diff --git a/CVE-2017/CVE-2017-133xx/CVE-2017-13315.json b/CVE-2017/CVE-2017-133xx/CVE-2017-13315.json index c652541e964..073b54f9c4f 100644 --- a/CVE-2017/CVE-2017-133xx/CVE-2017-13315.json +++ b/CVE-2017/CVE-2017-133xx/CVE-2017-13315.json @@ -2,8 +2,8 @@ "id": "CVE-2017-13315", "sourceIdentifier": "security@android.com", "published": "2024-11-19T18:15:18.613", - "lastModified": "2024-11-19T18:15:18.613", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9338.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9338.json index 05a8d6213cd..ccab6469158 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9338.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9338.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9338", "sourceIdentifier": "security@android.com", "published": "2024-11-19T18:15:18.707", - "lastModified": "2024-11-19T18:15:18.707", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9339.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9339.json index 2bdb62df931..7e72048f33e 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9339.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9339.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9339", "sourceIdentifier": "security@android.com", "published": "2024-11-19T19:15:05.677", - "lastModified": "2024-11-19T19:15:05.677", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9340.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9340.json index f6b0c84be6c..0a806400699 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9340.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9340.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9340", "sourceIdentifier": "security@android.com", "published": "2024-11-19T19:15:05.743", - "lastModified": "2024-11-19T19:15:05.743", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9341.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9341.json index eb39caee654..95bdd1aa9f7 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9341.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9341.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9341", "sourceIdentifier": "security@android.com", "published": "2024-11-19T19:15:05.817", - "lastModified": "2024-11-19T19:15:05.817", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9344.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9344.json index 874887ecd3a..bf21209ec9b 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9344.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9344.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9344", "sourceIdentifier": "security@android.com", "published": "2024-11-19T19:15:05.877", - "lastModified": "2024-11-19T19:15:05.877", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9345.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9345.json index 6fa281c960f..139eab4698e 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9345.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9345.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9345", "sourceIdentifier": "security@android.com", "published": "2024-11-19T19:15:05.937", - "lastModified": "2024-11-19T19:15:05.937", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9346.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9346.json index e02801f3545..550e70f0192 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9346.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9346.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9346", "sourceIdentifier": "security@android.com", "published": "2024-11-19T19:15:06.000", - "lastModified": "2024-11-19T19:15:06.000", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9348.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9348.json index 48f88308bcd..2b5215f159b 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9348.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9348.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9348", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.427", - "lastModified": "2024-11-19T20:15:27.427", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9364.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9364.json index 4875e62f16a..d06ef268c04 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9364.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9364.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9364", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.493", - "lastModified": "2024-11-19T20:15:27.493", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9365.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9365.json new file mode 100644 index 00000000000..dcafb513ae3 --- /dev/null +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9365.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9365", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T21:15:05.587", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9366.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9366.json index 1152fe81bfb..ddd915afe0a 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9366.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9366.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9366", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.550", - "lastModified": "2024-11-19T20:15:27.550", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9367.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9367.json index a67683044b9..7f2d824533e 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9367.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9367.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9367", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.607", - "lastModified": "2024-11-19T20:15:27.607", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9368.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9368.json index ffec7b5cb96..92af08cee91 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9368.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9368.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9368", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.667", - "lastModified": "2024-11-19T20:15:27.667", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9369.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9369.json index f0ce02f4fa0..4b991d77622 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9369.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9369.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9369", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.723", - "lastModified": "2024-11-19T20:15:27.723", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9370.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9370.json index 04f65728e96..c624dfacb52 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9370.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9370.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9370", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.787", - "lastModified": "2024-11-19T20:15:27.787", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9371.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9371.json index b6ada9cd847..882c131917d 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9371.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9371.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9371", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.843", - "lastModified": "2024-11-19T20:15:27.843", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-93xx/CVE-2018-9372.json b/CVE-2018/CVE-2018-93xx/CVE-2018-9372.json index 54246dead41..b5f5278712f 100644 --- a/CVE-2018/CVE-2018-93xx/CVE-2018-9372.json +++ b/CVE-2018/CVE-2018-93xx/CVE-2018-9372.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9372", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.917", - "lastModified": "2024-11-19T20:15:27.917", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9409.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9409.json index 9deeb4687c5..0b1c9f463a3 100644 --- a/CVE-2018/CVE-2018-94xx/CVE-2018-9409.json +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9409.json @@ -2,8 +2,8 @@ "id": "CVE-2018-9409", "sourceIdentifier": "security@android.com", "published": "2024-11-19T20:15:27.970", - "lastModified": "2024-11-19T20:15:27.970", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9410.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9410.json new file mode 100644 index 00000000000..a4e2e256646 --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9410.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9410", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T21:15:05.657", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9411.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9411.json new file mode 100644 index 00000000000..19c5f1c2425 --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9411.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9411", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:18.750", + "lastModified": "2024-11-19T22:15:18.750", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json new file mode 100644 index 00000000000..7dd7035496b --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9412.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9412", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:18.813", + "lastModified": "2024-11-19T22:15:18.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9417.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9417.json new file mode 100644 index 00000000000..bd648dd6bd1 --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9417.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9417", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:18.880", + "lastModified": "2024-11-19T22:15:18.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9419.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9419.json new file mode 100644 index 00000000000..2cbc76a1820 --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9419.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9419", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:18.943", + "lastModified": "2024-11-19T22:15:18.943", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9420.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9420.json new file mode 100644 index 00000000000..ee84dde4d75 --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9420.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9420", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:19.010", + "lastModified": "2024-11-19T22:15:19.010", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9421.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9421.json new file mode 100644 index 00000000000..2d90d2a4dd4 --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9421.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9421", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:19.070", + "lastModified": "2024-11-19T22:15:19.070", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9424.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9424.json new file mode 100644 index 00000000000..e3516f48a53 --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9424.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9424", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:19.130", + "lastModified": "2024-11-19T22:15:19.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9428.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9428.json new file mode 100644 index 00000000000..d99b2098b32 --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9428.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9428", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:19.190", + "lastModified": "2024-11-19T22:15:19.190", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01" + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9432.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9432.json new file mode 100644 index 00000000000..cd0a5944c6f --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9432.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9432", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:19.247", + "lastModified": "2024-11-19T22:15:19.247", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2018/CVE-2018-94xx/CVE-2018-9433.json b/CVE-2018/CVE-2018-94xx/CVE-2018-9433.json new file mode 100644 index 00000000000..681f0ecbbcd --- /dev/null +++ b/CVE-2018/CVE-2018-94xx/CVE-2018-9433.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2018-9433", + "sourceIdentifier": "security@android.com", + "published": "2024-11-19T22:15:19.307", + "lastModified": "2024-11-19T22:15:19.307", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://source.android.com/security/bulletin/2018-07-01", + "source": "security@android.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26066.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26066.json index 3da4a6148ae..7f7e9879fef 100644 --- a/CVE-2020/CVE-2020-260xx/CVE-2020-26066.json +++ b/CVE-2020/CVE-2020-260xx/CVE-2020-26066.json @@ -2,13 +2,17 @@ "id": "CVE-2020-26066", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-11-18T17:15:09.437", - "lastModified": "2024-11-18T17:15:09.437", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system.\r\nThe vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz de usuario web de Cisco SD-WAN vManage Software podr\u00eda permitir que un atacante remoto autenticado obtenga acceso de lectura y escritura a la informaci\u00f3n almacenada en un sistema afectado. La vulnerabilidad se debe a un manejo inadecuado de las entradas de entidad externa XML (XXE) al analizar determinados archivos XML. Un atacante podr\u00eda aprovechar esta vulnerabilidad persuadiendo a un usuario para que importe un archivo XML creado con entradas maliciosas. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante leer y escribir archivos dentro de la aplicaci\u00f3n afectada. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26067.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26067.json index 70600365c19..3a3b922d06f 100644 --- a/CVE-2020/CVE-2020-260xx/CVE-2020-26067.json +++ b/CVE-2020/CVE-2020-260xx/CVE-2020-26067.json @@ -2,13 +2,17 @@ "id": "CVE-2020-26067", "sourceIdentifier": "ykramarz@cisco.com", "published": "2024-11-18T17:15:09.757", - "lastModified": "2024-11-18T17:15:09.757", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks.\r\nThe vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains malicious HTML or script content and joining a space using the malicious account name. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en la interfaz basada en web de Cisco Webex Teams podr\u00eda permitir que un atacante remoto autenticado realice ataques de cross-site scripting. La vulnerabilidad se debe a una validaci\u00f3n incorrecta de los nombres de usuario. Un atacante podr\u00eda aprovechar esta vulnerabilidad creando una cuenta que contenga contenido HTML o script malicioso y uni\u00e9ndose a un espacio utilizando el nombre de cuenta malicioso. Una explotaci\u00f3n exitosa podr\u00eda permitir al atacante realizar ataques de cross-site scripting y potencialmente obtener acceso a informaci\u00f3n confidencial basada en el navegador. Cisco ha publicado actualizaciones de software que solucionan esta vulnerabilidad. No existen workarounds que solucionen esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2022/CVE-2022-474xx/CVE-2022-47424.json b/CVE-2022/CVE-2022-474xx/CVE-2022-47424.json index cb55d42588f..de894467397 100644 --- a/CVE-2022/CVE-2022-474xx/CVE-2022-47424.json +++ b/CVE-2022/CVE-2022-474xx/CVE-2022-47424.json @@ -2,8 +2,8 @@ "id": "CVE-2022-47424", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T18:15:19.020", - "lastModified": "2024-11-19T18:15:19.020", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-212xx/CVE-2023-21270.json b/CVE-2023/CVE-2023-212xx/CVE-2023-21270.json index 2727708923c..3f3fa1d1a5f 100644 --- a/CVE-2023/CVE-2023-212xx/CVE-2023-21270.json +++ b/CVE-2023/CVE-2023-212xx/CVE-2023-21270.json @@ -2,8 +2,8 @@ "id": "CVE-2023-21270", "sourceIdentifier": "security@android.com", "published": "2024-11-19T18:15:19.253", - "lastModified": "2024-11-19T18:15:19.253", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-276xx/CVE-2023-27609.json b/CVE-2023/CVE-2023-276xx/CVE-2023-27609.json new file mode 100644 index 00000000000..6c29289b81a --- /dev/null +++ b/CVE-2023/CVE-2023-276xx/CVE-2023-27609.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2023-27609", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-19T22:15:19.443", + "lastModified": "2024-11-19T22:15:19.443", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 5.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-roles-at-registration/wordpress-wp-roles-at-registration-plugin-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-499xx/CVE-2023-49952.json b/CVE-2023/CVE-2023-499xx/CVE-2023-49952.json index 7c633cb5e27..24857596199 100644 --- a/CVE-2023/CVE-2023-499xx/CVE-2023-49952.json +++ b/CVE-2023/CVE-2023-499xx/CVE-2023-49952.json @@ -2,8 +2,8 @@ "id": "CVE-2023-49952", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T18:15:05.927", - "lastModified": "2024-11-19T16:35:08.620", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52348.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52348.json index 40824ef8dcd..bb8b1d8a8c1 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52348.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52348.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52348", "sourceIdentifier": "security@unisoc.com", "published": "2024-04-08T03:15:08.597", - "lastModified": "2024-04-08T18:48:40.217", + "lastModified": "2024-11-19T22:35:02.473", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En el servicio ril, existe una posible escritura fuera de los l\u00edmites debido a una verificaci\u00f3n de los l\u00edmites faltantes. Esto podr\u00eda provocar una denegaci\u00f3n de servicio local con privilegios de ejecuci\u00f3n del System necesarios." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], "references": [ { "url": "https://www.unisoc.com/en_us/secy/announcementDetail/1777143682512781313", diff --git a/CVE-2023/CVE-2023-523xx/CVE-2023-52374.json b/CVE-2023/CVE-2023-523xx/CVE-2023-52374.json index 7941ae70685..a8d8d003fbb 100644 --- a/CVE-2023/CVE-2023-523xx/CVE-2023-52374.json +++ b/CVE-2023/CVE-2023-523xx/CVE-2023-52374.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52374", "sourceIdentifier": "psirt@huawei.com", "published": "2024-02-18T04:15:08.050", - "lastModified": "2024-02-20T19:50:53.960", + "lastModified": "2024-11-19T22:35:03.463", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Vulnerabilidad de control de permisos en el m\u00f3dulo de gesti\u00f3n de paquetes. La explotaci\u00f3n exitosa de esta vulnerabilidad puede afectar la confidencialidad del servicio." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], "references": [ { "url": "https://consumer.huawei.com/en/support/bulletin/2024/2/", diff --git a/CVE-2023/CVE-2023-525xx/CVE-2023-52558.json b/CVE-2023/CVE-2023-525xx/CVE-2023-52558.json index ee4f5b290bc..abe2512c1cb 100644 --- a/CVE-2023/CVE-2023-525xx/CVE-2023-52558.json +++ b/CVE-2023/CVE-2023-525xx/CVE-2023-52558.json @@ -2,7 +2,7 @@ "id": "CVE-2023-52558", "sourceIdentifier": "9119a7d8-5eab-497f-8521-727c672e3725", "published": "2024-03-01T17:15:07.330", - "lastModified": "2024-03-01T22:22:25.913", + "lastModified": "2024-11-19T22:35:04.320", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "En OpenBSD 7.4 anterior a la errata 002 y OpenBSD 7.3 anterior a la errata 019, un b\u00fafer de red que ten\u00eda que dividirse en cierta longitud pod\u00eda bloquear el kernel despu\u00e9s de recibir secuencias de escape especialmente manipuladas." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "9119a7d8-5eab-497f-8521-727c672e3725", diff --git a/CVE-2023/CVE-2023-529xx/CVE-2023-52921.json b/CVE-2023/CVE-2023-529xx/CVE-2023-52921.json index f3b2050575d..26df7c2223a 100644 --- a/CVE-2023/CVE-2023-529xx/CVE-2023-52921.json +++ b/CVE-2023/CVE-2023-529xx/CVE-2023-52921.json @@ -2,13 +2,17 @@ "id": "CVE-2023-52921", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:15:09.310", - "lastModified": "2024-11-19T02:15:09.310", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: fix possible UAF in amdgpu_cs_pass1()\n\nSince the gang_size check is outside of chunk parsing\nloop, we need to reset i before we free the chunk data.\n\nSuggested by Ye Zhang (@VAR10CK) of Baidu Security." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige un posible UAF en amdgpu_cs_pass1(). Dado que la comprobaci\u00f3n de gang_size est\u00e1 fuera del bucle de an\u00e1lisis de fragmentos, debemos restablecer i antes de liberar los datos del fragmento. Sugerido por Ye Zhang (@VAR10CK) de Baidu Security." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10103.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10103.json index a8749b3bfa9..67ff79978de 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10103.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10103.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10103", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-19T06:15:17.740", - "lastModified": "2024-11-19T15:35:04.260", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10113.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10113.json index 5ddc1874a0b..2b4f8f7023e 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10113.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10113.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10113", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-15T06:15:03.340", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:26:25.497", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:wpeka:wp_adcenter:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.5.7", + "matchCriteriaId": "E12DA063-5CBD-42E3-96BB-A2C348E19550" + } + ] + } + ] + } + ], "references": [ { "url": "https://wordpress.org/plugins/wpadcenter/#developers", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/0597a63d-2627-477f-874a-c35b6df7afd5?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10204.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10204.json index 05daead225a..1d1a48d1bad 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10204.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10204.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10204", "sourceIdentifier": "3DS.Information-Security@3ds.com", "published": "2024-11-19T14:15:16.940", - "lastModified": "2024-11-19T14:15:16.940", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file." + }, + { + "lang": "es", + "value": "Existen vulnerabilidades de desbordamiento de b\u00fafer basado en mont\u00f3n y de variable no inicializada en el procedimiento de lectura de archivos X_B y SAT en eDrawings desde la versi\u00f3n SOLIDWORKS 2024 hasta la versi\u00f3n SOLIDWORKS 2025. Estas vulnerabilidades podr\u00edan permitir que un atacante ejecute c\u00f3digo arbitrario al abrir un archivo X_B o SAT especialmente manipulado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10224.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10224.json index 23019f46adb..6dfd47f7584 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10224.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10224.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10224", "sourceIdentifier": "security@ubuntu.com", "published": "2024-11-19T18:15:19.773", - "lastModified": "2024-11-19T20:35:18.300", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10260.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10260.json index 3b5d41e8588..c8d8be11e6f 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10260.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10260.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10260", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-15T06:15:03.753", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:20:51.707", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:tripetto:tripetto:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "8.0.3", + "matchCriteriaId": "9C971690-175E-41CC-8EAF-C9E4A0E4F0EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.svn.wordpress.org/tripetto/trunk/lib/attachments.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3718c252-2ca3-4f7d-b43a-3c1b2e6b34c0?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10268.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10268.json index a63f2d36a0c..e23c968f9ed 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10268.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10268.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10268", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T08:15:15.883", - "lastModified": "2024-11-19T08:15:15.883", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The MP3 Audio Player \u2013 Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento MP3 Audio Player \u2013 Music Player, Podcast Player & Radio de Sonaar para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s del c\u00f3digo corto sonaar_audioplayer del complemento en todas las versiones hasta la 5.8 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n siempre que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10388.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10388.json index 398602e7f94..c7dc6d6c417 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10388.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10388.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10388", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T08:15:16.293", - "lastModified": "2024-11-19T08:15:16.293", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento GDPR de WordPress para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de los par\u00e1metros 'gdpr_firstname' y 'gdpr_lastname' en todas las versiones hasta la 2.0.2 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10390.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10390.json index 6b59def8ab1..8305b039545 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10390.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10390.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10390", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-18T17:15:10.897", - "lastModified": "2024-11-18T17:15:10.897", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Elfsight Telegram Chat CC para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una verificaci\u00f3n de capacidad faltante en la funci\u00f3n 'updatePreferences' en todas las versiones hasta la 1.1.0 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10486.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10486.json index c3e53490d40..9b3cc32daf3 100644 --- a/CVE-2024/CVE-2024-104xx/CVE-2024-10486.json +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10486.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10486", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-18T22:15:05.657", - "lastModified": "2024-11-18T22:15:05.657", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks." + }, + { + "lang": "es", + "value": "El complemento Google for WooCommerce para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n en todas las versiones hasta la 2.8.6 incluida. Esto se debe al archivo print_php_information.php, de acceso p\u00fablico. Esto permite que atacantes no autenticados obtengan informaci\u00f3n sobre el servidor web y la configuraci\u00f3n de PHP, que puede utilizarse para facilitar otros ataques." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10524.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10524.json index 61e3bbc78a0..ff8186ca635 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10524.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10524.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10524", "sourceIdentifier": "reefs@jfrog.com", "published": "2024-11-19T15:15:06.740", - "lastModified": "2024-11-19T15:15:06.740", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10582.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10582.json index 19f64ad2f0a..2121d45a978 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10582.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10582.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10582", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-15T06:15:04.077", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:17:53.003", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:smartwpress:music_player_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.4.2", + "matchCriteriaId": "E6BA172A-FAB7-4ADF-AE22-C36FEA8EB6CD" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3186359%40music-player-for-elementor%2Ftrunk&old=3174807%40music-player-for-elementor%2Ftrunk&sfp_email=&sfph_mail=", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/1f66cdcf-cbe5-43e0-ad18-c2b9c4491ed4?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10793.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10793.json index 7f29ba85df1..00041ad89b1 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10793.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10793.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10793", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-15T06:15:04.370", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:13:22.783", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N", @@ -51,14 +71,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:melapress:wp_activity_log:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "5.2.2", + "matchCriteriaId": "8A399A99-8BCF-48F5-B42D-0D403A87C908" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/wp-security-audit-log/tags/5.2.1/classes/WPSensors/class-wp-system-sensor.php#L679", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Product" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/44f3b2e4-c537-4369-b2d6-39fbc6cb8e08?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11003.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11003.json index 1181b2cd5b4..7786caf4bf3 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11003.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11003.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11003", "sourceIdentifier": "security@ubuntu.com", "published": "2024-11-19T18:15:19.973", - "lastModified": "2024-11-19T20:35:19.000", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11036.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11036.json index 640a04acfd1..468796a8573 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11036.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11036.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11036", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T11:15:04.343", - "lastModified": "2024-11-19T11:15:04.343", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11038.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11038.json index 82f4b5aa9cf..10284bec370 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11038.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11038.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11038", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T11:15:05.683", - "lastModified": "2024-11-19T11:15:05.683", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11069.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11069.json index 0640c12f548..5f0ab138cb6 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11069.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11069.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11069", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T08:15:16.577", - "lastModified": "2024-11-19T08:15:16.577", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users." + }, + { + "lang": "es", + "value": "El complemento GDPR de WordPress para WordPress es vulnerable a la p\u00e9rdida no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'WordPress_GDPR_Data_Delete::check_action' en todas las versiones hasta la 2.0.2 incluida. Esto hace posible que atacantes no autenticados eliminen usuarios arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11075.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11075.json index b8fb82afee3..c728c2e3fa8 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11075.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11075.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11075", "sourceIdentifier": "psirt@sick.de", "published": "2024-11-19T14:15:17.340", - "lastModified": "2024-11-19T14:15:17.340", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system." + }, + { + "lang": "es", + "value": "Una vulnerabilidad en Incoming Goods Suite permite a un usuario con acceso sin privilegios al sistema subyacente (por ejemplo, local o a trav\u00e9s de SSH) una escalada de privilegios al nivel administrativo debido al uso de im\u00e1genes Docker del proveedor de componentes que se ejecutan con permisos de superusuario. La explotaci\u00f3n de esta configuraci\u00f3n incorrecta permite que un atacante obtenga control administrativo sobre todo el sistema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11098.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11098.json index 6129dd182cb..4234a37abab 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11098.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11098.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11098", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T08:15:16.833", - "lastModified": "2024-11-19T08:15:16.833", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento SVG Block para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de las cargas de archivos SVG de la API REST en todas las versiones hasta la 1.1.24 incluida debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de administrador o superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11194.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11194.json index 401e8cacbc0..4172085b6d0 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11194.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11194.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11194", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T12:15:16.497", - "lastModified": "2024-11-19T12:15:16.497", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Classified Listing \u2013 Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array." + }, + { + "lang": "es", + "value": "El complemento Classified Listing \u2013 Classified ads & Business Directory Plugin para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos que puede provocar una escalada de privilegios debido a una verificaci\u00f3n mal configurada en la funci\u00f3n 'rtcl_import_settings' en todas las versiones hasta la 3.1.15.1 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias limitadas en el sitio de WordPress. Esto se puede aprovechar para actualizar el rol de suscriptor con capacidades de nivel de administrador para obtener acceso de usuario administrativo a un sitio vulnerable. La vulnerabilidad es limitada en el sentido de que la opci\u00f3n actualizada debe tener un valor que sea una matriz." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11195.