admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-11-08T19:00:24.086080+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-11-08 19:03:25 +00:00
parent 3e98f265db
commit a3a5c5d6fb
51 changed files with 2700 additions and 404 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2019/CVE-2019-204xx/CVE-2019-20457.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2019-20457", "id": "CVE-2019-20457",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.083", "published": "2024-11-07T18:15:15.083",
"lastModified": "2024-11-07T18:15:15.083", "lastModified": "2024-11-08T17:35:00.873",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the password in hexadecimal. An attacker can easily derive the true MD5 hash from this, and use offline cracking attacks to obtain administrative access to the device." "value": "An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login attempt returns an incomplete authorization cookie. The value of the authorization cookie is the MD5 hash of the password in hexadecimal. An attacker can easily derive the true MD5 hash from this, and use offline cracking attacks to obtain administrative access to the device."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Brother MFC-J491DW C1806180757. El hash de la contrase\u00f1a de la interfaz web de la impresora se puede recuperar sin autenticaci\u00f3n, porque el encabezado de respuesta de cualquier intento de inicio de sesi\u00f3n fallido devuelve una cookie de autorizaci\u00f3n incompleta. El valor de la cookie de autorizaci\u00f3n es el hash MD5 de la contrase\u00f1a en hexadecimal. Un atacante puede derivar f\u00e1cilmente el hash MD5 verdadero a partir de esto y utilizar ataques de descifrado fuera de l\u00ednea para obtener acceso administrativo al dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://global.brother", "url": "https://global.brother",

43
CVE-2019/CVE-2019-204xx/CVE-2019-20458.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2019-20458", "id": "CVE-2019-20458",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.170", "published": "2024-11-07T18:15:15.170",
"lastModified": "2024-11-07T18:15:15.170", "lastModified": "2024-11-08T17:35:01.933",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials." "value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en los dispositivos Epson Expression Home XP255 20.08.FM10I8. De forma predeterminada, el dispositivo viene (y funciona) sin contrase\u00f1a. En ning\u00fan momento se le solicita al usuario que configure una contrase\u00f1a en el dispositivo (lo que deja varios dispositivos sin contrase\u00f1a). En este caso, cualquier persona que se conecte al panel de administraci\u00f3n web puede convertirse en administrador sin usar ninguna credencial."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://epson.com/Support/wa00826", "url": "https://epson.com/Support/wa00826",

31
CVE-2019/CVE-2019-204xx/CVE-2019-20459.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2019-20459", "id": "CVE-2019-20459",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.227", "published": "2024-11-07T18:15:15.227",
"lastModified": "2024-11-07T18:15:15.227", "lastModified": "2024-11-08T17:35:03.013",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS servers." "value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. With the SNMPv1 public community, all values can be read, and with the epson community, all the changeable values can be written/updated, as demonstrated by permanently disabling the network card or changing the DNS servers."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Epson Expression Home XP255 20.08.FM10I8. Con la comunidad p\u00fablica SNMPv1, se pueden leer todos los valores y, con la comunidad Epson, se pueden escribir o actualizar todos los valores modificables, como se demuestra al deshabilitar permanentemente la tarjeta de red o cambiar los servidores DNS."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.5,
"impactScore": 5.9
}
]
},
"references": [ "references": [
{ {
"url": "https://epson.com/Support/wa00826", "url": "https://epson.com/Support/wa00826",

43
CVE-2019/CVE-2019-204xx/CVE-2019-20460.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2019-20460", "id": "CVE-2019-20460",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.300", "published": "2024-11-07T21:15:05.300",
"lastModified": "2024-11-07T21:15:05.300", "lastModified": "2024-11-08T17:35:03.290",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user." "value": "An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. POST requests don't require (anti-)CSRF tokens or other mechanisms for validating that the request is from a legitimate source. In addition, CSRF attacks can be used to send text directly to the RAW printer interface. For example, an attack could deliver a worrisome printout to an end user."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Epson Expression Home XP255 20.08.FM10I8. Las solicitudes POST no requieren tokens (anti)CSRF ni otros mecanismos para validar que la solicitud proviene de una fuente leg\u00edtima. Adem\u00e1s, los ataques CSRF se pueden utilizar para enviar texto directamente a la interfaz de la impresora RAW. Por ejemplo, un ataque podr\u00eda entregar una impresi\u00f3n preocupante a un usuario final."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://epson.com/Support/wa00826", "url": "https://epson.com/Support/wa00826",

43
CVE-2019/CVE-2019-204xx/CVE-2019-20461.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2019-20461", "id": "CVE-2019-20461",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.400", "published": "2024-11-07T21:15:05.400",
"lastModified": "2024-11-07T21:15:05.400", "lastModified": "2024-11-08T17:35:04.320",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol. Thus, one can set up the camera connection feed with only the encoded UID. It is possible to set up sessions with the camera over the Internet by using the encoded UID and the custom UDP protocol, because authentication happens at the client side." "value": "An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol. Thus, one can set up the camera connection feed with only the encoded UID. It is possible to set up sessions with the camera over the Internet by using the encoded UID and the custom UDP protocol, because authentication happens at the client side."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos Alecto IVM-100 2019-11-12. El dispositivo utiliza un protocolo UDP personalizado para iniciar y controlar los servicios de video y audio. El protocolo ha sido parcialmente dise\u00f1ado a la inversa. En base a la ingenier\u00eda inversa, nunca se transfiere ninguna contrase\u00f1a o nombre de usuario a trav\u00e9s de este protocolo. Por lo tanto, se puede configurar la transmisi\u00f3n de conexi\u00f3n de la c\u00e1mara solo con el UID codificado. Es posible configurar sesiones con la c\u00e1mara a trav\u00e9s de Internet utilizando el UID codificado y el protocolo UDP personalizado, porque la autenticaci\u00f3n se realiza en el lado del cliente."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-295"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://seclists.org/fulldisclosure/2024/Jul/14", "url": "https://seclists.org/fulldisclosure/2024/Jul/14",

43
CVE-2019/CVE-2019-204xx/CVE-2019-20469.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2019-20469", "id": "CVE-2019-20469",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.540", "published": "2024-11-07T21:15:05.540",
"lastModified": "2024-11-07T21:15:05.540", "lastModified": "2024-11-08T17:35:05.247",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable." "value": "An issue was discovered on One2Track 2019-12-08 devices. Confidential information is needlessly stored on the smartwatch. Audio files are stored in .amr format, in the audior directory. An attacker who has physical access can retrieve all audio files by connecting via a USB cable."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos One2Track el 8 de diciembre de 2019. La informaci\u00f3n confidencial se almacena innecesariamente en el reloj inteligente. Los archivos de audio se almacenan en formato .amr, en el directorio audior. Un atacante que tenga acceso f\u00edsico puede recuperar todos los archivos de audio conect\u00e1ndose a trav\u00e9s de un cable USB."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "PHYSICAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.6,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://seclists.org/fulldisclosure/2024/Jul/14", "url": "https://seclists.org/fulldisclosure/2024/Jul/14",

31
CVE-2019/CVE-2019-204xx/CVE-2019-20472.json
View File

@ -2,16 +2,43 @@
"id": "CVE-2019-20472", "id": "CVE-2019-20472",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T21:15:05.610", "published": "2024-11-07T21:15:05.610",
"lastModified": "2024-11-07T21:15:05.610", "lastModified": "2024-11-08T17:35:06.070",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a \"Remove PIN and restart!\" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device." "value": "An issue was discovered on One2Track 2019-12-08 devices. Any SIM card used with the device cannot have a PIN configured. If a PIN is configured, the device simply produces a \"Remove PIN and restart!\" message, and cannot be used. This makes it easier for an attacker to use the SIM card by stealing the device."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en los dispositivos One2Track el 8 de diciembre de 2019. Ninguna tarjeta SIM utilizada con el dispositivo puede tener un PIN configurado. Si se configura un PIN, el dispositivo simplemente genera un mensaje que dice \"\u00a1Elimine el PIN y reinicie!\" y no se puede utilizar. Esto facilita que un atacante use la tarjeta SIM robando el dispositivo."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"references": [ "references": [
{ {
"url": "https://seclists.org/fulldisclosure/2024/Jul/14", "url": "https://seclists.org/fulldisclosure/2024/Jul/14",

43
CVE-2020/CVE-2020-119xx/CVE-2020-11921.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2020-11921", "id": "CVE-2020-11921",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.590", "published": "2024-11-07T18:15:15.590",
"lastModified": "2024-11-07T18:15:15.590", "lastModified": "2024-11-08T17:35:06.297",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in Lush 2 through 2020-02-25. Due to the lack of Bluetooth traffic encryption, it is possible to hijack an ongoing Bluetooth connection between the Lush 2 and a mobile phone. This allows an attacker to gain full control over the device." "value": "An issue was discovered in Lush 2 through 2020-02-25. Due to the lack of Bluetooth traffic encryption, it is possible to hijack an ongoing Bluetooth connection between the Lush 2 and a mobile phone. This allows an attacker to gain full control over the device."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Lush 2 hasta el 25 de febrero de 2020. Debido a la falta de cifrado del tr\u00e1fico Bluetooth, es posible secuestrar una conexi\u00f3n Bluetooth activa entre Lush 2 y un tel\u00e9fono m\u00f3vil. Esto permite que un atacante obtenga control total sobre el dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://seclists.org/fulldisclosure/2024/Jul/14", "url": "https://seclists.org/fulldisclosure/2024/Jul/14",

43
CVE-2020/CVE-2020-119xx/CVE-2020-11926.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2020-11926", "id": "CVE-2020-11926",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:15.667", "published": "2024-11-07T18:15:15.667",
"lastModified": "2024-11-07T18:15:15.667", "lastModified": "2024-11-08T17:35:07.130",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript file. Also, the disclosed information includes the SSID and WPA2 key for the Wi-Fi network the device is connected to." "value": "An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an unauthenticated web request, e.g., for a JavaScript file. Also, the disclosed information includes the SSID and WPA2 key for the Wi-Fi network the device is connected to."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en Luvion Grand Elite 3 Connect hasta el 25 de febrero de 2020. Los clientes pueden autenticarse en el dispositivo mediante un nombre de usuario y una contrase\u00f1a. Estas credenciales se pueden obtener a trav\u00e9s de una solicitud web no autenticada, por ejemplo, para un archivo JavaScript. Adem\u00e1s, la informaci\u00f3n divulgada incluye el SSID y la clave WPA2 de la red Wi-Fi a la que est\u00e1 conectado el dispositivo."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://seclists.org/fulldisclosure/2024/Jul/14", "url": "https://seclists.org/fulldisclosure/2024/Jul/14",

