2024-07-10T23:15:14.700`) ## Download and Usage diff --git a/_state.csv b/_state.csv index df8b0033a51..a84d46e51fe 100644 --- a/_state.csv +++ b/_state.csv @@ -205371,7 +205371,7 @@ CVE-2022-39222,0,0,d5c5959de85d8399f7df5df7fe710a9317d7041d9b0b4b33bf3ae297bcc6e CVE-2022-39224,0,0,74ea89dc06f9e57b983f75ca05855fc4f4cb512ab1741b0a4530707b87a7d9ec,2022-09-26T13:41:40.930000 CVE-2022-39225,0,0,1ffacad34887b15c068e75426ef754e90dae5870ac74bcf9503b989bb98b1547,2022-09-28T13:50:43.977000 CVE-2022-39226,0,0,acbe605eedc5b8513fa1a9550dfce48c9078a9ebdc3877e2da3d43c5379e7076,2022-10-05T21:16:28.857000 -CVE-2022-39227,0,1,019614e57b7ad104fb5797fe27fc61c9be6c1561596ea79fd21f3c74865f95f5,2024-07-10T21:15:10.210000 +CVE-2022-39227,0,0,019614e57b7ad104fb5797fe27fc61c9be6c1561596ea79fd21f3c74865f95f5,2024-07-10T21:15:10.210000 CVE-2022-39228,0,0,9ac109f41184e5b247f5400110c9db7bb5e2c50a63cd3683f4750827719518ad,2023-11-07T03:50:22.207000 CVE-2022-39229,0,0,15c32822b0b02ba916b7978b1911da429757ff74dff8754a1162c942ec0c715d,2022-10-19T14:10:31.537000 CVE-2022-3923,0,0,c8833e201274cfbe638e6a0e7d3dae3aac2f4aae1f4ceb74dd47079222d175e6,2023-11-07T03:51:58.120000 @@ -231314,7 +231314,7 @@ CVE-2023-41910,0,0,ddadb74f9e50737d21120f0b88022d8c15ee68cc56eb3c4577229fb7986d3 CVE-2023-41911,0,0,c370f1652ab4a7704bdb8c1c18b508b07e9446ea3a6134c45133ba3207c3be67,2023-10-02T19:02:19.277000 CVE-2023-41913,0,0,ac6a5dec8a2ef981599760c1bd584c0a3e1984d30935032e705f83162150cb05,2024-06-11T04:15:10.863000 CVE-2023-41914,0,0,27c5c2c3c84cd968ddce119075b7bda7c87709505c9fb5104442489dec8eacba,2023-11-09T22:11:29.870000 -CVE-2023-41915,0,0,36dcb97e8e88c3fa222716fa41549145bf1bf8e3b34064739182cd4dfb8684ab,2024-07-10T18:15:02.900000 +CVE-2023-41915,0,1,ca0a079d97dd9f25e9b1363dbc30e209a10f89677e357ff69efeae8b50de45f1,2024-07-10T23:15:09.923000 CVE-2023-41917,0,0,f3161e8d6c620e45be8c901747b972f5e1c375ee92e6d63bc7e00bef339a5387,2024-07-02T12:09:16.907000 CVE-2023-41918,0,0,0856e5fa41285db5b029ff0214e8d51ede0087304c24a711546183f0175c9d9e,2024-07-02T12:09:16.907000 CVE-2023-41919,0,0,6807d33f550dbbb2d90b8f4fce9a8f7ee1053b0fb9f312837bd90277e545973a,2024-07-02T12:09:16.907000 @@ -237542,7 +237542,7 @@ CVE-2023-51101,0,0,715bd2375e465539f78b9589de724a3b44b5b751f2a2bdeeadbb172b19954 CVE-2023-51102,0,0,43e4885799f2da8dffd65a72e501f08b192ea7fe94ed89bfde6db81b2efa7f22,2023-12-30T03:19:15.973000 CVE-2023-51103,0,0,71cf8eb36c512e4486b80f2008e48d245df5f090a9237a985a5b7ec951e695d4,2024-01-05T16:25:15.997000 CVE-2023-51104,0,0,4e7f57d88a96c53c8983850e0ce64f7f7f64d18b84efb70425e41eb2b5c6ccf2,2024-07-09T21:15:11.690000 -CVE-2023-51105,0,1,4abe2872b1e377f4ee0d31e3315aedcd1a647380c8a18113bab0a1851833e7a2,2024-07-10T20:15:02.820000 +CVE-2023-51105,0,0,4abe2872b1e377f4ee0d31e3315aedcd1a647380c8a18113bab0a1851833e7a2,2024-07-10T20:15:02.820000 CVE-2023-51106,0,0,2ad42e3fc60bf937fccd789a94702f6663bceff82ffdd09e8001ab565c4bd666,2024-03-18T04:15:08.790000 CVE-2023-51107,0,0,c5d5f3f75be31a12b33532bfd4bfc63c33f71406b1ed3956b0081dc9f8320e93,2024-01-05T17:14:48.820000 CVE-2023-5111,0,0,9aa75e6a8b2cdd2372d791a9a0def8ce9e9d4923ff9c71c4dfed5da5d92d1561,2023-10-06T17:58:29.377000 @@ -245614,8 +245614,8 @@ CVE-2024-25064,0,0,1c648660fe74d25bd4bc9587030796b3cc77cb44c915d4df3e4024ac11525 CVE-2024-25065,0,0,f671f82a7697d47568409b085db18a169bcbb80a6a570c1657ffbf02010a7804,2024-02-29T13:49:29.390000 CVE-2024-2507,0,0,ea9c85786faadd0442f075fa7cedcc51f34924f4764686abb8afe0beed882661,2024-04-10T13:23:38.787000 CVE-2024-25075,0,0,8f1ad7795ac9be7789e9412ad24a6f478ed4bba46ede8202f16d701d6f470c93,2024-04-03T12:38:04.840000 -CVE-2024-25076,1,1,d66bc17d91809cc2f78f3102ffe32b214bc987b6cd580c79f6170144ca43d7b5,2024-07-10T20:15:02.933000 -CVE-2024-25077,1,1,1f8486cd645938c03e21e9baea1f7aad5d57b438c9e14c7dfeed86cd8586c3f4,2024-07-10T20:15:03.023000 +CVE-2024-25076,0,0,d66bc17d91809cc2f78f3102ffe32b214bc987b6cd580c79f6170144ca43d7b5,2024-07-10T20:15:02.933000 +CVE-2024-25077,0,0,1f8486cd645938c03e21e9baea1f7aad5d57b438c9e14c7dfeed86cd8586c3f4,2024-07-10T20:15:03.023000 CVE-2024-25078,0,0,14ea593bbd760f1a861775a7e6100acb3fd7a8f88d884ae3f61694ec3c2b2927,2024-07-03T01:48:39.997000 CVE-2024-25079,0,0,df3a5b95b7f6f4370caee005112754774cb6bfa4fa30f82a6ed48ecf2a7fc17d,2024-07-03T01:48:40.830000 CVE-2024-25080,0,0,b71676650e0fe980740d0ba2f09b4ab96eab09f2522aeb1c79a8cba30e06c62f,2024-04-01T12:49:00.877000 @@ -246642,7 +246642,7 @@ CVE-2024-26618,0,0,b4ee02e43411773445d9502213c0c8ee13dbb28e9adadb6062e2443b8f287 CVE-2024-26619,0,0,4bc519bd153c025ad692ee69af117d5945ba0b94f5c3e5862c457953e2f5d4bd,2024-03-12T12:40:13.500000 CVE-2024-2662,0,0,f67fa5f3bbbaf2e8acff0e892a68fc06e4217f99a75dec53361b235392202bd4,2024-05-14T16:13:02.773000 CVE-2024-26620,0,0,d9644d90006553a6ef7df3ce5b7de0b26190c676351738b9b2539bec3ef4ee61,2024-03-12T12:40:13.500000 -CVE-2024-26621,0,0,ae174ab63b89076d7a9ceec8eb1daf44db9a15c3dd214e36a51556f5f92d37bd,2024-07-09T07:15:03.463000 +CVE-2024-26621,0,1,b7ecfb322a157dec7618566e7b66e107324db99cc27d9506a03d658275c424bb,2024-07-10T23:15:10.040000 CVE-2024-26622,0,0,429b8c79ac7bc8a6f352b05f3ec787ee7dce1baf63c22803c7866fe6ab98869f,2024-06-25T22:15:19.240000 CVE-2024-26623,0,0,5692b1c30d07fd10d73a2d8d099143935e519ebf33db10f9328fbf12228012a8,2024-03-06T15:18:08.093000 CVE-2024-26624,0,0,9575e38401ed951dd513d0e1852942215c7c9e9bc3c5371fd0da3ac3a0eac967,2024-03-27T14:15:10.163000 @@ -253648,8 +253648,8 @@ CVE-2024-37141,0,0,b03df6d0d6f897b221dc842eaee3003cdd6e5a584378ab9df9bc91aaf0755 CVE-2024-37145,0,0,5c583bad753181323e403ceb6f4418c69209cee6463fe8ada19cf90c7991fb5f,2024-07-02T12:09:16.907000 CVE-2024-37146,0,0,d5817f16e70393732c114867d4a0a6a7a44408de06d35e1f4b6b81d6827c298f,2024-07-02T12:09:16.907000 CVE-2024-37147,0,0,7a31258544a4e88adf524ac1293ead93cd96672924da2d1697b8fab4e9cdc221,2024-07-10T19:15:10.930000 -CVE-2024-37148,1,1,d34a4e96289a16ca2babafd1684df282e85bccbb8fc2fc0400b81e026d541ad3,2024-07-10T20:15:03.280000 -CVE-2024-37149,1,1,b981686ad01124fa84f3021eb2d86d5c07e4a35cbc3f848d00608f80820f520b,2024-07-10T20:15:03.543000 +CVE-2024-37148,0,0,d34a4e96289a16ca2babafd1684df282e85bccbb8fc2fc0400b81e026d541ad3,2024-07-10T20:15:03.280000 +CVE-2024-37149,0,0,b981686ad01124fa84f3021eb2d86d5c07e4a35cbc3f848d00608f80820f520b,2024-07-10T20:15:03.543000 CVE-2024-3715,0,0,902861be5261e2c029ed83a5c6920fde180817c53e05bb93208dc31c820658c5,2024-05-02T18:00:37.360000 CVE-2024-37150,0,0,97cf533630a2e81b430f11fe12ccc7be397791e2299035e9f7d7a243e494791c,2024-06-07T14:56:05.647000 CVE-2024-37152,0,0,d5beb8b2bc90de99efc40fac5a89948f3b2a0d50610a65220e35a91d41ce9369,2024-06-07T14:56:05.647000 @@ -253737,7 +253737,7 @@ CVE-2024-37307,0,0,307a9077f465a844bb3929ae05a1dcebcb701d8b2ae344b6539171566dfcc CVE-2024-37308,0,0,789ac1ee79bf50a380c8842b793e1f03cbcea96755a8db8c09ad817d1922f353,2024-06-13T18:35:19.777000 CVE-2024-37309,0,0,665df876b2164bd39f49af0dbd8eb55d8bda11b715021fb1a958468109ece0ed,2024-06-13T18:35:19.777000 CVE-2024-3731,0,0,bdcc8f677627b7b108ec8e839a01e7cc6ba34354d6004394dff79046d7838f40,2024-04-19T13:10:25.637000 -CVE-2024-37310,1,1,b89dce05a6fcfa197b0f3591505fabefb6ccff051d6496173d06bbcf5f585311,2024-07-10T20:15:03.790000 +CVE-2024-37310,0,0,b89dce05a6fcfa197b0f3591505fabefb6ccff051d6496173d06bbcf5f585311,2024-07-10T20:15:03.790000 CVE-2024-37312,0,0,ba4f355e4f74a8bde30dcfd48ce758e7796e43079453cb77192f0999aacce83a,2024-06-17T12:42:04.623000 CVE-2024-37313,0,0,bad34f14f8fcac47115250f6ec4bbac8493c061a0b49da4b4fbe2645f7a82474,2024-06-17T12:42:04.623000 CVE-2024-37314,0,0,bbb529e96a1bf18f91583a0e4981cbc0e945b7a77e11c3672e59d0ae8b6a6421,2024-06-17T12:42:04.623000 @@ -254034,7 +254034,7 @@ CVE-2024-38017,0,0,73290933abbcecd5d36371e14a73a0c61df248f2b886d97acbc4fc5522ff2 CVE-2024-38019,0,0,e82228040e66d2c2532ef58389cbb59007365a7bf6c6085235aca728e5a61148,2024-07-09T18:18:38.713000 CVE-2024-3802,0,0,aaa997a68afe711762ac8536c5d0fad15740edaa6785e851a1495f0cf1f43e75,2024-06-04T02:15:49.290000 CVE-2024-38020,0,0,bd7252602fb74ca11537d67660e517112b86ed47ec6e539cb60f3b6f51021a94,2024-07-09T18:18:38.713000 -CVE-2024-38021,0,0,4272adbfd7fcd9f761a08865d5bf8e0072fd2fb2720e257e8b6aa3fa42bc35df,2024-07-09T18:18:38.713000 +CVE-2024-38021,0,1,d2d70a48d6f9e5bd45005274a68113448acbc50ece7ebe1ffa9d448cca9f421b,2024-07-10T22:15:04.530000 CVE-2024-38022,0,0,741e925f1c88410970e421ad8e0c1008c9a613060613b619d3e51dbb26055bda,2024-07-09T18:18:38.713000 CVE-2024-38023,0,0,26aa830c0b687f2c026d2426ae46c898f634eeada2488acf5012ff575bf5f330,2024-07-09T18:18:38.713000 CVE-2024-38024,0,0,18c866607aa343d89e10112e531316720d7d5da3994742c51add368374a58c90,2024-07-09T18:18:38.713000 @@ -254163,8 +254163,8 @@ CVE-2024-38347,0,0,4d613454dc1780690a10a13a7c4d0d38fa70bfa9e6afa8cdcbdd33d7a9b43 CVE-2024-38348,0,0,6e5ce391b6cb124e038ae8273d56ab90f89cf43a2075c68d341d5350c665dadb,2024-07-03T02:04:55.710000 CVE-2024-38351,0,0,fc316049b1243ceecf4f16bb932622b3d32a9ec242887e0258f3f20fe77446f1,2024-06-20T12:44:01.637000 CVE-2024-38352,0,0,13a6e81e4d4d40a0591843c161ee638c75aac348990bf4d2603a4c2fb8cf2a30,2024-06-19T18:15:11.507000 -CVE-2024-38353,1,1,eb08852e451b97fe5122a1a9fd19cf3f0fa69e538523a9e0cadf1b54c38e5960,2024-07-10T20:15:04.053000 -CVE-2024-38354,1,1,1a991e4e7ebf191a695b1f99de82173b0105016b21d5ba679577ef4299e69da5,2024-07-10T20:15:04.293000 +CVE-2024-38353,0,0,eb08852e451b97fe5122a1a9fd19cf3f0fa69e538523a9e0cadf1b54c38e5960,2024-07-10T20:15:04.053000 +CVE-2024-38354,0,0,1a991e4e7ebf191a695b1f99de82173b0105016b21d5ba679577ef4299e69da5,2024-07-10T20:15:04.293000 CVE-2024-38355,0,0,548f855fd76fea3ae91cbde1441c70071a7c7d1a3d657b48a4999a1a744b1672,2024-06-20T12:43:25.663000 CVE-2024-38356,0,0,4d5684a2a5b21833c79b0d8355427fc3daf538540dd8f7d1cfa341630e75ced1,2024-06-20T12:43:25.663000 CVE-2024-38357,0,0,db932e7bd44b2292bed66681b7d77a847d541a79cdeb9df0d08a424975405801,2024-06-20T12:43:25.663000 @@ -254627,10 +254627,26 @@ CVE-2024-39491,0,0,d2975a109e73a4d679d1de3277f449b0b59355c75959a87b79fec0fa339af CVE-2024-39492,0,0,936737ac4a5aa51c6dd2775e7e8ab10104463739019f0e5149175b556e6d42ae,2024-07-10T08:15:11.360000 CVE-2024-39493,0,0,95ca26deac88a48a13f8b40620d0ff25df1c825b903366bd7b44a58ddff0741b,2024-07-10T08:15:11.427000 CVE-2024-3951,0,0,d1eb572088193a792816003caae4c8900ea1808fb70b3f34eb162771a0d73b1e,2024-05-08T17:05:24.083000 +CVE-2024-39511,1,1,7b05ce65731563c79294bee284ea4e6fa7d2301386141c03e1bff49ed7b8e0e8,2024-07-10T23:15:10.127000 +CVE-2024-39512,1,1,d7ca02e8f1592f1f31469ff4cd629b2fee1360dbe4e597a26bb73ed38f025794,2024-07-10T23:15:10.393000 +CVE-2024-39513,1,1,d8dc2351a0d98e5d4a578083ced931c7795fc8f4e60ad60f6ccc63d8ea7de867,2024-07-10T23:15:10.640000 +CVE-2024-39514,1,1,47631a8fe330006491f00cde3fb12f18c01c9baec830839535ae8ae7f97eaa93,2024-07-10T23:15:10.877000 +CVE-2024-39517,1,1,3c46ada663d8ffbdb4b88b4cfe0983c3e028f059ce81b2046e63dd2f8a33eef7,2024-07-10T23:15:11.127000 +CVE-2024-39518,1,1,eaa635a80528e7483e3e9921835314962ff00c79b39e854d1340c3887ad34e76,2024-07-10T23:15:11.363000 CVE-2024-3952,0,0,92f1da274771947c3cb4a43546670c1af8a997980dc361a71cd2fb07f162ad15,2024-05-14T16:11:39.510000 CVE-2024-3954,0,0,45f1b348fcace6f84e3157e2d0f8a54fc4228bb396d26e03c9556cd235947f43,2024-05-14T16:11:39.510000 CVE-2024-3955,0,0,1980afc805b9b5d168ea6a08c34d1a9d581fd505fecdd9c097016e585c054b35,2024-07-03T02:06:56.087000 +CVE-2024-39554,1,1,4591eb30484b22ebd9118f4d062e90e49def2b0738f44fc3235b87fd007b9900,2024-07-10T23:15:11.607000 +CVE-2024-39555,1,1,305803290d325fbcf3904271dce4385739256bb1824a023c6217ab8fbc632707,2024-07-10T23:15:11.863000 +CVE-2024-39556,1,1,03c8f7c9137bec821e13e27aa521c7a86a0f92820ddbfc1911cc0b6f362d4839,2024-07-10T23:15:12.133000 +CVE-2024-39557,1,1,8b6aefdeffc4849a2ec6d1dcca3a3eb4cba066b045df25dbe36ee6b0b93937c8,2024-07-10T23:15:12.370000 +CVE-2024-39558,1,1,2919edc34f42d8e103bdaf3d303d1679bf706fc60e9f5307313b09387b615fed,2024-07-10T23:15:12.617000 +CVE-2024-39559,1,1,ad430b23b18533cda3ddcfb241b9e2b35159b8281b37e4672c8f81f2b4ba7ea6,2024-07-10T23:15:12.863000 CVE-2024-3956,0,0,84c84e343f731479baad188521c68e2e10d428da5ee4bd61443cf640ccedc17a,2024-05-14T16:11:39.510000 +CVE-2024-39560,1,1,bff3d5ca0d1eeb898e1cde0c803b22bee5a652c60b70765c8a025e16b03b372b,2024-07-10T23:15:13.140000 +CVE-2024-39561,1,1,f04824838d32be9decc2affabee320bbb1df44f48491aa0e7ea7bd5df6540d63,2024-07-10T23:15:13.383000 +CVE-2024-39562,1,1,58e90e30c0db46bbb2aca8592ee3ce66358ecdc6223d7a942f023502538b998d,2024-07-10T23:15:13.670000 +CVE-2024-39565,1,1,7a40433b02cc0a7925d467cb898396367286e89939dabbf756204a268c184845,2024-07-10T23:15:13.940000 CVE-2024-39567,0,0,7b194844163bcf526e5adc38cee5e584dfd615ab7311f788e296e35db5f76246,2024-07-09T18:19:14.047000 CVE-2024-39568,0,0,155da4fcd07a352c9fe4061336a48a1bfe3bd89ed7e98a66130b41e632263aa3,2024-07-09T18:19:14.047000 CVE-2024-39569,0,0,52889f68709bb42505429361fd8cbaa37b3cfa3fede130db2e5e3c1d1167ce5b,2024-07-09T18:19:14.047000 @@ -254664,7 +254680,7 @@ CVE-2024-39687,0,0,1f0dde45c697bd142eb547e4c25395e40bc6f58804b4b24f10fa4126a251a CVE-2024-39689,0,0,86295f6760848f0b510226e65028fed1b62502a931685ba6acf948103d5d29cb,2024-07-08T15:49:22.437000 CVE-2024-3969,0,0,793622b6641cb8c2dc34802adf1ab9ece645cce7d321b9faf1a6b76d5e28ec78,2024-05-28T17:11:55.903000 CVE-2024-39691,0,0,5b1b13e200d826d3f40f75a75371b183af197da1146b1c1721e666feddcea9c6,2024-07-08T15:49:22.437000 -CVE-2024-39693,1,1,2bedde3e8044c66cb2a446cc4094e8e76f63af8ced7065586d84c6768c76810b,2024-07-10T20:15:04.543000 +CVE-2024-39693,0,0,2bedde3e8044c66cb2a446cc4094e8e76f63af8ced7065586d84c6768c76810b,2024-07-10T20:15:04.543000 