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11195.json index 1ce86067cf9..28d6f812aba 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11195.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11195.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11195", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T11:15:05.930", - "lastModified": "2024-11-19T11:15:05.930", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11198.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11198.json index 187e411394b..1422e235d81 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11198.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11198.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11198", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T13:15:04.157", - "lastModified": "2024-11-19T13:15:04.157", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018extra_class\u2019 parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento GD Rating System para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'extra_class' en todas las versiones hasta la 3.6.1 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11224.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11224.json index 6115f6c4a8d..b9955c905ac 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11224.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11224.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11224", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-19T13:15:04.423", - "lastModified": "2024-11-19T13:15:04.423", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018position\u2019 parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Parallax Image para WordPress es vulnerable a Cross-Site Scripting almacenado a trav\u00e9s del par\u00e1metro 'position' en todas las versiones hasta la 1.9 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11247.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11247.json index b4bed4b0f8b..0e815184e87 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11247.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11247.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11247", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-15T17:15:19.237", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:55:35.283", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -124,26 +144,61 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:oretnom23:online_eyewear_shop:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "464A3580-D632-43EB-93EF-E2A1A5736F14" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Fl4g-Pshacker/cve/blob/main/xss.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.284683", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.284683", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.443194", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.sourcecodester.com/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11248.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11248.json index ede2cf765b3..c741cdbbbe2 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11248.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11248.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11248", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-15T17:15:19.580", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:51:57.467", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -124,26 +144,73 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:tenda:ac10_firmware:16.03.10.13:*:*:*:*:*:*:*", + "matchCriteriaId": "6F1C8715-D7B4-4D1A-9E90-079C72049332" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:tenda:ac10:4.0:*:*:*:*:*:*:*", + "matchCriteriaId": "970AEBF4-2B32-4633-A75B-2D2C598C048D" + } + ] + } + ] + } + ], "references": [ { "url": "https://tasty-foxtrot-3a8.notion.site/Tenda-AC10v4-formSetRebootTimer-stack-overflow-13d0448e619580bf8ab1df7cfb6c018b", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.284684", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?id.284684", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?submit.443204", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://www.tenda.com.cn/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11256.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11256.json index 96ec14f994e..e3db4c8dec6 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11256.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11256.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11256", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-15T20:15:17.957", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:49:04.790", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -110,8 +130,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -124,26 +154,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:1000projects:portfolio_management_system_mca:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C2EA77A4-2402-463E-9E5D-A08E8B927CE2" + } + ] + } + ] + } + ], "references": [ { "url": "https://1000projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Hacker0xone/CVE/issues/8", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.284711", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.284711", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.443370", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11257.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11257.json index a6366c1f3ad..dbb2418e3d3 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11257.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11257.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11257", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-15T20:15:18.253", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:24:40.443", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -110,8 +130,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -124,26 +154,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:1000projects:beauty_parlour_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4CC5BB9B-86BF-4DDC-9A70-B48A4707A48E" + } + ] + } + ] + } + ], "references": [ { "url": "https://1000projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Hacker0xone/CVE/issues/10", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.284715", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.284715", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.443385", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11258.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11258.json index 0bfdcae5d21..346cff9945a 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11258.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11258.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11258", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-15T20:15:18.523", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:24:27.473", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -110,8 +130,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -124,26 +154,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:1000projects:beauty_parlour_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "4CC5BB9B-86BF-4DDC-9A70-B48A4707A48E" + } + ] + } + ] + } + ], "references": [ { "url": "https://1000projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/Hacker0xone/CVE/issues/11", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.284716", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.284716", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.443386", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-112xx/CVE-2024-11259.json b/CVE-2024/CVE-2024-112xx/CVE-2024-11259.json index 68343b2a858..a4d14866d39 100644 --- a/CVE-2024/CVE-2024-112xx/CVE-2024-11259.json +++ b/CVE-2024/CVE-2024-112xx/CVE-2024-11259.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11259", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-15T20:15:18.797", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:47:38.857", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -61,6 +61,26 @@ } ], "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "cna@vuldb.com", "type": "Secondary", @@ -110,8 +130,18 @@ }, "weaknesses": [ { - "source": "cna@vuldb.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, + { + "source": "cna@vuldb.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -124,26 +154,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:code-projects:farmacia:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "306E7920-8B20-4E60-B0C3-5555D0C0C196" + } + ] + } + ] + } + ], "references": [ { "url": "https://code-projects.org/", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/13u11erFly/cve/blob/main/xss.md", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://vuldb.com/?ctiid.284717", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Permissions Required", + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?id.284717", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] }, { "url": "https://vuldb.com/?submit.443398", - "source": "cna@vuldb.com" + "source": "cna@vuldb.com", + "tags": [ + "Third Party Advisory", + "VDB Entry" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11395.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11395.json index cc565c5aedb..de3c38bec2d 100644 --- a/CVE-2024/CVE-2024-113xx/CVE-2024-11395.json +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11395.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11395", "sourceIdentifier": "chrome-cve-admin@google.com", "published": "2024-11-19T20:15:29.917", - "lastModified": "2024-11-19T20:15:29.917", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { @@ -11,7 +11,30 @@ "value": "Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "chrome-cve-admin@google.com", @@ -22,6 +45,16 @@ "value": "CWE-843" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-843" + } + ] } ], "references": [ diff --git a/CVE-2024/CVE-2024-114xx/CVE-2024-11400.json b/CVE-2024/CVE-2024-114xx/CVE-2024-11400.json new file mode 100644 index 00000000000..b637f0c38d6 --- /dev/null +++ b/CVE-2024/CVE-2024-114xx/CVE-2024-11400.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2024-11400", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-11-19T22:15:19.740", + "lastModified": "2024-11-19T22:15:19.740", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The HUSKY \u2013 Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3186438/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f3158e77-39b3-4151-8f10-5824000a585a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-15xx/CVE-2024-1551.json b/CVE-2024/CVE-2024-15xx/CVE-2024-1551.json index 15646daa476..74651761fb5 100644 --- a/CVE-2024/CVE-2024-15xx/CVE-2024-1551.json +++ b/CVE-2024/CVE-2024-15xx/CVE-2024-1551.json @@ -2,7 +2,7 @@ "id": "CVE-2024-1551", "sourceIdentifier": "security@mozilla.org", "published": "2024-02-20T14:15:08.790", - "lastModified": "2024-03-04T09:15:37.913", + "lastModified": "2024-11-19T22:35:04.583", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Los encabezados de respuesta Set-Cookie se respetaban incorrectamente en las respuestas HTTP de varias partes. Si un atacante pudiera controlar el encabezado de respuesta Content-Type, as\u00ed como controlar parte del cuerpo de la respuesta, podr\u00eda inyectar encabezados de respuesta Set-Cookie que el navegador habr\u00eda respetado. Esta vulnerabilidad afecta a Firefox < 123, Firefox ESR < 115.8 y Thunderbird < 115.8." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-565" + } + ] + } + ], "references": [ { "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1864385", diff --git a/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json b/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json index 458911899d1..9eb8be3f3a9 100644 --- a/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json +++ b/CVE-2024/CVE-2024-210xx/CVE-2024-21058.json @@ -2,7 +2,7 @@ "id": "CVE-2024-21058", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-04-16T22:15:23.570", - "lastModified": "2024-04-17T12:48:31.863", + "lastModified": "2024-11-19T21:35:04.083", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.2, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 2.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.2, + "impactScore": 1.4 } ] }, diff --git a/CVE-2024/CVE-2024-212xx/CVE-2024-21287.json b/CVE-2024/CVE-2024-212xx/CVE-2024-21287.json index 3691dc0ca91..fd7dc35ad21 100644 --- a/CVE-2024/CVE-2024-212xx/CVE-2024-21287.json +++ b/CVE-2024/CVE-2024-212xx/CVE-2024-21287.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21287", "sourceIdentifier": "secalert_us@oracle.com", "published": "2024-11-18T22:15:05.897", - "lastModified": "2024-11-19T16:35:10.963", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-215xx/CVE-2024-21539.json b/CVE-2024/CVE-2024-215xx/CVE-2024-21539.json index 77c9e761d9b..170aa170dd8 100644 --- a/CVE-2024/CVE-2024-215xx/CVE-2024-21539.json +++ b/CVE-2024/CVE-2024-215xx/CVE-2024-21539.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21539", "sourceIdentifier": "report@snyk.io", "published": "2024-11-19T05:15:16.453", - "lastModified": "2024-11-19T16:35:11.720", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-216xx/CVE-2024-21697.json b/CVE-2024/CVE-2024-216xx/CVE-2024-21697.json index 8a853cc68e8..043ef352d32 100644 --- a/CVE-2024/CVE-2024-216xx/CVE-2024-21697.json +++ b/CVE-2024/CVE-2024-216xx/CVE-2024-21697.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21697", "sourceIdentifier": "security@atlassian.com", "published": "2024-11-19T19:15:07.937", - "lastModified": "2024-11-19T19:15:07.937", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-241xx/CVE-2024-24198.json b/CVE-2024/CVE-2024-241xx/CVE-2024-24198.json index e4fddeca085..0bede8730fd 100644 --- a/CVE-2024/CVE-2024-241xx/CVE-2024-24198.json +++ b/CVE-2024/CVE-2024-241xx/CVE-2024-24198.json @@ -2,8 +2,8 @@ "id": "CVE-2024-24198", "sourceIdentifier": "cve@mitre.org", "published": "2024-06-06T22:15:10.480", - "lastModified": "2024-10-29T18:45:47.057", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-19T21:35:04.337", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 3.6 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 } ] }, diff --git a/CVE-2024/CVE-2024-251xx/CVE-2024-25170.json b/CVE-2024/CVE-2024-251xx/CVE-2024-25170.json index bd0701206d5..b973cc63c63 100644 --- a/CVE-2024/CVE-2024-251xx/CVE-2024-25170.json +++ b/CVE-2024/CVE-2024-251xx/CVE-2024-25170.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25170", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-28T20:15:41.770", - "lastModified": "2024-02-29T13:49:47.277", + "lastModified": "2024-11-19T21:35:04.593", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Un problema en Mezzanine v6.0.0 permite a los atacantes eludir los controles de acceso manipulando el encabezado del Host." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], "references": [ { "url": "https://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0", diff --git a/CVE-2024/CVE-2024-259xx/CVE-2024-25941.json b/CVE-2024/CVE-2024-259xx/CVE-2024-25941.json index d084c62f80b..ea3e6f74248 100644 --- a/CVE-2024/CVE-2024-259xx/CVE-2024-25941.json +++ b/CVE-2024/CVE-2024-259xx/CVE-2024-25941.json @@ -2,7 +2,7 @@ "id": "CVE-2024-25941", "sourceIdentifier": "secteam@freebsd.org", "published": "2024-02-15T05:15:11.200", - "lastModified": "2024-06-10T19:15:53.077", + "lastModified": "2024-11-19T22:35:05.860", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "La llamada al sistema jail(2) no ha limitado la visibilidad de los TTY asignados (el sysctl kern.ttys). Esto da lugar a una filtraci\u00f3n de informaci\u00f3n sobre procesos fuera de la actual c\u00e1rcel. El atacante puede obtener informaci\u00f3n sobre los TTY asignados en el host o en otras c\u00e1rceles. Efectivamente, la informaci\u00f3n impresa por \"pstat -t\" puede filtrarse." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.3, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.8, + "impactScore": 1.4 + } + ] + }, "references": [ { "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc", diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27532.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27532.json index de90c59a496..789b58b72a1 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27532.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27532.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27532", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.603", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-19T21:35:05.417", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "wasm-micro-runtime (tambi\u00e9n conocido como WebAssembly Micro Runtime o WAMR) 06df58f es vulnerable a la desreferencia de puntero NULL en la funci\u00f3n `block_type_get_result_types." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/haruki3hhh/e468ac3b3234f9bc42a9cc367457119a", diff --git a/CVE-2024/CVE-2024-276xx/CVE-2024-27660.json b/CVE-2024/CVE-2024-276xx/CVE-2024-27660.json index 5b8be112fcc..63a4addbb1b 100644 --- a/CVE-2024/CVE-2024-276xx/CVE-2024-27660.json +++ b/CVE-2024/CVE-2024-276xx/CVE-2024-27660.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27660", "sourceIdentifier": "cve@mitre.org", "published": "2024-02-29T20:15:41.730", - "lastModified": "2024-03-01T14:04:26.010", + "lastModified": "2024-11-19T22:35:06.103", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda desreferencias de puntero nulo en sub_41C488(). Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], "references": [ { "url": "https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x41C708-e46f864c48114f45894f4563588d7968?pvs=4", diff --git a/CVE-2024/CVE-2024-304xx/CVE-2024-30424.json b/CVE-2024/CVE-2024-304xx/CVE-2024-30424.json new file mode 100644 index 00000000000..dcafe530530 --- /dev/null +++ b/CVE-2024/CVE-2024-304xx/CVE-2024-30424.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-30424", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-19T22:15:20.103", + "lastModified": "2024-11-19T22:15:20.103", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Stored XSS.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wpzoom-addons-for-beaver-builder/wordpress-beaver-builder-addons-by-wpzoom-plugin-1-3-4-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31141.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31141.json index a111cc86102..7c88fc98d51 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31141.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31141.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31141", "sourceIdentifier": "security@apache.org", "published": "2024-11-19T09:15:03.860", - "lastModified": "2024-11-19T15:35:06.263", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-332xx/CVE-2024-33231.json b/CVE-2024/CVE-2024-332xx/CVE-2024-33231.json index f12023fbc7f..576336f201d 100644 --- a/CVE-2024/CVE-2024-332xx/CVE-2024-33231.json +++ b/CVE-2024/CVE-2024-332xx/CVE-2024-33231.json @@ -2,8 +2,8 @@ "id": "CVE-2024-33231", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T23:15:04.783", - "lastModified": "2024-11-19T15:35:06.980", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-338xx/CVE-2024-33859.json b/CVE-2024/CVE-2024-338xx/CVE-2024-33859.json index f97d5ed075e..a3252df203d 100644 --- a/CVE-2024/CVE-2024-338xx/CVE-2024-33859.json +++ b/CVE-2024/CVE-2024-338xx/CVE-2024-33859.json @@ -2,7 +2,7 @@ "id": "CVE-2024-33859", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-07T17:15:09.200", - "lastModified": "2024-05-07T20:07:58.737", + "lastModified": "2024-11-19T22:35:07.000", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 un problema en Logpoint antes de 7.4.0. El c\u00f3digo HTML enviado a trav\u00e9s de registros no se escapaba en la interfaz de usuario web \"Campo interesante\", lo que generaba XSS." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://servicedesk.logpoint.com/hc/en-us/articles/18533927651357-XSS-in-Interesting-Fields-in-Logpoint-Web-UI", diff --git a/CVE-2024/CVE-2024-345xx/CVE-2024-34510.json b/CVE-2024/CVE-2024-345xx/CVE-2024-34510.json index 3034cd494b4..0b5741bebf8 100644 --- a/CVE-2024/CVE-2024-345xx/CVE-2024-34510.json +++ b/CVE-2024/CVE-2024-345xx/CVE-2024-34510.json @@ -2,7 +2,7 @@ "id": "CVE-2024-34510", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-05T20:15:07.417", - "lastModified": "2024-05-06T12:44:56.377", + "lastModified": "2024-11-19T22:35:07.850", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -39,6 +39,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-116" + } + ] + } + ], "references": [ { "url": "https://github.com/gradio-app/gradio/", diff --git a/CVE-2024/CVE-2024-363xx/CVE-2024-36384.json b/CVE-2024/CVE-2024-363xx/CVE-2024-36384.json index 6b0f3a1db72..1828feb630a 100644 --- a/CVE-2024/CVE-2024-363xx/CVE-2024-36384.json +++ b/CVE-2024/CVE-2024-363xx/CVE-2024-36384.json @@ -2,7 +2,7 @@ "id": "CVE-2024-36384", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-27T04:15:09.143", - "lastModified": "2024-05-28T12:39:28.377", + "lastModified": "2024-11-19T22:35:08.610", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Pointsharp Cryptshare Server anterior a 7.0.0 tiene un problema XSS relacionado con los mensajes de notificaci\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://documentation.cryptshare.com/w/CSSCurrent_en:Version_7.0.0#Additional_Changes", diff --git a/CVE-2024/CVE-2024-364xx/CVE-2024-36472.json b/CVE-2024/CVE-2024-364xx/CVE-2024-36472.json index 1978516fe9e..40ca670fc59 100644 --- a/CVE-2024/CVE-2024-364xx/CVE-2024-36472.json +++ b/CVE-2024/CVE-2024-364xx/CVE-2024-36472.json @@ -2,7 +2,7 @@ "id": "CVE-2024-36472", "sourceIdentifier": "cve@mitre.org", "published": "2024-05-28T16:15:17.033", - "lastModified": "2024-05-28T17:11:47.007", + "lastModified": "2024-11-19T22:35:09.457", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "En GNOME Shell hasta la versi\u00f3n 45.7, se puede iniciar autom\u00e1ticamente un asistente de portal (sin confirmaci\u00f3n del usuario) en funci\u00f3n de las respuestas de red proporcionadas por un adversario (por ejemplo, un adversario que controla la red Wi-Fi local) y, posteriormente, carga c\u00f3digo JavaScript que no es de confianza, lo que puede conducir al consumo de recursos u otros impactos dependiendo del comportamiento del c\u00f3digo JavaScript." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-346" + } + ] + } + ], "references": [ { "url": "https://gitlab.gnome.org/GNOME/gnome-shell/-/issues/7688", diff --git a/CVE-2024/CVE-2024-370xx/CVE-2024-37070.json b/CVE-2024/CVE-2024-370xx/CVE-2024-37070.json index ea1827d680b..0ca14fe159b 100644 --- a/CVE-2024/CVE-2024-370xx/CVE-2024-37070.json +++ b/CVE-2024/CVE-2024-370xx/CVE-2024-37070.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37070", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-19T20:15:30.693", - "lastModified": "2024-11-19T20:15:30.693", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-397xx/CVE-2024-39726.json b/CVE-2024/CVE-2024-397xx/CVE-2024-39726.json index 375f8bbf869..da19d694eed 100644 --- a/CVE-2024/CVE-2024-397xx/CVE-2024-39726.json +++ b/CVE-2024/CVE-2024-397xx/CVE-2024-39726.json @@ -2,8 +2,8 @@ "id": "CVE-2024-39726", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-15T17:15:19.983", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:51:40.093", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,52 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.2:-:*:*:*:*:*:*", + "matchCriteriaId": "F4CC3C28-FF12-4B65-AEE4-1F54E3A0B11F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:engineering_lifecycle_optimization_-_engineering_insights:7.0.3:-:*:*:*:*:*:*", + "matchCriteriaId": "5E6ECEDA-A440-4085-867C-B42D6B439F58" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", + "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7176208", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-398xx/CVE-2024-39884.json b/CVE-2024/CVE-2024-398xx/CVE-2024-39884.json index 3eb6f3d6a9c..42a33db3b11 100644 --- a/CVE-2024/CVE-2024-398xx/CVE-2024-39884.json +++ b/CVE-2024/CVE-2024-398xx/CVE-2024-39884.json @@ -2,7 +2,7 @@ "id": "CVE-2024-39884", "sourceIdentifier": "security@apache.org", "published": "2024-07-04T09:15:04.237", - "lastModified": "2024-07-17T21:15:11.743", + "lastModified": "2024-11-19T21:35:06.303", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Una regresi\u00f3n en el n\u00facleo de Apache HTTP Server 2.4.60 ignora parte del uso de la configuraci\u00f3n de controladores heredada basada en el tipo de contenido. \"AddType\" y configuraciones similares, en algunas circunstancias en las que los archivos se solicitan indirectamente, dan como resultado la divulgaci\u00f3n del c\u00f3digo fuente del contenido local. Por ejemplo, los scripts PHP pueden servirse en lugar de interpretarse. Se recomienda a los usuarios actualizar a la versi\u00f3n 2.4.61, que soluciona este problema." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "http://www.openwall.com/lists/oss-security/2024/07/17/6", diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42450.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42450.json index 453f71292f7..9f1e2591ed3 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42450.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42450.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42450", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-19T18:15:20.560", - "lastModified": "2024-11-19T20:35:23.447", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-433xx/CVE-2024-43338.json b/CVE-2024/CVE-2024-433xx/CVE-2024-43338.json index 15c03d4e6e4..1c73e69af3a 100644 --- a/CVE-2024/CVE-2024-433xx/CVE-2024-43338.json +++ b/CVE-2024/CVE-2024-433xx/CVE-2024-43338.json @@ -2,8 +2,8 @@ "id": "CVE-2024-43338", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:09.013", - "lastModified": "2024-11-19T17:15:09.013", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43416.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43416.json index 7825b45defa..83f10c49f57 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43416.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43416.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43416", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T17:15:11.220", - "lastModified": "2024-11-18T17:15:11.220", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue." + }, + { + "lang": "es", + "value": "GLPI es un paquete de software gratuito de gesti\u00f3n de activos y TI. A partir de la versi\u00f3n 0.80 y antes de la versi\u00f3n 10.0.17, un usuario no autenticado puede usar un endpoint de la aplicaci\u00f3n para verificar si una direcci\u00f3n de correo electr\u00f3nico corresponde a un usuario v\u00e1lido de GLPI. La versi\u00f3n 10.0.17 soluciona el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-446xx/CVE-2024-44625.json b/CVE-2024/CVE-2024-446xx/CVE-2024-44625.json index 03635563fca..dba04b34379 100644 --- a/CVE-2024/CVE-2024-446xx/CVE-2024-44625.json +++ b/CVE-2024/CVE-2024-446xx/CVE-2024-44625.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44625", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T17:15:20.260", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:51:19.917", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,75 @@ "value": "Gogs <=0.13.0 es vulnerable a la navegaci\u00f3n de Directory Traversal de la funci\u00f3n editFilePost de internal/route/repo/editor.go." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*", + "versionEndIncluding": "0.13.0", + "matchCriteriaId": "5634A605-49DE-459E-ADE6-2E65D89321BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://fysac.github.io/posts/2024/11/unpatched-remote-code-execution-in-gogs/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://gogs.io/", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Product" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-447xx/CVE-2024-44756.json b/CVE-2024/CVE-2024-447xx/CVE-2024-44756.json index 58931155696..4e9abef54a9 100644 --- a/CVE-2024/CVE-2024-447xx/CVE-2024-44756.json +++ b/CVE-2024/CVE-2024-447xx/CVE-2024-44756.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44756", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T17:15:11.450", - "lastModified": "2024-11-18T17:15:11.450", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que NUS-M9 ERP Management Software v3.0.0 conten\u00eda una vulnerabilidad de inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de c\u00f3digo de usuario en /UserWH/checkLogin." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-447xx/CVE-2024-44757.json b/CVE-2024/CVE-2024-447xx/CVE-2024-44757.json index 10d4f87044e..3b8484d969d 100644 --- a/CVE-2024/CVE-2024-447xx/CVE-2024-44757.json +++ b/CVE-2024/CVE-2024-447xx/CVE-2024-44757.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44757", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T17:15:11.510", - "lastModified": "2024-11-18T17:15:11.510", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de descarga de archivos arbitrarios en el componente /Basics/DownloadInpFile de NUS-M9 ERP Management Software v3.0.0 permite a los atacantes descargar archivos arbitrarios y acceder a informaci\u00f3n confidencial a trav\u00e9s de una solicitud de interfaz manipulada espec\u00edficamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45419.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45419.json index 058012a6c93..b5a942e873f 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45419.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45419.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45419", "sourceIdentifier": "security@zoom.us", "published": "2024-11-19T20:15:30.973", - "lastModified": "2024-11-19T20:15:30.973", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45420.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45420.json index bb31cd233ba..1cf7830d87c 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45420.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45420.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45420", "sourceIdentifier": "security@zoom.us", "published": "2024-11-19T20:15:31.200", - "lastModified": "2024-11-19T20:15:31.200", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45422.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45422.json index b4f03d18ae5..da03d6c7858 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45422.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45422.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45422", "sourceIdentifier": "security@zoom.us", "published": "2024-11-19T20:15:31.430", - "lastModified": "2024-11-19T20:15:31.430", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45609.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45609.json index 7b6c28e7005..d27cda6ad71 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45609.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45609.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45609", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-15T20:15:20.410", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:22:06.043", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -51,10 +71,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "0.70", + "versionEndExcluding": "10.0.17", + "matchCriteriaId": "F0AB7130-09DA-49A3-8D17-C218BD5A0DC9" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-3j2f-3j4v-hppr", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-456xx/CVE-2024-45610.json b/CVE-2024/CVE-2024-456xx/CVE-2024-45610.json index bc0b845130b..7ad3bfb6319 100644 --- a/CVE-2024/CVE-2024-456xx/CVE-2024-45610.json +++ b/CVE-2024/CVE-2024-456xx/CVE-2024-45610.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45610", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-15T21:15:09.370", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:07:46.790", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -51,10 +81,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glpi-project:glpi:*:*:*:*:*:*:*:*", + "versionStartIncluding": "10.0.0", + "versionEndExcluding": "10.0.17", + "matchCriteriaId": "A8C93409-21A2-459E-9451-2D915D941D40" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/glpi-project/glpi/security/advisories/GHSA-vvr8-chwj-9m4c", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46613.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46613.json index 6707777c154..98e980c0bcb 100644 --- a/CVE-2024/CVE-2024-466xx/CVE-2024-46613.json +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46613.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46613", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T21:15:14.790", - "lastModified": "2024-11-14T14:55:29.753", - "vulnStatus": "Analyzed", + "lastModified": "2024-11-19T21:35:06.937", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 3.9, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.4 } ] }, @@ -49,6 +69,16 @@ "value": "CWE-190" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] } ], "configurations": [ diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47533.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47533.json index 3f0c0680c26..99c445f0bff 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47533.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47533.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47533", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T17:15:11.563", - "lastModified": "2024-11-18T17:15:11.563", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue." + }, + { + "lang": "es", + "value": "Cobbler, un servidor de instalaci\u00f3n de Linux que permite la configuraci\u00f3n r\u00e1pida de entornos de instalaci\u00f3n de red, tiene una vulnerabilidad de autenticaci\u00f3n incorrecta a partir de la versi\u00f3n 3.0.0 y anteriores a las versiones 3.2.3 y 3.3.7. `utils.get_shared_secret()` siempre devuelve `-1`, lo que permite que cualquiera se conecte a Cobbler XML-RPC como usuario `''` contrase\u00f1a `-1` y realice cualquier cambio. Esto le da a cualquier persona con acceso de red a un servidor Cobbler control total del servidor. Las versiones 3.2.3 y 3.3.7 solucionan el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47820.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47820.json index cfcb51cee9c..bc2854c83ad 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47820.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47820.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47820", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T17:15:11.777", - "lastModified": "2024-11-18T17:15:11.777", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading." + }, + { + "lang": "es", + "value": "MarkUs, una aplicaci\u00f3n web para el env\u00edo y calificaci\u00f3n de tareas de los estudiantes, es vulnerable a path traversal en versiones anteriores a la 2.4.8. Los instructores autenticados pueden descargar cualquier archivo en el servidor web en el que se ejecuta MarkUs, seg\u00fan los permisos de archivo. MarkUs v2.4.8 ha solucionado este problema. No hay workarounds disponibles a nivel de aplicaci\u00f3n aparte de la actualizaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47873.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47873.json index 80b71a3509f..6a22996c847 100644 --- a/CVE-2024/CVE-2024-478xx/CVE-2024-47873.json +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47873.