14
CVE-2023/CVE-2023-233xx/CVE-2023-23344.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23344", "id": "CVE-2023-23344",
"sourceIdentifier": "psirt@hcl.com", "sourceIdentifier": "psirt@hcl.com",
"published": "2023-06-23T06:15:09.707", "published": "2023-06-23T06:15:09.707",
"lastModified": "2023-07-03T19:16:21.420", "lastModified": "2024-11-08T17:35:08.757",
"vulnStatus": "Analyzed", "vulnStatus": "Modified",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -65,6 +65,16 @@
"value": "CWE-276" "value": "CWE-276"
} }
] ]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
} }
], ],
"configurations": [ "configurations": [

27
CVE-2023/CVE-2023-429xx/CVE-2023-42951.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42951", "id": "CVE-2023-42951",
"sourceIdentifier": "product-security@apple.com", "sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.363", "published": "2024-02-21T07:15:51.363",
"lastModified": "2024-02-22T19:07:27.197", "lastModified": "2024-11-08T17:35:11.143",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. Es posible que un usuario no pueda eliminar elementos del historial de navegaci\u00f3n." "value": "El problema se solucion\u00f3 mejorando el manejo de los cach\u00e9s. Este problema se solucion\u00f3 en iOS 17.1 y iPadOS 17.1. Es posible que un usuario no pueda eliminar elementos del historial de navegaci\u00f3n."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [ "references": [
{ {
"url": "https://support.apple.com/en-us/HT213982", "url": "https://support.apple.com/en-us/HT213982",

88
CVE-2024/CVE-2024-100xx/CVE-2024-10005.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10005", "id": "CVE-2024-10005",
"sourceIdentifier": "security@hashicorp.com", "sourceIdentifier": "security@hashicorp.com",
"published": "2024-10-30T22:15:02.820", "published": "2024-10-30T22:15:02.820",
"lastModified": "2024-11-01T12:57:03.417", "lastModified": "2024-11-08T18:10:09.663",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{ {
"source": "security@hashicorp.com", "source": "security@hashicorp.com",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
},
{ {
"source": "security@hashicorp.com", "source": "security@hashicorp.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,58 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass", "nodes": [
"source": "security@hashicorp.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*",
"versionStartIncluding": "1.4.1",
"versionEndExcluding": "1.20.1",
"matchCriteriaId": "0D16200E-5F65-48AE-A0A5-FFADA05CA755"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.9.0",
"versionEndExcluding": "1.15.15",
"matchCriteriaId": "4F4529FE-6B11-4CB9-A8A2-A75D10470294"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.18.0",
"versionEndExcluding": "1.18.5",
"matchCriteriaId": "36CDCEB8-8B22-4290-9071-81CE3F0F6B95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.19.0",
"versionEndExcluding": "1.19.3",
"matchCriteriaId": "0AB043DB-FC48-4DE7-80BA-EC410ECD44F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "82C595D9-B7F7-487B-A2B4-B85A45DF471C"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-22-consul-l7-intentions-vulnerable-to-url-path-bypass",
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

88
CVE-2024/CVE-2024-100xx/CVE-2024-10006.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10006", "id": "CVE-2024-10006",
"sourceIdentifier": "security@hashicorp.com", "sourceIdentifier": "security@hashicorp.com",
"published": "2024-10-30T22:15:03.063", "published": "2024-10-30T22:15:03.063",
"lastModified": "2024-11-01T12:57:03.417", "lastModified": "2024-11-08T18:10:31.970",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
},
{ {
"source": "security@hashicorp.com", "source": "security@hashicorp.com",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
},
{ {
"source": "security@hashicorp.com", "source": "security@hashicorp.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,58 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass", "nodes": [
"source": "security@hashicorp.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:community:*:*:*",
"versionStartIncluding": "1.4.1",
"versionEndExcluding": "1.20.1",
"matchCriteriaId": "0D16200E-5F65-48AE-A0A5-FFADA05CA755"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.9.0",
"versionEndExcluding": "1.15.15",
"matchCriteriaId": "4F4529FE-6B11-4CB9-A8A2-A75D10470294"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.18.0",
"versionEndExcluding": "1.18.5",
"matchCriteriaId": "36CDCEB8-8B22-4290-9071-81CE3F0F6B95"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:*:*:*:*:enterprise:*:*:*",
"versionStartIncluding": "1.19.0",
"versionEndExcluding": "1.19.3",
"matchCriteriaId": "0AB043DB-FC48-4DE7-80BA-EC410ECD44F2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:hashicorp:consul:1.20.0:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "82C595D9-B7F7-487B-A2B4-B85A45DF471C"
}
]
}
]
}
],
"references": [
{
"url": "https://discuss.hashicorp.com/t/hcsec-2024-23-consul-l7-intentions-vulnerable-to-headers-bypass",
"source": "security@hashicorp.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

60
CVE-2024/CVE-2024-104xx/CVE-2024-10452.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-10452", "id": "CVE-2024-10452",
"sourceIdentifier": "security@grafana.com", "sourceIdentifier": "security@grafana.com",
"published": "2024-10-29T16:15:04.593", "published": "2024-10-29T16:15:04.593",
"lastModified": "2024-11-01T12:57:35.843", "lastModified": "2024-11-08T17:59:10.977",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
},
{ {
"source": "security@grafana.com", "source": "security@grafana.com",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
},
{ {
"source": "security@grafana.com", "source": "security@grafana.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,30 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://grafana.com/security/security-advisories/cve-2024-10452", "nodes": [
"source": "security@grafana.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:grafana:grafana:10.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "61BED69F-519C-4264-8675-F27EC1D33AF7"
}
]
}
]
}
],
"references": [
{
"url": "https://grafana.com/security/security-advisories/cve-2024-10452",
"source": "security@grafana.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

65
CVE-2024/CVE-2024-233xx/CVE-2024-23309.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23309", "id": "CVE-2024-23309",
"sourceIdentifier": "talos-cna@cisco.com", "sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:04.153", "published": "2024-10-30T14:15:04.153",
"lastModified": "2024-11-01T12:57:03.417", "lastModified": "2024-11-08T18:27:00.643",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -18,8 +18,28 @@
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "talos-cna@cisco.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
@ -51,10 +71,43 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1996", "operator": "AND",
"source": "talos-cna@cisco.com" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1996",
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

29
CVE-2024/CVE-2024-254xx/CVE-2024-25431.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-25431",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T17:15:06.023",
"lastModified": "2024-11-08T17:15:06.023",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function."
}
],
"metrics": {},
"references": [
{
"url": "https://gist.github.com/haruki3hhh/bd228e6dcaf8c18140e1074964912b39",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/issues/3122",
"source": "cve@mitre.org"
},
{
"url": "https://github.com/bytecodealliance/wasm-micro-runtime/pull/3126",
"source": "cve@mitre.org"
}
]
}

27
CVE-2024/CVE-2024-282xx/CVE-2024-28214.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-28214", "id": "CVE-2024-28214",
"sourceIdentifier": "cve@navercorp.com", "sourceIdentifier": "cve@navercorp.com",
"published": "2024-03-07T05:15:54.803", "published": "2024-03-07T05:15:54.803",
"lastModified": "2024-09-06T05:15:13.047", "lastModified": "2024-11-08T17:35:11.637",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "nGrinder anterior a 3.5.9 permite establecer retrasos sin limitaci\u00f3n, lo que podr\u00eda ser la causa de la denegaci\u00f3n de servicio por parte de un atacante remoto." "value": "nGrinder anterior a 3.5.9 permite establecer retrasos sin limitaci\u00f3n, lo que podr\u00eda ser la causa de la denegaci\u00f3n de servicio por parte de un atacante remoto."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW",
"baseScore": 2.7,
"baseSeverity": "LOW"
},
"exploitabilityScore": 1.2,
"impactScore": 1.4
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "cve@navercorp.com", "source": "cve@navercorp.com",

65
CVE-2024/CVE-2024-336xx/CVE-2024-33699.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33699", "id": "CVE-2024-33699",
"sourceIdentifier": "talos-cna@cisco.com", "sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:07.100", "published": "2024-10-30T14:15:07.100",
"lastModified": "2024-11-01T12:57:03.417", "lastModified": "2024-11-08T17:09:29.790",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -18,8 +18,28 @@
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{ {
"source": "talos-cna@cisco.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"cvssData": { "cvssData": {
"version": "3.1", "version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
@ -51,10 +71,43 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1984", "operator": "AND",
"source": "talos-cna@cisco.com" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1984",
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

55
CVE-2024/CVE-2024-337xx/CVE-2024-33700.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-33700", "id": "CVE-2024-33700",
"sourceIdentifier": "talos-cna@cisco.com", "sourceIdentifier": "talos-cna@cisco.com",
"published": "2024-10-30T14:15:07.460", "published": "2024-10-30T14:15:07.460",
"lastModified": "2024-11-01T12:57:03.417", "lastModified": "2024-11-08T17:06:16.147",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -41,8 +41,18 @@
}, },
"weaknesses": [ "weaknesses": [
{ {
"source": "talos-cna@cisco.com", "source": "nvd@nist.gov",
"type": "Primary", "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "talos-cna@cisco.com",
"type": "Secondary",
"description": [ "description": [
{ {
"lang": "en", "lang": "en",
@ -51,10 +61,43 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1998", "operator": "AND",
"source": "talos-cna@cisco.com" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:level1:wbr-6012_firmware:r0.40e6:*:*:*:*:*:*:*",
"matchCriteriaId": "FCC94B2E-4651-4E98-90A1-CB53CC2E24CC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:level1:wbr-6012:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FD255E3-0DBF-440C-AC6A-90B30DB59B34"
}
]
}
]
}
],
"references": [
{
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2024-1998",
"source": "talos-cna@cisco.com",
"tags": [
"Exploit",
"Third Party Advisory"
]
} }
] ]
} }

