admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2025-03-27T23:00:21.041841+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2025-03-27 23:03:52 +00:00
parent 6a31607bd7
commit a925f29561
98 changed files with 4695 additions and 575 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

119
CVE-2021/CVE-2021-472xx/CVE-2021-47201.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47201",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T19:15:48.123",
"lastModified": "2024-11-21T06:35:37.100",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:15:23.443",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,39 +15,136 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iavf: libera q_vectors antes de las colas en iavf_disable_vf iavf_free_queues() borra adaptador->num_active_queues, del que depende iavf_free_q_vectors(), por lo que se debe intercambiar el orden de estas dos llamadas de funci\u00f3n en iavf_disable_vf(). Esto resuelve un p\u00e1nico que se produce cuando se deshabilita la interfaz y luego se vuelve a activar despu\u00e9s de que se restablece la comunicaci\u00f3n PF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.13",
"versionEndExcluding": "5.4.162",
"matchCriteriaId": "CAAC333B-58DB-4C4B-98C7-032C07430D26"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.82",
"matchCriteriaId": "AE501832-500C-4EF1-9489-5C13674F619D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.5",
"matchCriteriaId": "2128A085-4C0C-4C1E-9E9C-0DD868E2170F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/78638b47132244e3934dc5dc79f6372d5ce8e98c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/89f22f129696ab53cfbc608e0a2184d0fea46ac1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/926e8c83d4c1c2dac0026637eb0d492df876489e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9ef6589cac9a8c47f5544ccdf4c498093733bb3f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/78638b47132244e3934dc5dc79f6372d5ce8e98c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/89f22f129696ab53cfbc608e0a2184d0fea46ac1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/926e8c83d4c1c2dac0026637eb0d492df876489e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9ef6589cac9a8c47f5544ccdf4c498093733bb3f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

181
CVE-2021/CVE-2021-472xx/CVE-2021-47203.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47203",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T19:15:48.217",
"lastModified": "2024-11-21T06:35:37.340",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:15:41.670",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,71 +15,214 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: scsi: lpfc: Se corrige la corrupci\u00f3n de list_add() en lpfc_drain_txq() Al analizar la lista txq en lpfc_drain_txq(), el controlador intenta pasar las solicitudes al adaptador. Si dicho intento falla, se establece una cadena \"fail_msg\" local y se genera un mensaje de registro. Luego, el trabajo se agrega a una lista de finalizaciones para su cancelaci\u00f3n. El procesamiento de cualquier otro trabajo de la lista txq contin\u00faa, pero como \"fail_msg\" permanece establecido, los trabajos se agregan a la lista de finalizaciones independientemente de si se pas\u00f3 un wqe al adaptador. Si se agrega correctamente a txcmplq, los trabajos se agregan a ambas listas, lo que da como resultado la corrupci\u00f3n de la lista. Se soluciona borrando la cadena fail_msg despu\u00e9s de agregar un trabajo a la lista de finalizaciones. Esto evita que los trabajos posteriores se agreguen a la lista de finalizaciones a menos que hayan tenido una falla apropiada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.4.293",
"matchCriteriaId": "83024F84-4857-4CAF-957E-C14804BAC4AF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.5",
"versionEndExcluding": "4.9.291",
"matchCriteriaId": "8B1EE39E-FE30-4B7D-A26F-631135BCBB3F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.10",
"versionEndExcluding": "4.14.256",
"matchCriteriaId": "FCEB92FF-21BF-4F75-ACA1-6AE1D51A79FC"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.15",
"versionEndExcluding": "4.19.218",
"matchCriteriaId": "4F85F433-5DEA-47D3-B07E-3B1AC474D6E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.162",
"matchCriteriaId": "51A152D8-D5CE-47BD-9041-DEE164DCE99D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.82",
"matchCriteriaId": "AE501832-500C-4EF1-9489-5C13674F619D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.5",
"matchCriteriaId": "2128A085-4C0C-4C1E-9E9C-0DD868E2170F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/16bcbfb56d759c25665f786e33ec633b9508a08f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/814d3610c4ce86e8cf285b2cdac0057a42e82de5",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/99154581b05c8fb22607afb7c3d66c1bace6aa5d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ad4776b5eb2e58af1226847fcd3b4f6d051674dd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b291d147d0268e93ad866f8bc820ea14497abc9b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c097bd5a59162156d9c2077a2f58732ffbaa9fca",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ec70d80a8642900086447ba0cdc79e3f44d42e8f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/f05a0191b90156e539cccc189b9d87ca2a4d9305",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

80
CVE-2021/CVE-2021-472xx/CVE-2021-47209.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47209",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T19:15:48.447",
"lastModified": "2024-11-21T06:35:38.130",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:16:39.163",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,89 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/fair: Evitar que los grupos de tareas inactivos recuperen cfs_rq Kevin informa fallos que apuntan a un use-after-free de un cfs_rq en update_blocked_averages(). La depuraci\u00f3n inicial revel\u00f3 que tenemos cfs_rq activos (on_list=1) en un grupo de tareas a punto de ser kfree() en free_fair_sched_group(). Sin embargo, no estaba claro c\u00f3mo puede suceder eso. Su configuraci\u00f3n del kernel result\u00f3 en un dise\u00f1o de struct sched_entity que coloca el miembro 'my_q' directamente en el medio del objeto, lo que hace que se superponga incidentalmente con el puntero de lista libre de SLUB. Eso, en combinaci\u00f3n con la manipulaci\u00f3n del puntero de lista libre de SLAB_FREELIST_HARDENED, conduce a una violaci\u00f3n de acceso confiable en forma de un #GP que hizo que el UAF fallara r\u00e1pidamente. Michal parece haberse topado con el mismo problema[1]. \u00c9l ya diagnostic\u00f3 correctamente que el commit a7b359fc6a37 (\"sched/fair: Insertar correctamente cfs_rq en la lista al desregular\") est\u00e1 causando que se cumplan las condiciones previas para que se produzca la UAF al volver a agregar cfs_rq tambi\u00e9n a los grupos de tareas que ya no tienen tareas en ejecuci\u00f3n, es decir, tambi\u00e9n a los que est\u00e1n inactivos. Sin embargo, su an\u00e1lisis no detecta la causa ra\u00edz real y no se puede ver solo desde el backtrace del bloqueo, ya que el verdadero infractor es tg_unthrottle_up() que se llama a trav\u00e9s de sched_cfs_period_timer() mediante la interrupci\u00f3n del temporizador en un momento inconveniente. Cuando unregister_fair_sched_group() desvincula todos los cfs_rq del grupo de tareas que est\u00e1 inactivo, no se protege a s\u00ed mismo de ser interrumpido. Si la interrupci\u00f3n del temporizador se activa mientras iteramos sobre todas las CPU o despu\u00e9s de que unregister_fair_sched_group() haya terminado pero antes de desvincular el grupo de tareas, sched_cfs_period_timer() se ejecutar\u00e1 y recorrer\u00e1 la lista de grupos de tareas, intentando liberar cfs_rq, es decir, volver a agregarlos al grupo de tareas moribundo. Estos ser\u00e1n posteriormente -- en free_fair_sched_group() -- kfree()'ed mientras siguen vinculados, lo que lleva a los fuegos artificiales que Kevin y Michal est\u00e1n viendo. Para solucionar esta ejecuci\u00f3n, aseg\u00farese de que el grupo de tareas moribundo se desvincule primero. Sin embargo, simplemente cambiar el orden de anulaci\u00f3n del registro y desvinculaci\u00f3n del grupo de tareas no es suficiente, ya que los caminantes de RCU concurrentes a\u00fan podr\u00edan verlo, como se puede ver a continuaci\u00f3n: CPU1: CPU2: : timer IRQ: : do_sched_cfs_period_timer(): : : : distributed_cfs_runtime(): : rcu_read_lock(); : : : unthrottle_cfs_rq(): sched_offline_group(): : : walk_tg_tree_from(\u2026,tg_unthrottle_up,\u2026): list_del_rcu(&tg->list); : (1) : list_for_each_entry_rcu(child, &parent->children, brothers) : : (2) list_del_rcu(&tg->siblings); : : tg_unthrottle_up(): anular_registro_justo_sched_group(): struct cfs_rq *cfs_rq = tg->cfs_rq[cpu_of(rq)]; : : list_del_leaf_cfs_rq(tg->cfs_rq[cpu]); : : : : si (!cfs_rq_est\u00e1_deca\u00eddo(cfs_rq) || cfs_rq->nr_en_ejecuci\u00f3n) (3) : lista_agregar_hoja_cfs_rq(cfs_rq); : : : : : : : : : ---truncado---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-416"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13",
"versionEndExcluding": "5.15.5",
"matchCriteriaId": "172C15F0-CF2B-47F2-8931-3368DC97E4E2"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/512e21c150c1c3ee298852660f3a796e267e62ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b027789e5e50494c2325cc70c8642e7fd6059479",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/512e21c150c1c3ee298852660f3a796e267e62ec",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b027789e5e50494c2325cc70c8642e7fd6059479",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

130
CVE-2021/CVE-2021-472xx/CVE-2021-47210.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47210",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T19:15:48.497",
"lastModified": "2024-11-21T06:35:38.243",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:17:41.257",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,47 +15,151 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: tipd: Eliminar WARN_ON en tps6598x_block_read Llamar a tps6598x_block_read con una longitud mayor que la permitida se puede solucionar simplemente devolviendo un error. No es necesario bloquear los sistemas con la funci\u00f3n de p\u00e1nico al advertir habilitada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "4.19.218",
"matchCriteriaId": "4EA92CE5-2AFA-4EA3-A037-2E68A1E6E6EE"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.162",
"matchCriteriaId": "51A152D8-D5CE-47BD-9041-DEE164DCE99D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.82",
"matchCriteriaId": "AE501832-500C-4EF1-9489-5C13674F619D"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.5",
"matchCriteriaId": "2128A085-4C0C-4C1E-9E9C-0DD868E2170F"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/2a897d384513ba7f7ef05611338b9a6ec6aeac00",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2c71811c963b6c310a29455d521d31a7ea6c5b5e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/30dcfcda8992dc42f18e7d35b6a1fa72372d382d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7a0a63f3fed57d413bb857de164ea9c3984bc4e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eff8b7628410cb2eb562ca0d5d1f12e27063733e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2a897d384513ba7f7ef05611338b9a6ec6aeac00",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2c71811c963b6c310a29455d521d31a7ea6c5b5e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/30dcfcda8992dc42f18e7d35b6a1fa72372d382d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7a0a63f3fed57d413bb857de164ea9c3984bc4e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/eff8b7628410cb2eb562ca0d5d1f12e27063733e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