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47873", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T17:15:11.973", - "lastModified": "2024-11-18T17:15:11.973", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue." + }, + { + "lang": "es", + "value": "PhpSpreadsheet es una librer\u00eda PHP para leer y escribir archivos de hojas de c\u00e1lculo. La clase XmlScanner tiene un m\u00e9todo de escaneo que deber\u00eda evitar ataques XXE. Sin embargo, antes de las versiones 1.9.4, 2.1.3, 2.3.2 y 3.4.0, las expresiones regulares utilizadas en el m\u00e9todo `scan` y en el m\u00e9todo findCharSet se pueden omitir utilizando UCS-4 y adivinando la codificaci\u00f3n. Un atacante puede omitir el desinfectante y lograr un ataque de entidad externa XML. Las versiones 1.9.4, 2.1.3, 2.3.2 y 3.4.0 solucionan el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48069.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48069.json index 3519beda507..63193d0636c 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48069.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48069.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48069", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-19T18:15:21.257", - "lastModified": "2024-11-19T18:15:21.257", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48070.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48070.json index 40229e49536..4a48f9d693c 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48070.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48070.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48070", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-19T18:15:21.353", - "lastModified": "2024-11-19T18:15:21.353", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48071.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48071.json index 917e6a7268f..2042e75a216 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48071.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48071.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48071", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-19T17:15:09.267", - "lastModified": "2024-11-19T17:15:09.267", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48072.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48072.json index 26a4fcca55a..d389105bce7 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48072.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48072.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48072", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-19T18:15:21.437", - "lastModified": "2024-11-19T18:15:21.437", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-482xx/CVE-2024-48292.json b/CVE-2024/CVE-2024-482xx/CVE-2024-48292.json index 85af012d9a2..745e513c222 100644 --- a/CVE-2024/CVE-2024-482xx/CVE-2024-48292.json +++ b/CVE-2024/CVE-2024-482xx/CVE-2024-48292.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48292", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T18:15:06.260", - "lastModified": "2024-11-19T16:35:12.460", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-482xx/CVE-2024-48293.json b/CVE-2024/CVE-2024-482xx/CVE-2024-48293.json index 69e1cc5885f..070dd6d4367 100644 --- a/CVE-2024/CVE-2024-482xx/CVE-2024-48293.json +++ b/CVE-2024/CVE-2024-482xx/CVE-2024-48293.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48293", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T19:15:05.527", - "lastModified": "2024-11-19T16:35:13.320", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-482xx/CVE-2024-48294.json b/CVE-2024/CVE-2024-482xx/CVE-2024-48294.json index 8c064c3a7cd..f44e4305864 100644 --- a/CVE-2024/CVE-2024-482xx/CVE-2024-48294.json +++ b/CVE-2024/CVE-2024-482xx/CVE-2024-48294.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48294", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T19:15:05.590", - "lastModified": "2024-11-19T16:35:14.130", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-486xx/CVE-2024-48694.json b/CVE-2024/CVE-2024-486xx/CVE-2024-48694.json index 55d7fd4a78e..3d77655a544 100644 --- a/CVE-2024/CVE-2024-486xx/CVE-2024-48694.json +++ b/CVE-2024/CVE-2024-486xx/CVE-2024-48694.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48694", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-19T19:15:08.140", - "lastModified": "2024-11-19T19:15:08.140", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48917.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48917.json index 9c0f865ee56..c90d93a5d9f 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48917.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48917.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48917", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T20:15:05.403", - "lastModified": "2024-11-18T20:15:05.403", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported `CVE-2024-47873`, the regexes from the `findCharSet` method, which is used for determining the current encoding can be bypassed by using a payload in the encoding UTF-7, and adding at end of the file a comment with the value `encoding=\"UTF-8\"` with `\"`, which is matched by the first regex, so that `encoding='UTF-7'` with single quotes `'` in the XML header is not matched by the second regex. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue." + }, + { + "lang": "es", + "value": "PhpSpreadsheet es una librer\u00eda PHP para leer y escribir archivos de hojas de c\u00e1lculo. La clase `XmlScanner` tiene un m\u00e9todo de escaneo que deber\u00eda evitar ataques XXE. Sin embargo, en una omisi\u00f3n del `CVE-2024-47873` informado anteriormente, las expresiones regulares del m\u00e9todo `findCharSet`, que se utiliza para determinar la codificaci\u00f3n actual, se pueden omitir utilizando un payload en la codificaci\u00f3n UTF-7 y agregando al final del archivo un comentario con el valor `encoding=\"UTF-8\"` con `\"`, que coincide con la primera expresi\u00f3n regular, de modo que `encoding='UTF-7'` con comillas simples `'` en el encabezado XML no coincida con la segunda expresi\u00f3n regular. Un atacante puede omitir el desinfectante y lograr un ataque de entidad externa XML. Las versiones 1.9.4, 2.1.3, 2.3.2 y 3.4.0 solucionan el problema." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48990.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48990.json index 280f70239dd..024c804997f 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48990.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48990.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48990", "sourceIdentifier": "security@ubuntu.com", "published": "2024-11-19T18:15:21.530", - "lastModified": "2024-11-19T20:35:26.633", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48991.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48991.json index 4f9f1554929..6e86f55870f 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48991.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48991.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48991", "sourceIdentifier": "security@ubuntu.com", "published": "2024-11-19T18:15:21.710", - "lastModified": "2024-11-19T18:15:21.710", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48992.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48992.json index ede389e8686..7aadcfa60b9 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48992.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48992.json @@ -2,8 +2,8 @@ "id": "CVE-2024-48992", "sourceIdentifier": "security@ubuntu.com", "published": "2024-11-19T18:15:21.897", - "lastModified": "2024-11-19T20:35:27.427", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49536.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49536.json index a58c3610b71..4fede7e1f25 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49536.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49536.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49536", "sourceIdentifier": "psirt@adobe.com", "published": "2024-11-15T20:15:20.683", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:21:45.640", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,10 +51,55 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*", + "versionEndIncluding": "23.6.9", + "matchCriteriaId": "7456AB28-814B-4EF7-8879-D39252F1EA83" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:adobe:audition:*:*:*:*:*:*:*:*", + "versionStartIncluding": "24.0", + "versionEndExcluding": "24.6.3", + "matchCriteriaId": "900CB361-DA4E-4DF5-A4B1-8237A5347449" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", + "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E" + }, + { + "vulnerable": false, + "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", + "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA" + } + ] + } + ] + } + ], "references": [ { "url": "https://helpx.adobe.com/security/products/audition/apsb24-83.html", - "source": "psirt@adobe.com" + "source": "psirt@adobe.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49680.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49680.json index c2bdc021d1e..42b4304d211 100644 --- a/CVE-2024/CVE-2024-496xx/CVE-2024-49680.json +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49680.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49680", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:09.380", - "lastModified": "2024-11-19T17:15:09.380", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49689.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49689.json index 47992956cb6..bd057387e04 100644 --- a/CVE-2024/CVE-2024-496xx/CVE-2024-49689.json +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49689.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49689", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:09.633", - "lastModified": "2024-11-19T17:15:09.633", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-496xx/CVE-2024-49697.json b/CVE-2024/CVE-2024-496xx/CVE-2024-49697.json index 0035f02431c..7856370c46e 100644 --- a/CVE-2024/CVE-2024-496xx/CVE-2024-49697.json +++ b/CVE-2024/CVE-2024-496xx/CVE-2024-49697.json @@ -2,8 +2,8 @@ "id": "CVE-2024-49697", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:09.870", - "lastModified": "2024-11-19T17:15:09.870", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50264.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50264.json index 8d84b829741..6e280348bc2 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50264.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50264.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50264", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:28.210", - "lastModified": "2024-11-19T02:16:28.210", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nvsock/virtio: Initialization of the dangling pointer occurring in vsk->trans\n\nDuring loopback communication, a dangling pointer can be created in\nvsk->trans, potentially leading to a Use-After-Free condition. This\nissue is resolved by initializing vsk->trans to NULL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: vsock/virtio: inicializaci\u00f3n del puntero colgante que se produce en vsk->trans. Durante la comunicaci\u00f3n de bucle invertido, se puede crear un puntero colgante en vsk->trans, lo que puede provocar una condici\u00f3n de Use-After-Free. Este problema se resuelve inicializando vsk->trans en NULL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50265.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50265.json index 5ccb2fbeb27..8c8e605a1b3 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50265.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50265.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50265", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:28.310", - "lastModified": "2024-11-19T02:16:28.310", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove()\n\nSyzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove():\n\n[ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12\n[ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry\n[ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004\n[...]\n[ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[...]\n[ 57.331328] Call Trace:\n[ 57.331477] \n[...]\n[ 57.333511] ? do_user_addr_fault+0x3e5/0x740\n[ 57.333778] ? exc_page_fault+0x70/0x170\n[ 57.334016] ? asm_exc_page_fault+0x2b/0x30\n[ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10\n[ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0\n[ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0\n[ 57.335164] ocfs2_xa_set+0x704/0xcf0\n[ 57.335381] ? _raw_spin_unlock+0x1a/0x40\n[ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20\n[ 57.335915] ? trace_preempt_on+0x1e/0x70\n[ 57.336153] ? start_this_handle+0x16c/0x500\n[ 57.336410] ? preempt_count_sub+0x50/0x80\n[ 57.336656] ? _raw_read_unlock+0x20/0x40\n[ 57.336906] ? start_this_handle+0x16c/0x500\n[ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0\n[ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0\n[ 57.337706] ? ocfs2_start_trans+0x13d/0x290\n[ 57.337971] ocfs2_xattr_set+0xb13/0xfb0\n[ 57.338207] ? dput+0x46/0x1c0\n[ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30\n[ 57.338948] __vfs_removexattr+0x92/0xc0\n[ 57.339182] __vfs_removexattr_locked+0xd5/0x190\n[ 57.339456] ? preempt_count_sub+0x50/0x80\n[ 57.339705] vfs_removexattr+0x5f/0x100\n[...]\n\nReproducer uses faultinject facility to fail ocfs2_xa_remove() ->\nocfs2_xa_value_truncate() with -ENOMEM.\n\nIn this case the comment mentions that we can return 0 if\nocfs2_xa_cleanup_value_truncate() is going to wipe the entry\nanyway. But the following 'rc' check is wrong and execution flow do\n'ocfs2_xa_remove_entry(loc);' twice:\n* 1st: in ocfs2_xa_cleanup_value_truncate();\n* 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'.\n\nFix this by skipping the 2nd removal of the same entry and making\nsyzkaller repro happy." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: eliminar la entrada una vez en lugar de la desreferencia ptr nula en ocfs2_xa_remove() Syzkaller puede provocar la desreferencia ptr nula en ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Truncamiento parcial al eliminar xattr overlay.upper. Fuga de 1 cl\u00faster y eliminaci\u00f3n de la entrada [ 57.321727] ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000004 [...] [ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [...] [ 57.331328] Seguimiento de llamadas: [ 57.331477] [...] [ 57.333511] ? do_user_addr_fault+0x3e5/0x740 [ 57.333778] ? exc_page_fault+0x70/0x170 [ 57.334016] ? asm_exc_page_fault+0x2b/0x30 [ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10 [ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0 [ 57.335164] ocfs2_xa_set+0x704/0xcf0 [ 57.335381] ? _raw_spin_unlock+0x1a/0x40 [ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20 [ 57.335915] ? trace_preempt_on+0x1e/0x70 [ 57.336153] ? start_this_handle+0x16c/0x500 [ 57.336410] ? preempt_count_sub+0x50/0x80 [ 57.336656] ? _raw_read_unlock+0x20/0x40 [ 57.336906] ? ocfs2_xattr_set_handle+0x1fd/0x5d0 [ 57.337706] ? ocfs2_start_trans+0x13d/0x290 [ 57.337971] ocfs2_xattr_set+0xb13/0xfb0 [ 57.338207] ? dput+0x46/0x1c0 [ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338948] __vfs_removexattr+0x92/0xc0 [ 57.339182] __vfs_removexattr_locked+0xd5/0x190 [ 57.339456] ? preempt_count_sub+0x50/0x80 [ 57.339705] vfs_removexattr+0x5f/0x100 [...] El reproductor utiliza la funci\u00f3n faultinject para hacer que ocfs2_xa_remove() -> ocfs2_xa_value_truncate() falle con -ENOMEM. En este caso, el comentario menciona que podemos devolver 0 si ocfs2_xa_cleanup_value_truncate() va a borrar la entrada de todos modos. Pero la siguiente comprobaci\u00f3n de 'rc' es incorrecta y el flujo de ejecuci\u00f3n ejecuta 'ocfs2_xa_remove_entry(loc);' dos veces: * 1.\u00aa: en ocfs2_xa_cleanup_value_truncate(); * 2.\u00aa: regresa a ocfs2_xa_remove() en lugar de ir a 'out'. Solucione esto omitiendo la segunda eliminaci\u00f3n de la misma entrada y haciendo que syzkaller repro funcione correctamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50266.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50266.json index d2aa5d75143..38b5ba7ac7d 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50266.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50266.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50266", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:28.540", - "lastModified": "2024-11-19T02:16:28.540", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nclk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs\n\nA recent change in the venus driver results in a stuck clock on the\nLenovo ThinkPad X13s, for example, when streaming video in firefox:\n\n\tvideo_cc_mvs0_clk status stuck at 'off'\n\tWARNING: CPU: 6 PID: 2885 at drivers/clk/qcom/clk-branch.c:87 clk_branch_wait+0x144/0x15c\n\t...\n\tCall trace:\n\t clk_branch_wait+0x144/0x15c\n\t clk_branch2_enable+0x30/0x40\n\t clk_core_enable+0xd8/0x29c\n\t clk_enable+0x2c/0x4c\n\t vcodec_clks_enable.isra.0+0x94/0xd8 [venus_core]\n\t coreid_power_v4+0x464/0x628 [venus_core]\n\t vdec_start_streaming+0xc4/0x510 [venus_dec]\n\t vb2_start_streaming+0x6c/0x180 [videobuf2_common]\n\t vb2_core_streamon+0x120/0x1dc [videobuf2_common]\n\t vb2_streamon+0x1c/0x6c [videobuf2_v4l2]\n\t v4l2_m2m_ioctl_streamon+0x30/0x80 [v4l2_mem2mem]\n\t v4l_streamon+0x24/0x30 [videodev]\n\nusing the out-of-tree sm8350/sc8280xp venus support. [1]\n\nUpdate also the sm8350/sc8280xp GDSC definitions so that the hw control\nmode can be changed at runtime as the venus driver now requires." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER para GDSC de vcodec Un cambio reciente en el controlador venus da como resultado un reloj atascado en Lenovo ThinkPad X13s, por ejemplo, al transmitir video en Firefox: video_cc_mvs0_clk status stuck at 'off' WARNING: CPU: 6 PID: 2885 at drivers/clk/qcom/clk-branch.c:87 clk_branch_wait+0x144/0x15c ... Rastreo de llamadas: clk_branch_wait+0x144/0x15c clk_branch2_enable+0x30/0x40 clk_core_enable+0xd8/0x29c clk_enable+0x2c/0x4c vcodec_clks_enable.isra.0+0x94/0xd8 [venus_core] coreid_power_v4+0x464/0x628 [venus_core] vdec_start_streaming+0xc4/0x510 [venus_dec] vb2_start_streaming+0x6c/0x180 [videobuf2_common] vb2_core_streamon+0x120/0x1dc [videobuf2_common] vb2_streamon+0x1c/0x6c [videobuf2_v4l2] v4l2_m2m_ioctl_streamon+0x30/0x80 [v4l2_mem2mem] v4l_streamon+0x24/0x30 [videodev] usando el soporte de venus sm8350/sc8280xp fuera del \u00e1rbol. [1] Actualice tambi\u00e9n las definiciones GDSC de sm8350/sc8280xp para que el modo de control de hardware se pueda cambiar en tiempo de ejecuci\u00f3n como lo requiere ahora el controlador Venus." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50267.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50267.json index 7e13d3450c1..4f80eb19f94 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50267.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50267.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50267", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:28.647", - "lastModified": "2024-11-19T02:16:28.647", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nUSB: serial: io_edgeport: fix use after free in debug printk\n\nThe \"dev_dbg(&urb->dev->dev, ...\" which happens after usb_free_urb(urb)\nis a use after free of the \"urb\" pointer. Store the \"dev\" pointer at the\nstart of the function to avoid this issue." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: serial: io_edgeport: fix use after free in debug printk El \"dev_dbg(&urb->dev->dev, ...\" que ocurre despu\u00e9s de usb_free_urb(urb) es un use after free el puntero \"urb\". Almacene el puntero \"dev\" al comienzo de la funci\u00f3n para evitar este problema." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50268.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50268.json index bb500490cd6..eb6940ec05e 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50268.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50268.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50268", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:28.787", - "lastModified": "2024-11-19T02:16:28.787", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd()\n\nThe \"*cmd\" variable can be controlled by the user via debugfs. That means\n\"new_cam\" can be as high as 255 while the size of the uc->updated[] array\nis UCSI_MAX_ALTMODES (30).\n\nThe call tree is:\nucsi_cmd() // val comes from simple_attr_write_xsigned()\n-> ucsi_send_command()\n -> ucsi_send_command_common()\n -> ucsi_run_command() // calls ucsi->ops->sync_control()\n -> ucsi_ccg_sync_control()" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: se corrige un posible error fuera de los l\u00edmites en ucsi_ccg_update_set_new_cam_cmd() La variable \"*cmd\" puede ser controlada por el usuario a trav\u00e9s de debugfs. Esto significa que \"new_cam\" puede tener un valor de hasta 255, mientras que el tama\u00f1o de la matriz uc->updated[] es UCSI_MAX_ALTMODES (30). El \u00e1rbol de llamadas es: ucsi_cmd() // val proviene de simple_attr_write_xsigned() -> ucsi_send_command() -> ucsi_send_command_common() -> ucsi_run_command() // llama a ucsi->ops->sync_control() -> ucsi_ccg_sync_control()" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50269.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50269.json index 4d4cf548713..d7402685a01 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50269.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50269.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50269", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:28.930", - "lastModified": "2024-11-19T02:16:28.930", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nusb: musb: sunxi: Fix accessing an released usb phy\n\nCommit 6ed05c68cbca (\"usb: musb: sunxi: Explicitly release USB PHY on\nexit\") will cause that usb phy @glue->xceiv is accessed after released.\n\n1) register platform driver @sunxi_musb_driver\n// get the usb phy @glue->xceiv\nsunxi_musb_probe() -> devm_usb_get_phy().\n\n2) register and unregister platform driver @musb_driver\nmusb_probe() -> sunxi_musb_init()\nuse the phy here\n//the phy is released here\nmusb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy()\n\n3) register @musb_driver again\nmusb_probe() -> sunxi_musb_init()\nuse the phy here but the phy has been released at 2).\n...\n\nFixed by reverting the commit, namely, removing devm_usb_put_phy()\nfrom sunxi_musb_exit()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: musb: sunxi: Se solucion\u00f3 el acceso a un usb phy liberado. Commit 6ed05c68cbca (\"usb: musb: sunxi: Liberar expl\u00edcitamente USB PHY al salir\") provocar\u00e1 que se acceda al usb phy @glue->xceiv despu\u00e9s de su liberaci\u00f3n. 1) registrar el controlador de la plataforma @sunxi_musb_driver // obtener el usb phy @glue->xceiv sunxi_musb_probe() -> devm_usb_get_phy(). 2) registrar y anular el registro del controlador de la plataforma @musb_driver musb_probe() -> sunxi_musb_init() usa el phy aqu\u00ed //el phy se publica aqu\u00ed musb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy() 3) registrar @musb_driver nuevamente musb_probe() -> sunxi_musb_init() usa el phy aqu\u00ed pero el phy se ha publicado en 2). ... Se solucion\u00f3 revirtiendo el commit, es decir, eliminando devm_usb_put_phy() de sunxi_musb_exit()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50270.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50270.json index 341e84003f3..017208cb6da 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50270.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50270.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50270", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:29.033", - "lastModified": "2024-11-19T02:16:29.033", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm/damon/core: avoid overflow in damon_feed_loop_next_input()\n\ndamon_feed_loop_next_input() is inefficient and fragile to overflows. \nSpecifically, 'score_goal_diff_bp' calculation can overflow when 'score'\nis high. The calculation is actually unnecessary at all because 'goal' is\na constant of value 10,000. Calculation of 'compensation' is again\nfragile to overflow. Final calculation of return value for under-achiving\ncase is again fragile to overflow when the current score is\nunder-achieving the target.\n\nAdd two corner cases handling at the beginning of the function to make the\nbody easier to read, and rewrite the body of the function to avoid\noverflows and the unnecessary bp value calcuation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm/damon/core: evitar desbordamientos en damon_feed_loop_next_input() damon_feed_loop_next_input() es ineficiente y fr\u00e1gil a desbordamientos. Espec\u00edficamente, el c\u00e1lculo de 'score_goal_diff_bp' puede desbordarse cuando 'score' es alto. El c\u00e1lculo es realmente innecesario en absoluto porque 'goal' es una constante de valor 10,000. El c\u00e1lculo de 'compensaci\u00f3n' es nuevamente fr\u00e1gil a desbordamientos. El c\u00e1lculo final del valor de retorno para el caso de bajo rendimiento es nuevamente fr\u00e1gil a desbordamientos cuando el puntaje actual no alcanza el objetivo. Agregue dos casos extremos de manejo al comienzo de la funci\u00f3n para hacer que el cuerpo sea m\u00e1s f\u00e1cil de leer y reescriba el cuerpo de la funci\u00f3n para evitar desbordamientos y el c\u00e1lculo innecesario del valor bp." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50271.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50271.json index af7c38dc9d9..cb5d959da8f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50271.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50271.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50271", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:29.180", - "lastModified": "2024-11-19T02:16:29.180", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsignal: restore the override_rlimit logic\n\nPrior to commit d64696905554 (\"Reimplement RLIMIT_SIGPENDING on top of\nucounts\") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of\nsignals. However now it's enforced unconditionally, even if\noverride_rlimit is set. This behavior change caused production issues. \n\nFor example, if the limit is reached and a process receives a SIGSEGV\nsignal, sigqueue_alloc fails to allocate the necessary resources for the\nsignal delivery, preventing the signal from being delivered with siginfo. \nThis prevents the process from correctly identifying the fault address and\nhandling the error. From the user-space perspective, applications are\nunaware that the limit has been reached and that the siginfo is\neffectively 'corrupted'. This can lead to unpredictable behavior and\ncrashes, as we observed with java applications.\n\nFix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip\nthe comparison to max there if override_rlimit is set. This effectively\nrestores the old behavior." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: se\u00f1al: restaurar la l\u00f3gica override_rlimit Antes de el commit d64696905554 (\"Reimplementar RLIMIT_SIGPENDING sobre ucounts\") UCOUNT_RLIMIT_SIGPENDING rlimit no se aplicaba para una clase de se\u00f1ales. Sin embargo, ahora se aplica de forma incondicional, incluso si se establece override_rlimit. Este cambio de comportamiento provoc\u00f3 problemas de producci\u00f3n. Por ejemplo, si se alcanza el l\u00edmite y un proceso recibe una se\u00f1al SIGSEGV, sigqueue_alloc no puede asignar los recursos necesarios para la entrega de la se\u00f1al, lo que impide que la se\u00f1al se entregue con siginfo. Esto impide que el proceso identifique correctamente la direcci\u00f3n de falla y maneje el error. Desde la perspectiva del espacio de usuario, las aplicaciones no saben que se ha alcanzado el l\u00edmite y que la siginfo est\u00e1 efectivamente \"corrupta\". Esto puede provocar un comportamiento impredecible y fallas, como observamos con las aplicaciones Java. Solucione este problema pasando override_rlimit a inc_rlimit_get_ucounts() y omita la comparaci\u00f3n con max all\u00ed si se configura override_rlimit. Esto restaura efectivamente el comportamiento anterior." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50272.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50272.json index 9a0c17d21c6..bc571364d7d 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50272.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50272.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50272", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:29.357", - "lastModified": "2024-11-19T02:16:29.357", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfilemap: Fix bounds checking in filemap_read()\n\nIf the caller supplies an iocb->ki_pos value that is close to the\nfilesystem upper limit, and an iterator with a count that causes us to\noverflow that limit, then filemap_read() enters an infinite loop.\n\nThis behaviour was discovered when testing xfstests generic/525 with the\n\"localio\" optimisation for loopback NFS mounts." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: filemap: Se ha corregido la comprobaci\u00f3n de los l\u00edmites en filemap_read() Si el llamador proporciona un valor iocb->ki_pos que est\u00e1 cerca del l\u00edmite superior del sistema de archivos y un iterador con un recuento que hace que desbordemos ese l\u00edmite, filemap_read() entra en un bucle infinito. Este comportamiento se descubri\u00f3 al probar xfstests generic/525 con la optimizaci\u00f3n \"localio\" para montajes NFS de bucle invertido." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50273.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50273.json index a2afb1d6a24..a5fbbeda470 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50273.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50273.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50273", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:29.483", - "lastModified": "2024-11-19T02:16:29.483", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: reinitialize delayed ref list after deleting it from the list\n\nAt insert_delayed_ref() if we need to update the action of an existing\nref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's\nref_add_list using list_del(), which leaves the ref's add_list member\nnot reinitialized, as list_del() sets the next and prev members of the\nlist to LIST_POISON1 and LIST_POISON2, respectively.\n\nIf later we end up calling drop_delayed_ref() against the ref, which can\nhappen during merging or when destroying delayed refs due to a transaction\nabort, we can trigger a crash since at drop_delayed_ref() we call\nlist_empty() against the ref's add_list, which returns false since\nthe list was not reinitialized after the list_del() and as a consequence\nwe call list_del() again at drop_delayed_ref(). This results in an\ninvalid list access since the next and prev members are set to poison\npointers, resulting in a splat if CONFIG_LIST_HARDENED and\nCONFIG_DEBUG_LIST are set or invalid poison pointer dereferences\notherwise.\n\nSo fix this by deleting from the list with list_del_init() instead." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: reinicializar la lista de referencias retrasadas despu\u00e9s de eliminarla de la lista En insert_delayed_ref(), si necesitamos actualizar la acci\u00f3n de una referencia existente a BTRFS_DROP_DELAYED_REF, eliminamos la referencia de ref_add_list de su cabecera de referencia usando list_del(), lo que deja el miembro add_list de la referencia sin reinicializar, ya que list_del() establece los miembros siguiente y anterior de la lista en LIST_POISON1 y LIST_POISON2, respectivamente. Si m\u00e1s tarde terminamos llamando a drop_delayed_ref() contra la referencia, lo que puede suceder durante la fusi\u00f3n o al destruir referencias retrasadas debido a un aborto de transacci\u00f3n, podemos provocar un bloqueo ya que en drop_delayed_ref() llamamos a list_empty() contra el add_list de la referencia, que devuelve falso ya que la lista no se reinicializ\u00f3 despu\u00e9s de list_del() y, como consecuencia, llamamos a list_del() nuevamente en drop_delayed_ref(). Esto da como resultado un acceso a la lista no v\u00e1lido ya que los miembros next y prev est\u00e1n configurados como punteros envenenados, lo que resulta en un splat si CONFIG_LIST_HARDENED y CONFIG_DEBUG_LIST est\u00e1n configurados o desreferencias de punteros envenenados no v\u00e1lidas en caso contrario. As\u00ed que solucione esto eliminando de la lista con list_del_init() en su lugar." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50274.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50274.json index 53a9c23544e..fc96b772a7e 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50274.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50274.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50274", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:29.650", - "lastModified": "2024-11-19T02:16:29.650", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nidpf: avoid vport access in idpf_get_link_ksettings\n\nWhen the device control plane is removed or the platform\nrunning device control plane is rebooted, a reset is detected\non the driver. On driver reset, it releases the resources and\nwaits for the reset to complete. If the reset fails, it takes\nthe error path and releases the vport lock. At this time if the\nmonitoring tools tries to access link settings, it call traces\nfor accessing released vport pointer.\n\nTo avoid it, move link_speed_mbps to netdev_priv structure\nwhich removes the dependency on vport pointer and the vport lock\nin idpf_get_link_ksettings. Also use netif_carrier_ok()\nto check the link status and adjust the offsetof to use link_up\ninstead of link_speed_mbps." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: idpf: evitar el acceso a vport en idpf_get_link_ksettings Cuando se elimina el plano de control del dispositivo o se reinicia la plataforma que ejecuta el plano de control del dispositivo, se detecta un reinicio en el controlador. Al reiniciar el controlador, libera los recursos y espera a que se complete el reinicio. Si el reinicio falla, toma la ruta de error y libera el bloqueo de vport. En este momento, si las herramientas de monitoreo intentan acceder a la configuraci\u00f3n del enlace, invocan seguimientos para acceder al puntero de vport liberado. Para evitarlo, mueva link_speed_mbps a la estructura netdev_priv que elimina la dependencia del puntero de vport y el bloqueo de vport en idpf_get_link_ksettings. Tambi\u00e9n use netif_carrier_ok() para verificar el estado del enlace y ajuste el offsetof para usar link_up en lugar de link_speed_mbps." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50275.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50275.json index ccf4fd2edce..8b78701319a 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50275.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50275.