39
CVE-2024/CVE-2024-352xx/CVE-2024-35297.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35297", "id": "CVE-2024-35297",
"sourceIdentifier": "vultures@jpcert.or.jp", "sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-05-27T05:15:09.617", "published": "2024-05-27T05:15:09.617",
"lastModified": "2024-05-28T12:39:28.377", "lastModified": "2024-11-08T17:35:11.890",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,42 @@
"value": "La vulnerabilidad de cross site scripting existe en las versiones de WP Booking anteriores a la 2.4.5. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web utilizando el producto." "value": "La vulnerabilidad de cross site scripting existe en las versiones de WP Booking anteriores a la 2.4.5. Si se explota esta vulnerabilidad, se puede ejecutar un script arbitrario en el navegador web del usuario que accede al sitio web utilizando el producto."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://jvn.jp/en/jp/JVN35838128/", "url": "https://jvn.jp/en/jp/JVN35838128/",

8
CVE-2024/CVE-2024-353xx/CVE-2024-35314.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-35314", "id": "CVE-2024-35314",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-10-21T21:15:05.533", "published": "2024-10-21T21:15:05.533",
"lastModified": "2024-10-23T15:12:34.673", "lastModified": "2024-11-08T18:15:16.867",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to execute arbitrary scripts." "value": "A vulnerability in the Desktop Client of Mitel MiCollab through 9.7.1.110, and MiVoice Business Solution Virtual Instance (MiVB SVI) 1.0.0.25, could allow an unauthenticated attacker to conduct a command injection attack due to insufficient parameter sanitization. A successful exploit requires user interaction and could allow an attacker to execute arbitrary scripts."
}, },
{ {
"lang": "es", "lang": "es",
@ -52,6 +52,10 @@
} }
], ],
"references": [ "references": [
{
"url": "https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0015-001-v3.pdf",
"source": "cve@mitre.org"
},
{ {
"url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0015", "url": "https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0015",
"source": "cve@mitre.org" "source": "cve@mitre.org"

43
CVE-2024/CVE-2024-360xx/CVE-2024-36063.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-36063", "id": "CVE-2024-36063",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:20.740", "published": "2024-11-07T22:15:20.740",
"lastModified": "2024-11-07T22:15:20.740", "lastModified": "2024-11-08T17:35:12.793",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component." "value": "The Goodwy com.goodwy.dialer (aka Right Dialer) application through 5.1.0 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.goodwy.dialer.activities.DialerActivity component."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Goodwy com.goodwy.dialer (tambi\u00e9n conocida como Right Dialer) hasta la versi\u00f3n 5.1.0 para Android permite que cualquier aplicaci\u00f3n (sin permisos) realice llamadas telef\u00f3nicas sin interacci\u00f3n del usuario enviando una intenci\u00f3n manipulada a trav\u00e9s del componente com.goodwy.dialer.activities.DialerActivity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-276"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/actuator/com.goodwy.dialer/blob/main/CVE-2024-36063", "url": "https://github.com/actuator/com.goodwy.dialer/blob/main/CVE-2024-36063",

43
CVE-2024/CVE-2024-360xx/CVE-2024-36064.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-36064", "id": "CVE-2024-36064",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:20.790", "published": "2024-11-07T22:15:20.790",
"lastModified": "2024-11-07T22:15:20.790", "lastModified": "2024-11-08T17:35:13.630",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.nll.cb.dialer.dialer.DialerActivity component." "value": "The NLL com.nll.cb (aka ACR Phone) application through 0.330-playStore-NoAccessibility-arm8 for Android allows any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.nll.cb.dialer.dialer.DialerActivity component."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n NLL com.nll.cb (tambi\u00e9n conocida como ACR Phone) hasta 0.330-playStore-NoAccessibility-arm8 para Android permite que cualquier aplicaci\u00f3n instalada (sin permisos) realice llamadas telef\u00f3nicas sin interacci\u00f3n del usuario enviando una intenci\u00f3n manipulada a trav\u00e9s del componente com.nll.cb.dialer.dialer.DialerActivity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/actuator/com.nll.cb/blob/main/CVE-2024-36064", "url": "https://github.com/actuator/com.nll.cb/blob/main/CVE-2024-36064",

27
CVE-2024/CVE-2024-37xx/CVE-2024-3754.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3754", "id": "CVE-2024-3754",
"sourceIdentifier": "contact@wpscan.com", "sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-14T06:15:11.950", "published": "2024-06-14T06:15:11.950",
"lastModified": "2024-06-17T12:42:04.623", "lastModified": "2024-11-08T17:35:14.477",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Alemha watermarker de WordPress hasta la versi\u00f3n 1.3.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio). " "value": "El complemento Alemha watermarker de WordPress hasta la versi\u00f3n 1.3.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con privilegios elevados, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en una configuraci\u00f3n multisitio). "
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"references": [ "references": [
{ {
"url": "https://wpscan.com/vulnerability/8c6f3e3e-3047-4446-a190-750a60c29fa3/", "url": "https://wpscan.com/vulnerability/8c6f3e3e-3047-4446-a190-750a60c29fa3/",

25
CVE-2024/CVE-2024-402xx/CVE-2024-40239.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-40239",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T18:15:17.000",
"lastModified": "2024-11-08T18:15:17.000",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function."
}
],
"metrics": {},
"references": [
{
"url": "https://play.google.com/store/apps/details?id=com.hitbytes.minidiarynotes",
"source": "cve@mitre.org"
},
{
"url": "https://zzzxiin.github.io/post/life-personal-diary/",
"source": "cve@mitre.org"
}
]
}

29
CVE-2024/CVE-2024-402xx/CVE-2024-40240.json Normal file
View File

@ -0,0 +1,29 @@
{
"id": "CVE-2024-40240",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T18:15:17.130",
"lastModified": "2024-11-08T18:15:17.130",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function."
}
],
"metrics": {},
"references": [
{
"url": "http://homeserve.com",
"source": "cve@mitre.org"
},
{
"url": "https://apkpure.com/homeserve-home-repair/com.homeserveapp.homeserve",
"source": "cve@mitre.org"
},
{
"url": "https://zzzxiin.github.io/post/homeserve/",
"source": "cve@mitre.org"
}
]
}

56
CVE-2024/CVE-2024-457xx/CVE-2024-45763.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2024-45763",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-11-08T17:15:06.243",
"lastModified": "2024-11-08T17:15:06.243",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Dell Enterprise SONiC OS, version(s) 4.1.x, 4.2.x, contain(s) an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. This is a critical severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.3,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-78"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

43
CVE-2024/CVE-2024-469xx/CVE-2024-46960.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-46960", "id": "CVE-2024-46960",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:20.870", "published": "2024-11-07T22:15:20.870",
"lastModified": "2024-11-07T22:15:20.870", "lastModified": "2024-11-08T17:35:15.030",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component." "value": "The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n ASD com.rocks.video.downloader (tambi\u00e9n conocida como HD Video Downloader All Format) hasta la versi\u00f3n 7.0.129 para Android permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente com.rocks.video.downloader.MainBrowserActivity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/actuator/com.rocks.video.downloader/blob/main/CVE-2024-46960", "url": "https://github.com/actuator/com.rocks.video.downloader/blob/main/CVE-2024-46960",

43
CVE-2024/CVE-2024-469xx/CVE-2024-46961.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-46961", "id": "CVE-2024-46961",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:20.923", "published": "2024-11-07T22:15:20.923",
"lastModified": "2024-11-07T22:15:20.923", "lastModified": "2024-11-08T17:35:15.877",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component." "value": "The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component."
},
{
"lang": "es",
"value": "La aplicaci\u00f3n Inshot com.downloader.privatebrowser (tambi\u00e9n conocida como Video Downloader - XDownloader) hasta la versi\u00f3n 1.3.5 para Android permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente com.downloader.privatebrowser.activity.PrivateMainActivity."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://github.com/actuator/com.downloader.privatebrowser/blob/main/CVE-2024-46961", "url": "https://github.com/actuator/com.downloader.privatebrowser/blob/main/CVE-2024-46961",

28
CVE-2024/CVE-2024-470xx/CVE-2024-47073.json
View File

@ -2,13 +2,17 @@
"id": "CVE-2024-47073", "id": "CVE-2024-47073",
"sourceIdentifier": "security-advisories@github.com", "sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-07T18:15:17.417", "published": "2024-11-07T18:15:17.417",
"lastModified": "2024-11-07T18:15:17.417", "lastModified": "2024-11-08T17:35:16.707",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." "value": "DataEase is an open source data visualization analysis tool that helps users quickly analyze data and gain insights into business trends. In affected versions a the lack of signature verification of jwt tokens allows attackers to forge jwts which then allow access to any interface. The vulnerability has been fixed in v2.10.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability."
},
{
"lang": "es",
"value": "DataEase es una herramienta de an\u00e1lisis de visualizaci\u00f3n de datos de c\u00f3digo abierto que ayuda a los usuarios a analizar r\u00e1pidamente los datos y obtener informaci\u00f3n sobre las tendencias comerciales. En las versiones afectadas, la falta de verificaci\u00f3n de firma de los tokens JWT permite a los atacantes falsificar JWT que luego permiten el acceso a cualquier interfaz. La vulnerabilidad se ha corregido en la versi\u00f3n 2.10.2 y se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."
} }
], ],
"metrics": { "metrics": {
@ -55,6 +59,28 @@
"baseSeverity": "CRITICAL" "baseSeverity": "CRITICAL"
} }
} }
],
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 0.0,
"baseSeverity": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 0.0
}
] ]
}, },
"weaknesses": [ "weaknesses": [