85
CVE-2021/CVE-2021-472xx/CVE-2021-47212.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47212",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T19:15:48.597",
"lastModified": "2024-11-21T06:35:38.460",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:02:03.497",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,94 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5: Actualizar el controlador de errores para UCTX y UMEM En el flujo de descarga r\u00e1pida, el estado del dispositivo se establece en error interno, lo que indica que el controlador inici\u00f3 el proceso de destrucci\u00f3n. En este caso, cuando se ejecuta un comando de destrucci\u00f3n, debe devolver MLX5_CMD_STAT_OK. Corrija MLX5_CMD_OP_DESTROY_UCTX y MLX5_CMD_OP_DESTROY_UMEM para que devuelvan OK en lugar de EIO. Esto corrige un seguimiento de llamadas en el proceso de lanzamiento de umem - [ 2633.536695] Seguimiento de llamadas: [ 2633.537518] ib_uverbs_remove_one+0xc3/0x140 [ib_uverbs] [ 2633.538596] remove_client_context+0x8b/0xd0 [ib_core] [ 2633.539641] deshabilitar_device+0x8c/0x130 [ib_core] [ 2633.540615] __ib_unregister_device+0x35/0xa0 [ib_core] [ 2633.541640] ib_unregister_device+0x21/0x30 [ib_core] [ 2633.542663] __mlx5_ib_remove+0x38/0x90 [mlx5_ib] [ 2633.543640] bus_auxiliar_eliminar+0x1e/0x30 [auxiliar] [ 2633.544661] dispositivo_liberaci\u00f3n_controlador_interno+0x103/0x1f0 [ 2633.545679] bus_eliminar_dispositivo+0xf7/0x170 [ 2633.546640] dispositivo_del+0x181/0x410 [ 2633.547606] mlx5_rescan_drivers_locked.part.10+0x63/0x160 [mlx5_core] [ 2633.548777] mlx5_anular_registro_dispositivo+0x27/0x40 [mlx5_core] [ 2633.549841] mlx5_uninit_one+0x21/0xc0 [mlx5_core] [ 2633.550864] remove_one+0x69/0xe0 [mlx5_core] [ 2633.551819] pci_device_remove+0x3b/0xc0 [ 2633.552731] device_release_driver_internal+0x103/0x1f0 [ 2633.553746] unbind_store+0xf6/0x130 [ 2633.554657] kernfs_fop_write+0x116/0x190 [ 2633.555567] vfs_write+0xa5/0x1a0 [ 2633.556407] ksys_write+0x4f/0xb0 [ 2633.557233] do_syscall_64+0x5b/0x1a0 [ 2633.558071] entry_SYSCALL_64_after_hwframe+0x65/0xca [ 2633.559018] RIP: 0033:0x7f9977132648 [ 2633.559821] C\u00f3digo: 89 02 48 c7 c0 ff ff ff ff eb b3 0f 1f 80 00 00 00 00 f3 0f 1e fa 48 8d 05 55 6f 2d 00 8b 00 85 c0 75 17 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 58 c3 0f 1f 80 00 00 00 00 41 54 49 89 d4 55 [ 2633.562332] RSP: 002b:00007fffb1a83888 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2633.563472] RAX: ffffffffffffffda RBX: 000000000000000c RCX: 00007f9977132648 [ 2633.564541] RDX: 000000000000000c RSI: 000055b90546e230 RDI: 0000000000000001 [ 2633.565596] RBP: 000055b90546e230 R08: 00007f9977406860 R09: 00007f9977a54740 [ 2633.566653] R10: 000000000000000 R11: 0000000000000246 R12: 00007f99774056e0 [ 2633.567692] R13: 000000000000000c R14: 00007f9977400880 R15: 000000000000000c [ 2633.568725] ---[ fin de seguimiento 10b4fe52945e544d ]---"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.2",
"versionEndExcluding": "5.15.5",
"matchCriteriaId": "F77953F3-06B8-4DF3-8B46-B116AAD86BB2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/a51a6da375d82aed5c8f83abd13e7d060421bd48",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ba50cd9451f6c49cf0841c0a4a146ff6a2822699",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a51a6da375d82aed5c8f83abd13e7d060421bd48",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ba50cd9451f6c49cf0841c0a4a146ff6a2822699",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

90
CVE-2021/CVE-2021-472xx/CVE-2021-47214.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47214",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T19:15:48.680",
"lastModified": "2024-11-21T06:35:38.583",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:05:27.253",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,99 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: hugetlb, userfaultfd: se corrige el error de restauraci\u00f3n de reserva en userfaultfd Actualmente, en el caso is_continue en hugetlb_mcopy_atomic_pte(), si salimos usando \"goto out_release_unlock;\" en los casos donde idx >= size, o !huge_pte_none(), el c\u00f3digo detectar\u00e1 que new_pagecache_page == false, y por lo tanto llamar\u00e1 a restore_reserve_on_error(). En este caso, veo que restore_reserve_on_error() elimina la reserva, y la siguiente llamada a remove_inode_hugepages() incrementar\u00e1 h->resv_hugepages causando una fuga 100% reproducible. Deber\u00edamos tratar el caso is_continue de forma similar a agregar una p\u00e1gina al pagecache y establecer new_pagecache_page en true, para indicar que no hay ninguna reserva para restaurar en la ruta del error, y no necesitamos llamar a restore_reserve_on_error(). Cambie el nombre new_pagecache_page a page_in_pagecache para que quede claro."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.14",
"versionEndExcluding": "5.15.5",
"matchCriteriaId": "53E796CA-D377-4F91-8FF4-33D9CAC9A4B8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.13.13:*:*:*:*:*:*:*",
"matchCriteriaId": "6047C65C-29BB-4EDB-B410-FA269D2877D5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b5069d44e2fbc4a9093d005b3ef0949add3dd27e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cc30042df6fcc82ea18acf0dace831503e60a0b7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

85
CVE-2021/CVE-2021-472xx/CVE-2021-47215.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2021-47215",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T19:15:48.727",
"lastModified": "2024-11-21T06:35:38.693",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:05:34.560",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,94 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/mlx5e: kTLS, se corrige un fallo en el flujo de resincronizaci\u00f3n RX Para el flujo de resincronizaci\u00f3n RX de TLS, mantenemos una lista de contextos TLS que requieren cierta atenci\u00f3n para comunicar su informaci\u00f3n de resincronizaci\u00f3n al hardware. Aqu\u00ed corregimos las corrupciones de la lista al proteger las entradas contra los movimientos provenientes de resync_handle_seq_match(), hasta que se complete por completo su manejo de resincronizaci\u00f3n en napi."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.13",
"versionEndExcluding": "5.15.5",
"matchCriteriaId": "172C15F0-CF2B-47F2-8931-3368DC97E4E2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.16:rc1:*:*:*:*:*:*",
"matchCriteriaId": "357AA433-37E8-4323-BFB2-3038D6E4B414"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ebeda7a9528ae690e6bf12791a868f0cca8391f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/cc4a9cc03faa6d8db1a6954bb536f2c1e63bdff6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ebeda7a9528ae690e6bf12791a868f0cca8391f2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

12
CVE-2022/CVE-2022-259xx/CVE-2022-25936.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25936",
"sourceIdentifier": "report@snyk.io",
"published": "2023-01-30T05:15:10.057",
"lastModified": "2024-11-21T06:53:14.680",
"lastModified": "2025-03-27T21:15:39.147",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -79,6 +79,16 @@
"value": "CWE-22"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"configurations": [

19
CVE-2022/CVE-2022-259xx/CVE-2022-25967.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-25967",
"sourceIdentifier": "report@snyk.io",
"published": "2023-01-30T05:15:10.177",
"lastModified": "2024-11-21T06:53:16.090",
"lastModified": "2025-03-27T21:15:40.110",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -79,6 +79,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [
@ -157,6 +167,13 @@
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://security.snyk.io/vuln/SNYK-JS-ETA-2936803",
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"Third Party Advisory"
]
}
]
}

12
CVE-2022/CVE-2022-42xx/CVE-2022-4201.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4201",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-01-27T22:15:08.913",
"lastModified": "2024-11-21T07:34:46.233",
"lastModified": "2025-03-27T21:15:40.680",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-918"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-918"
}
]
}
],
"configurations": [

12
CVE-2022/CVE-2022-42xx/CVE-2022-4205.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4205",
"sourceIdentifier": "cve@gitlab.com",
"published": "2023-01-27T22:15:08.997",
"lastModified": "2024-11-21T07:34:46.597",
"lastModified": "2025-03-27T21:15:40.837",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-843"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-843"
}
]
}
],
"configurations": [

22
CVE-2022/CVE-2022-43xx/CVE-2022-4306.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4306",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-30T21:15:10.510",
"lastModified": "2024-11-21T07:34:58.863",
"lastModified": "2025-03-27T21:15:41.030",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

22
CVE-2022/CVE-2022-47xx/CVE-2022-4776.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4776",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-30T21:15:12.190",
"lastModified": "2024-11-21T07:35:55.227",
"lastModified": "2025-03-27T21:15:41.193",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

22
CVE-2022/CVE-2022-47xx/CVE-2022-4793.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4793",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-30T21:15:12.477",
"lastModified": "2024-11-21T07:35:57.187",
"lastModified": "2025-03-27T21:15:41.340",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 0.9,
"impactScore": 5.9
}
]
},

32
CVE-2022/CVE-2022-483xx/CVE-2022-48303.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-48303",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-30T04:15:08.030",
"lastModified": "2024-11-21T07:33:07.547",
"lastModified": "2025-03-27T21:15:40.483",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-125"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"configurations": [

22
CVE-2022/CVE-2022-48xx/CVE-2022-4828.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2022-4828",
"sourceIdentifier": "contact@wpscan.com",
"published": "2023-01-30T21:15:12.627",
"lastModified": "2024-11-21T07:36:01.580",
"lastModified": "2025-03-27T21:15:41.490",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

32
CVE-2023/CVE-2023-223xx/CVE-2023-22322.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-22322",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2023-01-30T07:15:09.237",
"lastModified": "2024-11-21T07:44:31.633",
"lastModified": "2025-03-27T21:15:41.690",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-611"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-611"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-230xx/CVE-2023-23021.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-23021",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-01T19:15:21.027",
"lastModified": "2025-02-21T18:53:16.480",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:41.857",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