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50275", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:29.760", - "lastModified": "2024-11-19T02:16:29.760", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/sve: Discard stale CPU state when handling SVE traps\n\nThe logic for handling SVE traps manipulates saved FPSIMD/SVE state\nincorrectly, and a race with preemption can result in a task having\nTIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state\nis stale (e.g. with SVE traps enabled). This has been observed to result\nin warnings from do_sve_acc() where SVE traps are not expected while\nTIF_SVE is set:\n\n| if (test_and_set_thread_flag(TIF_SVE))\n| WARN_ON(1); /* SVE access shouldn't have trapped */\n\nWarnings of this form have been reported intermittently, e.g.\n\n https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/\n https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/\n\nThe race can occur when the SVE trap handler is preempted before and\nafter manipulating the saved FPSIMD/SVE state, starting and ending on\nthe same CPU, e.g.\n\n| void do_sve_acc(unsigned long esr, struct pt_regs *regs)\n| {\n| // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled\n| // task->fpsimd_cpu is 0.\n| // per_cpu_ptr(&fpsimd_last_state, 0) is task.\n|\n| ...\n|\n| // Preempted; migrated from CPU 0 to CPU 1.\n| // TIF_FOREIGN_FPSTATE is set.\n|\n| get_cpu_fpsimd_context();\n|\n| if (test_and_set_thread_flag(TIF_SVE))\n| WARN_ON(1); /* SVE access shouldn't have trapped */\n|\n| sve_init_regs() {\n| if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) {\n| ...\n| } else {\n| fpsimd_to_sve(current);\n| current->thread.fp_type = FP_STATE_SVE;\n| }\n| }\n|\n| put_cpu_fpsimd_context();\n|\n| // Preempted; migrated from CPU 1 to CPU 0.\n| // task->fpsimd_cpu is still 0\n| // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then:\n| // - Stale HW state is reused (with SVE traps enabled)\n| // - TIF_FOREIGN_FPSTATE is cleared\n| // - A return to userspace skips HW state restore\n| }\n\nFix the case where the state is not live and TIF_FOREIGN_FPSTATE is set\nby calling fpsimd_flush_task_state() to detach from the saved CPU\nstate. This ensures that a subsequent context switch will not reuse the\nstale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the\nnew state to be reloaded from memory prior to a return to userspace." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: arm64/sve: descartar estado de CPU obsoleto al manejar trampas SVE La l\u00f3gica para manejar trampas SVE manipula incorrectamente el estado FPSIMD/SVE guardado, y una ejecuci\u00f3n con preempci\u00f3n puede resultar en una tarea que tenga TIF_SVE establecido y TIF_FOREIGN_FPSTATE borrado incluso aunque el estado de CPU en vivo est\u00e9 obsoleto (por ejemplo, con trampas SVE habilitadas). Se ha observado que esto da como resultado advertencias de do_sve_acc() donde no se esperan trampas SVE mientras TIF_SVE est\u00e1 establecido: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* El acceso a SVE no deber\u00eda haber generado una trampa */ Se han informado advertencias de este formato de forma intermitente, por ejemplo, https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/ https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/ La ejecuci\u00f3n puede ocurrir cuando el controlador de trampa SVE se interrumpe antes y despu\u00e9s de manipular el estado FPSIMD/SVE guardado, comenzando y terminando en la misma CPU, por ejemplo, | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trampa en CPU 0 con TIF_SVE limpio, trampas SVE habilitadas | // task->fpsimd_cpu es 0. | // per_cpu_ptr(&fpsimd_last_state, 0) es la tarea. | | ... | | // Preempleado; migrado de la CPU 0 a la CPU 1. | // TIF_FOREIGN_FPSTATE est\u00e1 establecido. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* El acceso a SVE no deber\u00eda haber quedado atrapado */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempleado; migrado de CPU 1 a CPU 0. | // task->fpsimd_cpu sigue siendo 0 | // Si per_cpu_ptr(&fpsimd_last_state, 0) sigue siendo tarea entonces: | // - Se reutiliza el estado de HW obsoleto (con trampas SVE habilitadas) | // - Se borra TIF_FOREIGN_FPSTATE | // - Un retorno al espacio de usuario omite la restauraci\u00f3n del estado de HW | } Corrija el caso donde el estado no est\u00e1 activo y TIF_FOREIGN_FPSTATE se establece llamando a fpsimd_flush_task_state() para separarse del estado de CPU guardado. Esto garantiza que un cambio de contexto posterior no reutilizar\u00e1 el estado de CPU obsoleto y, en su lugar, establecer\u00e1 TIF_FOREIGN_FPSTATE, lo que obligar\u00e1 a que el nuevo estado se vuelva a cargar desde la memoria antes de un retorno al espacio de usuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50276.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50276.json index 62f16bbf2c0..29dcc8eed4c 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50276.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50276.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50276", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:29.927", - "lastModified": "2024-11-19T02:16:29.927", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vertexcom: mse102x: Fix possible double free of TX skb\n\nThe scope of the TX skb is wider than just mse102x_tx_frame_spi(),\nso in case the TX skb room needs to be expanded, we should free the\nthe temporary skb instead of the original skb. Otherwise the original\nTX skb pointer would be freed again in mse102x_tx_work(), which leads\nto crashes:\n\n Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP\n CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23\n Hardware name: chargebyte Charge SOM DC-ONE (DT)\n Workqueue: events mse102x_tx_work [mse102x]\n pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n pc : skb_release_data+0xb8/0x1d8\n lr : skb_release_data+0x1ac/0x1d8\n sp : ffff8000819a3cc0\n x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0\n x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff\n x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50\n x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc\n x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000\n x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000\n x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8\n x8 : fffffc00001bc008\n x7 : 0000000000000000 x6 : 0000000000000008\n x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009\n x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000\n Call trace:\n skb_release_data+0xb8/0x1d8\n kfree_skb_reason+0x48/0xb0\n mse102x_tx_work+0x164/0x35c [mse102x]\n process_one_work+0x138/0x260\n worker_thread+0x32c/0x438\n kthread+0x118/0x11c\n ret_from_fork+0x10/0x20\n Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: vertexcom: mse102x: Se soluciona una posible doble liberaci\u00f3n del skb TX El alcance del skb TX es m\u00e1s amplio que solo mse102x_tx_frame_spi(), por lo que en caso de que sea necesario ampliar la sala del skb TX, deber\u00edamos liberar el skb temporal en lugar del skb original. De lo contrario, el puntero TX skb original se liberar\u00eda nuevamente en mse102x_tx_work(), lo que provoca fallas: Error interno: Oops: 0000000096000004 [#2] PREEMPT SMP CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: GD 6.6.23 Nombre del hardware: chargebyte Charge SOM DC-ONE (DT) Cola de trabajo: eventos mse102x_tx_work [mse102x] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_release_data+0xb8/0x1d8 lr : skb_release_data+0x1ac/0x1d8 sp : ffff8000819a3cc0 x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0 x26: ffff000005386c00 x25: 00000000000000002 x24: 00000000ffffffff x23: 000000 x22: 0000000000000001 x21: ffff0000057f2e50 x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000 x14: 0000000000000024a x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000400 x10: 0000000000000930 x9: ffff00003fd913e8 x8: fffffc00001bc008 x7: 0000000000000000 x6: 0000000000000008 x5: ffff00003fd91340 x4: 00000000000000000 x3 : 0000000000000009 x2 : 00000000ffffffffe x1 : 0000000000000000 x0 : 0000000000000000 Rastreo de llamadas: skb_release_data+0xb8/0x1d8 kfree_skb_reason+0x48/0xb0 mse102x_tx_work+0x164/0x35c [mse102x] process_one_work+0x138/0x260 worker_thread+0x32c/0x438 kthread+0x118/0x11c ret_from_fork+0x10/0x20 C\u00f3digo: aa1303e0 97fffab6 72001c1f 54000141 (f9400660)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50277.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50277.json index 416c4571593..0e1ec9f49db 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50277.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50277.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50277", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.013", - "lastModified": "2024-11-19T02:16:30.013", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm: fix a crash if blk_alloc_disk fails\n\nIf blk_alloc_disk fails, the variable md->disk is set to an error value.\ncleanup_mapped_device will see that md->disk is non-NULL and it will\nattempt to access it, causing a crash on this statement\n\"md->disk->private_data = NULL;\"." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm: corrige un bloqueo si blk_alloc_disk falla Si blk_alloc_disk falla, la variable md->disk se establece en un valor de error. cleanup_mapped_device ver\u00e1 que md->disk no es NULL e intentar\u00e1 acceder a \u00e9l, lo que provocar\u00e1 un bloqueo en esta declaraci\u00f3n \"md->disk->private_data = NULL;\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50278.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50278.json index ea3041e2dd7..3f43d36f9aa 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50278.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50278.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50278", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.113", - "lastModified": "2024-11-19T02:16:30.113", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix potential out-of-bounds access on the first resume\n\nOut-of-bounds access occurs if the fast device is expanded unexpectedly\nbefore the first-time resume of the cache table. This happens because\nexpanding the fast device requires reloading the cache table for\ncache_create to allocate new in-core data structures that fit the new\nsize, and the check in cache_preresume is not performed during the\nfirst resume, leading to the issue.\n\nReproduce steps:\n\n1. prepare component devices:\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\n\n2. load a cache table of 512 cache blocks, and deliberately expand the\n fast device before resuming the cache, making the in-core data\n structures inadequate.\n\ndmsetup create cache --notable\ndmsetup reload cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\ndmsetup reload cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\n3. suspend the cache to write out the in-core dirty bitset and hint\n array, leading to out-of-bounds access to the dirty bitset at offset\n 0x40:\n\ndmsetup suspend cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80\n Read of size 8 at addr ffffc90000085040 by task dmsetup/90\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc90000085000, ffffc90000087000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n >ffffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by checking the size change on the first resume." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm cache: fix potential out-of-limits access on the first resume El acceso fuera de los l\u00edmites ocurre si el dispositivo r\u00e1pido se expande inesperadamente antes de la primera reanudaci\u00f3n de la tabla de cach\u00e9. Esto sucede porque expandir el dispositivo r\u00e1pido requiere volver a cargar la tabla de cach\u00e9 para que cache_create asigne nuevas estructuras de datos en el n\u00facleo que se ajusten al nuevo tama\u00f1o, y la verificaci\u00f3n en cache_preresume no se realiza durante la primera reanudaci\u00f3n, lo que genera el problema. Reproducir pasos: 1. preparar los dispositivos componentes: dmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\" dmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\" dmsetup create corig --table \"0 524288 linear /dev/sdc 262144\" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct 2. cargar una tabla de cach\u00e9 de 512 bloques de cach\u00e9 y expandir deliberadamente el dispositivo r\u00e1pido antes de reanudar el cach\u00e9, lo que hace que las estructuras de datos en el n\u00facleo sean inadecuadas. dmsetup create cache --notable dmsetup reload cache --table \"0 524288 cache /dev/mapper/cmeta \\ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\" dmsetup reload cdata --table \"0 131072 linear /dev/sdc 8192\" dmsetup resume cdata dmsetup resume cache 3. suspende la cach\u00e9 para escribir el conjunto de bits sucios en el n\u00facleo y la matriz de sugerencias, lo que genera un acceso fuera de los l\u00edmites al conjunto de bits sucios en el desplazamiento 0x40: dmsetup suspend cache KASAN informa: ERROR: KASAN: vmalloc-out-of-bounds en is_dirty_callback+0x2b/0x80 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffc90000085040 por la tarea dmsetup/90 (...snip...) La direcci\u00f3n con errores pertenece al mapeo virtual en [ffffc90000085000, ffffc90000087000) creado por: cache_ctr+0x176a/0x35f0 (...snip...) Estado de la memoria alrededor de la direcci\u00f3n con errores: ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90000085080: f8 ..." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50279.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50279.json index 37b16cefaac..cac60943cbc 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50279.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50279.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50279", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.210", - "lastModified": "2024-11-19T02:16:30.210", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix out-of-bounds access to the dirty bitset when resizing\n\ndm-cache checks the dirty bits of the cache blocks to be dropped when\nshrinking the fast device, but an index bug in bitset iteration causes\nout-of-bounds access.\n\nReproduce steps:\n\n1. create a cache device of 1024 cache blocks (128 bytes dirty bitset)\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\n2. shrink the fast device to 512 cache blocks, triggering out-of-bounds\n access to the dirty bitset (offset 0x80)\n\ndmsetup suspend cache\ndmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup resume cdata\ndmsetup resume cache\n\nKASAN reports:\n\n BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0\n Read of size 8 at addr ffffc900000f3080 by task dmsetup/131\n\n (...snip...)\n The buggy address belongs to the virtual mapping at\n [ffffc900000f3000, ffffc900000f5000) created by:\n cache_ctr+0x176a/0x35f0\n\n (...snip...)\n Memory state around the buggy address:\n ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00\n >ffffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ^\n ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8\n\nFix by making the index post-incremented." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm cache: corrige el acceso fuera de los l\u00edmites al conjunto de bits sucio al cambiar el tama\u00f1o dm-cache verifica los bits sucios de los bloques de cach\u00e9 que se deben descartar al reducir el dispositivo r\u00e1pido, pero un error de \u00edndice en la iteraci\u00f3n del conjunto de bits provoca un acceso fuera de los l\u00edmites. Reproducir los pasos: 1. crear un dispositivo de cach\u00e9 de 1024 bloques de cach\u00e9 (128 bytes de bitset sucio) dmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\" dmsetup create cdata --table \"0 131072 linear /dev/sdc 8192\" dmsetup create corig --table \"0 524288 linear /dev/sdc 262144\" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\" 2. reducir el dispositivo r\u00e1pido a 512 bloques de cach\u00e9, lo que activa el acceso fuera de los l\u00edmites al bitset sucio. bitset (offset 0x80) dmsetup suspend cache dmsetup reload cdata --table \"0 65536 linear /dev/sdc 8192\" dmsetup resume cdata dmsetup resume cache KASAN informa: ERROR: KASAN: vmalloc-out-of-bounds en cache_preresume+0x269/0x7b0 Lectura de tama\u00f1o 8 en la direcci\u00f3n ffffc900000f3080 por la tarea dmsetup/131 (...snip...) La direcci\u00f3n con errores pertenece al mapeo virtual en [ffffc900000f3000, ffffc900000f5000) creado por: cache_ctr+0x176a/0x35f0 (...snip...) Estado de la memoria alrededor de la direcci\u00f3n con errores: ffffc900000f2f80: f8 f8 f8 f8 f8 f8 ..." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50280.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50280.json index 133457601fd..3c05349b2cb 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50280.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50280.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50280", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.303", - "lastModified": "2024-11-19T02:16:30.303", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndm cache: fix flushing uninitialized delayed_work on cache_ctr error\n\nAn unexpected WARN_ON from flush_work() may occur when cache creation\nfails, caused by destroying the uninitialized delayed_work waker in the\nerror path of cache_create(). For example, the warning appears on the\nsuperblock checksum error.\n\nReproduce steps:\n\ndmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\"\ndmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\"\ndmsetup create corig --table \"0 524288 linear /dev/sdc 262144\"\ndd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct\ndmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\\n/dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\"\n\nKernel logs:\n\n(snip)\nWARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890\n\nFix by pulling out the cancel_delayed_work_sync() from the constructor's\nerror path. This patch doesn't affect the use-after-free fix for\nconcurrent dm_resume and dm_destroy (commit 6a459d8edbdb (\"dm cache: Fix\nUAF in destroy()\")) as cache_dtr is not changed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: dm cache: fix flushing uninitialized delayed_work on cache_ctr error Se puede producir un WARN_ON inesperado de flush_work() cuando falla la creaci\u00f3n de cach\u00e9, causado por la destrucci\u00f3n del activador delayed_work no inicializado en la ruta de error de cache_create(). Por ejemplo, la advertencia aparece en el error de suma de comprobaci\u00f3n del superbloque. Reproducir los pasos: dmsetup create cmeta --table \"0 8192 linear /dev/sdc 0\" dmsetup create cdata --table \"0 65536 linear /dev/sdc 8192\" dmsetup create corig --table \"0 524288 linear /dev/sdc 262144\" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table \"0 524288 cache /dev/mapper/cmeta \\ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0\" Registros del kernel: (fragmento) ADVERTENCIA: CPU: 0 PID: 84 en kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Se soluciona extrayendo cancel_delayed_work_sync() de la ruta de error del constructor. Este parche no afecta la correcci\u00f3n de use-after-free para dm_resume y dm_destroy simult\u00e1neos (commit 6a459d8edbdb (\"dm cache: Fix UAF in destroy()\")) ya que cache_dtr no se modifica." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50281.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50281.json index 0cead5c3f97..f8230e6a290 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50281.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50281.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50281", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.413", - "lastModified": "2024-11-19T02:16:30.413", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation\n\nWhen sealing or unsealing a key blob we currently do not wait for\nthe AEAD cipher operation to finish and simply return after submitting\nthe request. If there is some load on the system we can exit before\nthe cipher operation is done and the buffer we read from/write to\nis already removed from the stack. This will e.g. result in NULL\npointer dereference errors in the DCP driver during blob creation.\n\nFix this by waiting for the AEAD cipher operation to finish before\nresuming the seal and unseal calls." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KEYS: trusted: dcp: fix NULL dereference in AEAD cryptooperation Al sellar o desellar un blob de claves, actualmente no esperamos a que finalice la operaci\u00f3n de cifrado AEAD y simplemente regresamos despu\u00e9s de enviar la solicitud. Si hay alguna carga en el sistema, podemos salir antes de que finalice la operaci\u00f3n de cifrado y el b\u00fafer desde el que leemos/escribimos ya se elimin\u00f3 de la pila. Esto, por ejemplo, dar\u00e1 como resultado errores de desreferencia de puntero NULL en el controlador DCP durante la creaci\u00f3n del blob. Solucione esto esperando a que finalice la operaci\u00f3n de cifrado AEAD antes de reanudar las llamadas de sellado y dessellado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50282.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50282.json index 6d4f25c97de..b939199e87f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50282.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50282.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50282", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.540", - "lastModified": "2024-11-19T02:16:30.540", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read()\n\nAvoid a possible buffer overflow if size is larger than 4K.\n\n(cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: agregar comprobaci\u00f3n de tama\u00f1o faltante en amdgpu_debugfs_gprwave_read() Evitar un posible desbordamiento de b\u00fafer si el tama\u00f1o es mayor a 4K. (seleccionado de el commit f5d873f5825b40d886d03bd2aede91d4cf002434)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50283.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50283.json index 2321a276b1a..d90187c258b 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50283.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50283.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50283", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.620", - "lastModified": "2024-11-19T02:16:30.620", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp\n\nksmbd_user_session_put should be called under smb3_preauth_hash_rsp().\nIt will avoid freeing session before calling smb3_preauth_hash_rsp()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige slab-use-after-free en smb3_preauth_hash_rsp. ksmbd_user_session_put debe llamarse bajo smb3_preauth_hash_rsp(). Esto evitar\u00e1 liberar la sesi\u00f3n antes de llamar a smb3_preauth_hash_rsp()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50284.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50284.json index 0ef20f10119..192d86836c5 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50284.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50284.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50284", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.697", - "lastModified": "2024-11-19T02:16:30.697", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: Fix the missing xa_store error check\n\nxa_store() can fail, it return xa_err(-EINVAL) if the entry cannot\nbe stored in an XArray, or xa_err(-ENOMEM) if memory allocation failed,\nso check error for xa_store() to fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: Se corrige el error xa_store faltante. La comprobaci\u00f3n xa_store() puede fallar, devuelve xa_err(-EINVAL) si la entrada no se puede almacenar en un XArray, o xa_err(-ENOMEM) si falla la asignaci\u00f3n de memoria, por lo que se debe verificar el error de xa_store() para solucionarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50285.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50285.json index fb222ce27e4..b1b56d719cd 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50285.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50285.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50285", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.787", - "lastModified": "2024-11-19T02:16:30.787", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: check outstanding simultaneous SMB operations\n\nIf Client send simultaneous SMB operations to ksmbd, It exhausts too much\nmemory through the \"ksmbd_work_cache\u201d. It will cause OOM issue.\nksmbd has a credit mechanism but it can't handle this problem. This patch\nadd the check if it exceeds max credits to prevent this problem by assuming\nthat one smb request consumes at least one credit." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: comprobar operaciones SMB simult\u00e1neas pendientes Si el cliente env\u00eda operaciones SMB simult\u00e1neas a ksmbd, agota demasiada memoria a trav\u00e9s de \"ksmbd_work_cache\". Esto provocar\u00e1 un problema de OOM. ksmbd tiene un mecanismo de cr\u00e9dito, pero no puede solucionar este problema. Este parche agrega la comprobaci\u00f3n si excede los cr\u00e9ditos m\u00e1ximos para evitar este problema al suponer que una solicitud SMB consume al menos un cr\u00e9dito." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50286.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50286.json index fa9e459844c..898dfdd4698 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50286.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50286.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50286", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.860", - "lastModified": "2024-11-19T02:16:30.860", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nksmbd: fix slab-use-after-free in ksmbd_smb2_session_create\n\nThere is a race condition between ksmbd_smb2_session_create and\nksmbd_expire_session. This patch add missing sessions_table_lock\nwhile adding/deleting session from global session table." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: se corrige slab-use-after-free en ksmbd_smb2_session_create. Existe una condici\u00f3n de ejecuci\u00f3n entre ksmbd_smb2_session_create y ksmbd_expire_session. Este parche agrega el bloqueo sessions_table_lock faltante al agregar o eliminar una sesi\u00f3n de la tabla de sesiones global." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50287.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50287.json index d8aaac24f91..5d7399a7552 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50287.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50287.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50287", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:30.937", - "lastModified": "2024-11-19T02:16:30.937", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: v4l2-tpg: prevent the risk of a division by zero\n\nAs reported by Coverity, the logic at tpg_precalculate_line()\nblindly rescales the buffer even when scaled_witdh is equal to\nzero. If this ever happens, this will cause a division by zero.\n\nInstead, add a WARN_ON_ONCE() to trigger such cases and return\nwithout doing any precalculation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: v4l2-tpg: evitar el riesgo de una divisi\u00f3n por cero Como lo inform\u00f3 Coverity, la l\u00f3gica en tpg_precalculate_line() reescala ciegamente el b\u00fafer incluso cuando scaled_witdh es igual a cero. Si esto sucede alguna vez, provocar\u00e1 una divisi\u00f3n por cero. En su lugar, agregue un WARN_ON_ONCE() para activar dichos casos y regresar sin realizar ning\u00fan c\u00e1lculo previo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50288.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50288.json index 70981605465..f5df2c4890d 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50288.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50288.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50288", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.023", - "lastModified": "2024-11-19T02:16:31.023", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: vivid: fix buffer overwrite when using > 32 buffers\n\nThe maximum number of buffers that can be requested was increased to\n64 for the video capture queue. But video capture used a must_blank\narray that was still sized for 32 (VIDEO_MAX_FRAME). This caused an\nout-of-bounds write when using buffer indices >= 32.\n\nCreate a new define MAX_VID_CAP_BUFFERS that is used to access the\nmust_blank array and set max_num_buffers for the video capture queue.\n\nThis solves a crash reported by:\n\n\thttps://bugzilla.kernel.org/show_bug.cgi?id=219258" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: vivid: se corrige la sobrescritura de b\u00fafer al usar > 32 b\u00faferes. La cantidad m\u00e1xima de b\u00faferes que se pueden solicitar se aument\u00f3 a 64 para la cola de captura de video. Pero la captura de video us\u00f3 una matriz must_blank que todav\u00eda ten\u00eda un tama\u00f1o de 32 (VIDEO_MAX_FRAME). Esto provoc\u00f3 una escritura fuera de los l\u00edmites cuando se usan \u00edndices de b\u00fafer >= 32. Cree una nueva definici\u00f3n MAX_VID_CAP_BUFFERS que se use para acceder a la matriz must_blank y establezca max_num_buffers para la cola de captura de video. Esto resuelve un bloqueo informado por: https://bugzilla.kernel.org/show_bug.cgi?id=219258" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50289.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50289.json index 441595206e5..8e60b5c676f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50289.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50289.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50289", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.117", - "lastModified": "2024-11-19T02:16:31.117", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: av7110: fix a spectre vulnerability\n\nAs warned by smatch:\n\tdrivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap)\n\nThere is a spectre-related vulnerability at the code. Fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: av7110: se corrige una vulnerabilidad de Spectre Como lo advirti\u00f3 smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) Hay una vulnerabilidad relacionada con Spectre en el c\u00f3digo. Arr\u00e9glenla." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50290.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50290.json index 1d5777ecc4d..ec51cc7368d 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50290.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50290.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50290", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.190", - "lastModified": "2024-11-19T02:16:31.190", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: cx24116: prevent overflows on SNR calculus\n\nas reported by Coverity, if reading SNR registers fail, a negative\nnumber will be returned, causing an underflow when reading SNR\nregisters.\n\nPrevent that." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: cx24116: evitar desbordamientos en el c\u00e1lculo de SNR seg\u00fan lo informado por Coverity, si falla la lectura de registros SNR, se devolver\u00e1 un n\u00famero negativo, lo que provocar\u00e1 un desbordamiento al leer registros SNR. Evitar eso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50291.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50291.json index 5b6d02cecc5..1e0ce76f06c 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50291.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50291.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50291", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.280", - "lastModified": "2024-11-19T02:16:31.280", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmedia: dvb-core: add missing buffer index check\n\ndvb_vb2_expbuf() didn't check if the given buffer index was\nfor a valid buffer. Add this check." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: media: dvb-core: agregar comprobaci\u00f3n de \u00edndice de b\u00fafer faltante. dvb_vb2_expbuf() no verificaba si el \u00edndice de b\u00fafer indicado era de un b\u00fafer v\u00e1lido. Agregue esta comprobaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50292.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50292.json index 9d978c10213..c166feea3c3 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50292.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50292.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50292", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.363", - "lastModified": "2024-11-19T02:16:31.363", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove\n\nIn case of error when requesting ctrl_chan DMA channel, ctrl_chan is not\nnull. So the release of the dma channel leads to the following issue:\n[ 4.879000] st,stm32-spdifrx 500d0000.audio-controller:\ndma_request_slave_channel error -19\n[ 4.888975] Unable to handle kernel NULL pointer dereference\nat virtual address 000000000000003d\n[...]\n[ 5.096577] Call trace:\n[ 5.099099] dma_release_channel+0x24/0x100\n[ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx]\n[ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx]\n\nTo avoid this issue, release channel only if the pointer is valid." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: stm32: spdifrx: corrige la liberaci\u00f3n del canal DMA en stm32_spdifrx_remove En caso de error al solicitar el canal DMA ctrl_chan, ctrl_chan no es nulo. Por lo tanto, la liberaci\u00f3n del canal DMA genera el siguiente problema: [4.879000] st,stm32-spdifrx 500d0000.audio-controller: error dma_request_slave_channel -19 [4.888975] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 000000000000003d [...] [5.096577] Rastreo de llamadas: [5.099099] dma_release_channel+0x24/0x100 [5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] Para evitar este problema, libere el canal solo si el puntero es v\u00e1lido." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50293.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50293.json index 2d60227fc63..60dffde9f59 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50293.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50293.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50293", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.493", - "lastModified": "2024-11-19T02:16:31.493", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/smc: do not leave a dangling sk pointer in __smc_create()\n\nThanks to commit 4bbd360a5084 (\"socket: Print pf->create() when\nit does not clear sock->sk on failure.\"), syzbot found an issue with AF_SMC:\n\nsmc_create must clear sock->sk on failure, family: 43, type: 1, protocol: 0\n WARNING: CPU: 0 PID: 5827 at net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563\nModules linked in:\nCPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 Not tainted 6.12.0-rc6-next-20241106-syzkaller #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563\nCode: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7\nRSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246\nRAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00\nRDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000\nRBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50\nR10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8\nR13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0\nFS: 000055557b518380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n sock_create net/socket.c:1616 [inline]\n __sys_socket_create net/socket.c:1653 [inline]\n __sys_socket+0x150/0x3c0 net/socket.c:1700\n __do_sys_socket net/socket.c:1714 [inline]\n __se_sys_socket net/socket.c:1712 [inline]\n\nFor reference, see commit 2d859aff775d (\"Merge branch\n'do-not-leave-dangling-sk-pointers-in-pf-create-functions'\")" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/smc: no deje un puntero sk colgando en __smc_create() Gracias a el commit 4bbd360a5084 (\"socket: Imprimir pf->create() cuando no borra sock->sk en caso de error.