4
CVE-2024/CVE-2024-474xx/CVE-2024-47493.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2024-47493", "id": "CVE-2024-47493",
"sourceIdentifier": "sirt@juniper.net", "sourceIdentifier": "sirt@juniper.net",
"published": "2024-10-11T16:15:09.320", "published": "2024-10-11T16:15:09.320",
"lastModified": "2024-10-15T12:58:51.050", "lastModified": "2024-11-08T18:15:17.240",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Awaiting Analysis",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the SRX5K, SRX4600 and MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIn case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes\u00a0local FPC to eventually run out of memory and crash.\u00a0\u00a0\n\nBelow CLI command can be used to check the memory usage over a period of time:\n\n??user@host> show chassis fpc\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp CPU Utilization (%) \u00a0 CPU Utilization (%) Memory \u00a0 \nUtilization (%)\n\u00a0 Slot State \u00a0 \u00a0 (C)\u00a0 Total\u00a0 Interrupt \u00a0 \u00a0 1min \u00a0 5min \u00a0\n15min DRAM (MB) Heap \u00a0 \u00a0 Buffer\n\n\u00a0 0 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\u00a0 1 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\u00a0 2 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\n\n\n\n\n\n\n\nThis issue affects Junos OS on SRX5K, SRX4600 and MX Series:\u00a0\n\n\n\n\n * All versions before 21.2R3-S7,\u00a0\n * from 21.4 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3,\u00a0\n * from 23.2 before 23.2R2,\u00a0\n * from 23.4 before 23.4R2." "value": "A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of the Juniper Networks Junos OS on the MX Series platforms with Trio-based FPCs allows an unauthenticated, adjacent attacker to cause a Denial of Service (DoS).\n\nIn case of channelized Modular Interface Cards (MICs), every physical interface flap operation will leak heap memory. Over a period of time, continuous physical interface flap operations causes\u00a0local FPC to eventually run out of memory and crash.\u00a0\u00a0\n\nBelow CLI command can be used to check the memory usage over a period of time:\n\n\u2003\u2003user@host> show chassis fpc\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 Temp CPU Utilization (%) \u00a0 CPU Utilization (%) Memory \u00a0 \nUtilization (%)\n\u00a0 Slot State \u00a0 \u00a0 (C)\u00a0 Total\u00a0 Interrupt \u00a0 \u00a0 1min \u00a0 5min \u00a0\n15min DRAM (MB) Heap \u00a0 \u00a0 Buffer\n\n\u00a0 0 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\u00a0 1 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\u00a0 2 \nOnline\u00a0 \u00a0 \u00a0 \u00a043 \u00a0 \u00a0 41 \u00a0 \u00a0 \u00a0 \u00a0 \n2 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\n2048 \u00a0 \u00a0 \u00a0 49 \u00a0 \u00a0 \u00a0 \u00a0 14\n\n\n\n\n\n\n\n\n\nThis issue affects Junos OS on MX Series:\u00a0\n\n\n\n\n * All versions before 21.2R3-S7,\u00a0\n * from 21.4 before 21.4R3-S6,\u00a0\n * from 22.1 before 22.1R3-S5,\u00a0\n * from 22.2 before 22.2R3-S3,\u00a0\n * from 22.3 before 22.3R3-S2,\u00a0\n * from 22.4 before 22.4R3,\u00a0\n * from 23.2 before 23.2R2,\u00a0\n * from 23.4 before 23.4R2."
}, },
{ {
"lang": "es", "lang": "es",

31
CVE-2024/CVE-2024-495xx/CVE-2024-49522.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-49522", "id": "CVE-2024-49522",
"sourceIdentifier": "psirt@adobe.com", "sourceIdentifier": "psirt@adobe.com",
"published": "2024-11-05T17:15:06.173", "published": "2024-11-05T17:15:06.173",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T18:06:01.930",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -51,10 +51,31 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-52.html", "nodes": [
"source": "psirt@adobe.com" {
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:adobe:substance_3d_painter:*:*:*:*:*:*:*:*",
"versionEndExcluding": "10.1.0",
"matchCriteriaId": "D4AE1754-009F-4B40-B1D2-4464C2BEE116"
}
]
}
]
}
],
"references": [
{
"url": "https://helpx.adobe.com/security/products/substance3d_painter/apsb24-52.html",
"source": "psirt@adobe.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

200
CVE-2024/CVE-2024-501xx/CVE-2024-50117.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50117", "id": "CVE-2024-50117",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-05T18:15:14.823", "published": "2024-11-05T18:15:14.823",
"lastModified": "2024-11-08T16:15:47.260", "lastModified": "2024-11-08T17:53:01.860",
"vulnStatus": "Undergoing Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,39 +15,179 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd: Protecci\u00f3n contra datos err\u00f3neos para el m\u00e9todo ACPI de ATIF Si un BIOS proporciona datos err\u00f3neos en respuesta a una llamada al m\u00e9todo ATIF, esto provoca una desreferencia de puntero NULL en el llamador. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminador 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminador 2) arch/x86/mm/fault.c:705 (discriminador 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminador 1) arch/x86/mm/fault.c:1232 (discriminador 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminador 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminador 1)) amdgpu ``` Se ha detectado en al menos un sistema, por lo que debe tener cuidado. (seleccionado de la confirmaci\u00f3n c9b7c809b89f24e9372a4e7f02d64c950b07fdee)" "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd: Protecci\u00f3n contra datos err\u00f3neos para el m\u00e9todo ACPI de ATIF Si un BIOS proporciona datos err\u00f3neos en respuesta a una llamada al m\u00e9todo ATIF, esto provoca una desreferencia de puntero NULL en el llamador. ``` ? show_regs (arch/x86/kernel/dumpstack.c:478 (discriminador 1)) ? __die (arch/x86/kernel/dumpstack.c:423 arch/x86/kernel/dumpstack.c:434) ? page_fault_oops (arch/x86/mm/fault.c:544 (discriminador 2) arch/x86/mm/fault.c:705 (discriminador 2)) ? do_user_addr_fault (arch/x86/mm/fault.c:440 (discriminador 1) arch/x86/mm/fault.c:1232 (discriminador 1)) ? acpi_ut_update_object_reference (drivers/acpi/acpica/utdelete.c:642) ? exc_page_fault (arch/x86/mm/fault.c:1542) ? asm_exc_page_fault (./arch/x86/include/asm/idtentry.h:623) ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:387 (discriminador 2)) amdgpu ? amdgpu_atif_query_backlight_caps.constprop.0 (drivers/gpu/drm/amd/amdgpu/amdgpu_acpi.c:386 (discriminador 1)) amdgpu ``` Se ha detectado en al menos un sistema, por lo que debe tener cuidado. (seleccionado de la confirmaci\u00f3n c9b7c809b89f24e9372a4e7f02d64c950b07fdee)"
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
}, "description": [
{ {
"url": "https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025", "lang": "en",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "value": "CWE-476"
}, }
{ ]
"url": "https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f", }
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" ],
}, "configurations": [
{ {
"url": "https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b", "nodes": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "operator": "OR",
{ "negate": false,
"url": "https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44", "cpeMatch": [
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" {
}, "vulnerable": true,
{ "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"url": "https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3", "versionStartIncluding": "4.2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "versionEndExcluding": "4.19.323",
"matchCriteriaId": "677C8F99-30A1-4F6B-BD3E-FE1550E8BA0A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.285",
"matchCriteriaId": "B5A89369-320F-47FC-8695-56F61F87E4C0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.229",
"matchCriteriaId": "1A03CABE-9B43-4E7F-951F-10DEEADAA426"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.170",
"matchCriteriaId": "A9BA1C73-2D2E-45E3-937B-276A28AEB5FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.115",
"matchCriteriaId": "C08A77A6-E42E-4EFD-B5A1-2BF6CBBB42AE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.59",
"matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.6",
"matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/1d7175f9c57b1abf9ecfbdfd53ea760761f52ffe",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/234682910971732cd4da96fd95946e296e486b38",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/43b4fa6e0e238c6e2662f4fb61d9f51c2785fb1d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/58556dcbd5606a5daccaee73b2130bc16b48e025",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6032287747f874b52dc8b9d7490e2799736e035f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/975ede2a7bec52b5da1428829b3439667c8a234b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bf58f03931fdcf7b3c45cb76ac13244477a60f44",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cd67af3c1762de4c2483ae4dbdd98f9ea8fa56e3",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