32
CVE-2023/CVE-2023-233xx/CVE-2023-23331.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-23331",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-01-24T01:15:10.683",
"lastModified": "2024-11-21T07:46:00.377",
"lastModified": "2025-03-27T21:15:42.077",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

39
CVE-2023/CVE-2023-303xx/CVE-2023-30307.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-30307",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-28T20:16:20.383",
"lastModified": "2024-11-21T07:59:59.780",
"lastModified": "2025-03-27T21:15:42.407",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema descubierto en los enrutadores TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L y TP-LINK TL-R476G permite los atacantes secuestran sesiones TCP, lo que podr\u00eda provocar una denegaci\u00f3n de servicio."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
],
"references": [
{
"url": "https://www.ndss-symposium.org/ndss-paper/exploiting-sequence-number-leakage-tcp-hijacking-in-nat-enabled-wi-fi-networks/",

39
CVE-2023/CVE-2023-383xx/CVE-2023-38302.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38302",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-22T15:15:47.313",
"lastModified": "2024-11-21T08:13:16.783",
"lastModified": "2025-03-27T21:15:42.617",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Cierta compilaci\u00f3n de software para el dispositivo Sharp Rouvo V (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) filtra la direcci\u00f3n MAC de Wi-Fi y la direcci\u00f3n MAC de Bluetooth a las propiedades del sistema a las que se puede acceder por cualquier aplicaci\u00f3n local en el dispositivo sin ning\u00fan permiso o privilegio especial. Google restringi\u00f3 que las aplicaciones de terceros obtengan directamente identificadores de dispositivos no reiniciables en Android 10 y versiones posteriores, pero en este caso se filtran mediante un proceso de alto privilegio y se pueden obtener indirectamente. Esta aplicaci\u00f3n maliciosa lee la propiedad del sistema \"ro.boot.wifi_mac\" para obtener indirectamente la direcci\u00f3n MAC de Wi-Fi y lee la propiedad del sistema \"ro.boot.bt_mac\" para obtener la direcci\u00f3n MAC de Bluetooth."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"references": [
{
"url": "https://media.defcon.org/DEF%20CON%2031/DEF%20CON%2031%20presentations/Ryan%20Johnson%20Mohamed%20Elsabagh%20Angelos%20Stavrou%20-%20Still%20Vulnerable%20Out%20of%20the%20Box%20Revisiting%20the%20Security%20of%20Prepaid%20Android%20Carrier%20Devices.pdf",

14
CVE-2023/CVE-2023-385xx/CVE-2023-38551.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-38551",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-05-31T18:15:09.780",
"lastModified": "2024-11-21T08:13:48.717",
"lastModified": "2025-03-27T21:15:42.800",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-93"
}
]
}
],
"references": [
{
"url": "https://forums.ivanti.com/s/article/Security-Advisory-May-2024",

34
CVE-2023/CVE-2023-429xx/CVE-2023-42952.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-42952",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-02-21T07:15:51.510",
"lastModified": "2024-12-05T19:56:22.987",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:42.933",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-523xx/CVE-2023-52350.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52350",
"sourceIdentifier": "security@unisoc.com",
"published": "2024-04-08T03:15:08.687",
"lastModified": "2024-11-27T16:22:44.777",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:43.130",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 0.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-523xx/CVE-2023-52359.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52359",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T09:15:08.293",
"lastModified": "2024-12-09T18:03:10.427",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:43.330",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [

34
CVE-2023/CVE-2023-523xx/CVE-2023-52386.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52386",
"sourceIdentifier": "psirt@huawei.com",
"published": "2024-04-08T10:15:08.487",
"lastModified": "2024-12-09T18:01:30.060",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:43.500",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-787"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [

187
CVE-2023/CVE-2023-526xx/CVE-2023-52642.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-52642",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T10:15:08.447",
"lastModified": "2024-11-21T08:40:16.077",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:05:43.420",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,59 +15,214 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: medios: rc: bpf adjunto/detach requiere permiso de escritura. Tenga en cuenta que bpf adjunto/detach tambi\u00e9n requiere CAP_NET_ADMIN."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.210",
"matchCriteriaId": "24443040-F8E0-445D-8395-40A94214526C"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.149",
"matchCriteriaId": "0D0465BB-4053-4E15-9137-6696EBAE90FD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.79",
"matchCriteriaId": "656E2F29-1779-4EFC-AA64-8F984E2885B1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.18",
"matchCriteriaId": "BD961E49-FEDA-47CF-BF23-4D2BD942B4E0"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.6",
"matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/6a9d552483d50953320b9d3b57abdee8d436f23f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93136132d1b5792bf44151e3494ae3691cd738e8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93d8109bf182510629bbefc8cd45296d2393987f",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9f6087851ec6dce5b15f694aeaf3e8ec8243224e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/caf2da1d4562de4e35eedec0be2b7f1ee25d83be",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d98210108e7b2ff64b332b0a3541c8ad6a0617b0",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6a9d552483d50953320b9d3b57abdee8d436f23f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93136132d1b5792bf44151e3494ae3691cd738e8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/93d8109bf182510629bbefc8cd45296d2393987f",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9f6087851ec6dce5b15f694aeaf3e8ec8243224e",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/caf2da1d4562de4e35eedec0be2b7f1ee25d83be",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/d98210108e7b2ff64b332b0a3541c8ad6a0617b0",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
}
]
}

34
CVE-2024/CVE-2024-00xx/CVE-2024-0022.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0022",
"sourceIdentifier": "security@android.com",
"published": "2024-05-07T21:15:08.330",
"lastModified": "2024-11-25T13:52:21.147",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:43.683",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"configurations": [

27
CVE-2024/CVE-2024-03xx/CVE-2024-0399.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0399",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-04-15T05:15:14.627",
"lastModified": "2024-11-21T08:46:29.970",
"lastModified": "2025-03-27T21:15:43.857",
"vulnStatus": "Undergoing Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento WooCommerce Customers Manager de WordPress anterior a la versi\u00f3n 29.7 no sanitiza ni escapa adecuadamente un par\u00e1metro antes de usarlo en una declaraci\u00f3n SQL, lo que genera una inyecci\u00f3n de SQL explotable por el rol Suscriptor+."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/1550e30c-bf80-48e0-bc51-67d29ebe7272/",

39
CVE-2024/CVE-2024-07xx/CVE-2024-0757.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-0757",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-04T06:15:08.707",
"lastModified": "2024-11-21T08:47:18.487",
"lastModified": "2025-03-27T21:15:44.050",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "El complemento Insert or Embed Articulate Content en WordPress hasta 4.3000000023 no filtra correctamente qu\u00e9 extensiones de archivo pueden importarse en el servidor, lo que permite cargar c\u00f3digo malicioso dentro de archivos zip."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-434"
}
]
}
],
"references": [
{
"url": "https://wpscan.com/vulnerability/eccd017c-e442-46b6-b5e6-aec7bbd5f836/",

27
CVE-2024/CVE-2024-14xx/CVE-2024-1401.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1401",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-03-19T15:15:07.183",
"lastModified": "2024-11-21T08:50:30.317",
"lastModified": "2025-03-27T21:15:44.207",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Profile Box Shortcode And Widget de WordPress anterior a 1.2.1 no sanitiza ni escapa a algunas de sus configuraciones, lo que podr\u00eda permitir a usuarios con altos privilegios, como el administrador, realizar ataques de Cross-Site Scripting Almacenado incluso cuando la capacidad unfiltered_html no est\u00e1 permitida (por ejemplo, en configuraci\u00f3n multisitio)"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.7,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/91064ba5-cf65-46e6-88df-0e4d96a3ef9f/",

27
CVE-2024/CVE-2024-16xx/CVE-2024-1658.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-1658",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-03-18T16:15:07.227",
"lastModified": "2024-11-21T08:51:01.347",
"lastModified": "2025-03-27T22:15:14.193",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Grid Shortcodes de WordPress anterior a 1.1.1 no valida ni escapa algunos de sus atributos de shortcode antes de devolverlos a una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el shortcode, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superiores realizar un ataque de Cross-Site Scripting Almacenado"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/9489925e-5a47-4608-90a2-0139c5e1c43c/",

16
CVE-2024/CVE-2024-209xx/CVE-2024-20937.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20937",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:48.227",
"lastModified": "2024-11-29T14:08:17.250",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T22:15:15.273",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

16
CVE-2024/CVE-2024-209xx/CVE-2024-20962.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-20962",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-02-17T02:15:50.207",
"lastModified": "2024-11-29T14:06:30.670",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:44.353",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"configurations": [

16
CVE-2024/CVE-2024-210xx/CVE-2024-21039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21039",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:20.260",
"lastModified": "2024-11-27T16:29:33.007",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:44.493",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"configurations": [

16
CVE-2024/CVE-2024-210xx/CVE-2024-21073.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21073",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:26.190",
"lastModified": "2024-12-04T16:28:30.120",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:44.640",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

16
CVE-2024/CVE-2024-211xx/CVE-2024-21111.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21111",
"sourceIdentifier": "secalert_us@oracle.com",
"published": "2024-04-16T22:15:32.780",
"lastModified": "2024-12-05T15:16:10.643",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:44.783",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -19,7 +19,7 @@
"cvssMetricV31": [
{
"source": "secalert_us@oracle.com",
"type": "Primary",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
@ -49,6 +49,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"configurations": [

24
CVE-2024/CVE-2024-217xx/CVE-2024-21724.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21724",
"sourceIdentifier": "security@joomla.org",
"published": "2024-02-29T01:44:03.773",
"lastModified": "2025-02-14T17:24:52.837",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T22:15:15.453",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},

14
CVE-2024/CVE-2024-220xx/CVE-2024-22054.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22054",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-02-20T18:15:51.393",
"lastModified": "2024-11-21T08:55:28.447",
"lastModified": "2025-03-27T21:15:44.933",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-20"
}
]
}
],
"references": [
{
"url": "https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027",

14
CVE-2024/CVE-2024-222xx/CVE-2024-22264.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22264",
"sourceIdentifier": "security@vmware.com",
"published": "2024-05-08T04:15:08.900",
"lastModified": "2024-11-21T08:55:55.360",
"lastModified": "2025-03-27T21:15:45.093",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-269"
}
]
}
],
"references": [
{
"url": "https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24219",