CVE-2024-39695,0,0,fbaaa4e185fc8d8718a1bd681584149a106333fea090ef242205e9fceffe21eb,2024-07-09T14:47:19.767000 CVE-2024-39696,0,0,48bfab7e50339e1ca25125b7d36bfdf66ca4035d9f4c1ba7b967c71b544827af,2024-07-08T15:49:22.437000 CVE-2024-39697,0,0,9186fda2eab5f78df936964a06e0cbab87d706d772078d108f219ea7a02555a3,2024-07-09T18:19:14.047000 @@ -256335,6 +256351,8 @@ CVE-2024-6015,0,0,b5dd732698ac918c4f9a100a042e5587c72b21ba3272e6fc136fa01311e31f CVE-2024-6016,0,0,c54c9dea249da6152524c81283c2e2c500a502b8999814b114c6434b99c2c3ed,2024-06-17T14:15:12.487000 CVE-2024-6027,0,0,b2fd57616c7b740fff1978bda2368fdc3959192a2c78f320629b1920784145fa,2024-06-24T19:17:50.240000 CVE-2024-6028,0,0,a53cebc0801a7944b049693d6e4ba090f6ff8943c9a085ad6c29614624cd6988,2024-06-25T12:24:17.873000 +CVE-2024-6036,1,1,9c40c5bcd05d9b6168425666513e1b805aecf8096340a0971d6e55598f8c851b,2024-07-10T23:15:14.227000 +CVE-2024-6037,1,1,06d4d8b656bd7649ce96f1e8400293777fe64cfb344d03821531ca32c2859265,2024-07-10T23:15:14.493000 CVE-2024-6038,0,0,4dff4db125482f9ecedc7a5fd577549dfaebc98ad18a8caa631a9c29113f6e8d,2024-06-27T19:25:12.067000 CVE-2024-6039,0,0,266923799676f8be01eee28d4a84714045ee9a927bc992eaf897cc5b748105d7,2024-06-17T14:15:12.620000 CVE-2024-6041,0,0,a295768a83c71f46593370532a5a859cd3d130f4e3527299fc42bdf02397e4d4,2024-06-17T14:15:12.733000 @@ -256403,10 +256421,10 @@ CVE-2024-6144,0,0,282f248ec161eadd8599a33b6d11a75bd4ed1ccd1aa15e9b959a4a72d41d30 CVE-2024-6145,0,0,74f99a0157ef2eb5160bc64159bab3cd3614efb0f0cae9420b13288ce6d516ff,2024-06-20T12:44:01.637000 CVE-2024-6146,0,0,835232b778d7e80b1c73cad2f19f1275692bff270d5e664fd4c7fc64973110ef,2024-06-20T12:44:01.637000 CVE-2024-6147,0,0,4a4919271ad23db4250af2d646dfd99f64704c8a0c63e163a55ff156915fc472,2024-06-21T11:22:01.687000 -CVE-2024-6148,1,1,dcd83a245e39fa43db402f0637ad356b0d0e0667882f01d90e6c3c6107206e98,2024-07-10T21:15:10.730000 -CVE-2024-6149,1,1,a9578230ee145225e434c626fca85a259f303801ec1a7121abf0ec884010a742,2024-07-10T21:15:10.830000 -CVE-2024-6150,1,1,6ad8b9667f4da237273307618c00aa9adad0e60508a636fb2e1e33190d440247,2024-07-10T21:15:10.920000 -CVE-2024-6151,1,1,135328139a2a1eaf24b04738d199c3901e649153e54ef8d081a281ad2900fd4d,2024-07-10T21:15:11.013000 +CVE-2024-6148,0,0,dcd83a245e39fa43db402f0637ad356b0d0e0667882f01d90e6c3c6107206e98,2024-07-10T21:15:10.730000 +CVE-2024-6149,0,0,a9578230ee145225e434c626fca85a259f303801ec1a7121abf0ec884010a742,2024-07-10T21:15:10.830000 +CVE-2024-6150,0,0,6ad8b9667f4da237273307618c00aa9adad0e60508a636fb2e1e33190d440247,2024-07-10T21:15:10.920000 +CVE-2024-6151,0,0,135328139a2a1eaf24b04738d199c3901e649153e54ef8d081a281ad2900fd4d,2024-07-10T21:15:11.013000 CVE-2024-6153,0,0,a3cbabebaa196b7fc704a5b9ef76e592e68ec6c4195aa6f7531f701a27a837d5,2024-06-21T11:22:01.687000 