\"), syzbot encontr\u00f3 un problema con AF_SMC: smc_create debe borrar sock->sk en caso de error, familia: 43, tipo: 1, protocolo: 0 ADVERTENCIA: CPU: 0 PID: 5827 en net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 M\u00f3dulos vinculados: CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 No contaminado 6.12.0-rc6-next-20241106-syzkaller #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 C\u00f3digo: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 000000000000000 RDI: 000000000000000 RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50 R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8 R13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0 FS: 000055557b518380(0000) GS:ffff8880b860 0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 000000000003526f0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: sock_create net/socket.c:1616 [en l\u00ednea] __sys_socket_create net/socket.c:1653 [en l\u00ednea] __sys_socket+0x150/0x3c0 net/socket.c:1700 __do_sys_socket net/socket.c:1714 [en l\u00ednea] __se_sys_socket net/socket.c:1712 [en l\u00ednea] Para referencia, consulte el commit 2d859aff775d (\"Fusionar rama 'do-not-leave-dangling-sk-pointers-in-pf-create-functions'\")" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50294.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50294.json index 44efff6a4ea..e0a716b28a3 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50294.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50294.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50294", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.587", - "lastModified": "2024-11-19T02:16:31.587", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix missing locking causing hanging calls\n\nIf a call gets aborted (e.g. because kafs saw a signal) between it being\nqueued for connection and the I/O thread picking up the call, the abort\nwill be prioritised over the connection and it will be removed from\nlocal->new_client_calls by rxrpc_disconnect_client_call() without a lock\nbeing held. This may cause other calls on the list to disappear if a race\noccurs.\n\nFix this by taking the client_call_lock when removing a call from whatever\nlist its ->wait_link happens to be on." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: rxrpc: Se corrige la falta de bloqueo que causa llamadas colgadas Si una llamada se cancela (por ejemplo, porque kafs vio una se\u00f1al) entre su puesta en cola para la conexi\u00f3n y el hilo de E/S que recoge la llamada, la cancelaci\u00f3n tendr\u00e1 prioridad sobre la conexi\u00f3n y se eliminar\u00e1 de local->new_client_calls mediante rxrpc_disconnect_client_call() sin que se mantenga un bloqueo. Esto puede provocar que otras llamadas de la lista desaparezcan si se produce una ejecuci\u00f3n. Arregle esto tomando el client_call_lock al eliminar una llamada de cualquier lista en la que se encuentre su ->wait_link." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50295.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50295.json index f64124dd3af..b8f6cd2b17b 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50295.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50295.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50295", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.687", - "lastModified": "2024-11-19T02:16:31.687", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: arc: fix the device for dma_map_single/dma_unmap_single\n\nThe ndev->dev and pdev->dev aren't the same device, use ndev->dev.parent\nwhich has dma_mask, ndev->dev.parent is just pdev->dev.\nOr it would cause the following issue:\n\n[ 39.933526] ------------[ cut here ]------------\n[ 39.938414] WARNING: CPU: 1 PID: 501 at kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: arc: reparar el dispositivo para dma_map_single/dma_unmap_single ndev->dev y pdev->dev no son el mismo dispositivo, use ndev->dev.parent que tiene dma_mask, ndev->dev.parent es simplemente pdev->dev. O causar\u00eda el siguiente problema: [ 39.933526] ------------[ cortar aqu\u00ed ]------------ [ 39.938414] ADVERTENCIA: CPU: 1 PID: 501 en kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50296.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50296.json index f27c442ceed..b9d617e91d8 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50296.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50296.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50296", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.780", - "lastModified": "2024-11-19T02:16:31.780", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: hns3: fix kernel crash when uninstalling driver\n\nWhen the driver is uninstalled and the VF is disabled concurrently, a\nkernel crash occurs. The reason is that the two actions call function\npci_disable_sriov(). The num_VFs is checked to determine whether to\nrelease the corresponding resources. During the second calling, num_VFs\nis not 0 and the resource release function is called. However, the\ncorresponding resource has been released during the first invoking.\nTherefore, the problem occurs:\n\n[15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n...\n[15278.131557][T50670] Call trace:\n[15278.134686][T50670] klist_put+0x28/0x12c\n[15278.138682][T50670] klist_del+0x14/0x20\n[15278.142592][T50670] device_del+0xbc/0x3c0\n[15278.146676][T50670] pci_remove_bus_device+0x84/0x120\n[15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80\n[15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c\n[15278.162485][T50670] sriov_disable+0x50/0x11c\n[15278.166829][T50670] pci_disable_sriov+0x24/0x30\n[15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3]\n[15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge]\n[15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230\n[15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30\n[15278.193848][T50670] invoke_syscall+0x50/0x11c\n[15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164\n[15278.203837][T50670] do_el0_svc+0x34/0xcc\n[15278.207834][T50670] el0_svc+0x20/0x30\n\nFor details, see the following figure.\n\n rmmod hclge disable VFs\n----------------------------------------------------\nhclge_exit() sriov_numvfs_store()\n ... device_lock()\n pci_disable_sriov() hns3_pci_sriov_configure()\n pci_disable_sriov()\n sriov_disable()\n sriov_disable() if !num_VFs :\n if !num_VFs : return;\n return; sriov_del_vfs()\n sriov_del_vfs() ...\n ... klist_put()\n klist_put() ...\n ... num_VFs = 0;\n num_VFs = 0; device_unlock();\n\nIn this patch, when driver is removing, we get the device_lock()\nto protect num_VFs, just like sriov_numvfs_store()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: hns3: se corrige el fallo del kernel al desinstalar el controlador Cuando se desinstala el controlador y se deshabilita el VF al mismo tiempo, se produce un fallo del kernel. La raz\u00f3n es que las dos acciones llaman a la funci\u00f3n pci_disable_sriov(). Se comprueba num_VFs para determinar si se deben liberar los recursos correspondientes. Durante la segunda llamada, num_VFs no es 0 y se llama a la funci\u00f3n de liberaci\u00f3n de recursos. Sin embargo, el recurso correspondiente se ha liberado durante la primera invocaci\u00f3n. Por lo tanto, se produce el problema: [15277.839633][T50670] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000020 ... [15278.131557][T50670] Rastreo de llamadas: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_detener_y_eliminar_dispositivo_bus+0x6c/0x80 [15278.157447][T50670] pci_iov_eliminar_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_deshabilitar+0x50/0x11c [15278.166829][T50670] pci_deshabilitar_sriov+0x24/0x30 [15278.171433][T50670] hnae3_anular_registro_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invocar_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 Para obtener m\u00e1s detalles, consulte la siguiente figura. rmmod hclge deshabilitar VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() si !num_VFs: si !num_VFs: devolver; devolver; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); En este parche, cuando se elimina el controlador, obtenemos device_lock() para proteger num_VFs, al igual que sriov_numvfs_store()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50297.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50297.json index 0c7535f2502..5e28c0e630a 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50297.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50297.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50297", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.887", - "lastModified": "2024-11-19T02:16:31.887", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts\n\nEnqueue packets in dql after dma engine starts causes race condition.\nTx transfer starts once dma engine is started and may execute dql dequeue\nin completion before it gets queued. It results in following kernel crash\nwhile running iperf stress test:\n\nkernel BUG at lib/dynamic_queue_limits.c:99!\n\nInternal error: Oops - BUG: 00000000f2000800 [#1] SMP\npc : dql_completed+0x238/0x248\nlr : dql_completed+0x3c/0x248\n\nCall trace:\n dql_completed+0x238/0x248\n axienet_dma_tx_cb+0xa0/0x170\n xilinx_dma_do_tasklet+0xdc/0x290\n tasklet_action_common+0xf8/0x11c\n tasklet_action+0x30/0x3c\n handle_softirqs+0xf8/0x230\n\n\nStart dmaengine after enqueue in dql fixes the crash." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: xilinx: axienet: Poner en cola los paquetes Tx en dql antes de que se inicie dmaengine Poner en cola los paquetes en dql despu\u00e9s de que se inicie el motor dma provoca una condici\u00f3n de ejecuci\u00f3n. La transferencia Tx comienza una vez que se inicia el motor dma y puede ejecutar dql dequeue al finalizar antes de que se ponga en cola. Esto da como resultado el siguiente bloqueo del kernel mientras se ejecuta la prueba de estr\u00e9s iperf: \u00a1ERROR del kernel en lib/dynamic_queue_limits.c:99! Error interno: Ups - BUG: 00000000f2000800 [#1] SMP pc : dql_completed+0x238/0x248 lr : dql_completed+0x3c/0x248 Rastreo de llamadas: dql_completed+0x238/0x248 axienet_dma_tx_cb+0xa0/0x170 xilinx_dma_do_tasklet+0xdc/0x290 tasklet_action_common+0xf8/0x11c tasklet_action+0x30/0x3c handle_softirqs+0xf8/0x230 Iniciar dmaengine despu\u00e9s de poner en cola en dql corrige el fallo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50298.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50298.json index 3de134bf55f..5aa43062365 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50298.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50298.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50298", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:31.970", - "lastModified": "2024-11-19T02:16:31.970", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: enetc: allocate vf_state during PF probes\n\nIn the previous implementation, vf_state is allocated memory only when VF\nis enabled. However, net_device_ops::ndo_set_vf_mac() may be called before\nVF is enabled to configure the MAC address of VF. If this is the case,\nenetc_pf_set_vf_mac() will access vf_state, resulting in access to a null\npointer. The simplified error log is as follows.\n\nroot@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89\n[ 173.543315] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004\n[ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Message from sy\n[ 173.641973] lr : do_setlink+0x4a8/0xec8\n[ 173.732292] Call trace:\n[ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80\n[ 173.738847] __rtnl_newlink+0x530/0x89c\n[ 173.742692] rtnl_newlink+0x50/0x7c\n[ 173.746189] rtnetlink_rcv_msg+0x128/0x390\n[ 173.750298] netlink_rcv_skb+0x60/0x130\n[ 173.754145] rtnetlink_rcv+0x18/0x24\n[ 173.757731] netlink_unicast+0x318/0x380\n[ 173.761665] netlink_sendmsg+0x17c/0x3c8" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: enetc: asignar vf_state durante los sondeos de PF En la implementaci\u00f3n anterior, a vf_state se le asigna memoria solo cuando VF est\u00e1 habilitado. Sin embargo, se puede llamar a net_device_ops::ndo_set_vf_mac() antes de que VF est\u00e9 habilitado para configurar la direcci\u00f3n MAC de VF. Si este es el caso, enetc_pf_set_vf_mac() acceder\u00e1 a vf_state, lo que dar\u00e1 como resultado el acceso a un puntero nulo. El registro de errores simplificado es el siguiente. root@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89 [ 173.543315] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000004 [ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Mensaje de sy [ 173.641973] lr : do_setlink+0x4a8/0xec8 [ 173.732292] Rastreo de llamada: [ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80 [ 173.738847] __rtnl_newlink+0x530/0x89c [ 173.742692] rtnl_newlink+0x50/0x7c [ 173.746189] rtnetlink_rcv_msg+0x128/0x390 [ 173.750298] netlink_rcv_skb+0x60/0x130 [ 173.754145] rtnetlink_rcv+0x18/0x24 [ 173.757731] netlink_unicast+0x318/0x380 [ 173.761665] netlink_sendmsg+0x17c/0x3c8" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50299.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50299.json index 9da3bfeae68..7ef26ca1f40 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50299.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50299.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50299", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:32.053", - "lastModified": "2024-11-19T02:16:32.053", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsctp: properly validate chunk size in sctp_sf_ootb()\n\nA size validation fix similar to that in Commit 50619dbf8db7 (\"sctp: add\nsize validation when walking chunks\") is also required in sctp_sf_ootb()\nto address a crash reported by syzbot:\n\n BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712\n sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712\n sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166\n sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407\n sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88\n sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243\n sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159\n ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205\n ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sctp: validar correctamente el tama\u00f1o de los fragmentos en sctp_sf_ootb() Tambi\u00e9n se requiere una correcci\u00f3n de validaci\u00f3n de tama\u00f1o similar a la del Commit 50619dbf8db7 (\"sctp: agregar validaci\u00f3n de tama\u00f1o al recorrer fragmentos\") en sctp_sf_ootb() para abordar un fallo informado por syzbot: ERROR: KMSAN: valor no inicializado en sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 red/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 red/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 red/sctp/input.c:243 sctp4_rcv+0x42/0x50 red/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 red/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 red/ipv4/ip_input.c:233" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50300.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50300.json index a06266a4120..57ccf15958c 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50300.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50300.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50300", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:32.140", - "lastModified": "2024-11-19T02:16:32.140", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: rtq2208: Fix uninitialized use of regulator_config\n\nFix rtq2208 driver uninitialized use to cause kernel error." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: regulador: rtq2208: Se corrige el uso no inicializado de regulator_config Se corrige el uso no inicializado del controlador rtq2208 para provocar un error de kernel." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50301.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50301.json index 7130ae882c4..edea4f0bf4a 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50301.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50301.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50301", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:32.230", - "lastModified": "2024-11-19T02:16:32.230", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsecurity/keys: fix slab-out-of-bounds in key_task_permission\n\nKASAN reports an out of bounds read:\nBUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36\nBUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline]\nBUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410\nsecurity/keys/permission.c:54\nRead of size 4 at addr ffff88813c3ab618 by task stress-ng/4362\n\nCPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15\nCall Trace:\n __dump_stack lib/dump_stack.c:82 [inline]\n dump_stack+0x107/0x167 lib/dump_stack.c:123\n print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400\n __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560\n kasan_report+0x3a/0x50 mm/kasan/report.c:585\n __kuid_val include/linux/uidgid.h:36 [inline]\n uid_eq include/linux/uidgid.h:63 [inline]\n key_task_permission+0x394/0x410 security/keys/permission.c:54\n search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793\n\nThis issue was also reported by syzbot.\n\nIt can be reproduced by following these steps(more details [1]):\n1. Obtain more than 32 inputs that have similar hashes, which ends with the\n pattern '0xxxxxxxe6'.\n2. Reboot and add the keys obtained in step 1.\n\nThe reproducer demonstrates how this issue happened:\n1. In the search_nested_keyrings function, when it iterates through the\n slots in a node(below tag ascend_to_node), if the slot pointer is meta\n and node->back_pointer != NULL(it means a root), it will proceed to\n descend_to_node. However, there is an exception. If node is the root,\n and one of the slots points to a shortcut, it will be treated as a\n keyring.\n2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function.\n However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as\n ASSOC_ARRAY_PTR_SUBTYPE_MASK.\n3. When 32 keys with the similar hashes are added to the tree, the ROOT\n has keys with hashes that are not similar (e.g. slot 0) and it splits\n NODE A without using a shortcut. When NODE A is filled with keys that\n all hashes are xxe6, the keys are similar, NODE A will split with a\n shortcut. Finally, it forms the tree as shown below, where slot 6 points\n to a shortcut.\n\n NODE A\n +------>+---+\n ROOT | | 0 | xxe6\n +---+ | +---+\n xxxx | 0 | shortcut : : xxe6\n +---+ | +---+\n xxe6 : : | | | xxe6\n +---+ | +---+\n | 6 |---+ : : xxe6\n +---+ +---+\n xxe6 : : | f | xxe6\n +---+ +---+\n xxe6 | f |\n +---+\n\n4. As mentioned above, If a slot(slot 6) of the root points to a shortcut,\n it may be mistakenly transferred to a key*, leading to a read\n out-of-bounds read.\n\nTo fix this issue, one should jump to descend_to_node if the ptr is a\nshortcut, regardless of whether the node is root or not.\n\n[1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/\n\n[jarkko: tweaked the commit message a bit to have an appropriate closes\n tag.]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: security/keys: correcci\u00f3n de slab-out-of-bounds en key_task_permission KASAN informa una lectura fuera de los l\u00edmites: ERROR: KASAN: slab-out-of-bounds en __kuid_val include/linux/uidgid.h:36 ERROR: KASAN: slab-out-of-bounds en uid_eq include/linux/uidgid.h:63 [en l\u00ednea] ERROR: KASAN: slab-out-of-bounds en key_task_permission+0x394/0x410 security/keys/permission.c:54 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88813c3ab618 por la tarea stress-ng/4362 CPU: 2 PID: 4362 Comm: stress-ng No contaminado 5.10.0-14930-gafbffd6c3ede #15 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:82 [en l\u00ednea] dump_stack+0x107/0x167 lib/dump_stack.c:123 print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400 __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560 kasan_report+0x3a/0x50 mm/kasan/report.c:585 __kuid_val include/linux/uidgid.h:36 [en l\u00ednea] uid_eq include/linux/uidgid.h:63 [en l\u00ednea] key_task_permission+0x394/0x410 security/keys/permission.c:54 search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793 Este problema tambi\u00e9n fue informado por syzbot. Puede reproducirse siguiendo estos pasos (m\u00e1s detalles [1]): 1. Obtenga m\u00e1s de 32 entradas que tengan hashes similares, que terminen con el patr\u00f3n '0xxxxxxxe6'. 2. Reinicie y agregue las claves obtenidas en el paso 1. El reproductor demuestra c\u00f3mo sucedi\u00f3 este problema: 1. En la funci\u00f3n search_nested_keyrings, cuando itera a trav\u00e9s de las ranuras en un nodo (debajo de la etiqueta ascend_to_node), si el puntero de la ranura es meta y node->back_pointer != NULL (significa una ra\u00edz), proceder\u00e1 a descend_to_node. Sin embargo, hay una excepci\u00f3n. Si el nodo es la ra\u00edz y una de las ranuras apunta a un acceso directo, se tratar\u00e1 como un llavero. 2. Si el ptr es un llavero lo decide la funci\u00f3n keyring_ptr_is_keyring. Sin embargo, KEYRING_PTR_SUBTYPE es 0x2UL, lo mismo que ASSOC_ARRAY_PTR_SUBTYPE_MASK. 3. Cuando se agregan 32 claves con hashes similares al \u00e1rbol, la RA\u00cdZ tiene claves con hashes que no son similares (por ejemplo, la ranura 0) y divide el NODO A sin usar un acceso directo. Cuando el NODO A se llena con claves en las que todos los hashes son xxe6, las claves son similares, el NODO A se dividir\u00e1 con un acceso directo. Finalmente, forma el \u00e1rbol como se muestra a continuaci\u00f3n, donde la ranura 6 apunta a un acceso directo. NODO A +------>+---+ RA\u00cdZ | | 0 | xxe6 +---+ | +---+ xxxx | 0 | acceso directo : : xxe6 +---+ | +---+ xxe6 : : | | | xxe6 +---+ | +---+ | 6 |---+ : : xxe6 +---+ +---+ xxe6 : : | f | xxe6 +---+ +---+ xxe6 | f | +---+ 4. Como se mencion\u00f3 anteriormente, si una ranura (ranura 6) de la ra\u00edz apunta a un acceso directo, puede transferirse por error a una clave*, lo que lleva a una lectura fuera de los l\u00edmites. Para solucionar este problema, uno debe saltar a descend_to_node si el ptr es un acceso directo, independientemente de si el nodo es ra\u00edz o no. [1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/ [jarkko: modifiqu\u00e9 un poco el mensaje de confirmaci\u00f3n para tener una etiqueta de cierre apropiada]." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50302.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50302.json index 9f1d1a00c54..685855e2870 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50302.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50302.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50302", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T02:16:32.320", - "lastModified": "2024-11-19T02:16:32.320", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nHID: core: zero-initialize the report buffer\n\nSince the report buffer is used by all kinds of drivers in various ways, let's\nzero-initialize it during allocation to make sure that it can't be ever used\nto leak kernel memory via specially-crafted report." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: n\u00facleo: inicializar en cero el b\u00fafer de informes Dado que el b\u00fafer de informes es utilizado por todo tipo de controladores de diversas formas, vamos a inicializarlo en cero durante la asignaci\u00f3n para asegurarnos de que nunca pueda usarse para filtrar memoria del kernel a trav\u00e9s de un informe especialmente manipulado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50303.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50303.json index f5b9a56ab68..46ea539e108 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50303.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50303.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50303", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:22.263", - "lastModified": "2024-11-19T18:15:22.263", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50304.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50304.json index 3f0bfb861c6..cbcc8c747bb 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50304.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50304.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50304", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-19T18:15:22.343", - "lastModified": "2024-11-19T18:15:22.343", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50417.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50417.json index d317a71f762..c6c0d6c5db0 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50417.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50417.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50417", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:10.087", - "lastModified": "2024-11-19T17:15:10.087", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-504xx/CVE-2024-50430.json b/CVE-2024/CVE-2024-504xx/CVE-2024-50430.json index d073dfebf20..fbccc5365fe 100644 --- a/CVE-2024/CVE-2024-504xx/CVE-2024-50430.json +++ b/CVE-2024/CVE-2024-504xx/CVE-2024-50430.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50430", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T19:15:08.240", - "lastModified": "2024-11-19T19:15:08.240", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50513.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50513.json index c5f2239ed1b..f1335504b25 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50513.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50513.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50513", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:10.313", - "lastModified": "2024-11-19T17:15:10.313", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50514.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50514.json index 6574eb48080..29544c926f7 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50514.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50514.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50514", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:10.553", - "lastModified": "2024-11-19T17:15:10.553", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50515.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50515.json index 1b7340d0d59..8edb2bb2203 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50515.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50515.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50515", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:10.777", - "lastModified": "2024-11-19T17:15:10.777", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50516.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50516.json index a1b903835bf..7d1aa63237f 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50516.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50516.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50516", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:11.000", - "lastModified": "2024-11-19T17:15:11.000", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50517.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50517.json index 904f665fc6f..4d8178d3067 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50517.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50517.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50517", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:11.223", - "lastModified": "2024-11-19T17:15:11.223", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50518.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50518.json index c019da7b48e..be56a4bfabe 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50518.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50518.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50518", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:11.450", - "lastModified": "2024-11-19T17:15:11.450", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50519.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50519.json index 04333d102e7..d2bd87a6ff1 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50519.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50519.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50519", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:11.693", - "lastModified": "2024-11-19T17:15:11.693", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50520.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50520.json index 24054702ec6..9a1f8da841e 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50520.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50520.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50520", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:11.913", - "lastModified": "2024-11-19T17:15:11.913", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50521.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50521.json index 913a4c6164d..e9301493499 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50521.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50521.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50521", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:12.130", - "lastModified": "2024-11-19T17:15:12.130", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50522.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50522.json index b8d7ebe2b30..5a4965c347c 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50522.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50522.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50522", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:12.347", - "lastModified": "2024-11-19T17:15:12.347", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50532.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50532.json index 6017e17185c..0c3a483ecbd 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50532.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50532.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50532", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:12.587", - "lastModified": "2024-11-19T17:15:12.587", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50533.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50533.json index 5fa10ac6800..20b34284581 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50533.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50533.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50533", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:12.820", - "lastModified": "2024-11-19T17:15:12.820", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50534.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50534.json index 4d3497f668c..cd2fce795a4 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50534.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50534.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50534", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:13.033", - "lastModified": "2024-11-19T17:15:13.033", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50535.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50535.json index 71b2a14c86a..7bbb3fc9909 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50535.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50535.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50535", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:13.253", - "lastModified": "2024-11-19T17:15:13.253", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50536.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50536.json index f46b7599d35..b26d9113b70 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50536.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50536.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50536", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:13.473", - "lastModified": "2024-11-19T17:15:13.473", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50537.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50537.json index c297f1e6871..6a0792c5198 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50537.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50537.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50537", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:13.687", - "lastModified": "2024-11-19T17:15:13.687", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50538.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50538.json index c1471ccbdc4..6f51e926987 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50538.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50538.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50538", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:13.893", - "lastModified": "2024-11-19T17:15:13.893", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50540.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50540.json index d6b58138138..d37c7359467 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50540.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50540.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50540", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:14.140", - "lastModified": "2024-11-19T17:15:14.140", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50541.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50541.json index d9aec780df9..f6a0f5f4d5f 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50541.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50541.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50541", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:14.367", - "lastModified": "2024-11-19T17:15:14.367", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50542.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50542.json index 7377b5f51be..58d19acd750 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50542.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50542.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50542", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:14.623", - "lastModified": "2024-11-19T17:15:14.623", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50543.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50543.json index 99fdd6a1d86..b072482c211 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50543.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50543.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50543", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:14.850", - "lastModified": "2024-11-19T17:15:14.850", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50545.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50545.json index 38ed62e438f..42db6f62b8f 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50545.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50545.