96
CVE-2024/CVE-2024-501xx/CVE-2024-50118.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50118", "id": "CVE-2024-50118",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-05T18:15:14.887", "published": "2024-11-05T18:15:14.887",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T18:02:21.617",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,95 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: rechazar la reconfiguraci\u00f3n de ro->rw si hay requisitos de ro estrictos [ERROR]. Syzbot informa del siguiente fallo: Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): deshabilitar el \u00e1rbol de espacio libre Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): borrando el indicador de funci\u00f3n de compatibilidad para FREE_SPACE_TREE (0x1) Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): borrando el indicador de funci\u00f3n de compatibilidad para FREE_SPACE_TREE_VALID (0x2) Vaya: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref en el rango [0x000000000000018-0x000000000000001f] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 RIP: 0010:backup_super_roots fs/btrfs/disk-io.c:1691 [en l\u00ednea] RIP: 0010:write_all_supers+0x97a/0x40f0 fs/btrfs/disk-io.c:4041 Seguimiento de llamadas: btrfs_commit_transaction+0x1eae/0x3740 fs/btrfs/transaction.c:2530 btrfs_delete_free_space_tree+0x383/0x730 fs/btrfs/free-space-tree.c:1312 btrfs_start_pre_rw_mount+0xf28/0x1300 fs/btrfs/disk-io.c:3012 btrfs_remount_rw fs/btrfs/super.c:1309 [en l\u00ednea] btrfs_reconfigure+0xae6/0x2d40 fs/btrfs/super.c:1534 btrfs_reconfigure_for_mount fs/btrfs/super.c:2020 [en l\u00ednea] btrfs_get_tree_subvol fs/btrfs/super.c:2079 [en l\u00ednea] btrfs_get_tree+0x918/0x1920 fs/btrfs/super.c:2115 vfs_get_tree+0x90/0x2b0 fs/super.c:1800 do_new_mount+0x2be/0xb40 fs/namespace.c:3472 do_mount fs/namespace.c:3812 [en l\u00ednea] __do_sys_mount fs/namespace.c:4020 [en l\u00ednea] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [CAUSA] Para admitir el montaje de diferentes subvol\u00famenes con diferentes indicadores RO/RW para las nuevas API de montaje, btrfs introdujo dos workarounds para admitir esta funci\u00f3n: - Omitir las comprobaciones de opciones/funciones de montaje si estamos montando un subvolumen diferente - Reconfigurar el fs a RW si el montaje inicial es RO Combinando estos dos, podemos tener la siguiente secuencia: - Montar el fs ro,rescue=all,clear_cache,space_cache=v1 rescue=all marcar\u00e1 el fs como de solo lectura, por lo que no se borrar\u00e1 la cach\u00e9 v2. - Montar un subvolumen rw del mismo fs. Entramos en btrfs_get_tree_subvol(), pero fc_mount() devuelve EBUSY porque nuestro nuevo fc es RW, diferente del fs original. Ahora ingresamos btrfs_reconfigure_for_mount(), que cambia el indicador RO primero para que podamos obtener el fs_info existente. Luego reconfiguramos el fs a RW. - Durante la reconfiguraci\u00f3n, se omite la verificaci\u00f3n de opciones/caracter\u00edsticas Esto significa que reiniciaremos el borrado de la cach\u00e9 v2 y volveremos a la cach\u00e9 v1. Esto activar\u00e1 escrituras en el sistema de archivos y, dado que el sistema de archivos original tiene la opci\u00f3n \"rescue=all\", omite la lectura del \u00e1rbol csum. Y, eventualmente, provoca la desreferencia del puntero NULL en la reescritura del superbloque. [SOLUCI\u00d3N] Para la reconfiguraci\u00f3n causada por diferentes indicadores de RO/RW de subvolumen, aseg\u00farese de que siempre ejecutamos btrfs_check_options() para garantizar que se cumplan los requisitos de RO estrictos adecuados. De hecho, la funci\u00f3n btrfs_check_options() no realiza muchas comprobaciones complejas, sino requisitos de RO estrictos y algunas comprobaciones de dependencia de funciones, por lo que no hay ninguna raz\u00f3n especial para no realizar la comprobaci\u00f3n para la reconfiguraci\u00f3n del montaje." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: rechazar la reconfiguraci\u00f3n de ro->rw si hay requisitos de ro estrictos [ERROR]. Syzbot informa del siguiente fallo: Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): deshabilitar el \u00e1rbol de espacio libre Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): borrando el indicador de funci\u00f3n de compatibilidad para FREE_SPACE_TREE (0x1) Informaci\u00f3n de BTRFS (estado de loop0 del dispositivo MCS): borrando el indicador de funci\u00f3n de compatibilidad para FREE_SPACE_TREE_VALID (0x2) Vaya: error de protecci\u00f3n general, probablemente para la direcci\u00f3n no can\u00f3nica 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref en el rango [0x000000000000018-0x000000000000001f] Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 01/04/2014 RIP: 0010:backup_super_roots fs/btrfs/disk-io.c:1691 [en l\u00ednea] RIP: 0010:write_all_supers+0x97a/0x40f0 fs/btrfs/disk-io.c:4041 Seguimiento de llamadas: btrfs_commit_transaction+0x1eae/0x3740 fs/btrfs/transaction.c:2530 btrfs_delete_free_space_tree+0x383/0x730 fs/btrfs/free-space-tree.c:1312 btrfs_start_pre_rw_mount+0xf28/0x1300 fs/btrfs/disk-io.c:3012 btrfs_remount_rw fs/btrfs/super.c:1309 [en l\u00ednea] btrfs_reconfigure+0xae6/0x2d40 fs/btrfs/super.c:1534 btrfs_reconfigure_for_mount fs/btrfs/super.c:2020 [en l\u00ednea] btrfs_get_tree_subvol fs/btrfs/super.c:2079 [en l\u00ednea] btrfs_get_tree+0x918/0x1920 fs/btrfs/super.c:2115 vfs_get_tree+0x90/0x2b0 fs/super.c:1800 do_new_mount+0x2be/0xb40 fs/namespace.c:3472 do_mount fs/namespace.c:3812 [en l\u00ednea] __do_sys_mount fs/namespace.c:4020 [en l\u00ednea] __se_sys_mount+0x2d6/0x3c0 fs/namespace.c:3997 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [CAUSA] Para admitir el montaje de diferentes subvol\u00famenes con diferentes indicadores RO/RW para las nuevas API de montaje, btrfs introdujo dos workarounds para admitir esta funci\u00f3n: - Omitir las comprobaciones de opciones/funciones de montaje si estamos montando un subvolumen diferente - Reconfigurar el fs a RW si el montaje inicial es RO Combinando estos dos, podemos tener la siguiente secuencia: - Montar el fs ro,rescue=all,clear_cache,space_cache=v1 rescue=all marcar\u00e1 el fs como de solo lectura, por lo que no se borrar\u00e1 la cach\u00e9 v2. - Montar un subvolumen rw del mismo fs. Entramos en btrfs_get_tree_subvol(), pero fc_mount() devuelve EBUSY porque nuestro nuevo fc es RW, diferente del fs original. Ahora ingresamos btrfs_reconfigure_for_mount(), que cambia el indicador RO primero para que podamos obtener el fs_info existente. Luego reconfiguramos el fs a RW. - Durante la reconfiguraci\u00f3n, se omite la verificaci\u00f3n de opciones/caracter\u00edsticas Esto significa que reiniciaremos el borrado de la cach\u00e9 v2 y volveremos a la cach\u00e9 v1. Esto activar\u00e1 escrituras en el sistema de archivos y, dado que el sistema de archivos original tiene la opci\u00f3n \"rescue=all\", omite la lectura del \u00e1rbol csum. Y, eventualmente, provoca la desreferencia del puntero NULL en la reescritura del superbloque. [SOLUCI\u00d3N] Para la reconfiguraci\u00f3n causada por diferentes indicadores de RO/RW de subvolumen, aseg\u00farese de que siempre ejecutamos btrfs_check_options() para garantizar que se cumplan los requisitos de RO estrictos adecuados. De hecho, la funci\u00f3n btrfs_check_options() no realiza muchas comprobaciones complejas, sino requisitos de RO estrictos y algunas comprobaciones de dependencia de funciones, por lo que no hay ninguna raz\u00f3n especial para no realizar la comprobaci\u00f3n para la reconfiguraci\u00f3n del montaje."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/23724398b55d9570f6ae79dd2ea026fff8896bf1", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/3c36a72c1d27de6618c1c480c793d9924640f5bb", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.11.6",
"matchCriteriaId": "2CAA29A6-36B4-4C90-A862-A816F65153DB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/23724398b55d9570f6ae79dd2ea026fff8896bf1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3c36a72c1d27de6618c1c480c793d9924640f5bb",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

96
CVE-2024/CVE-2024-501xx/CVE-2024-50119.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50119", "id": "CVE-2024-50119",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-05T18:15:14.957", "published": "2024-11-05T18:15:14.957",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T18:03:02.373",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,15 +15,95 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: se corrige la advertencia al destruir 'cifs_io_request_pool' Hay un problema como el siguiente: ADVERTENCIA: CPU: 1 PID: 27826 en mm/slub.c:4698 free_large_kmalloc+0xac/0xe0 RIP: 0010:free_large_kmalloc+0xac/0xe0 Rastreo de llamadas: ? Obviamente, 'cifs_io_request_pool' no es creado por mempool_create(). Entonces simplemente use mempool_exit() para revertir 'cifs_io_request_pool'." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cifs: se corrige la advertencia al destruir 'cifs_io_request_pool' Hay un problema como el siguiente: ADVERTENCIA: CPU: 1 PID: 27826 en mm/slub.c:4698 free_large_kmalloc+0xac/0xe0 RIP: 0010:free_large_kmalloc+0xac/0xe0 Rastreo de llamadas: ? Obviamente, 'cifs_io_request_pool' no es creado por mempool_create(). Entonces simplemente use mempool_exit() para revertir 'cifs_io_request_pool'."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/2ce1007f42b8a6a0814386cb056feb28dc6d6091", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/726416a253c51037636ecc65ad3dada3d02dcaea", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.10",
"versionEndExcluding": "6.11.6",
"matchCriteriaId": "DB1EF597-EE20-41B9-A601-99CB57D64A94"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2ce1007f42b8a6a0814386cb056feb28dc6d6091",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/726416a253c51037636ecc65ad3dada3d02dcaea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

126
CVE-2024/CVE-2024-501xx/CVE-2024-50120.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50120", "id": "CVE-2024-50120",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-05T18:15:15.023", "published": "2024-11-05T18:15:15.023",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T18:04:08.080",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,123 @@
"value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: Manejar errores de kstrdup para contrase\u00f1as. En smb3_reconfigure(), despu\u00e9s de duplicar ctx->password y ctx->password2 con kstrdup(), debemos verificar si hay errores de asignaci\u00f3n. Si la asignaci\u00f3n de ses->password falla, devuelva -ENOMEM. Si la asignaci\u00f3n de ses->password2 falla, libere ses->password, config\u00farelo en NULL y devuelva -ENOMEM." "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: Manejar errores de kstrdup para contrase\u00f1as. En smb3_reconfigure(), despu\u00e9s de duplicar ctx->password y ctx->password2 con kstrdup(), debemos verificar si hay errores de asignaci\u00f3n. Si la asignaci\u00f3n de ses->password falla, devuelva -ENOMEM. Si la asignaci\u00f3n de ses->password2 falla, libere ses->password, config\u00farelo en NULL y devuelva -ENOMEM."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/35488799b0ab6e4327f82e1d9209a60805665b37", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/35dbac8c328d6afe937cd45ecd41d209d0b9f8b8", "impactScore": 3.6
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/9a5dd61151399ad5a5d69aad28ab164734c1e3bc", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.24",
"versionEndExcluding": "6.6.59",
"matchCriteriaId": "4C017B9E-32C1-4A6A-8332-9D815CADA68C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7.12",
"versionEndExcluding": "6.8",
"matchCriteriaId": "D6A2C3EC-DA7B-4144-8BAF-2DBB7E8CE4C7"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.3",
"versionEndExcluding": "6.9",
"matchCriteriaId": "9974CA02-5BD5-4DE2-9DC2-46DDF0748BB5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.9",
"versionEndExcluding": "6.11.6",
"matchCriteriaId": "2132686D-AA83-479C-98CA-4B9F24436525"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/35488799b0ab6e4327f82e1d9209a60805665b37",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/35dbac8c328d6afe937cd45ecd41d209d0b9f8b8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9a5dd61151399ad5a5d69aad28ab164734c1e3bc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