32
CVE-2024/CVE-2024-225xx/CVE-2024-22524.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22524",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-06-06T22:15:10.043",
"lastModified": "2024-11-21T08:56:24.203",
"lastModified": "2025-03-27T21:15:45.220",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-476"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [

27
CVE-2024/CVE-2024-229xx/CVE-2024-22983.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-22983",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-28T22:15:26.453",
"lastModified": "2024-11-21T08:56:50.910",
"lastModified": "2025-03-27T22:15:15.637",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Projectworlds Visitor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a trav\u00e9s del par\u00e1metro de nombre en el endpoint myform.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",

34
CVE-2024/CVE-2024-232xx/CVE-2024-23232.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23232",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:47.833",
"lastModified": "2024-12-05T19:50:23.700",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:45.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-922"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-232xx/CVE-2024-23257.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23257",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:48.760",
"lastModified": "2024-12-20T17:08:48.080",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T22:15:15.830",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-232xx/CVE-2024-23292.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23292",
"sourceIdentifier": "product-security@apple.com",
"published": "2024-03-08T02:15:50.257",
"lastModified": "2024-12-09T14:39:31.653",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:45.573",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"baseScore": 3.3,
"baseSeverity": "LOW",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
],
"configurations": [

32
CVE-2024/CVE-2024-241xx/CVE-2024-24150.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-24150",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T01:44:11.777",
"lastModified": "2024-11-21T08:58:59.480",
"lastModified": "2025-03-27T21:15:45.750",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-401"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-401"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-242xx/CVE-2024-24275.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24275",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.520",
"lastModified": "2025-02-18T13:44:28.043",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:45.937",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-242xx/CVE-2024-24276.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24276",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-05T23:15:07.583",
"lastModified": "2025-02-18T13:44:14.953",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:46.123",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 6.0
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-243xx/CVE-2024-24389.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-24389",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-07T02:15:51.970",
"lastModified": "2025-03-04T14:23:03.773",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:46.297",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,12 +36,42 @@
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{

34
CVE-2024/CVE-2024-252xx/CVE-2024-25248.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-25248",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-26T22:15:07.003",
"lastModified": "2025-02-14T16:22:09.803",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:46.483",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"configurations": [

14
CVE-2024/CVE-2024-256xx/CVE-2024-25615.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-25615",
"sourceIdentifier": "security-alert@hpe.com",
"published": "2024-03-05T21:15:08.637",
"lastModified": "2024-11-21T09:01:05.260",
"lastModified": "2025-03-27T21:15:46.667",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-400"
}
]
}
],
"references": [
{
"url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt",

39
CVE-2024/CVE-2024-264xx/CVE-2024-26454.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26454",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-15T01:15:58.780",
"lastModified": "2024-11-21T09:02:25.983",
"lastModified": "2025-03-27T21:15:46.810",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Una vulnerabilidad de cross-site scripting en Healthcare-Chatbot hasta 9b7058a puede ocurrir a trav\u00e9s de un payload manipulado en el par\u00e1metro email1 o pwd1 en login.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/OmRajpurkar/Healthcare-Chatbot/issues/4",

110
CVE-2024/CVE-2024-268xx/CVE-2024-26806.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26806",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:09.333",
"lastModified": "2024-11-21T09:03:07.020",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:30:21.837",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,23 +15,119 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cadence-qspi: elimina las llamadas auxiliares de suspensi\u00f3n en todo el sistema desde los ganchos PM en tiempo de ejecuci\u00f3n No se espera que las devoluciones de llamada ->runtime_suspend() y ->runtime_resume() llamen a spi_controller_suspend() y spi_controller_resume(). Elimina llamadas a aquellos en el controlador cadence-qspi. Esos ayudantes tienen actualmente dos funciones: - Detienen/inician la cola, incluido el trato con el kworker. - Alternan el indicador SPI_CONTROLLER_SUSPENDED del controlador SPI. Requiere adquirir ctlr->bus_lock_mutex. El primer paso es irrelevante porque cadence-qspi no est\u00e1 en cola. Sin embargo, el segundo paso tiene dos implicaciones: - Se produce un punto muerto, porque ->runtime_resume() se llama en un contexto donde el bloqueo ya est\u00e1 tomado (en la devoluci\u00f3n de llamada ->exec_op(), donde se incrementa el recuento de uso). - No permitir\u00eda todas las operaciones una vez que el dispositivo se autosuspenda. Aqu\u00ed hay un breve \u00e1rbol de llamadas que resalta el interbloqueo mutex: spi_mem_exec_op() ... spi_mem_access_start() mutex_lock(&ctlr->bus_lock_mutex) cqspi_exec_mem_op() pm_runtime_resume_and_get() cqspi_resume() spi_controller_resume() mutex_lock(&ctlr->bus_lock_mutex) ... spi_mem _acceso_end () mutex_unlock(&ctlr->bus_lock_mutex) ..."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-667"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.9",
"matchCriteriaId": "1C538467-EDA0-4A9A-82EB-2925DE9FF827"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/041562ebc4759c9932b59a06527f8753b86da365",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/959043afe53ae80633e810416cee6076da6e91c6",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

162
CVE-2024/CVE-2024-268xx/CVE-2024-26807.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26807",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-04T09:15:09.380",
"lastModified": "2024-11-21T09:03:07.157",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:35:59.447",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,175 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: cadence-qspi: corrige la referencia del puntero en los ganchos PM en tiempo de ejecuci\u00f3n dev_get_drvdata() se utiliza para adquirir el puntero a cqspi y el controlador SPI. Ninguno de los dos integra al otro; Esto conduce a la corrupci\u00f3n de la memoria. En una plataforma determinada (Mobileye EyeQ5), la corrupci\u00f3n de la memoria est\u00e1 oculta dentro de cqspi->f_pdata. Adem\u00e1s, esta memoria no inicializada se utiliza como mutex (ctlr->bus_lock_mutex) por spi_controller_suspend()."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.4",
"versionEndExcluding": "6.6.21",
"matchCriteriaId": "584D76D2-1164-4D5F-A720-182A249B363A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.9",
"matchCriteriaId": "1C538467-EDA0-4A9A-82EB-2925DE9FF827"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:4.19.283:*:*:*:*:*:*:*",
"matchCriteriaId": "D218D46E-9A95-4C75-A4D1-2C8957EFF613"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.4.243:*:*:*:*:*:*:*",
"matchCriteriaId": "1F43B313-8B49-45C5-BA3F-43A00C1ABFDF"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.10.180:*:*:*:*:*:*:*",
"matchCriteriaId": "E57BBF5A-3C2F-4683-90E9-C55C20DA0392"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:5.15.111:*:*:*:*:*:*:*",
"matchCriteriaId": "B8400C3E-16EB-4BE1-BFF2-F165B9C6C2DA"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "063461C2-6DB7-4D4D-90A5-FF26944C693A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4CB13E07-8733-47AA-B47A-ABC9AA44E4F5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7E9ED291-2EE9-4BE1-8925-FD7F622D1012"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc5:*:*:*:*:*:*",
"matchCriteriaId": "A780F817-2A77-4130-A9B7-5C25606314E3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc6:*:*:*:*:*:*",
"matchCriteriaId": "AEB9199B-AB8F-4877-8964-E2BA95B5F15C"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/03f1573c9587029730ca68503f5062105b122f61",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/32ce3bb57b6b402de2aec1012511e7ac4e7449dc",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/34e1d5c4407c78de0e3473e1fbf8fb74dbe66d03",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

124
CVE-2024/CVE-2024-268xx/CVE-2024-26811.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26811",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-08T10:15:08.540",
"lastModified": "2024-11-21T09:03:07.800",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:37:50.797",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,47 +15,145 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: ksmbd: validar el tama\u00f1o del payload en la respuesta de ipc Si instala herramientas ksmbd maliciosas, ksmbd.mountd puede devolver una respuesta de ipc no v\u00e1lida al servidor del kernel de ksmbd. ksmbd debe validar el tama\u00f1o del payload de la respuesta ipc de ksmbd.mountd para evitar el desbordamiento de la memoria o los l\u00edmites. Este parche valida 3 respuestas ipc que tienen payload."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.9",
"matchCriteriaId": "18FE1EAE-C36C-49FC-A5E0-0A661CDC561E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:-:*:*:*:*:*:*",
"matchCriteriaId": "3F2A4A3D-068A-4CF2-A09F-9C7937DDB0A5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "22BEDD49-2C6D-402D-9DBF-6646F6ECD10B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.9:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DF73CB2A-DFFD-46FB-9BFE-AA394F27EA37"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/51a6c2af9d20203ddeeaf73314ba8854b38d01bd",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/76af689a45aa44714b46d1a7de4ffdf851ded896",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/88b7f1143b15b29cccb8392b4f38e75b7bb3e300",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a637fabac554270a851033f5ab402ecb90bc479c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a677ebd8ca2f2632ccdecbad7b87641274e15aac",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

178
CVE-2024/CVE-2024-268xx/CVE-2024-26814.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26814",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-05T09:15:09.393",
"lastModified": "2024-11-21T09:03:08.187",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:36:57.227",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,67 +15,209 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: vfio/fsl-mc: Bloquear el controlador de interrupciones de llamada sin disparador. El puntero de disparo eventfd_ctx del objeto vfio_fsl_mc_irq es inicialmente NULL y puede convertirse en NULL si el usuario establece el disparador eventfd en -1. El propio controlador de interrupciones garantiza que el disparador siempre ser\u00e1 v\u00e1lido entre request_irq() y free_irq(), pero los mecanismos de prueba de bucle invertido para invocar la funci\u00f3n del controlador deben probar el disparador. Las rutas de activaci\u00f3n y configuraci\u00f3n de ioctl utilizan igate y, por lo tanto, son mutuamente excluyentes. El controlador vfio-fsl-mc no utiliza irqfds ni admite ning\u00fan tipo de operaci\u00f3n de enmascaramiento; por lo tanto, a diferencia de vfio-pci y vfio-platform, el flujo puede permanecer esencialmente sin cambios."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10",
"versionEndExcluding": "6.1.84",
"matchCriteriaId": "39E99A59-C6E2-4A27-972D-AC7C8F99D7C9"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.24",
"matchCriteriaId": "8018C1D0-0A5F-48D0-BC72-A2B33FDDA693"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.12",
"matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.8.3",
"matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.4",
"versionEndIncluding": "6.8.12",
"matchCriteriaId": "8FE7815E-A5E1-4B71-A901-16FF3B224E48"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/083e750c9f5f4c3bf61161330fb84d7c8e8bb417",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/250219c6a556f8c69c5910fca05a59037e24147d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6ec0d88166dac43f29e96801c0927d514f17add9",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/7447d911af699a15f8d050dfcb7c680a86f87012",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a563fc18583ca4f42e2fdd0c70c7c618288e7ede",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/de87511fb0404d23b6da5f4660383b6ed095e28d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ee0bd4ad780dfbb60355b99f25063357ab488267",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
}
]
}