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50545", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:15.077", - "lastModified": "2024-11-19T17:15:15.077", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50546.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50546.json index fb284661af2..9f88cd8f852 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50546.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50546.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50546", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:15.293", - "lastModified": "2024-11-19T17:15:15.293", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50547.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50547.json index 4b795348ec3..2e0865f60ba 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50547.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50547.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50547", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:15.530", - "lastModified": "2024-11-19T17:15:15.530", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50548.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50548.json index 17a1f0314cf..f6bbd7c964b 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50548.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50548.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50548", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:15.757", - "lastModified": "2024-11-19T17:15:15.757", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50549.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50549.json index aa80f1d9dea..6bee5065e4f 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50549.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50549.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50549", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:16.007", - "lastModified": "2024-11-19T17:15:16.007", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50551.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50551.json index a4c2be3cc5a..80c7be4dac1 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50551.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50551.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50551", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:16.270", - "lastModified": "2024-11-19T17:15:16.270", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50552.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50552.json index 5624df0bda7..b42d2c85727 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50552.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50552.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50552", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:16.530", - "lastModified": "2024-11-19T17:15:16.530", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50553.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50553.json index a4320d26d99..7f0b7b4daec 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50553.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50553.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50553", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:16.760", - "lastModified": "2024-11-19T17:15:16.760", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50554.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50554.json index bc069d8f412..891c60e760e 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50554.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50554.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50554", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:16.990", - "lastModified": "2024-11-19T17:15:16.990", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50556.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50556.json index 9e4b627a744..e7e0781331b 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50556.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50556.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50556", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:17.197", - "lastModified": "2024-11-19T17:15:17.197", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50655.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50655.json index c94b163a17f..56d206c615e 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50655.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50655.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50655", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T17:15:20.613", - "lastModified": "2024-11-18T17:11:56.587", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-19T21:51:00.987", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,15 +15,76 @@ "value": "emlog pro <=2.3.18 es vulnerable a Cross Site Scripting (XSS), que permite a los atacantes escribir c\u00f3digo JavaScript malicioso en art\u00edculos publicados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:emlog:emlog:*:*:*:*:pro:*:*:*", + "versionEndIncluding": "2.3.18", + "matchCriteriaId": "5F260A4A-54DE-4C64-903D-A0F2A597E3B0" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/Yllxx03/CVE/blob/main/emlog/XSS.md", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] }, { "url": "https://github.com/Yllxx03/CVE/tree/main/CVE-2024-50655", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50803.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50803.json index 88d6a8dbb41..61ea85e6654 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50803.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50803.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50803", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-19T16:15:19.840", - "lastModified": "2024-11-19T16:15:19.840", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50804.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50804.json index 6d088ad955c..32a330e0959 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50804.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50804.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50804", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T21:15:06.220", - "lastModified": "2024-11-19T16:35:15.173", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50848.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50848.json index 46d307b9caa..394650f0fab 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50848.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50848.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50848", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T21:15:06.293", - "lastModified": "2024-11-19T15:35:10.213", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50849.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50849.json index fc8e11b0804..be4dd65fd5e 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50849.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50849.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50849", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T21:15:06.360", - "lastModified": "2024-11-19T15:35:11.063", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50919.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50919.json index 680ff084bd5..8fa78454e05 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50919.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50919.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50919", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T20:15:05.650", - "lastModified": "2024-11-19T16:35:15.973", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:56.293", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-50xx/CVE-2024-5072.json b/CVE-2024/CVE-2024-50xx/CVE-2024-5072.json index 6e38294dc1d..7cdd42ea5aa 100644 --- a/CVE-2024/CVE-2024-50xx/CVE-2024-5072.json +++ b/CVE-2024/CVE-2024-50xx/CVE-2024-5072.json @@ -2,7 +2,7 @@ "id": "CVE-2024-5072", "sourceIdentifier": "security@devolutions.net", "published": "2024-05-17T16:15:08.300", - "lastModified": "2024-05-17T18:35:35.070", + "lastModified": "2024-11-19T22:35:11.960", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": " La validaci\u00f3n de entrada incorrecta en la funci\u00f3n de elevaci\u00f3n PAM JIT en Devolutions Server 2024.1.11.0 y versiones anteriores permite que un usuario autenticado con acceso a la funci\u00f3n de elevaci\u00f3n PAM JIT manipule la consulta del filtro LDAP a trav\u00e9s de una solicitud especialmente manipulada." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "references": [ { "url": "https://devolutions.net/security/advisories/DEVO-2024-0007", diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51051.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51051.json index 1d4dd2ee282..b3cb27a37f7 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51051.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51051.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51051", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T22:15:06.190", - "lastModified": "2024-11-19T15:35:11.920", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51053.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51053.json index 74af64178bd..0a015eef4c9 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51053.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51053.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51053", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T21:15:06.423", - "lastModified": "2024-11-19T15:35:12.750", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51499.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51499.json index 857c14301ee..abbeabd87c4 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51499.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51499.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51499", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T20:15:05.760", - "lastModified": "2024-11-18T20:15:05.760", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading." + }, + { + "lang": "es", + "value": "MarkUs es una aplicaci\u00f3n web para el env\u00edo y calificaci\u00f3n de tareas de estudiantes. En versiones anteriores a la 2.4.8, una vulnerabilidad de escritura de archivos arbitrarios accesible a trav\u00e9s del m\u00e9todo update_files de SubmissionsController permite a los usuarios autenticados (por ejemplo, estudiantes) escribir archivos arbitrarios en cualquier ubicaci\u00f3n del servidor web en el que se ejecuta MarkUs (seg\u00fan los permisos del sistema de archivos subyacente). Esto puede provocar una ejecuci\u00f3n de c\u00f3digo remoto retrasada en caso de que un atacante pueda escribir un archivo Ruby en la subcarpeta config/initializers/ de la aplicaci\u00f3n Ruby on Rails. MarkUs v2.4.8 ha solucionado este problema. No hay workarounds disponibles a nivel de aplicaci\u00f3n aparte de la actualizaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51503.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51503.json index 823b55ad5e7..76add05dba6 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51503.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51503.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51503", "sourceIdentifier": "security@trendmicro.com", "published": "2024-11-19T19:15:08.470", - "lastModified": "2024-11-19T19:15:08.470", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51617.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51617.json index caf8eeda084..efb5b1ee9b4 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51617.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51617.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51617", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:17.473", - "lastModified": "2024-11-19T17:15:17.473", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51631.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51631.json index 6b89a9dc4a6..7671ab3e5f6 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51631.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51631.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51631", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:17.720", - "lastModified": "2024-11-19T17:15:17.720", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51632.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51632.json index bb48f2043f3..84bbc2e4a8d 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51632.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51632.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51632", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:17.947", - "lastModified": "2024-11-19T17:15:17.947", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51633.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51633.json index f728339dabb..717f6406a93 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51633.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51633.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51633", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:18.163", - "lastModified": "2024-11-19T17:15:18.163", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51634.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51634.json index f52db88b83b..6a84875a5c7 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51634.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51634.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51634", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:18.397", - "lastModified": "2024-11-19T17:15:18.397", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51635.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51635.json index 6b642b7caaa..fe1cd89b199 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51635.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51635.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51635", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:18.630", - "lastModified": "2024-11-19T17:15:18.630", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51636.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51636.json index 8e187762ffc..5c983ccc9e5 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51636.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51636.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51636", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:18.853", - "lastModified": "2024-11-19T17:15:18.853", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51637.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51637.json index c943dee0a3d..a973feb92c1 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51637.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51637.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51637", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:19.080", - "lastModified": "2024-11-19T17:15:19.080", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51638.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51638.json index b91ca974169..1f7ffbd2a5d 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51638.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51638.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51638", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:19.313", - "lastModified": "2024-11-19T17:15:19.313", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51639.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51639.json index 8430d5e4b06..3a6d95b00eb 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51639.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51639.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51639", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:19.547", - "lastModified": "2024-11-19T17:15:19.547", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51640.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51640.json index 4606b8410bc..9f97eb8edb7 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51640.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51640.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51640", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:19.780", - "lastModified": "2024-11-19T17:15:19.780", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51641.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51641.json index 8c9e7d3bf65..a16f102d9a9 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51641.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51641.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51641", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:20.007", - "lastModified": "2024-11-19T17:15:20.007", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51642.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51642.json index 2eae340906d..89cf9e33acf 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51642.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51642.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51642", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:20.243", - "lastModified": "2024-11-19T17:15:20.243", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51643.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51643.json index 4541563618e..52393b432df 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51643.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51643.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51643", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:20.473", - "lastModified": "2024-11-19T17:15:20.473", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51644.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51644.json index 693a637ac3b..dbc1376d358 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51644.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51644.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51644", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:20.697", - "lastModified": "2024-11-19T17:15:20.697", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51645.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51645.json index 884f9aa5201..5563fdb4fde 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51645.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51645.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51645", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:20.910", - "lastModified": "2024-11-19T17:15:20.910", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51648.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51648.json index 9e6156c3a22..f030c0f723a 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51648.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51648.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51648", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:21.130", - "lastModified": "2024-11-19T17:15:21.130", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51649.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51649.json index bf70a07f1c9..bf26c4dfb5c 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51649.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51649.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51649", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:21.377", - "lastModified": "2024-11-19T17:15:21.377", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51650.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51650.json index d271e54cdc4..949c334f6d6 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51650.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51650.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51650", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:21.610", - "lastModified": "2024-11-19T17:15:21.610", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51652.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51652.json index c32e5586657..cff5fe6feb1 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51652.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51652.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51652", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:21.863", - "lastModified": "2024-11-19T17:15:21.863", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51653.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51653.json index fdba798dc06..77f89e0fef2 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51653.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51653.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51653", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:22.080", - "lastModified": "2024-11-19T17:15:22.080", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51654.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51654.json index 60a511c4b59..da3ab5f73f5 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51654.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51654.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51654", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:22.290", - "lastModified": "2024-11-19T17:15:22.290", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51655.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51655.json index 3e235903fe6..971f3ea5855 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51655.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51655.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51655", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:22.517", - "lastModified": "2024-11-19T17:15:22.517", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51656.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51656.json index a94491143c9..f97fb20a9e1 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51656.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51656.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51656", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:22.733", - "lastModified": "2024-11-19T17:15:22.733", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51657.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51657.json index c131f1a8b84..a1b8015faa1 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51657.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51657.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51657", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:22.953", - "lastModified": "2024-11-19T17:15:22.953", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51660.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51660.json index df7e32cf622..f634f0ca218 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51660.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51660.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51660", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:23.170", - "lastModified": "2024-11-19T17:15:23.170", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51669.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51669.json new file mode 100644 index 00000000000..56f6948e2dd --- /dev/null +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51669.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-51669", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-19T22:15:20.673", + "lastModified": "2024-11-19T22:15:20.673", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Vivwebs Dynamic Widgets.This issue affects Dynamic Widgets: from n/a through 1.6.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/dynamic-widgets/wordpress-dynamic-widgets-plugin-1-6-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51671.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51671.json index 6a49eafe42f..e2ba54cc6b9 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51671.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51671.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51671", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:23.383", - "lastModified": "2024-11-19T17:15:23.383", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51686.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51686.json index 6fa7354f26d..1f71d42d786 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51686.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51686.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51686", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:23.620", - "lastModified": "2024-11-19T17:15:23.620", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51743.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51743.json index bc9c6ce9657..251a0b8690d 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51743.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51743.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51743", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T20:15:05.900", - "lastModified": "2024-11-19T15:35:13.590", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51794.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51794.json index 2951f85a84d..beec9421ee7 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51794.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51794.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51794", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:23.853", - "lastModified": "2024-11-19T17:15:23.853", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51795.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51795.json index 1022a83b54a..30d1cfa853f 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51795.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51795.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51795", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:24.080", - "lastModified": "2024-11-19T17:15:24.080", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51796.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51796.json index 137b81b6f19..30a7e3a7dfc 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51796.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51796.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51796", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:24.300", - "lastModified": "2024-11-19T17:15:24.300", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51797.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51797.json index 345cb39e2af..14c4d20abcd 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51797.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51797.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51797", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:24.513", - "lastModified": "2024-11-19T17:15:24.513", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51798.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51798.json index d27cecdb0bd..6657a1a5f23 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51798.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51798.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51798", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:24.737", - "lastModified": "2024-11-19T17:15:24.737", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51799.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51799.json index 271316c782e..82e5769ab16 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51799.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51799.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51799", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:24.957", - "lastModified": "2024-11-19T17:15:24.957", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51801.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51801.json index 06d0e52cd2f..886c259305f 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51801.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51801.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51801", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:25.187", - "lastModified": "2024-11-19T17:15:25.187", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51802.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51802.json index 04ee3aadc0b..92453ca7dd0 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51802.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51802.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51802", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:25.420", - "lastModified": "2024-11-19T17:15:25.420", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51803.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51803.json index b6bf27a77cd..0eed919dc41 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51803.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51803.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51803", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:25.663", - "lastModified": "2024-11-19T17:15:25.663", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51804.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51804.json index 616d581c409..d52b3834c6a 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51804.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51804.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51804", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:25.893", - "lastModified": "2024-11-19T17:15:25.893", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51805.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51805.json index dcd11dc620b..ef2e6c54352 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51805.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51805.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51805", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:26.110", - "lastModified": "2024-11-19T17:15:26.110", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51806.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51806.json index 7abd1ef7999..25e5bdf2a18 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51806.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51806.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51806", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:26.383", - "lastModified": "2024-11-19T17:15:26.383", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51807.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51807.json index ec4adf82957..3d1e9a80cd5 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51807.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51807.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51807", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:26.610", - "lastModified": "2024-11-19T17:15:26.610", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51808.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51808.json index 8863d93d16c..aee7ba74461 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51808.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51808.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51808", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:26.833", - "lastModified": "2024-11-19T17:15:26.833", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51809.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51809.json index 27c9719595a..0b560c050d7 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51809.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51809.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51809", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:27.073", - "lastModified": "2024-11-19T17:15:27.073", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51810.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51810.json index 3a54ed10233..a8869f2504e 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51810.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51810.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51810", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:27.297", - "lastModified": "2024-11-19T17:15:27.297", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51811.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51811.json index fb38bd19c80..f5d634d5500 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51811.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51811.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51811", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:27.527", - "lastModified": "2024-11-19T17:15:27.527", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51812.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51812.json index c3746fbb5af..fcc1c125c0c 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51812.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51812.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51812", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:27.750", - "lastModified": "2024-11-19T17:15:27.750", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51813.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51813.json index 781e592cc28..fee486f81c6 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51813.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51813.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51813", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:28.000", - "lastModified": "2024-11-19T17:15:28.000", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51814.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51814.json index cbea01f131d..4cd8b691ed7 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51814.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51814.json @@ -2,13 +2,13 @@ "id": "CVE-2024-51814", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:28.223", - "lastModified": "2024-11-19T17:15:28.223", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in \u91ce\u4eba \u6d3b\u52a8\u94fe\u63a5\u63a8\u5e7f\u63d2\u4ef6 allows DOM-Based XSS.This issue affects \u6d3b\u52a8\u94fe\u63a5\u63a8\u5e7f\u63d2\u4ef6: from n/a through 1.2.0." + "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ?? ???????? allows DOM-Based XSS.This issue affects ????????: from n/a through 1.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51816.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51816.json index 1bc701397b8..66ecbe6be25 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51816.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51816.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51816", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:28.450", - "lastModified": "2024-11-19T17:15:28.450", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51817.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51817.json index 468d431581c..0a0ec389931 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51817.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51817.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51817", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:28.687", - "lastModified": "2024-11-19T17:15:28.687", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51819.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51819.json index 545675e3265..ac43b9accd2 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51819.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51819.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51819", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:28.923", - "lastModified": "2024-11-19T17:15:28.923", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51821.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51821.json index 40223db95fe..631208da61a 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51821.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51821.