CVE-2024-6154,0,0,14c261dad2c658f3f85287831ecf663ba772d4a017166d6d5d3cda8ce8388677,2024-06-21T11:22:01.687000 CVE-2024-6160,0,0,e0e9df11502e0f78d6d764c03981bde61fa7fdce13ce5e8e72c2edbfe567293b,2024-06-24T12:57:36.513000 @@ -256455,7 +256473,7 @@ CVE-2024-6225,0,0,05da1495d7d116987721ea4d8dad783669e833db8afd42c6e9b9d7b3635825 CVE-2024-6227,0,0,6448b237469b4af8add5bea6ce3efd3ec79e9126dca5090705d4ceeb86be54e2,2024-07-09T18:19:14.047000 CVE-2024-6229,0,0,8c75c4089f9bb2b690871cceb6de9502d8662dbaa4dc8109053b9a0e9bdfb643,2024-07-08T15:49:22.437000 CVE-2024-6235,0,0,e3c37bb4fde984e1ccadb66beb9f2d57535be87aa4e3d6539029d59968be2e76,2024-07-10T19:15:11.973000 -CVE-2024-6236,1,1,959a1f53fbd24ac8bbba6562ae5b94299031a022f324a67305fde8f021d5c507,2024-07-10T21:15:11.120000 +CVE-2024-6236,0,0,959a1f53fbd24ac8bbba6562ae5b94299031a022f324a67305fde8f021d5c507,2024-07-10T21:15:11.120000 CVE-2024-6237,0,0,8eb889363f8a87d3bb3f430f1da56ccf68ff66b11eeffce13455da0850e4107b,2024-07-09T18:18:38.713000 CVE-2024-6238,0,0,01bce4fcd5bf21099e3fa29fb7e34bf0d2a461d152d0ae3d9b913c1fb46d1451,2024-06-25T18:50:42.040000 CVE-2024-6239,0,0,4d98a21d53ef2e5917897cadc254a12ee654ff1e3575a82a15151981272f61b5,2024-06-24T19:06:27.537000 @@ -256485,7 +256503,7 @@ CVE-2024-6280,0,0,4e5bdd720fdc6d68a51312dcfd366ac88ed5daebd5ed348aefe6d5aa74c577 CVE-2024-6283,0,0,84796e0660e5beb3ad885e74e117108f941d8d6090497e3b6867080b852b92df,2024-06-28T13:37:44.763000 CVE-2024-6284,0,0,73ccbe59cd13df171bbc79ab6b910254c728a7cb44133bad73b07b9d4dc26d5e,2024-07-05T12:55:51.367000 CVE-2024-6285,0,0,e2996efda4e983a3551e96b4c79fe85947d0c5facb8b6e94cf5ae2183076f6f4,2024-06-26T14:24:38.113000 -CVE-2024-6286,1,1,465273d6f75a4d4193bc59c5929b52288f5d34220942ae74fab2f5d29f1b2acf,2024-07-10T21:15:11.210000 +CVE-2024-6286,0,0,465273d6f75a4d4193bc59c5929b52288f5d34220942ae74fab2f5d29f1b2acf,2024-07-10T21:15:11.210000 CVE-2024-6287,0,0,91ea920d50ec75aef59aca2b29908a9542c1a59d5111a1068e10d538d24873e6,2024-06-26T14:36:08.507000 CVE-2024-6288,0,0,759e3147da1b3805ee22c246688b7816f816dcaacd990c0e2025b974262129c2,2024-06-28T10:27:00.920000 CVE-2024-6290,0,0,f38106d9e1179e3770e59e6eaa72c9e7b486c800903b3806d0d60fbc8ab354e0,2024-07-03T02:09:49.960000 @@ -256539,13 +256557,13 @@ CVE-2024-6376,0,0,2eceea6553f0e47a0e34ab01650b7781a20682f6799be39f9cd1e64f3f1985 CVE-2024-6381,0,0,2822fb12d769fe1cca32125b45cae52ba3e5807419213b6087c6db8de8d2b326,2024-07-03T12:53:24.977000 CVE-2024-6382,0,0,9f140af24f460b4413fa844f95383cc153754360a136939b8743c2d8327ebf99,2024-07-03T12:53:24.977000 CVE-2024-6383,0,0,4622f4fc90fbde51d6570a14e2ee494e3e71659c68201475e4e4eb659c036ac0,2024-07-05T12:55:51.367000 -CVE-2024-6387,0,0,b1fbdb98f6e404bd38c8139822d83a145f2d2f6b94a3b15541c37a70e5fde04f,2024-07-10T18:15:05.163000 +CVE-2024-6387,0,1,d09628973709e7a093c86098796bdfaece0581c1a3c82c4d0cf5675777927be4,2024-07-10T23:15:14.700000 CVE-2024-6388,0,0,e641c9d869769d4291da87145b48d15b4f200c046d6b100142bc686375a84738,2024-06-27T17:11:52.390000 CVE-2024-6391,0,0,7ce7aeffa0d0436a5dc8c66236e9fdb421bf2fd0e842089663d3cb7d1491a998,2024-07-09T18:19:14.047000 CVE-2024-6402,0,0,795485c4534407e246daec51c1daaa33b95f6651688fed743a8fb9054cdaedba,2024-07-01T12:37:24.220000 CVE-2024-6403,0,0,e44b9cfa8d9ae367e624a8cdf179ef52ea1e98c2115d7a956299d17747a6a56b,2024-07-01T12:37:24.220000 CVE-2024-6405,0,0,fdb62e3d2213e21f6cf3d269e158ee31cc07c01f1a5a460b466ccce5203f82ee,2024-07-01T12:37:24.220000 -CVE-2024-6409,0,1,9bc68adee8126d980e539ed0340617319811b9c1ec91d5c6d49c8bedd8ee2b95,2024-07-10T20:15:04.853000 +CVE-2024-6409,0,0,9bc68adee8126d980e539ed0340617319811b9c1ec91d5c6d49c8bedd8ee2b95,2024-07-10T20:15:04.853000 CVE-2024-6410,0,0,4a23711af9b75fd5d9c836acb666fb2c064959ce225737e22ec0f19711868ab5,2024-07-10T05:15:12.313000 CVE-2024-6411,0,0,c411733ced490230d62545353c4c7ed0b98f77df3ab30f2e11b0169200346139,2024-07-10T05:15:12.497000 CVE-2024-6414,0,0,ae0d661be5f3239fdfe6f0d08030fef27c03212dc1e12675bcf532fd90369002,2024-07-01T12:37:24.220000 @@ -256615,7 +256633,9 @@ CVE-2024-6642,0,0,8d96c1180af1047f7b667e53dd25106a95583c9fef6033b783f527ef0b9e4e CVE-2024-6644,0,0,4ac0927b6bee710b6d7aa47a319df161deab572b53510067cbeff9a5913bdd4c,2024-07-10T17:15:12.980000 CVE-2024-6645,0,0,8ee317125a412d226c217d8aa7e29bf02176cbf9e3265855272fdc48170e0bd4,2024-07-10T17:15:13.320000 CVE-2024-6646,0,0,01c30e39566e822aad5b619eab7c1cda5be4c04760003ec04ead5d5505b412a8,2024-07-10T18:15:05.480000 -CVE-2024-6647,0,1,d85de7e2a89b23bef0d7c402bdb84b5d7bcecaf5214acb2011ddba0aeacad46c,2024-07-10T21:15:11.350000 +CVE-2024-6647,0,0,d85de7e2a89b23bef0d7c402bdb84b5d7bcecaf5214acb2011ddba0aeacad46c,2024-07-10T21:15:11.350000 CVE-2024-6649,0,0,ba27e99c640a915a148c2cc576aa13e58beea119b44959dc391310f141dd2bdb,2024-07-10T19:15:12.070000 -CVE-2024-6663,1,1,7facb2637e12709d4a455340194f194dba2537cb44d31c2262ed1aa6b9ebcf89,2024-07-10T21:15:11.463000 -CVE-2024-6664,1,1,7dcdbd9efac1143da422ef778b0a605b2e75ff3874c65ca5b8e519e1d8523278,2024-07-10T21:15:11.520000 +CVE-2024-6650,1,1,bcdf1da4f730173ec0ef176b961ebc45fd74db5710c1b540fd5342347455e8ad,2024-07-10T23:15:14.930000 +CVE-2024-6652,1,1,bb195bcf49fd2fd72b66d8f572cddf80628a2817e7552a8b1e09e5044328f1ca,2024-07-10T23:15:15.250000 +CVE-2024-6663,0,0,7facb2637e12709d4a455340194f194dba2537cb44d31c2262ed1aa6b9ebcf89,2024-07-10T21:15:11.463000 +CVE-2024-6664,0,0,7dcdbd9efac1143da422ef778b0a605b2e75ff3874c65ca5b8e519e1d8523278,2024-07-10T21:15:11.520000