126
CVE-2024/CVE-2024-501xx/CVE-2024-50121.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-50121", "id": "CVE-2024-50121",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-11-05T18:15:15.080", "published": "2024-11-05T18:15:15.080",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T18:05:13.947",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -15,19 +15,123 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: cancelar nfsd_shrinker_work usando el modo de sincronizaci\u00f3n en nfs4_state_shutdown_net. En el caso normal, cuando ejecutamos `echo 0 > /proc/fs/nfsd/threads`, la funci\u00f3n `nfs4_state_destroy_net` en `nfs4_state_shutdown_net` liberar\u00e1 todos los recursos relacionados con el `nfs4_client` con hash. Si `nfsd_client_shrinker` se est\u00e1 ejecutando simult\u00e1neamente, la funci\u00f3n `expire_client` primero deshar\u00e1 el hash de este cliente y luego lo destruir\u00e1. Esto puede generar la siguiente advertencia. Adem\u00e1s, tambi\u00e9n pueden ocurrir numerosos errores de use-after-free. nfsd_client_shrinker echo 0 > /proc/fs/nfsd/threads expire_client nfsd_shutdown_net unhash_client ... nfs4_state_shutdown_net /* no esperar\u00e1 a que el reductor salga */ /* cancel_work(&nn->nfsd_shrinker_work) * nfsd_file para esto /* no destruir\u00e1 el cliente1 sin hash */ * el cliente1 sigue activo nfs4_state_destroy_net */ nfsd_file_cache_shutdown /* advertencia de activaci\u00f3n */ kmem_cache_destroy(nfsd_file_slab) kmem_cache_destroy(nfsd_file_mark_slab) /* liberar nfsd_file y marcar */ __destroy_client ============================================================================ ERROR nfsd_file (no contaminado): objetos restantes en nfsd_file en __kmem_cache_shutdown() -------------------------------------------------------------------- CPU: 4 UID: 0 PID: 764 Comm: sh No contaminado 6.12.0-rc3+ #1 dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xac/0x210 [nfsd] nfsd_destroy_serv+0x251/0x2a0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e ========================================================================= ERROR nfsd_file_mark (Corrompido: GBW): Objetos que permanecen en nfsd_file_mark en __kmem_cache_shutdown() -------------------------------------------------------------------- dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xc8/0x210 [nfsd] Para resolver este problema, cancele `nfsd_shrinker_work` usando el modo sincr\u00f3nico en nfs4_state_shutdown_net." "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nfsd: cancelar nfsd_shrinker_work usando el modo de sincronizaci\u00f3n en nfs4_state_shutdown_net. En el caso normal, cuando ejecutamos `echo 0 > /proc/fs/nfsd/threads`, la funci\u00f3n `nfs4_state_destroy_net` en `nfs4_state_shutdown_net` liberar\u00e1 todos los recursos relacionados con el `nfs4_client` con hash. Si `nfsd_client_shrinker` se est\u00e1 ejecutando simult\u00e1neamente, la funci\u00f3n `expire_client` primero deshar\u00e1 el hash de este cliente y luego lo destruir\u00e1. Esto puede generar la siguiente advertencia. Adem\u00e1s, tambi\u00e9n pueden ocurrir numerosos errores de use-after-free. nfsd_client_shrinker echo 0 > /proc/fs/nfsd/threads expire_client nfsd_shutdown_net unhash_client ... nfs4_state_shutdown_net /* no esperar\u00e1 a que el reductor salga */ /* cancel_work(&nn->nfsd_shrinker_work) * nfsd_file para esto /* no destruir\u00e1 el cliente1 sin hash */ * el cliente1 sigue activo nfs4_state_destroy_net */ nfsd_file_cache_shutdown /* advertencia de activaci\u00f3n */ kmem_cache_destroy(nfsd_file_slab) kmem_cache_destroy(nfsd_file_mark_slab) /* liberar nfsd_file y marcar */ __destroy_client ============================================================================ ERROR nfsd_file (no contaminado): objetos restantes en nfsd_file en __kmem_cache_shutdown() -------------------------------------------------------------------- CPU: 4 UID: 0 PID: 764 Comm: sh No contaminado 6.12.0-rc3+ #1 dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xac/0x210 [nfsd] nfsd_destroy_serv+0x251/0x2a0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e ========================================================================= ERROR nfsd_file_mark (Corrompido: GBW): Objetos que permanecen en nfsd_file_mark en __kmem_cache_shutdown() -------------------------------------------------------------------- dump_stack_lvl+0x53/0x70 slab_err+0xb0/0xf0 __kmem_cache_shutdown+0x15c/0x310 kmem_cache_destroy+0x66/0x160 nfsd_file_cache_shutdown+0xc8/0x210 [nfsd] Para resolver este problema, cancele `nfsd_shrinker_work` usando el modo sincr\u00f3nico en nfs4_state_shutdown_net."
} }
], ],
"metrics": {}, "metrics": {
"references": [ "cvssMetricV31": [
{ {
"url": "https://git.kernel.org/stable/c/add1df5eba163a3a6ece11cb85890e2e410baaea", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH"
}, },
{ "exploitabilityScore": 1.8,
"url": "https://git.kernel.org/stable/c/d5ff2fb2e7167e9483846e34148e60c0c016a1f6", "impactScore": 5.9
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" }
]
}, },
"weaknesses": [
{ {
"url": "https://git.kernel.org/stable/c/f965dc0f099a54fca100acf6909abe52d0c85328", "source": "nvd@nist.gov",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" "type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.220",
"versionEndExcluding": "5.15",
"matchCriteriaId": "0A0CD37F-23BB-4BB4-89CC-E109F94FA5EB"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.154",
"versionEndExcluding": "6.1",
"matchCriteriaId": "0E48233A-9E5E-4F9C-851A-119D82BE30F8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.59",
"matchCriteriaId": "5D15CA59-D15C-4ACD-8B03-A072DEAD2081"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.11.6",
"matchCriteriaId": "E4486B12-007B-4794-9857-F07145637AA1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*",
"matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*",
"matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc4:*:*:*:*:*:*",
"matchCriteriaId": "E0F717D8-3014-4F84-8086-0124B2111379"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/add1df5eba163a3a6ece11cb85890e2e410baaea",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d5ff2fb2e7167e9483846e34148e60c0c016a1f6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f965dc0f099a54fca100acf6909abe52d0c85328",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
} }
] ]
} }

27
CVE-2024/CVE-2024-503xx/CVE-2024-50378.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-50378", "id": "CVE-2024-50378",
"sourceIdentifier": "security@apache.org", "sourceIdentifier": "security@apache.org",
"published": "2024-11-08T15:15:06.143", "published": "2024-11-08T15:15:06.143",
"lastModified": "2024-11-08T15:15:06.143", "lastModified": "2024-11-08T18:35:04.843",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -11,7 +11,30 @@
"value": "Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see.\u00a0When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table." "value": "Airflow versions before 2.10.3 have a vulnerability that allows authenticated users with audit log access to see sensitive values in audit logs which they should not see.\u00a0When sensitive variables were set via airflow CLI, values of those variables appeared in the audit log and were stored unencrypted in the Airflow database. While this risk is limited to users with audit log access, it is recommended to upgrade to Airflow 2.10.3 or a later version, which addresses this issue. Users who previously used the CLI to set secret variables should manually delete entries with those variables from the log table."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.6
}
]
},
"weaknesses": [ "weaknesses": [
{ {
"source": "security@apache.org", "source": "security@apache.org",

25
CVE-2024/CVE-2024-506xx/CVE-2024-50634.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-50634",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T17:15:06.570",
"lastModified": "2024-11-08T17:15:06.570",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/yamerooo123/CVE/tree/main/CVE-2024-50634",
"source": "cve@mitre.org"
},
{
"url": "https://youtu.be/wnULru0WdtA",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-507xx/CVE-2024-50766.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-50766", "id": "CVE-2024-50766",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:21.403", "published": "2024-11-07T22:15:21.403",
"lastModified": "2024-11-07T22:15:21.403", "lastModified": "2024-11-08T17:35:18.630",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter." "value": "SourceCodester Survey Application System 1.0 is vulnerable to SQL Injection in takeSurvey.php via the id parameter."
},
{
"lang": "es",
"value": "SourceCodester Survey Application System 1.0 es vulnerable a la inyecci\u00f3n SQL en takeSurvey.php a trav\u00e9s del par\u00e1metro id."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://medium.com/%40luisgerardomoret_69654/sql-injection-in-survey-application-system-cve-2024-50766-8ed81426ca6e", "url": "https://medium.com/%40luisgerardomoret_69654/sql-injection-in-survey-application-system-cve-2024-50766-8ed81426ca6e",

39
CVE-2024/CVE-2024-509xx/CVE-2024-50966.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-50966", "id": "CVE-2024-50966",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T16:15:50.097", "published": "2024-11-08T16:15:50.097",
"lastModified": "2024-11-08T16:15:50.097", "lastModified": "2024-11-08T18:35:05.110",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
@ -11,7 +11,42 @@
"value": "dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin." "value": "dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addAdmin."
} }
], ],
"metrics": {}, "metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 9.3,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 2.8,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-352"
}
]
}
],
"references": [ "references": [
{ {
"url": "https://github.com/evenomn/YangYiWen/tree/main/11", "url": "https://github.com/evenomn/YangYiWen/tree/main/11",

25
CVE-2024/CVE-2024-510xx/CVE-2024-51030.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-51030",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T18:15:17.463",
"lastModified": "2024-11-08T18:15:17.463",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A SQL injection vulnerability in manage_client.php and view_cab.php of Sourcecodester Cab Management System 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, leading to unauthorized access and potential compromise of sensitive data within the database."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/vighneshnair7/CVE-2024-51030",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-510xx/CVE-2024-51031.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-51031",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T18:15:17.553",
"lastModified": "2024-11-08T18:15:17.553",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability in manage_account.php in Sourcecodester Cab Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the \"First Name,\" \"Middle Name,\" and \"Last Name\" fields."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/vighneshnair7/CVE-2024-51031",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/15180/cab-management-system-phpoop-free-source-code.html",
"source": "cve@mitre.org"
}
]
}