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51821", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:29.160", - "lastModified": "2024-11-19T17:15:29.160", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51822.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51822.json index 9bf655e08db..cd1aeb715f2 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51822.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51822.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51822", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:29.380", - "lastModified": "2024-11-19T17:15:29.380", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51823.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51823.json index 0b4767eef74..4b93e9f9534 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51823.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51823.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51823", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:29.590", - "lastModified": "2024-11-19T17:15:29.590", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51824.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51824.json index bff5f331dbb..01145934f57 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51824.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51824.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51824", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:29.813", - "lastModified": "2024-11-19T17:15:29.813", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51825.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51825.json index d555ec6640c..204b5a886c1 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51825.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51825.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51825", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:30.047", - "lastModified": "2024-11-19T17:15:30.047", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51826.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51826.json index c2aa44a53f8..e0fdbbef13b 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51826.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51826.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51826", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:30.293", - "lastModified": "2024-11-19T17:15:30.293", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51827.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51827.json index d8d9eaaca6d..6e2faad7ec7 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51827.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51827.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51827", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:30.510", - "lastModified": "2024-11-19T17:15:30.510", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51828.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51828.json index 9d52f41a0d3..a6ae5e7380a 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51828.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51828.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51828", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:30.730", - "lastModified": "2024-11-19T17:15:30.730", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51829.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51829.json index e2b5718bb7e..14aed33939e 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51829.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51829.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51829", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:30.950", - "lastModified": "2024-11-19T17:15:30.950", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51830.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51830.json index 3a16b5d768d..94e8478f5a8 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51830.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51830.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51830", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:31.187", - "lastModified": "2024-11-19T17:15:31.187", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51831.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51831.json index ebcdb1bee2b..9557e311abb 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51831.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51831.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51831", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:31.453", - "lastModified": "2024-11-19T17:15:31.453", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51832.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51832.json index f381caff534..45e8d710cca 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51832.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51832.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51832", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:31.717", - "lastModified": "2024-11-19T17:15:31.717", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51833.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51833.json index ccda725a081..86416df6e65 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51833.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51833.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51833", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:31.983", - "lastModified": "2024-11-19T17:15:31.983", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51834.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51834.json index ed90b8df220..b8763f629f1 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51834.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51834.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51834", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:32.227", - "lastModified": "2024-11-19T17:15:32.227", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51835.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51835.json index 8877ac46ff8..8a0672f30fa 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51835.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51835.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51835", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:32.467", - "lastModified": "2024-11-19T17:15:32.467", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51836.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51836.json index 56d2371365e..890bf2d3a84 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51836.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51836.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51836", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:32.717", - "lastModified": "2024-11-19T17:15:32.717", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51838.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51838.json index 710af95b675..398025b4f88 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51838.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51838.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51838", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:32.940", - "lastModified": "2024-11-19T17:15:32.940", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51839.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51839.json index d460e50682a..2e60c1c9198 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51839.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51839.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51839", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:33.163", - "lastModified": "2024-11-19T17:15:33.163", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51840.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51840.json index 617141218c2..f599cd392c7 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51840.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51840.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51840", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:33.397", - "lastModified": "2024-11-19T17:15:33.397", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51841.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51841.json index cb66b843e83..ad768436e20 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51841.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51841.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51841", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:33.633", - "lastModified": "2024-11-19T17:15:33.633", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51842.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51842.json index 451f62817ac..3bce13efe9f 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51842.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51842.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51842", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:33.873", - "lastModified": "2024-11-19T17:15:33.873", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51844.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51844.json index 27797b63bf1..37ff340b958 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51844.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51844.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51844", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:34.110", - "lastModified": "2024-11-19T17:15:34.110", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51846.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51846.json index cbc761643f3..8a1690ffd48 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51846.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51846.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51846", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:34.360", - "lastModified": "2024-11-19T17:15:34.360", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51847.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51847.json index 30e6d426d86..8fab869da00 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51847.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51847.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51847", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:34.590", - "lastModified": "2024-11-19T17:15:34.590", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51848.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51848.json index b5a36d257d6..fd9320c21d2 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51848.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51848.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51848", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:34.813", - "lastModified": "2024-11-19T17:15:34.813", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51849.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51849.json index 271bd9202f2..f3fec20c214 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51849.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51849.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51849", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:35.050", - "lastModified": "2024-11-19T17:15:35.050", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51850.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51850.json index 11c135e38ad..d07c134705e 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51850.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51850.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51850", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:35.260", - "lastModified": "2024-11-19T17:15:35.260", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51851.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51851.json index f576956ac13..b01fa18c925 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51851.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51851.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51851", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:35.490", - "lastModified": "2024-11-19T17:15:35.490", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51852.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51852.json index 835c3b37e6e..766f2ff14c6 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51852.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51852.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51852", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:35.720", - "lastModified": "2024-11-19T17:15:35.720", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51853.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51853.json index a3ff4a7ff4f..3612c2d66f4 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51853.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51853.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51853", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:35.970", - "lastModified": "2024-11-19T17:15:35.970", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51854.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51854.json index bf213793b1f..c21858ab880 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51854.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51854.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51854", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:36.227", - "lastModified": "2024-11-19T17:15:36.227", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51855.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51855.json index 5440084bd1c..3493f1308f0 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51855.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51855.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51855", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:36.480", - "lastModified": "2024-11-19T17:15:36.480", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51856.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51856.json index c8a66c7c7ca..f9597777049 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51856.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51856.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51856", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:36.710", - "lastModified": "2024-11-19T17:15:36.710", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51857.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51857.json index 0ca28ab0996..6ddffec7125 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51857.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51857.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51857", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:36.933", - "lastModified": "2024-11-19T17:15:36.933", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51858.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51858.json index 302cdfecd53..1312802bd3c 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51858.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51858.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51858", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:37.170", - "lastModified": "2024-11-19T17:15:37.170", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51859.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51859.json index 82d7768352c..089d03873de 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51859.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51859.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51859", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:37.417", - "lastModified": "2024-11-19T17:15:37.417", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51860.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51860.json index ab08b568da2..020c4b76c1a 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51860.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51860.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51860", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:37.630", - "lastModified": "2024-11-19T17:15:37.630", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51861.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51861.json index 24f578988dc..bdc84d22d5e 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51861.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51861.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51861", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:37.860", - "lastModified": "2024-11-19T17:15:37.860", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51862.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51862.json index 40c3f896b43..e24630a85fa 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51862.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51862.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51862", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:38.103", - "lastModified": "2024-11-19T17:15:38.103", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51863.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51863.json index f3eeaa6463c..dec48fadafe 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51863.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51863.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51863", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:38.337", - "lastModified": "2024-11-19T17:15:38.337", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51864.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51864.json index 3dfd12f22fd..3cc5638bbb3 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51864.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51864.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51864", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:38.560", - "lastModified": "2024-11-19T17:15:38.560", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51865.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51865.json index d63ed76af3b..f4a6af0a962 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51865.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51865.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51865", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:38.783", - "lastModified": "2024-11-19T17:15:38.783", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51866.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51866.json index a2a4cf0d5f0..f74027f7740 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51866.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51866.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51866", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:39.003", - "lastModified": "2024-11-19T17:15:39.003", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51867.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51867.json index aed2a77fb4d..52f2d0e9a99 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51867.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51867.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51867", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:39.230", - "lastModified": "2024-11-19T17:15:39.230", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51868.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51868.json index 4c0c848132a..bc7d0ab5e7f 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51868.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51868.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51868", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:39.443", - "lastModified": "2024-11-19T17:15:39.443", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51869.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51869.json index cb8fdc8e8db..78c5a17a812 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51869.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51869.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51869", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:39.653", - "lastModified": "2024-11-19T17:15:39.653", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51870.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51870.json index 7d6d5073dbb..8b914403738 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51870.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51870.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51870", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:39.887", - "lastModified": "2024-11-19T17:15:39.887", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51871.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51871.json index d84dc7eb13e..18c74a5aa07 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51871.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51871.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51871", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:40.123", - "lastModified": "2024-11-19T17:15:40.123", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51872.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51872.json index 7aa402b3491..f066311cbe2 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51872.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51872.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51872", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:40.333", - "lastModified": "2024-11-19T17:15:40.333", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51873.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51873.json index e028cf9e256..594e3c6f78d 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51873.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51873.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51873", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:40.557", - "lastModified": "2024-11-19T17:15:40.557", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51874.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51874.json index db787194051..a1e80e8ec71 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51874.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51874.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51874", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:40.783", - "lastModified": "2024-11-19T17:15:40.783", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51875.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51875.json index 2b95afb50f2..7412a8d157e 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51875.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51875.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51875", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:41.007", - "lastModified": "2024-11-19T17:15:41.007", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51876.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51876.json index 3d7a5a3e00a..e009cd8e78d 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51876.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51876.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51876", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:41.237", - "lastModified": "2024-11-19T17:15:41.237", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51877.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51877.json index 7ab275f5fab..06a8057eb8f 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51877.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51877.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51877", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:41.460", - "lastModified": "2024-11-19T17:15:41.460", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51878.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51878.json index 607ae7a0f21..c7aa2e73add 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51878.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51878.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51878", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:41.677", - "lastModified": "2024-11-19T17:15:41.677", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51879.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51879.json index 3b791a7f7eb..c324cfb56bc 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51879.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51879.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51879", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:41.913", - "lastModified": "2024-11-19T17:15:41.913", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51880.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51880.json index e6d335c7014..02fd3400936 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51880.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51880.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51880", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:42.133", - "lastModified": "2024-11-19T17:15:42.133", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51881.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51881.json index aaa9d886875..57db343db6f 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51881.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51881.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51881", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:42.357", - "lastModified": "2024-11-19T17:15:42.357", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51883.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51883.json index 26d565c9426..f347026d5b2 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51883.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51883.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51883", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:42.560", - "lastModified": "2024-11-19T17:15:42.560", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51884.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51884.json index 5b075455b1d..ff6f47326f8 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51884.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51884.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51884", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:42.790", - "lastModified": "2024-11-19T17:15:42.790", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51885.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51885.json index 8a8b5f9b53b..ceab9e3060f 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51885.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51885.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51885", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:43.017", - "lastModified": "2024-11-19T17:15:43.017", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51886.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51886.json index cd39b8bd450..8d4fc314cbc 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51886.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51886.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51886", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:43.220", - "lastModified": "2024-11-19T17:15:43.220", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51887.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51887.json index 0bfdea13c57..09c9752040a 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51887.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51887.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51887", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:43.430", - "lastModified": "2024-11-19T17:15:43.430", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51889.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51889.json index 293786cf981..6410c325573 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51889.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51889.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51889", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:43.650", - "lastModified": "2024-11-19T17:15:43.650", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51890.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51890.json index 41eb952db21..2717cd172ab 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51890.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51890.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51890", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:43.873", - "lastModified": "2024-11-19T17:15:43.873", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51891.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51891.json index 34951253a28..2a7892a6340 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51891.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51891.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51891", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:44.120", - "lastModified": "2024-11-19T17:15:44.120", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51892.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51892.json index d42ea8ab325..ca4ed070afd 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51892.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51892.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51892", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:44.350", - "lastModified": "2024-11-19T17:15:44.350", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51893.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51893.json index 835466384a1..ca0e2c3d0c3 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51893.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51893.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51893", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:44.577", - "lastModified": "2024-11-19T17:15:44.577", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51894.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51894.json index 63c23df807b..5e1b60d3691 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51894.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51894.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51894", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:44.810", - "lastModified": "2024-11-19T17:15:44.810", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51895.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51895.json index 50b9d1ad986..9ca53950b98 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51895.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51895.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51895", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:45.047", - "lastModified": "2024-11-19T17:15:45.047", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51896.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51896.json index a1831554d69..19a7df3771e 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51896.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51896.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51896", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:45.273", - "lastModified": "2024-11-19T17:15:45.273", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51897.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51897.json index 954de32f357..0aa38a0b600 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51897.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51897.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51897", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:45.490", - "lastModified": "2024-11-19T17:15:45.490", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51898.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51898.json index 5e1e34719c1..eeb0757da3c 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51898.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51898.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51898", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:45.717", - "lastModified": "2024-11-19T17:15:45.717", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51899.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51899.json index 70e18c7e840..47e96c54cc3 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51899.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51899.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51899", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:45.967", - "lastModified": "2024-11-19T17:15:45.967", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51901.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51901.json index b4b4716b1bc..0224e3197eb 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51901.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51901.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51901", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:46.177", - "lastModified": "2024-11-19T17:15:46.177", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51902.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51902.json index 248c908b040..48b9ea82c61 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51902.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51902.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51902", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:46.397", - "lastModified": "2024-11-19T17:15:46.397", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51903.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51903.json index 61b33dbe741..4163ba3b4e1 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51903.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51903.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51903", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:46.647", - "lastModified": "2024-11-19T17:15:46.647", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51904.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51904.json index a515dfe0086..dcca09eed5e 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51904.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51904.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51904", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:46.893", - "lastModified": "2024-11-19T17:15:46.893", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51905.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51905.json index db2aa52c156..5d74afea804 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51905.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51905.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51905", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:47.117", - "lastModified": "2024-11-19T17:15:47.117", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51906.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51906.json index cb829267718..0481c2e615c 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51906.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51906.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51906", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:47.350", - "lastModified": "2024-11-19T17:15:47.350", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51907.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51907.json index 42f86d674dd..a48273fdbb4 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51907.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51907.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51907", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:47.573", - "lastModified": "2024-11-19T17:15:47.573", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51908.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51908.json index dc7f796012e..e622ec80c13 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51908.