138
CVE-2024/CVE-2024-268xx/CVE-2024-26815.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26815",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T11:15:49.380",
"lastModified": "2024-11-21T09:03:08.313",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:09:57.807",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,47 +15,159 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/sched: taprio: verificaci\u00f3n adecuada de TCA_TAPRIO_TC_ENTRY_INDEX taprio_parse_tc_entry() no verifica correctamente el atributo TCA_TAPRIO_TC_ENTRY_INDEX: int tc; // Valor con signo tc = nla_get_u32(tb[TCA_TAPRIO_TC_ENTRY_INDEX]); if (tc >= TC_QOPT_MAX_QUEUE) { NL_SET_ERR_MSG_MOD(extack, \"\u00edndice de entrada TC fuera de rango\"); volver -RANGE; } syzbot inform\u00f3 que pod\u00eda alimentar valores negativos arbitrarios: UBSAN: desplazamiento fuera de los l\u00edmites en net/sched/sch_taprio.c:1722:18 exponente de desplazamiento -2147418108 es negativo CPU: 0 PID: 5066 Comm: syz-executor367 No tainted 6.8.0-rc7-syzkaller-00136-gc8a5c731fd12 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 29/02/2024 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x1e7/0x2e0 lib/dump_stack.c:106 ubsan_epilogue lib/ubsan.c:217 [en l\u00ednea] __ubsan_handle_shift_out_of_bounds+0x3c7/0x420 lib/ubsan.c:386 taprio_parse_tc_entry net/sched/sch_taprio.c:1722 [ en l\u00ednea] taprio_parse_tc_entries net /sched/sch_taprio.c:1768 [en l\u00ednea] taprio_change+0xb87/0x57d0 net/sched/sch_taprio.c:1877 taprio_init+0x9da/0xc80 net/sched/sch_taprio.c:2134 qdisc_create+0x9d4/0x1190 net/sched/sch_api. c:1355 tc_modify_qdisc+0xa26/0x1e40 net/sched/sch_api.c:1776 rtnetlink_rcv_msg+0x885/0x1040 net/core/rtnetlink.c:6617 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2543 netlink_unicast_ker nel net/netlink/ AF_NETLINK.C: 1341 [en l\u00ednea] netlink_unicast+0x7ea/0x980 net/netlink/AF_netLink.c: 1367 netlink_sendmsg+0xa3b/0xd70 net/netlink/af_netlink.c: 1908 sock_sendmsg_nosec net/socket.c: 730 [730] 1 /0x270 net/socket.c:745 ____sys_sendmsg+0x525/0x7d0 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [en l\u00ednea] __sys_sendmsg+0x2b0/0x3a0 net/socket.c:2667 do_syscall_64+0xf9/ 0x240 entrada_SYSCALL_64_after_hwframe +0x6f/0x77 RIP: 0033:0x7f1b2dea3759 C\u00f3digo: 48 83 c4 28 c3 e8 d7 19 00 00 0f 1f 80 00 00 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 8 9c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffd4de452f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000002e RAX: ffffffffffffffda RBX: 00007f1b2def0390 RCX: 00007f1b2dea3759 RDX: 0000000000000000 RSI: 00000000200007c0 RDI: 0000000000000004 RBP: 0000000000000003 R08: 0000555500000000 R09: 0000555500000000 R10: 0000555500000000 R 11: 0000000000000246 R12: 00007ffd4de45340 R13: 00007ffd4de45310 R14: 00000000000000001 R15: 00007ffd4de45340"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-787"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1",
"versionEndExcluding": "6.1.83",
"matchCriteriaId": "3057E4AB-0FB4-49B3-B63D-10D187B96B1B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.23",
"matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.11",
"matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.8.2",
"matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.3",
"versionEndIncluding": "6.8.12",
"matchCriteriaId": "B71866A7-EBBC-450A-A34B-D42B21232828"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/343041b59b7810f9cdca371f445dd43b35c740b1",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6915b1b28fe57e92c78e664366dc61c4f15ff03b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/860e838fb089d652a446ced52cbdf051285b68e7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9b720bb1a69a9f12a4a5c86b6f89386fe05ed0f2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bd2474a45df7c11412c2587de3d4e43760531418",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

231
CVE-2024/CVE-2024-268xx/CVE-2024-26816.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26816",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-10T14:15:07.490",
"lastModified": "2024-11-21T09:03:08.437",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:10:26.187",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,87 +15,272 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: x86, relocs: ignorar reubicaciones en la secci\u00f3n .notes Al compilar con CONFIG_XEN_PV=y, los s\u00edmbolos .text se emiten en la secci\u00f3n .notes para que Xen pueda encontrar el punto de entrada \"startup_xen\" . Esta informaci\u00f3n se utiliza antes de iniciar el kernel, por lo que las reubicaciones no son \u00fatiles. De hecho, realizar reubicaciones en la secci\u00f3n .notes significa que la base KASLR est\u00e1 expuesta ya que /sys/kernel/notes es legible en todo el mundo. Para evitar filtrar la base de KASLR sin da\u00f1ar las herramientas sin privilegios que esperan leer /sys/kernel/notes, omita realizar reubicaciones en la secci\u00f3n .notes. Los valores legibles en .notes son id\u00e9nticos a los que se encuentran en System.map."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-770"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "2.6.23",
"versionEndExcluding": "4.19.311",
"matchCriteriaId": "686D6C3D-0C09-4C39-9651-BB0C3639BB0E"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.20",
"versionEndExcluding": "5.4.273",
"matchCriteriaId": "620FD8B7-BF03-43E0-951A-0A58461D4C55"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.5",
"versionEndExcluding": "5.10.214",
"matchCriteriaId": "65987874-467B-4D3B-91D6-68A129B34FB8"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.11",
"versionEndExcluding": "5.15.153",
"matchCriteriaId": "ACB69438-845D-4E3C-B114-3140611F9C0B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.16",
"versionEndExcluding": "6.1.83",
"matchCriteriaId": "121A07F6-F505-4C47-86BF-9BB6CC7B6C19"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.23",
"matchCriteriaId": "E00814DC-0BA7-431A-9926-80FEB4A96C68"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.11",
"matchCriteriaId": "9B95D3A6-E162-47D5-ABFC-F3FA74FA7CFD"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.8.2",
"matchCriteriaId": "543A75FF-25B8-4046-A514-1EA8EDD87AB1"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.3",
"versionEndIncluding": "6.8.12",
"matchCriteriaId": "B71866A7-EBBC-450A-A34B-D42B21232828"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/13edb509abc91c72152a11baaf0e7c060a312e03",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/47635b112a64b7b208224962471e7e42f110e723",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/52018aa146e3cf76569a9b1e6e49a2b7c8d4a088",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5cb59db49c9c0fccfd33b2209af4f7ae3c6ddf40",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a4e7ff1a74274e59a2de9bb57236542aa990d20a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/aaa8736370db1a78f0e8434344a484f9fd20be3b",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/ae7079238f6faf1b94accfccf334e98b46a0c0aa",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/af2a9f98d884205145fd155304a6955822ccca1c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c7cff9780297d55d97ad068b68b703cfe53ef9af",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
}
]
}

117
CVE-2024/CVE-2024-268xx/CVE-2024-26818.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26818",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T10:15:08.757",
"lastModified": "2024-11-21T09:03:08.703",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:07:41.817",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,31 +15,130 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: herramientas/rtla: Repare la advertencia de clang sobre el tama\u00f1o de var de mount_point clang informa esta advertencia: $ make HOSTCC=clang CC=clang LLVM_IAS=1 [...] clang -O -g -DVERSION=\\\"6.8.0-rc3\\\" -flto=auto -fExceptions -fstack-protector-strong -fasynchronous-unwind-tables -fstack-clash-protection -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE= 2 -Wp,-D_GLIBCXX_ASSERTIONS $(pkg-config --cflags libtracefs) -c -o src/utils.o src/utils.c src/utils.c:548:66: advertencia: 'fscanf' puede desbordarse; el b\u00fafer de destino en el argumento 3 tiene un tama\u00f1o 1024, pero el especificador correspondiente puede requerir un tama\u00f1o 1025 [-Wfortify-source] 548 | while (fscanf(fp, \"%*s %\" STR(MAX_PATH) \"s %99s %*s %*d %*d\\n\", punto_montaje, tipo) == 2) { | ^ Aumente el tama\u00f1o de la variable mount_point a MAX_PATH+1 para evitar el desbordamiento."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.5",
"versionEndExcluding": "6.6.18",
"matchCriteriaId": "66A88832-B39F-48D0-BFA1-F660E52CE523"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.6",
"matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc4:*:*:*:*:*:*",
"matchCriteriaId": "62075ACE-B2A0-4B16-829D-B3DA5AE5CC41"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/30369084ac6e27479a347899e74f523e6ca29b89",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/6bdd43f62ab3bb5a306af7f0ab857af45777f5a8",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/8a585914c266dc044f53b5c83c170f79b45fcf9a",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
}
]
}