25
CVE-2024/CVE-2024-510xx/CVE-2024-51032.json Normal file
View File

@ -0,0 +1,25 @@
{
"id": "CVE-2024-51032",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T18:15:17.650",
"lastModified": "2024-11-08T18:15:17.650",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Cross-site Scripting (XSS) vulnerability in manage_recipient.php of Sourcecodester Toll Tax Management System 1.0 allows remote authenticated users to inject arbitrary web scripts via the \"owner\" input field."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/Shree-Chandragiri/CVE-2024-51032",
"source": "cve@mitre.org"
},
{
"url": "https://www.sourcecodester.com/php/15304/toll-tax-management-system-phpoop-free-source-code.html",
"source": "cve@mitre.org"
}
]
}

21
CVE-2024/CVE-2024-511xx/CVE-2024-51152.json Normal file
View File

@ -0,0 +1,21 @@
{
"id": "CVE-2024-51152",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-11-08T18:15:17.753",
"lastModified": "2024-11-08T18:15:17.753",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "File Upload vulnerability in Laravel CMS v.1.4.7 and before allows a remote attacker to execute arbitrary code via the shell.php a component."
}
],
"metrics": {},
"references": [
{
"url": "https://co-a1natas.feishu.cn/docx/GuYjd2lDEoxNhVxPa9Yc1akknee",
"source": "cve@mitre.org"
}
]
}

43
CVE-2024/CVE-2024-514xx/CVE-2024-51428.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-51428", "id": "CVE-2024-51428",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T18:15:17.677", "published": "2024-11-07T18:15:17.677",
"lastModified": "2024-11-07T18:15:17.677", "lastModified": "2024-11-08T17:35:19.500",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet." "value": "An issue in Espressif Esp idf v5.3.0 allows attackers to cause a Denial of Service (DoS) via a crafted data channel packet."
},
{
"lang": "es",
"value": "Un problema en Espressif Esp idf v5.3.0 permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un paquete de canal de datos creado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://gitee.com/guozhi123456/vulnerability-Report/blob/master/Esp/Accept_Invaild_Address.md", "url": "https://gitee.com/guozhi123456/vulnerability-Report/blob/master/Esp/Accept_Invaild_Address.md",

43
CVE-2024/CVE-2024-514xx/CVE-2024-51434.json
View File

@ -2,16 +2,55 @@
"id": "CVE-2024-51434", "id": "CVE-2024-51434",
"sourceIdentifier": "cve@mitre.org", "sourceIdentifier": "cve@mitre.org",
"published": "2024-11-07T22:15:21.467", "published": "2024-11-07T22:15:21.467",
"lastModified": "2024-11-07T22:15:21.467", "lastModified": "2024-11-08T17:35:20.360",
"vulnStatus": "Received", "vulnStatus": "Received",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
"lang": "en", "lang": "en",
"value": "Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier." "value": "Inconsistent <plaintext> tag parsing allows for XSS in Froala WYSIWYG editor 4.3.0 and earlier."
},
{
"lang": "es",
"value": "El an\u00e1lisis inconsistente de la etiqueta permite XSS en el editor WYSIWYG de Froala 4.3.0 y versiones anteriores."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
} }
], ],
"metrics": {},
"references": [ "references": [
{ {
"url": "https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434/", "url": "https://georgyg.com/home/froala-wysiwyg-editor---xss-cve-2024-51434/",

269
CVE-2024/CVE-2024-95xx/CVE-2024-9579.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-9579", "id": "CVE-2024-9579",
"sourceIdentifier": "hp-security-alert@hp.com", "sourceIdentifier": "hp-security-alert@hp.com",
"published": "2024-11-05T17:15:07.667", "published": "2024-11-05T17:15:07.667",
"lastModified": "2024-11-06T18:17:17.287", "lastModified": "2024-11-08T18:08:02.683",
"vulnStatus": "Awaiting Analysis", "vulnStatus": "Analyzed",
"cveTags": [], "cveTags": [],
"descriptions": [ "descriptions": [
{ {
@ -17,6 +17,26 @@
], ],
"metrics": { "metrics": {
"cvssMetricV31": [ "cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
},
{ {
"source": "hp-security-alert@hp.com", "source": "hp-security-alert@hp.com",
"type": "Secondary", "type": "Secondary",
@ -40,6 +60,16 @@
] ]
}, },
"weaknesses": [ "weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-77"
}
]
},
{ {
"source": "hp-security-alert@hp.com", "source": "hp-security-alert@hp.com",
"type": "Secondary", "type": "Secondary",
@ -51,10 +81,239 @@
] ]
} }
], ],
"references": [ "configurations": [
{ {
"url": "https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900", "operator": "AND",
"source": "hp-security-alert@hp.com" "nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_tc8_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.2",
"matchCriteriaId": "6DCF1C57-F138-4118-BAA6-7286BA78F8DC"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_tc8:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F053C475-D941-4D4B-B433-8D67CD9A2C71"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_tc10_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.3.2",
"matchCriteriaId": "BC9FC9F3-5FB5-4E3B-9AF3-72BF90FAC13F"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_tc10:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5E9083C3-3142-494C-827C-56576ADFCA93"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_studio_g7500_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "FCE079BE-F301-4CB3-AEF4-7A1F8BF52F0E"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_studio_g7500:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B27E0D-4C00-42F8-8772-1C0B1D0F64FC"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_studio_x30_firmware:*:*:*:*:*:*:*:*",
"versionEndIncluding": "4.3.2",
"matchCriteriaId": "78D5810F-7044-4A7C-81E8-BF05F2163B5A"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_studio_x30:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58648CB8-9564-4EAB-8049-65B048EF8000"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_studio_x50_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "242A2E5D-D761-458E-BA4A-53F8DFF3B0A7"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_studio_x50:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1424706A-4E51-4513-B962-59E9ABDD71E7"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_studio_x70_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "520E74F3-26F8-408C-93AD-516373EACDF1"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_studio_x70:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8A94CC22-4C6E-4415-9AB3-E0A3EC7BD672"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_studio_x52_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "383C1531-70D5-4BB2-AB8D-49D92E661739"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_studio_x52:-:*:*:*:*:*:*:*",
"matchCriteriaId": "06C69912-7DB0-4510-884B-3FFF7AC6B1FB"
}
]
}
]
},
{
"operator": "AND",
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:hp:poly_studio_g62_firmware:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.3.2",
"matchCriteriaId": "5315BF05-1706-4A5B-9A9D-104AEDDC2C5C"
}
]
},
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": false,
"criteria": "cpe:2.3:h:hp:poly_studio_g62:-:*:*:*:*:*:*:*",
"matchCriteriaId": "FF7F293C-3F38-40DB-B909-F6E0C32219E0"
}
]
}
]
}
],
"references": [
{
"url": "https://support.hp.com/us-en/document/ish_11536495-11536533-16/hpsbpy03900",
"source": "hp-security-alert@hp.com",
"tags": [
"Vendor Advisory"
]
} }
] ]
} }

78
CVE-2024/CVE-2024-98xx/CVE-2024-9841.json Normal file
View File

@ -0,0 +1,78 @@
{
"id": "CVE-2024-9841",
"sourceIdentifier": "security@opentext.com",
"published": "2024-11-08T18:15:17.853",
"lastModified": "2024-11-08T18:15:17.853",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Management Center and ArcSight Platform. The vulnerability could be remotely exploited."
}
],
"metrics": {
"cvssMetricV40": [
{
"source": "security@opentext.com",
"type": "Secondary",
"cvssData": {
"version": "4.0",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:H/VA:L/SC:L/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"privilegesRequired": "NONE",
"userInteraction": "ACTIVE",
"vulnerableSystemConfidentiality": "LOW",
"vulnerableSystemIntegrity": "HIGH",
"vulnerableSystemAvailability": "LOW",
"subsequentSystemConfidentiality": "LOW",
"subsequentSystemIntegrity": "LOW",
"subsequentSystemAvailability": "NONE",
"exploitMaturity": "NOT_DEFINED",
"confidentialityRequirements": "NOT_DEFINED",
"integrityRequirements": "NOT_DEFINED",
"availabilityRequirements": "NOT_DEFINED",
"modifiedAttackVector": "NOT_DEFINED",
"modifiedAttackComplexity": "NOT_DEFINED",
"modifiedAttackRequirements": "NOT_DEFINED",
"modifiedPrivilegesRequired": "NOT_DEFINED",
"modifiedUserInteraction": "NOT_DEFINED",
"modifiedVulnerableSystemConfidentiality": "NOT_DEFINED",
"modifiedVulnerableSystemIntegrity": "NOT_DEFINED",
"modifiedVulnerableSystemAvailability": "NOT_DEFINED",
"modifiedSubsequentSystemConfidentiality": "NOT_DEFINED",
"modifiedSubsequentSystemIntegrity": "NOT_DEFINED",
"modifiedSubsequentSystemAvailability": "NOT_DEFINED",
"safety": "NOT_DEFINED",
"automatable": "NOT_DEFINED",
"recovery": "NOT_DEFINED",
"valueDensity": "NOT_DEFINED",
"vulnerabilityResponseEffort": "NOT_DEFINED",
"providerUrgency": "NOT_DEFINED",
"baseScore": 7.0,
"baseSeverity": "HIGH"
}
}
]
},
"weaknesses": [
{
"source": "security@opentext.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://portal.microfocus.com/s/article/KM000035977",
"source": "security@opentext.com"
}
]
}