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51908.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51908", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:47.823", - "lastModified": "2024-11-19T17:15:47.823", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51909.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51909.json index 0ea0d020c36..8d9d506e393 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51909.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51909.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51909", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:48.050", - "lastModified": "2024-11-19T17:15:48.050", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51910.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51910.json index 75c64c743e8..a240501e2c6 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51910.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51910.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51910", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:48.277", - "lastModified": "2024-11-19T17:15:48.277", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51911.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51911.json index ec2ab5fffdd..58e83ebb516 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51911.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51911.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51911", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:48.510", - "lastModified": "2024-11-19T17:15:48.510", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51912.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51912.json index d84a3f65837..de817e2eac4 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51912.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51912.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51912", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:48.750", - "lastModified": "2024-11-19T17:15:48.750", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51913.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51913.json index 9ca7fd1f00e..49673b837bc 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51913.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51913.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51913", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:48.963", - "lastModified": "2024-11-19T17:15:48.963", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51914.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51914.json index 794af35cfc4..57cea1fd2f9 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51914.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51914.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51914", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:49.180", - "lastModified": "2024-11-19T17:15:49.180", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51916.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51916.json index cd6d92eb3c9..6f3064764a2 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51916.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51916.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51916", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:49.397", - "lastModified": "2024-11-19T17:15:49.397", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51917.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51917.json index a19fa3336b4..12816f50ab9 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51917.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51917.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51917", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:49.620", - "lastModified": "2024-11-19T17:15:49.620", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51918.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51918.json index cc7c0eb7e45..30a2627f6c6 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51918.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51918.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51918", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:49.870", - "lastModified": "2024-11-19T17:15:49.870", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51920.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51920.json index 347d5638da6..ae3d7712b5b 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51920.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51920.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51920", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:50.117", - "lastModified": "2024-11-19T17:15:50.117", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51921.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51921.json index b7e1497a5f1..e896d9ea952 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51921.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51921.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51921", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:50.357", - "lastModified": "2024-11-19T17:15:50.357", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51922.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51922.json index f07f65983a5..9e86cd8d8ab 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51922.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51922.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51922", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:50.597", - "lastModified": "2024-11-19T17:15:50.597", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51923.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51923.json index eabce0ca8d2..1c9b0d120bd 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51923.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51923.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51923", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:50.827", - "lastModified": "2024-11-19T17:15:50.827", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51924.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51924.json index 130fc523d77..b91df71d70b 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51924.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51924.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51924", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:51.077", - "lastModified": "2024-11-19T17:15:51.077", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51925.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51925.json index 37df9283393..007e81698d3 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51925.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51925.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51925", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:51.320", - "lastModified": "2024-11-19T17:15:51.320", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51926.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51926.json index 345e68d98ea..d884128b47b 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51926.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51926.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51926", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:51.560", - "lastModified": "2024-11-19T17:15:51.560", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51927.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51927.json index 9248bb038f6..ab2e5ef52aa 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51927.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51927.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51927", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:51.813", - "lastModified": "2024-11-19T17:15:51.813", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51928.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51928.json index 32afd6c4f72..b516116591a 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51928.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51928.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51928", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:52.070", - "lastModified": "2024-11-19T17:15:52.070", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51929.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51929.json index e2d8f466900..ef45d4e434f 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51929.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51929.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51929", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:52.303", - "lastModified": "2024-11-19T17:15:52.303", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51930.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51930.json index 7a1740cac09..b5e85102e13 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51930.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51930.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51930", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:52.533", - "lastModified": "2024-11-19T17:15:52.533", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51931.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51931.json index bb8c136bee7..44d7225bc62 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51931.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51931.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51931", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:52.767", - "lastModified": "2024-11-19T17:15:52.767", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51932.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51932.json index f46e4ed4985..dd90067f149 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51932.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51932.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51932", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:53.000", - "lastModified": "2024-11-19T17:15:53.000", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51933.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51933.json index e23796543dd..0807de8faa3 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51933.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51933.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51933", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:53.243", - "lastModified": "2024-11-19T17:15:53.243", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51934.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51934.json index e14e26a4601..527cdacf61b 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51934.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51934.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51934", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:53.477", - "lastModified": "2024-11-19T17:15:53.477", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51935.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51935.json index 82a46928a6b..ad35f3bfc4a 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51935.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51935.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51935", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:53.693", - "lastModified": "2024-11-19T17:15:53.693", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51936.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51936.json index 7a5ff56e1e7..a9a93bfe704 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51936.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51936.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51936", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:53.920", - "lastModified": "2024-11-19T17:15:53.920", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51937.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51937.json index c60ac6cdb56..c627a9c19ab 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51937.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51937.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51937", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:54.150", - "lastModified": "2024-11-19T17:15:54.150", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51938.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51938.json index 51c30ed8518..6efccf224eb 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51938.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51938.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51938", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:54.390", - "lastModified": "2024-11-19T17:15:54.390", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51939.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51939.json index 8397bbc9f54..cee9ae3a82f 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51939.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51939.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51939", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T23:15:04.853", - "lastModified": "2024-11-18T23:15:04.853", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Santhosh veer Stylish Internal Links allows DOM-Based XSS.This issue affects Stylish Internal Links: from n/a through 1.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Santhosh veer Stylish Internal Links permite XSS basado en DOM. Este problema afecta a Stylish Internal Links: desde n/a hasta 1.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51940.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51940.json index 20c8865243c..5d6f92ee0ce 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51940.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51940.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51940", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T23:15:05.073", - "lastModified": "2024-11-18T23:15:05.073", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sohelwpexpert WP Responsive Video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en sohelwpexpert WP Responsive Video permite XSS basado en DOM. Este problema afecta a WP Responsive Video: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52303.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52303.json index d3c895dab07..c0306d06148 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52303.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52303.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52303", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T20:15:06.047", - "lastModified": "2024-11-19T15:35:13.847", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52304.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52304.json index 269f393ea5d..691a18d9575 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52304.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52304.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52304", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T21:15:06.500", - "lastModified": "2024-11-19T16:35:16.793", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52339.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52339.json index 1e9e78cd408..686adff3f4d 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52339.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52339.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52339", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T23:15:05.300", - "lastModified": "2024-11-18T23:15:05.300", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mage Cast Mage Front End Forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through 1.1.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Mage Cast Mage Front End Forms permite XSS almacenado. Este problema afecta a Mage Front End Forms: desde n/a hasta 1.1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52340.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52340.json index 2ddddae03be..6f21c5c5301 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52340.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52340.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52340", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T23:15:05.517", - "lastModified": "2024-11-18T23:15:05.517", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marty Thornley Photographer Connections allows Stored XSS.This issue affects Photographer Connections: from n/a through 1.3.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Marty Thornley Photographer Connections permite XSS almacenado. Este problema afecta a Photographer Connections: desde n/a hasta 1.3.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52341.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52341.json index 3a9f3c7f89c..e23c2e0975b 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52341.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52341.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52341", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:06.257", - "lastModified": "2024-11-18T22:15:06.257", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd. | Jinesh.P.V OS Our Team allows Stored XSS.This issue affects OS Our Team: from n/a through 1.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Offshorent Solutions Pvt Ltd. | Jinesh.P.V OS Our Team permite XSS almacenado. Este problema afecta a los sistemas operativos Nuestro equipo: desde n/a hasta 1.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52342.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52342.json index 01ddfc9e279..e8b0544e907 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52342.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52342.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52342", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:06.483", - "lastModified": "2024-11-18T22:15:06.483", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd. | Jinesh.P.V OS BXSlider allows Stored XSS.This issue affects OS BXSlider: from n/a through 2.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Offshorent Solutions Pvt Ltd. | Jinesh.PV OS BXSlider permite XSS almacenado. Este problema afecta a OS BXSlider: desde n/a hasta 2.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52343.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52343.json index f0869704fac..c2a8efe3e8f 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52343.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52343.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52343", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:06.697", - "lastModified": "2024-11-18T22:15:06.697", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Offshorent Softwares Pvt. Ltd. | Jinesh.P.V OS Pricing Tables allows Stored XSS.This issue affects OS Pricing Tables: from n/a through 1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Offshorent Softwares Pvt. Ltd. | Jinesh.P.V OS Pricing Tables permiten XSS almacenado. Este problema afecta a las tablas de precios del sistema operativo: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52344.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52344.json index b1fca499604..e0dba7b6ca7 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52344.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52344.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52344", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:06.923", - "lastModified": "2024-11-18T22:15:06.923", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Junaid Provide Forex Signals allows Stored XSS.This issue affects Provide Forex Signals: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Muhammad Junaid Provide Forex Signals permite XSS almacenado. Este problema afecta a Provide Forex Signals: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52345.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52345.json index abefabe67aa..9b373adedb4 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52345.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52345.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52345", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:07.150", - "lastModified": "2024-11-18T22:15:07.150", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Roberto Alicata ra_qrcode allows Stored XSS.This issue affects ra_qrcode: from n/a through 2.1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Roberto Alicata ra_qrcode permite XSS almacenado. Este problema afecta a ra_qrcode: desde n/a hasta 2.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52346.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52346.json index f7a82aac93d..a539ced7bca 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52346.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52346.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52346", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:07.377", - "lastModified": "2024-11-18T22:15:07.377", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Javier M\u00e9ndez Veira SimpleGMaps allows Stored XSS.This issue affects SimpleGMaps: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en SimpleGMaps de Javier M\u00e9ndez Veira permite XSS almacenado. Este problema afecta a SimpleGMaps: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52347.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52347.json index 393f612df9a..b632f5765eb 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52347.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52347.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52347", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:07.600", - "lastModified": "2024-11-18T22:15:07.600", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP website creator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera: from n/a through 4.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP website creator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera permite XSS almacenado. Este problema afecta a la instalaci\u00f3n remota de sitios web de Gravity, WPForms, Formidable, Ninja y Caldera: desde n/a hasta 4.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52348.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52348.json index f3dad78ef5a..2616069bdba 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52348.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52348.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52348", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:07.830", - "lastModified": "2024-11-18T22:15:07.830", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aaextention AA Audio Player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en aaextention AA Audio Player permite XSS basado en DOM. Este problema afecta a AA Audio Player: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52349.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52349.json index f2e291bf6cb..49e3cb3edf1 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52349.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52349.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52349", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:08.077", - "lastModified": "2024-11-18T22:15:08.077", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md. Shiddikur Rahman Awesome Tool Tip allows DOM-Based XSS.This issue affects Awesome Tool Tip: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Md. Shiddikur Rahman Awesome Tool Tip permite XSS basado en DOM. Este problema afecta a Awesome Tool Tip: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52359.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52359.json index 1a80f39df94..ed50b25afdf 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52359.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52359.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52359", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-19T20:15:31.840", - "lastModified": "2024-11-19T20:15:31.840", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52360.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52360.json index 5972d007d85..c1e8054792a 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52360.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52360.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52360", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-19T20:15:32.147", - "lastModified": "2024-11-19T20:15:32.147", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52388.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52388.json index d2f1c62d3eb..35dfaa4342f 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52388.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52388.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52388", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:54.653", - "lastModified": "2024-11-19T17:15:54.653", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52389.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52389.json index 3e8ea18dbcf..1f0eb5b7195 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52389.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52389.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52389", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:08.300", - "lastModified": "2024-11-18T22:15:08.300", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Job Portal permite XSS almacenado. Este problema afecta a WP Job Portal: desde n/a hasta 2.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52390.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52390.json index e7b29a65a6a..8b751139a1c 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52390.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52390.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52390", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:08.517", - "lastModified": "2024-11-18T22:15:08.517", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": ": Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3." + }, + { + "lang": "es", + "value": ": Path Traversal: la vulnerabilidad '.../...//' en CYAN Backup permite Path Traversal. Este problema afecta a CYAN Backup: desde n/a hasta 2.5.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52392.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52392.json new file mode 100644 index 00000000000..3c234217bef --- /dev/null +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52392.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52392", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-19T22:15:20.910", + "lastModified": "2024-11-19T22:15:20.910", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.25." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/w3speedster-wp/wordpress-w3speedster-plugin-7-25-cross-site-request-forgery-csrf-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52394.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52394.json index 2bef868b0ad..4114618ce54 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52394.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52394.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52394", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:08.747", - "lastModified": "2024-11-18T22:15:08.747", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in nopea.Media Print PDF Generator and Publisher allows Stored XSS.This issue affects Print PDF Generator and Publisher: from n/a through 1.1.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en nopea.Media Print PDF Generator and Publisher permite XSS almacenado. Este problema afecta a Print PDF Generator and Publisher: desde n/a hasta 1.1.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52395.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52395.json index 30449025c7a..bced6a1a617 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52395.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52395.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52395", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:54.873", - "lastModified": "2024-11-19T17:15:54.873", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52401.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52401.json index b40736e6521..cdfef73a8b3 100644 --- a/CVE-2024/CVE-2024-524xx/CVE-2024-52401.json +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52401.json @@ -2,13 +2,13 @@ "id": "CVE-2024-52401", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:55.120", - "lastModified": "2024-11-19T17:15:55.120", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Cross-Site Request Forgery (CSRF) vulnerability in \u8352\u91ce\u65e0\u706f Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4." + "value": "Cross-Site Request Forgery (CSRF) vulnerability in ???? Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52402.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52402.json index 215ee19fcaa..efbc85f9775 100644 --- a/CVE-2024/CVE-2024-524xx/CVE-2024-52402.json +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52402.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52402", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:55.350", - "lastModified": "2024-11-19T17:15:55.350", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52417.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52417.json index e9541bddc74..f99c100e087 100644 --- a/CVE-2024/CVE-2024-524xx/CVE-2024-52417.json +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52417.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52417", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:08.980", - "lastModified": "2024-11-18T22:15:08.980", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes ReConstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through 1.4.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en BoldThemes ReConstruction permite XSS reflejado. Este problema afecta a ReConstruction: desde n/a hasta 1.4.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52418.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52418.json index 77ba5f7ded5..a6442ea040f 100644 --- a/CVE-2024/CVE-2024-524xx/CVE-2024-52418.json +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52418.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52418", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-18T22:15:09.250", - "lastModified": "2024-11-18T22:15:09.250", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CactusThemes Gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through 1.5.10." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CactusThemes Gameplan permite XSS reflejado. Este problema afecta a Gameplan: desde n/a hasta 1.5.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52420.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52420.json index 7e26217ffcd..f1de210f069 100644 --- a/CVE-2024/CVE-2024-524xx/CVE-2024-52420.json +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52420.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52420", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:55.570", - "lastModified": "2024-11-19T17:15:55.570", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52421.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52421.json index 1debcaf1903..7e93ed08f74 100644 --- a/CVE-2024/CVE-2024-524xx/CVE-2024-52421.json +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52421.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52421", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-19T17:15:55.787", - "lastModified": "2024-11-19T17:15:55.787", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:56:45.533", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52506.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52506.json index 9cd37c9bfa4..97b0aa07d2b 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52506.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52506.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52506", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T21:15:06.633", - "lastModified": "2024-11-19T16:35:17.897", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52582.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52582.json index 9db8053f53c..7aeb27a2bce 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52582.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52582.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52582", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-19T16:15:20.207", - "lastModified": "2024-11-19T16:15:20.207", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52583.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52583.json index 06dba3bece6..25673c584e4 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52583.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52583.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52583", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T21:15:06.810", - "lastModified": "2024-11-18T21:15:06.810", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024." + }, + { + "lang": "es", + "value": "El repositorio de GitHub de WesHacks proporciona el c\u00f3digo fuente del sitio web oficial de la competencia de hackathon para el hackathon de Muweilah Wesgreen. La p\u00e1gina `schedule.html` antes del 17 de noviembre de 2024 o el commit 93dfb83 contiene enlaces a `Leostop`, un sitio que aloja un archivo JavaScript malicioso inyectado que se produce cuando se ejecuta bootstrap y jquery. `Leostop` puede ser un malware de seguimiento y crea 2 archivos JavaScript, pero poco m\u00e1s se sabe al respecto. El sitio web de WesHacks elimina todas las referencias a `Leostop` a partir del 17 de noviembre de 2024." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52584.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52584.json index 1ef1207af4a..d8a16c0f515 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52584.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52584.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52584", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T21:15:07.047", - "lastModified": "2024-11-19T16:35:18.180", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52585.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52585.json index 30bcbdbf5a1..5b9baa46ae3 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52585.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52585.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52585", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T21:15:07.183", - "lastModified": "2024-11-19T16:35:18.380", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52587.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52587.json index 70c7c125884..33986d54269 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52587.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52587.json @@ -2,8 +2,8 @@ "id": "CVE-2024-52587", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-18T22:15:09.557", - "lastModified": "2024-11-19T15:35:15.427", - "vulnStatus": "Received", + "lastModified": "2024-11-19T21:57:32.967", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52595.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52595.json new file mode 100644 index 00000000000..5e448558296 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52595.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2024-52595", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-19T22:15:21.120", + "lastModified": "2024-11-19T22:15:21.120", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as ``, `` and `