222
CVE-2024/CVE-2024-268xx/CVE-2024-26820.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26820",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-17T10:15:08.867",
"lastModified": "2024-11-21T09:03:08.843",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:08:08.837",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,79 +15,259 @@
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: hv_netvsc: registre VF en netvsc_probe si se perdi\u00f3 NET_DEVICE_REGISTER. Si el controlador hv_netvsc se descarga y se vuelve a cargar, el controlador NET_DEVICE_REGISTER no puede realizar el registro VF exitosamente ya que la llamada de registro se recibe antes de que finalice netvsc_probe. Esto se debe a que registramos Register_netdevice_notifier() muy temprano (incluso antes de vmbus_driver_register()). Para solucionar este problema, intentamos registrar cada VF coincidente (si es visible como un dispositivo de red) al final de netvsc_probe."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.19.301",
"versionEndExcluding": "4.19.310",
"matchCriteriaId": "0C102B83-9358-4BD1-9297-1A94BEA3DDED"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.4.263",
"versionEndExcluding": "5.4.272",
"matchCriteriaId": "AF41893B-0886-4293-AA61-5C6B08DD535A"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.10.203",
"versionEndExcluding": "5.10.213",
"matchCriteriaId": "127C0358-D61B-4AD7-A81A-5178B3DD562F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "5.15.141",
"versionEndExcluding": "5.15.152",
"matchCriteriaId": "4E9B2BFF-389B-4E68-B2C3-4DF136E83E21"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.1.65",
"versionEndExcluding": "6.1.79",
"matchCriteriaId": "85FE2B5D-00C2-4E9F-9867-2DDD88EFA68B"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.6.4",
"versionEndExcluding": "6.6.18",
"matchCriteriaId": "96EC0E0A-8E36-415A-86C1-EA5EA917A06F"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.6",
"matchCriteriaId": "C6D6A5C8-7308-42A9-8A72-ABF3DEA4BB82"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B9F4EA73-0894-400F-A490-3A397AB7A517"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc2:*:*:*:*:*:*",
"matchCriteriaId": "056BD938-0A27-4569-B391-30578B309EE3"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:6.8:rc3:*:*:*:*:*:*",
"matchCriteriaId": "F02056A5-B362-4370-9FF8-6F0BD384D520"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/309ef7de5d840e17607e7d65cbf297c0564433ef",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/4d29a58d96a78728cb01ee29ed70dc4bd642f135",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/5b10a88f64c0315cfdef45de0aaaa4eef57de0b7",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/9cae43da9867412f8bd09aee5c8a8dc5e8dc3dc2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/a71302c8638939c45e4ba5a99ea438185fd3f418",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b6d46f306b3964d05055ddaa96b58cd8bd3a472c",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bcb7164258d0a9a8aa2e73ddccc2d78f67d2519d",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/c7441c77c91e47f653104be8353b44a3366a5366",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
}
]
}

188
CVE-2024/CVE-2024-274xx/CVE-2024-27437.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27437",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-04-05T09:15:09.443",
"lastModified": "2024-11-21T09:04:36.473",
"vulnStatus": "Undergoing Analysis",
"lastModified": "2025-03-27T21:37:24.097",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
@ -15,75 +15,223 @@
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vfio/pci: deshabilita la habilitaci\u00f3n autom\u00e1tica de INTx IRQ exclusivo. Actualmente, para dispositivos que requieren enmascaramiento en el irqchip para INTx, es decir. En dispositivos sin soporte DisINTx, la IRQ se habilita en request_irq() y posteriormente se deshabilita seg\u00fan sea necesario para alinearse con el indicador de estado enmascarado. Esto presenta una ventana donde la interrupci\u00f3n podr\u00eda dispararse entre estos eventos, lo que hace que la IRQ incremente la profundidad de desactivaci\u00f3n dos veces. Esto ser\u00eda irrecuperable para un usuario ya que el indicador enmascarado impide las habilitaciones anidadas a trav\u00e9s de vfio. En su lugar, invierta la l\u00f3gica usando IRQF_NO_AUTOEN de modo que INTx exclusivo nunca se habilite autom\u00e1ticamente, luego desenmascare seg\u00fan sea necesario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.6",
"versionEndExcluding": "6.1.84",
"matchCriteriaId": "ADFF9FF1-413F-4606-9C95-7A20215ACD86"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.2",
"versionEndExcluding": "6.6.24",
"matchCriteriaId": "8018C1D0-0A5F-48D0-BC72-A2B33FDDA693"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.7",
"versionEndExcluding": "6.7.12",
"matchCriteriaId": "6BE9771A-BAFD-4624-95F9-58D536540C53"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8",
"versionEndExcluding": "6.8.3",
"matchCriteriaId": "4C59BBC3-6495-4A77-9C82-55EC7CDF5E02"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "6.8.4",
"versionEndIncluding": "6.8.12",
"matchCriteriaId": "8FE7815E-A5E1-4B71-A901-16FF3B224E48"
}
]
}
]
},
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
}
]
}
]
}
],
"references": [
{
"url": "https://git.kernel.org/stable/c/139dfcc4d723ab13469881200c7d80f49d776060",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/26389925d6c2126fb777821a0a983adca7ee6351",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2a4a666c45107206605b7b5bc20545f8aabc4fa2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3b3491ad0f80d913e7d255941d4470f4a4d9bfda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/561d5e1998d58b54ce2bbbb3e843b669aa0b3db5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7a2f0955ffceffadfe098b40b50307431f45438",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bf0bc84a20e6109ab07d5dc072067bd01eb931ec",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fe9a7082684eb059b925c535682e68c34d487d43",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/139dfcc4d723ab13469881200c7d80f49d776060",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/26389925d6c2126fb777821a0a983adca7ee6351",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/2a4a666c45107206605b7b5bc20545f8aabc4fa2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/3b3491ad0f80d913e7d255941d4470f4a4d9bfda",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/561d5e1998d58b54ce2bbbb3e843b669aa0b3db5",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/b7a2f0955ffceffadfe098b40b50307431f45438",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/bf0bc84a20e6109ab07d5dc072067bd01eb931ec",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://git.kernel.org/stable/c/fe9a7082684eb059b925c535682e68c34d487d43",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
]
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/06/msg00017.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
]
}
]
}

34
CVE-2024/CVE-2024-276xx/CVE-2024-27604.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-27604",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-02T21:15:46.010",
"lastModified": "2025-02-27T18:15:41.613",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T22:15:16.050",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-502"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-280xx/CVE-2024-28084.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28084",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-03T21:15:49.963",
"lastModified": "2025-01-08T15:50:22.960",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:46.983",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-665"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-665"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-281xx/CVE-2024-28154.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28154",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.733",
"lastModified": "2025-01-19T02:36:34.320",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:47.183",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
]
},
@ -49,6 +69,16 @@
"value": "NVD-CWE-noinfo"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-281xx/CVE-2024-28156.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28156",
"sourceIdentifier": "jenkinsci-cert@googlegroups.com",
"published": "2024-03-06T17:15:10.837",
"lastModified": "2025-01-19T02:27:21.977",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:47.350",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

34
CVE-2024/CVE-2024-286xx/CVE-2024-28613.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-28613",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-24T04:15:18.820",
"lastModified": "2025-03-06T15:51:21.690",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:47.510",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,12 +36,42 @@
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{

39
CVE-2024/CVE-2024-292xx/CVE-2024-29225.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29225",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-04-04T00:15:07.200",
"lastModified": "2024-11-21T09:07:51.173",
"lastModified": "2025-03-27T21:15:47.700",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "WRC-X3200GST3-B v1.25 y anteriores, y WRC-G01-W v1.24 y anteriores permiten que un atacante no autenticado adyacente a la red obtenga el archivo de configuraci\u00f3n que contiene informaci\u00f3n confidencial enviando una solicitud especialmente manipulada."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-552"
}
]
}
],
"references": [
{
"url": "https://jvn.jp/en/vu/JVNVU95381465/",

34
CVE-2024/CVE-2024-294xx/CVE-2024-29419.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-29419",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-20T15:15:07.967",
"lastModified": "2025-03-10T15:33:52.230",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:47.877",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
@ -49,6 +69,16 @@
"value": "CWE-79"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-297xx/CVE-2024-29754.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29754",
"sourceIdentifier": "dsap-vuln-management@google.com",
"published": "2024-04-05T20:15:08.717",
"lastModified": "2024-11-21T09:08:15.260",
"lastModified": "2025-03-27T21:15:48.057",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "En TMU_IPC_GET_TABLE, existe una posible lectura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda dar lugar a la divulgaci\u00f3n de informaci\u00f3n local sin necesidad de privilegios de ejecuci\u00f3n adicionales. La interacci\u00f3n del usuario no es necesaria para la explotaci\u00f3n."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"attackVector": "LOCAL",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.5,
"impactScore": 3.6
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-125"
}
]
}
],
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2024-04-01",

14
CVE-2024/CVE-2024-298xx/CVE-2024-29855.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-29855",
"sourceIdentifier": "support@hackerone.com",
"published": "2024-06-11T04:15:12.953",
"lastModified": "2024-11-21T09:08:28.550",
"lastModified": "2025-03-27T21:15:48.220",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -39,6 +39,18 @@
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-798"
}
]
}
],
"references": [
{
"url": "https://www.veeam.com/kb4585",

39
CVE-2024/CVE-2024-306xx/CVE-2024-30614.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-30614",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-04-12T06:15:06.820",
"lastModified": "2024-11-21T09:12:18.340",
"lastModified": "2025-03-27T21:15:48.323",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Un problema en Ametys CMS v4.5.0 y anteriores permite a los atacantes obtener informaci\u00f3n confidencial a trav\u00e9s de recursos expuestos al alcance del error."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-209"
}
]
}
],
"references": [
{
"url": "https://github.com/Lucky-lm/CVE-2024-30614/issues/1",

39
CVE-2024/CVE-2024-311xx/CVE-2024-31142.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-31142",
"sourceIdentifier": "security@xen.org",
"published": "2024-05-16T14:15:08.903",
"lastModified": "2024-11-21T09:12:55.110",
"lastModified": "2025-03-27T21:15:48.497",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Debido a un error l\u00f3gico en XSA-407 (confusi\u00f3n de tipo de rama), la mitigaci\u00f3n no se aplica correctamente cuando se pretende utilizarla. XSA-434 (desbordamiento de pila de retorno especulativo) utiliza la misma infraestructura, por lo que se ve igualmente afectado. Para obtener m\u00e1s detalles, consulte: https://xenbits.xen.org/xsa/advisory-407.html https://xenbits.xen.org/xsa/advisory-434.html"
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-693"
}
]
}
],
"references": [
{
"url": "https://xenbits.xenproject.org/xsa/advisory-455.html",

39
CVE-2024/CVE-2024-333xx/CVE-2024-33307.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-33307",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-01T20:15:12.837",
"lastModified": "2024-11-21T09:16:47.213",
"lastModified": "2025-03-27T21:15:48.650",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "SourceCodester Laboratory Management System 1.0 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s del par\u00e1metro \"Apellido\" en Crear usuario."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/Mohitkumar0786/CVE/blob/main/CVE-2024-33307.md",