77
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update ### Last Repository Update
```plain ```plain
2024-11-08T17:00:26.454342+00:00 2024-11-08T19:00:24.086080+00:00
``` ```
### Most recent CVE Modification Timestamp synchronized with NVD ### Most recent CVE Modification Timestamp synchronized with NVD
```plain ```plain
2024-11-08T16:49:33.143000+00:00 2024-11-08T18:35:05.110000+00:00
``` ```
### Last Data Feed Release ### Last Data Feed Release
@ -33,51 +33,54 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs ### Total Number of included CVEs
```plain ```plain
268685 268695
``` ```
### CVEs added in the last Commit ### CVEs added in the last Commit
Recently added CVEs: `7` Recently added CVEs: `10`
- [CVE-2024-45764](CVE-2024/CVE-2024-457xx/CVE-2024-45764.json) (`2024-11-08T16:15:23.070`) - [CVE-2024-25431](CVE-2024/CVE-2024-254xx/CVE-2024-25431.json) (`2024-11-08T17:15:06.023`)
- [CVE-2024-45765](CVE-2024/CVE-2024-457xx/CVE-2024-45765.json) (`2024-11-08T16:15:23.350`) - [CVE-2024-40239](CVE-2024/CVE-2024-402xx/CVE-2024-40239.json) (`2024-11-08T18:15:17.000`)
- [CVE-2024-46947](CVE-2024/CVE-2024-469xx/CVE-2024-46947.json) (`2024-11-08T16:15:23.957`) - [CVE-2024-40240](CVE-2024/CVE-2024-402xx/CVE-2024-40240.json) (`2024-11-08T18:15:17.130`)
- [CVE-2024-46948](CVE-2024/CVE-2024-469xx/CVE-2024-46948.json) (`2024-11-08T16:15:24.050`) - [CVE-2024-45763](CVE-2024/CVE-2024-457xx/CVE-2024-45763.json) (`2024-11-08T17:15:06.243`)
- [CVE-2024-47190](CVE-2024/CVE-2024-471xx/CVE-2024-47190.json) (`2024-11-08T16:15:24.163`) - [CVE-2024-50634](CVE-2024/CVE-2024-506xx/CVE-2024-50634.json) (`2024-11-08T17:15:06.570`)
- [CVE-2024-50378](CVE-2024/CVE-2024-503xx/CVE-2024-50378.json) (`2024-11-08T15:15:06.143`) - [CVE-2024-51030](CVE-2024/CVE-2024-510xx/CVE-2024-51030.json) (`2024-11-08T18:15:17.463`)
- [CVE-2024-50966](CVE-2024/CVE-2024-509xx/CVE-2024-50966.json) (`2024-11-08T16:15:50.097`) - [CVE-2024-51031](CVE-2024/CVE-2024-510xx/CVE-2024-51031.json) (`2024-11-08T18:15:17.553`)
- [CVE-2024-51032](CVE-2024/CVE-2024-510xx/CVE-2024-51032.json) (`2024-11-08T18:15:17.650`)
- [CVE-2024-51152](CVE-2024/CVE-2024-511xx/CVE-2024-51152.json) (`2024-11-08T18:15:17.753`)
- [CVE-2024-9841](CVE-2024/CVE-2024-98xx/CVE-2024-9841.json) (`2024-11-08T18:15:17.853`)
### CVEs modified in the last Commit ### CVEs modified in the last Commit
Recently modified CVEs: `213` Recently modified CVEs: `39`
- [CVE-2024-50588](CVE-2024/CVE-2024-505xx/CVE-2024-50588.json) (`2024-11-08T16:35:17.883`) - [CVE-2024-23309](CVE-2024/CVE-2024-233xx/CVE-2024-23309.json) (`2024-11-08T18:27:00.643`)
- [CVE-2024-50589](CVE-2024/CVE-2024-505xx/CVE-2024-50589.json) (`2024-11-08T16:35:18.097`) - [CVE-2024-28214](CVE-2024/CVE-2024-282xx/CVE-2024-28214.json) (`2024-11-08T17:35:11.637`)
- [CVE-2024-50590](CVE-2024/CVE-2024-505xx/CVE-2024-50590.json) (`2024-11-08T16:35:18.987`) - [CVE-2024-33699](CVE-2024/CVE-2024-336xx/CVE-2024-33699.json) (`2024-11-08T17:09:29.790`)
- [CVE-2024-50591](CVE-2024/CVE-2024-505xx/CVE-2024-50591.json) (`2024-11-08T16:35:19.220`) - [CVE-2024-33700](CVE-2024/CVE-2024-337xx/CVE-2024-33700.json) (`2024-11-08T17:06:16.147`)
- [CVE-2024-50592](CVE-2024/CVE-2024-505xx/CVE-2024-50592.json) (`2024-11-08T16:35:19.463`) - [CVE-2024-35297](CVE-2024/CVE-2024-352xx/CVE-2024-35297.json) (`2024-11-08T17:35:11.890`)
- [CVE-2024-50593](CVE-2024/CVE-2024-505xx/CVE-2024-50593.json) (`2024-11-08T16:35:19.707`) - [CVE-2024-35314](CVE-2024/CVE-2024-353xx/CVE-2024-35314.json) (`2024-11-08T18:15:16.867`)
- [CVE-2024-50599](CVE-2024/CVE-2024-505xx/CVE-2024-50599.json) (`2024-11-08T16:35:19.980`) - [CVE-2024-36063](CVE-2024/CVE-2024-360xx/CVE-2024-36063.json) (`2024-11-08T17:35:12.793`)
- [CVE-2024-51501](CVE-2024/CVE-2024-515xx/CVE-2024-51501.json) (`2024-11-08T16:15:50.200`) - [CVE-2024-36064](CVE-2024/CVE-2024-360xx/CVE-2024-36064.json) (`2024-11-08T17:35:13.630`)
- [CVE-2024-51556](CVE-2024/CVE-2024-515xx/CVE-2024-51556.json) (`2024-11-08T15:20:14.800`) - [CVE-2024-3754](CVE-2024/CVE-2024-37xx/CVE-2024-3754.json) (`2024-11-08T17:35:14.477`)
- [CVE-2024-51557](CVE-2024/CVE-2024-515xx/CVE-2024-51557.json) (`2024-11-08T15:19:48.557`) - [CVE-2024-46960](CVE-2024/CVE-2024-469xx/CVE-2024-46960.json) (`2024-11-08T17:35:15.030`)
- [CVE-2024-51558](CVE-2024/CVE-2024-515xx/CVE-2024-51558.json) (`2024-11-08T15:19:32.597`) - [CVE-2024-46961](CVE-2024/CVE-2024-469xx/CVE-2024-46961.json) (`2024-11-08T17:35:15.877`)
- [CVE-2024-51559](CVE-2024/CVE-2024-515xx/CVE-2024-51559.json) (`2024-11-08T15:19:03.367`) - [CVE-2024-47073](CVE-2024/CVE-2024-470xx/CVE-2024-47073.json) (`2024-11-08T17:35:16.707`)
- [CVE-2024-51560](CVE-2024/CVE-2024-515xx/CVE-2024-51560.json) (`2024-11-08T15:18:23.127`) - [CVE-2024-47493](CVE-2024/CVE-2024-474xx/CVE-2024-47493.json) (`2024-11-08T18:15:17.240`)
- [CVE-2024-51661](CVE-2024/CVE-2024-516xx/CVE-2024-51661.json) (`2024-11-08T15:02:08.660`) - [CVE-2024-49522](CVE-2024/CVE-2024-495xx/CVE-2024-49522.json) (`2024-11-08T18:06:01.930`)
- [CVE-2024-51739](CVE-2024/CVE-2024-517xx/CVE-2024-51739.json) (`2024-11-08T15:56:18.753`) - [CVE-2024-50117](CVE-2024/CVE-2024-501xx/CVE-2024-50117.json) (`2024-11-08T17:53:01.860`)
- [CVE-2024-7429](CVE-2024/CVE-2024-74xx/CVE-2024-7429.json) (`2024-11-08T15:26:30.457`) - [CVE-2024-50118](CVE-2024/CVE-2024-501xx/CVE-2024-50118.json) (`2024-11-08T18:02:21.617`)
- [CVE-2024-7982](CVE-2024/CVE-2024-79xx/CVE-2024-7982.json) (`2024-11-08T15:35:11.250`) - [CVE-2024-50119](CVE-2024/CVE-2024-501xx/CVE-2024-50119.json) (`2024-11-08T18:03:02.373`)
- [CVE-2024-7985](CVE-2024/CVE-2024-79xx/CVE-2024-7985.json) (`2024-11-08T15:22:33.123`) - [CVE-2024-50120](CVE-2024/CVE-2024-501xx/CVE-2024-50120.json) (`2024-11-08T18:04:08.080`)
- [CVE-2024-8541](CVE-2024/CVE-2024-85xx/CVE-2024-8541.json) (`2024-11-08T15:07:08.400`) - [CVE-2024-50121](CVE-2024/CVE-2024-501xx/CVE-2024-50121.json) (`2024-11-08T18:05:13.947`)
- [CVE-2024-9143](CVE-2024/CVE-2024-91xx/CVE-2024-9143.json) (`2024-11-08T16:35:21.580`) - [CVE-2024-50378](CVE-2024/CVE-2024-503xx/CVE-2024-50378.json) (`2024-11-08T18:35:04.843`)
- [CVE-2024-9178](CVE-2024/CVE-2024-91xx/CVE-2024-9178.json) (`2024-11-08T16:03:26.157`) - [CVE-2024-50766](CVE-2024/CVE-2024-507xx/CVE-2024-50766.json) (`2024-11-08T17:35:18.630`)
- [CVE-2024-9657](CVE-2024/CVE-2024-96xx/CVE-2024-9657.json) (`2024-11-08T16:00:28.320`) - [CVE-2024-50966](CVE-2024/CVE-2024-509xx/CVE-2024-50966.json) (`2024-11-08T18:35:05.110`)
- [CVE-2024-9667](CVE-2024/CVE-2024-96xx/CVE-2024-9667.json) (`2024-11-08T15:27:25.697`) - [CVE-2024-51428](CVE-2024/CVE-2024-514xx/CVE-2024-51428.json) (`2024-11-08T17:35:19.500`)
- [CVE-2024-9867](CVE-2024/CVE-2024-98xx/CVE-2024-9867.json) (`2024-11-08T16:00:04.640`) - [CVE-2024-51434](CVE-2024/CVE-2024-514xx/CVE-2024-51434.json) (`2024-11-08T17:35:20.360`)
- [CVE-2024-9878](CVE-2024/CVE-2024-98xx/CVE-2024-9878.json) (`2024-11-08T15:25:45.930`) - [CVE-2024-9579](CVE-2024/CVE-2024-95xx/CVE-2024-9579.json) (`2024-11-08T18:08:02.683`)
## Download and Usage ## Download and Usage

522
_state.csv
View File

File diff suppressed because it is too large Load Diff