27
CVE-2024/CVE-2024-340xx/CVE-2024-34004.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34004",
"sourceIdentifier": "patrick@puiterwijk.org",
"published": "2024-05-31T21:15:09.340",
"lastModified": "2024-11-21T09:17:53.467",
"lastModified": "2025-03-27T22:15:16.257",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "En un entorno de alojamiento compartido que ha sido mal configurado para permitir el acceso al contenido de otros usuarios, un usuario de Moodle con acceso para restaurar m\u00f3dulos wiki y acceso directo al servidor web fuera de la ra\u00edz web de Moodle podr\u00eda ejecutar una inclusi\u00f3n de archivo local."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.2,
"impactScore": 5.2
}
]
},
"weaknesses": [
{
"source": "patrick@puiterwijk.org",

39
CVE-2024/CVE-2024-348xx/CVE-2024-34899.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-34899",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-14T15:39:37.673",
"lastModified": "2024-11-21T09:19:31.127",
"lastModified": "2025-03-27T21:15:48.820",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "WWBN AVideo 12.4 es vulnerable a Cross Site Scripting (XSS)."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://hackerdna.com/courses/cve/cve-2024-34899",

39
CVE-2024/CVE-2024-353xx/CVE-2024-35362.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-35362",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-22T16:15:10.687",
"lastModified": "2024-11-21T09:20:13.357",
"lastModified": "2025-03-27T21:15:48.987",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Ecshop 3.6 es vulnerable a Cross Site Scripting (XSS) a trav\u00e9s de ecshop/article_cat.php."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/shopex/ecshop/issues/6",

12
CVE-2024/CVE-2024-363xx/CVE-2024-36306.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-36306",
"sourceIdentifier": "security@trendmicro.com",
"published": "2024-06-10T22:15:10.857",
"lastModified": "2024-11-21T09:22:00.633",
"lastModified": "2025-03-27T21:15:49.143",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -69,6 +69,16 @@
"value": "CWE-59"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-59"
}
]
}
],
"configurations": [

39
CVE-2024/CVE-2024-370xx/CVE-2024-37032.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-37032",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-05-31T04:15:09.617",
"lastModified": "2024-11-21T09:23:05.137",
"lastModified": "2025-03-27T21:15:49.287",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,42 @@
"value": "Ollama anterior a 0.1.34 no valida el formato del resumen (sha256 con 64 d\u00edgitos hexadecimales) al obtener la ruta del modelo y, por lo tanto, maneja mal los casos de prueba TestGetBlobsPath, como menos de 64 d\u00edgitos hexadecimales, m\u00e1s de 64 d\u00edgitos hexadecimales o una inicial. ../ subcadena."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-22"
}
]
}
],
"references": [
{
"url": "https://github.com/ollama/ollama/blob/adeb40eaf29039b8964425f69a9315f9f1694ba8/server/modelpath_test.go#L41-L58",

14
CVE-2024/CVE-2024-37xx/CVE-2024-3787.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-3787",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-05-14T15:42:16.080",
"lastModified": "2025-02-27T16:20:34.350",
"vulnStatus": "Analyzed",
"lastModified": "2025-03-27T21:15:49.447",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
@ -69,6 +69,16 @@
"value": "CWE-94"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
],
"configurations": [

27
CVE-2024/CVE-2024-38xx/CVE-2024-3823.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-3823",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-15T06:15:14.650",
"lastModified": "2024-11-21T09:30:28.433",
"lastModified": "2025-03-27T21:15:49.600",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Base64 Encoder/Decoder de WordPress hasta la versi\u00f3n 0.9.2 no tiene verificaci\u00f3n CSRF al actualizar su configuraci\u00f3n, y le falta sanitizaci\u00f3n y escape, lo que podr\u00eda permitir a los atacantes hacer que el administrador conectado agregue payloads XSS almacenado a trav\u00e9s de un ataque CSRF."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"baseScore": 2.4,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/a138215c-4b8c-4182-978f-d21ce25070d3/",

12
CVE-2024/CVE-2024-40xx/CVE-2024-4009.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-4009",
"sourceIdentifier": "cybersecurity@ch.abb.com",
"published": "2024-06-05T18:15:11.420",
"lastModified": "2024-11-21T09:42:01.553",
"lastModified": "2025-03-27T21:15:49.760",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -113,6 +113,16 @@
"value": "CWE-294"
}
]
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-294"
}
]
}
],
"configurations": [

27
CVE-2024/CVE-2024-43xx/CVE-2024-4372.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-4372",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-05-21T06:15:10.000",
"lastModified": "2024-11-21T09:42:43.207",
"lastModified": "2025-03-27T21:15:49.937",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento Carousel Slider de WordPress anterior a 2.2.11 no sanitiza ni escapa a algunos par\u00e1metros, lo que podr\u00eda permitir a los usuarios con un rol tan bajo como el de editor realizar ataques de Cross Site Scripting."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/13dcfd8a-e378-44b4-af6f-940bc41539a4/",

27
CVE-2024/CVE-2024-47xx/CVE-2024-4750.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-4750",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-04T06:15:11.960",
"lastModified": "2024-11-21T09:43:31.107",
"lastModified": "2025-03-27T21:15:50.083",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -15,7 +15,30 @@
"value": "El complemento buddyboss-platform de WordPress anterior a 2.6.0 contiene una vulnerabilidad IDOR que permite a un usuario darle me gusta a una publicaci\u00f3n privada manipulando la identificaci\u00f3n incluida en la solicitud."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://wpscan.com/vulnerability/ffbe4034-842b-43b0-97d1-208811376dea/",

22
CVE-2024/CVE-2024-48xx/CVE-2024-4886.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-4886",
"sourceIdentifier": "contact@wpscan.com",
"published": "2024-06-05T06:15:12.443",
"lastModified": "2024-11-21T09:43:47.583",
"lastModified": "2025-03-27T21:15:50.223",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
@ -36,6 +36,26 @@
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
]
},

39
CVE-2024/CVE-2024-550xx/CVE-2024-55070.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-55070",
"sourceIdentifier": "cve@mitre.org",
"published": "2025-03-27T20:15:27.247",
"lastModified": "2025-03-27T20:15:27.247",
"lastModified": "2025-03-27T21:15:50.390",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
@ -11,7 +11,42 @@
"value": "A Broken Object Level Authorization vulnerability in the component /households/permissions of hay-kot mealie v2.2.0 allows group managers to edit their own permissions."
}
],
"metrics": {},
"metrics": {
"cvssMetricV31": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 3.1,
"baseSeverity": "LOW",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 1.6,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://github.com/mealie-recipes/mealie/issues/4593",

6
CVE-2025/CVE-2025-06xx/CVE-2025-0624.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-0624",
"sourceIdentifier": "secalert@redhat.com",
"published": "2025-02-19T19:15:15.120",
"lastModified": "2025-03-17T05:15:33.400",
"lastModified": "2025-03-27T22:15:16.430",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -84,6 +84,10 @@
"url": "https://access.redhat.com/errata/RHSA-2025:2869",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/errata/RHSA-2025:3367",
"source": "secalert@redhat.com"
},
{
"url": "https://access.redhat.com/security/cve/CVE-2025-0624",
"source": "secalert@redhat.com"

56
CVE-2025/CVE-2025-227xx/CVE-2025-22739.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22739",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T22:15:16.590",
"lastModified": "2025-03-27T22:15:16.590",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in ThimPress LearnPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnPress: from n/a through 4.2.7.5."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/learnpress/vulnerability/wordpress-learnpress-plugin-4-2-7-5-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-227xx/CVE-2025-22740.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-22740",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T22:15:16.747",
"lastModified": "2025-03-27T22:15:16.747",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Automattic Sensei LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sensei LMS: from n/a through 4.24.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/sensei-lms/vulnerability/wordpress-sensei-lms-plugin-4-24-4-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

6
CVE-2025/CVE-2025-23xx/CVE-2025-2361.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2025-2361",
"sourceIdentifier": "cna@vuldb.com",
"published": "2025-03-17T05:15:36.713",
"lastModified": "2025-03-21T22:15:26.110",
"lastModified": "2025-03-27T21:15:50.553",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
@ -140,6 +140,10 @@
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/21/2",
"source": "af854a3a-2127-422b-91ae-364da2661108"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00020.html",
"source": "af854a3a-2127-422b-91ae-364da2661108"
}
]
}

6
CVE-2025/CVE-2025-246xx/CVE-2025-24662.json
View File

@ -2,13 +2,13 @@
"id": "CVE-2025-24662",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-01-27T15:15:15.227",
"lastModified": "2025-01-27T15:15:15.227",
"lastModified": "2025-03-27T22:15:16.890",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in NotFound LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects LearnDash LMS: from n/a through 4.20.0.1."
"value": "Missing Authorization vulnerability in LearnDash LearnDash LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LearnDash LMS: from n/a through 4.20.0.1."
},
{
"lang": "es",
@ -42,7 +42,7 @@
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"type": "Secondary",
"description": [
{
"lang": "en",

56
CVE-2025/CVE-2025-267xx/CVE-2025-26733.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26733",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T22:15:17.003",
"lastModified": "2025-03-27T22:15:17.003",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-broken-access-control-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-268xx/CVE-2025-26873.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26873",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T22:15:17.150",
"lastModified": "2025-03-27T22:15:17.150",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Deserialization of Untrusted Data vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"baseScore": 9.0,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.2,
"impactScore": 6.0
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-502"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-php-object-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-268xx/CVE-2025-26874.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26874",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T22:15:17.293",
"lastModified": "2025-03-27T22:15:17.293",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MemberSpace allows Reflected XSS.This issue affects MemberSpace: from n/a through 2.1.13."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 2.8,
"impactScore": 3.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/memberspace/vulnerability/wordpress-memberspace-plugin-2-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-268xx/CVE-2025-26890.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26890",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T22:15:17.440",
"lastModified": "2025-03-27T22:15:17.440",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginUs.Net HUSKY allows PHP Local File Inclusion.This issue affects HUSKY: from n/a through 1.3.6.4."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-98"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/plugin/woocommerce-products-filter/vulnerability/wordpress-husky-plugin-1-3-6-4-local-file-inclusion-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-268xx/CVE-2025-26898.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26898",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T22:15:17.573",
"lastModified": "2025-03-27T22:15:17.573",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "LOW"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-sql-injection-vulnerability?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

56
CVE-2025/CVE-2025-269xx/CVE-2025-26956.json Normal file
View File

@ -0,0 +1,56 @@
{
"id": "CVE-2025-26956",
"sourceIdentifier": "audit@patchstack.com",
"published": "2025-03-27T22:15:17.717",
"lastModified": "2025-03-27T22:15:17.717",
"vulnStatus": "Received",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "audit@patchstack.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 4.7
}
]
},
"weaknesses": [
{
"source": "audit@patchstack.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"references": [
{
"url": "https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-broken-access-control-vulnerability-2?_s_id=cve",
"source": "audit@patchstack.com"
}
]
}

73
README.md
View File

@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2025-03-27T21:00:20.042074+00:00
2025-03-27T23:00:21.041841+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2025-03-27T20:57:04.587000+00:00
2025-03-27T22:15:17.717000+00:00
```
### Last Data Feed Release
@ -33,49 +33,52 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
287112
287120
```
### CVEs added in the last Commit
Recently added CVEs: `5`
Recently added CVEs: `8`
- [CVE-2024-55070](CVE-2024/CVE-2024-550xx/CVE-2024-55070.json) (`2025-03-27T20:15:27.247`)
- [CVE-2024-55072](CVE-2024/CVE-2024-550xx/CVE-2024-55072.json) (`2025-03-27T19:15:48.330`)
- [CVE-2024-55073](CVE-2024/CVE-2024-550xx/CVE-2024-55073.json) (`2025-03-27T19:15:48.437`)
- [CVE-2025-29306](CVE-2025/CVE-2025-293xx/CVE-2025-29306.json) (`2025-03-27T19:15:49.290`)
- [CVE-2025-30093](CVE-2025/CVE-2025-300xx/CVE-2025-30093.json) (`2025-03-27T19:15:49.677`)
- [CVE-2025-22739](CVE-2025/CVE-2025-227xx/CVE-2025-22739.json) (`2025-03-27T22:15:16.590`)
- [CVE-2025-22740](CVE-2025/CVE-2025-227xx/CVE-2025-22740.json) (`2025-03-27T22:15:16.747`)
- [CVE-2025-26733](CVE-2025/CVE-2025-267xx/CVE-2025-26733.json) (`2025-03-27T22:15:17.003`)
- [CVE-2025-26873](CVE-2025/CVE-2025-268xx/CVE-2025-26873.json) (`2025-03-27T22:15:17.150`)
- [CVE-2025-26874](CVE-2025/CVE-2025-268xx/CVE-2025-26874.json) (`2025-03-27T22:15:17.293`)
- [CVE-2025-26890](CVE-2025/CVE-2025-268xx/CVE-2025-26890.json) (`2025-03-27T22:15:17.440`)
- [CVE-2025-26898](CVE-2025/CVE-2025-268xx/CVE-2025-26898.json) (`2025-03-27T22:15:17.573`)
- [CVE-2025-26956](CVE-2025/CVE-2025-269xx/CVE-2025-26956.json) (`2025-03-27T22:15:17.717`)
### CVEs modified in the last Commit
Recently modified CVEs: `103`
Recently modified CVEs: `88`
- [CVE-2024-32894](CVE-2024/CVE-2024-328xx/CVE-2024-32894.json) (`2025-03-27T19:15:47.943`)
- [CVE-2024-34952](CVE-2024/CVE-2024-349xx/CVE-2024-34952.json) (`2025-03-27T20:15:26.297`)
- [CVE-2024-35504](CVE-2024/CVE-2024-355xx/CVE-2024-35504.json) (`2025-03-27T20:15:26.493`)
- [CVE-2024-36070](CVE-2024/CVE-2024-360xx/CVE-2024-36070.json) (`2025-03-27T20:15:26.677`)
- [CVE-2024-36735](CVE-2024/CVE-2024-367xx/CVE-2024-36735.json) (`2025-03-27T19:15:48.147`)
- [CVE-2024-39848](CVE-2024/CVE-2024-398xx/CVE-2024-39848.json) (`2025-03-27T20:15:26.860`)
- [CVE-2024-4059](CVE-2024/CVE-2024-40xx/CVE-2024-4059.json) (`2025-03-27T20:15:27.037`)
- [CVE-2024-5157](CVE-2024/CVE-2024-51xx/CVE-2024-5157.json) (`2025-03-27T20:15:27.833`)
- [CVE-2024-5687](CVE-2024/CVE-2024-56xx/CVE-2024-5687.json) (`2025-03-27T20:13:57.260`)
- [CVE-2024-5692](CVE-2024/CVE-2024-56xx/CVE-2024-5692.json) (`2025-03-27T20:07:17.167`)
- [CVE-2024-5693](CVE-2024/CVE-2024-56xx/CVE-2024-5693.json) (`2025-03-27T20:02:24.947`)
- [CVE-2024-5696](CVE-2024/CVE-2024-56xx/CVE-2024-5696.json) (`2025-03-27T19:55:20.653`)
- [CVE-2025-0185](CVE-2025/CVE-2025-01xx/CVE-2025-0185.json) (`2025-03-27T19:18:14.417`)
- [CVE-2025-0285](CVE-2025/CVE-2025-02xx/CVE-2025-0285.json) (`2025-03-27T19:15:48.520`)
- [CVE-2025-0286](CVE-2025/CVE-2025-02xx/CVE-2025-0286.json) (`2025-03-27T19:15:48.663`)
- [CVE-2025-0287](CVE-2025/CVE-2025-02xx/CVE-2025-0287.json) (`2025-03-27T19:15:48.793`)
- [CVE-2025-0288](CVE-2025/CVE-2025-02xx/CVE-2025-0288.json) (`2025-03-27T19:15:48.933`)
- [CVE-2025-0289](CVE-2025/CVE-2025-02xx/CVE-2025-0289.json) (`2025-03-27T20:15:28.127`)
- [CVE-2025-2857](CVE-2025/CVE-2025-28xx/CVE-2025-2857.json) (`2025-03-27T20:15:28.440`)
- [CVE-2025-29483](CVE-2025/CVE-2025-294xx/CVE-2025-29483.json) (`2025-03-27T19:15:49.380`)
- [CVE-2025-30363](CVE-2025/CVE-2025-303xx/CVE-2025-30363.json) (`2025-03-27T19:15:49.877`)
- [CVE-2025-30364](CVE-2025/CVE-2025-303xx/CVE-2025-30364.json) (`2025-03-27T19:15:50.193`)
- [CVE-2025-30365](CVE-2025/CVE-2025-303xx/CVE-2025-30365.json) (`2025-03-27T19:15:50.297`)
- [CVE-2025-30366](CVE-2025/CVE-2025-303xx/CVE-2025-30366.json) (`2025-03-27T19:15:50.427`)
- [CVE-2025-30367](CVE-2025/CVE-2025-303xx/CVE-2025-30367.json) (`2025-03-27T19:15:50.537`)
- [CVE-2024-28154](CVE-2024/CVE-2024-281xx/CVE-2024-28154.json) (`2025-03-27T21:15:47.183`)
- [CVE-2024-28156](CVE-2024/CVE-2024-281xx/CVE-2024-28156.json) (`2025-03-27T21:15:47.350`)
- [CVE-2024-28613](CVE-2024/CVE-2024-286xx/CVE-2024-28613.json) (`2025-03-27T21:15:47.510`)
- [CVE-2024-29225](CVE-2024/CVE-2024-292xx/CVE-2024-29225.json) (`2025-03-27T21:15:47.700`)
- [CVE-2024-29419](CVE-2024/CVE-2024-294xx/CVE-2024-29419.json) (`2025-03-27T21:15:47.877`)
- [CVE-2024-29754](CVE-2024/CVE-2024-297xx/CVE-2024-29754.json) (`2025-03-27T21:15:48.057`)
- [CVE-2024-29855](CVE-2024/CVE-2024-298xx/CVE-2024-29855.json) (`2025-03-27T21:15:48.220`)
- [CVE-2024-30614](CVE-2024/CVE-2024-306xx/CVE-2024-30614.json) (`2025-03-27T21:15:48.323`)
- [CVE-2024-31142](CVE-2024/CVE-2024-311xx/CVE-2024-31142.json) (`2025-03-27T21:15:48.497`)
- [CVE-2024-33307](CVE-2024/CVE-2024-333xx/CVE-2024-33307.json) (`2025-03-27T21:15:48.650`)
- [CVE-2024-34004](CVE-2024/CVE-2024-340xx/CVE-2024-34004.json) (`2025-03-27T22:15:16.257`)
- [CVE-2024-34899](CVE-2024/CVE-2024-348xx/CVE-2024-34899.json) (`2025-03-27T21:15:48.820`)
- [CVE-2024-35362](CVE-2024/CVE-2024-353xx/CVE-2024-35362.json) (`2025-03-27T21:15:48.987`)
- [CVE-2024-36306](CVE-2024/CVE-2024-363xx/CVE-2024-36306.json) (`2025-03-27T21:15:49.143`)
- [CVE-2024-37032](CVE-2024/CVE-2024-370xx/CVE-2024-37032.json) (`2025-03-27T21:15:49.287`)
- [CVE-2024-3787](CVE-2024/CVE-2024-37xx/CVE-2024-3787.json) (`2025-03-27T21:15:49.447`)
- [CVE-2024-3823](CVE-2024/CVE-2024-38xx/CVE-2024-3823.json) (`2025-03-27T21:15:49.600`)
- [CVE-2024-4009](CVE-2024/CVE-2024-40xx/CVE-2024-4009.json) (`2025-03-27T21:15:49.760`)
- [CVE-2024-4372](CVE-2024/CVE-2024-43xx/CVE-2024-4372.json) (`2025-03-27T21:15:49.937`)
- [CVE-2024-4750](CVE-2024/CVE-2024-47xx/CVE-2024-4750.json) (`2025-03-27T21:15:50.083`)
- [CVE-2024-4886](CVE-2024/CVE-2024-48xx/CVE-2024-4886.json) (`2025-03-27T21:15:50.223`)
- [CVE-2024-55070](CVE-2024/CVE-2024-550xx/CVE-2024-55070.json) (`2025-03-27T21:15:50.390`)
- [CVE-2025-0624](CVE-2025/CVE-2025-06xx/CVE-2025-0624.json) (`2025-03-27T22:15:16.430`)
- [CVE-2025-2361](CVE-2025/CVE-2025-23xx/CVE-2025-2361.json) (`2025-03-27T21:15:50.553`)
- [CVE-2025-24662](CVE-2025/CVE-2025-246xx/CVE-2025-24662.json) (`2025-03-27T22:15:16.890`)
## Download and Usage

398
_state.csv
View File

File diff suppressed because it is too large Load Diff