admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 03:27:17 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-03-01T15:01:14.659475+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-03-01 15:01:18 +00:00
parent 8d61886604
commit b08af09562
94 changed files with 1558 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
CVE-2021/CVE-2021-469xx/CVE-2021-46959.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-46959",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.230",
"lastModified": "2024-02-29T23:15:07.230",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: Fix use-after-free with devm_spi_alloc_*\n\nWe can't rely on the contents of the devres list during\nspi_unregister_controller(), as the list is already torn down at the\ntime we perform devres_find() for devm_spi_release_controller. This\ncauses devices registered with devm_spi_alloc_{master,slave}() to be\nmistakenly identified as legacy, non-devm managed devices and have their\nreference counters decremented below 0.\n\n------------[ cut here ]------------\nWARNING: CPU: 1 PID: 660 at lib/refcount.c:28 refcount_warn_saturate+0x108/0x174\n[<b0396f04>] (refcount_warn_saturate) from [<b03c56a4>] (kobject_put+0x90/0x98)\n[<b03c5614>] (kobject_put) from [<b0447b4c>] (put_device+0x20/0x24)\n r4:b6700140\n[<b0447b2c>] (put_device) from [<b07515e8>] (devm_spi_release_controller+0x3c/0x40)\n[<b07515ac>] (devm_spi_release_controller) from [<b045343c>] (release_nodes+0x84/0xc4)\n r5:b6700180 r4:b6700100\n[<b04533b8>] (release_nodes) from [<b0454160>] (devres_release_all+0x5c/0x60)\n r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10\n[<b0454104>] (devres_release_all) from [<b044e41c>] (__device_release_driver+0x144/0x1ec)\n r5:b117ad94 r4:b163dc10\n[<b044e2d8>] (__device_release_driver) from [<b044f70c>] (device_driver_detach+0x84/0xa0)\n r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10\n[<b044f688>] (device_driver_detach) from [<b044d274>] (unbind_store+0xe4/0xf8)\n\nInstead, determine the devm allocation state as a flag on the\ncontroller which is guaranteed to be stable during cleanup."
},
{
"lang": "es",
"value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: corrige el Use-After-Free con devm_spi_alloc_* No podemos confiar en el contenido de la lista devres durante spi_unregister_controller(), ya que la lista ya est\u00e1 eliminada en ese momento. Realizamos devres_find() para devm_spi_release_controller. Esto hace que los dispositivos registrados con devm_spi_alloc_{master,slave}() se identifiquen err\u00f3neamente como dispositivos heredados, no administrados por devm y sus contadores de referencia disminuyan por debajo de 0. ------------[ cortar aqu\u00ed ] ------------ ADVERTENCIA: CPU: 1 PID: 660 en lib/refcount.c:28 refcount_warn_saturate+0x108/0x174 [] (refcount_warn_saturate) de [] (kobject_put+ 0x90/0x98) [] (kobject_put) de [] (put_device+0x20/0x24) r4:b6700140 [] (put_device) de [] (devm_spi_release_controller+0x3c/0x40 ) [ ] (devm_spi_release_controller) de [] (release_nodes+0x84/0xc4) r5:b6700180 r4:b6700100 [] (release_nodes) de [] (devres_release_all+0x5c/0x6 0) r8:b1638c54 r7:b117ad94 r6:b1638c10 r5:b117ad94 r4:b163dc10 [] (devres_release_all) de [] (__device_release_driver+0x144/0x1ec) r5:b117ad94 r4:b163dc10 [] (__device_release_driver) de [&lt; b044f70c&gt;] (device_driver_detach+0x84/0xa0) r9:00000000 r8:00000000 r7:b117ad94 r6:b163dc54 r5:b1638c10 r4:b163dc10 [] (device_driver_detach) de [ ] (unbind_store+0xe4/0xf8) en su lugar , determine el estado de asignaci\u00f3n devm como un indicador en el controlador que se garantiza que ser\u00e1 estable durante la limpieza."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47016.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47016",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.307",
"lastModified": "2024-02-29T23:15:07.307",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nm68k: mvme147,mvme16x: Don't wipe PCC timer config bits\n\nDon't clear the timer 1 configuration bits when clearing the interrupt flag\nand counter overflow. As Michael reported, \"This results in no timer\ninterrupts being delivered after the first. Initialization then hangs\nin calibrate_delay as the jiffies counter is not updated.\"\n\nOn mvme16x, enable the timer after requesting the irq, consistent with\nmvme147."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: m68k: mvme147,mvme16x: No borre los bits de configuraci\u00f3n del temporizador PCC. No borre los bits de configuraci\u00f3n del temporizador 1 al borrar el indicador de interrupci\u00f3n y el desbordamiento del contador. Como inform\u00f3 Michael, \"Esto da como resultado que no se entreguen interrupciones del temporizador despu\u00e9s de la primera. Luego, la inicializaci\u00f3n se bloquea en calibrate_delay porque el contador de santiam\u00e9n no se actualiza\". En mvme16x, habilite el temporizador despu\u00e9s de solicitar irq, de acuerdo con mvme147."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47020.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47020",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.357",
"lastModified": "2024-02-29T23:15:07.357",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoundwire: stream: fix memory leak in stream config error path\n\nWhen stream config is failed, master runtime will release all\nslave runtime in the slave_rt_list, but slave runtime is not\nadded to the list at this time. This patch frees slave runtime\nin the config error path to fix the memory leak."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: soundwire: stream: corrige la p\u00e9rdida de memoria en la ruta de error de configuraci\u00f3n de stream Cuando falla la configuraci\u00f3n de stream, el tiempo de ejecuci\u00f3n maestro liberar\u00e1 todo el tiempo de ejecuci\u00f3n esclavo en Slave_rt_list, pero el tiempo de ejecuci\u00f3n esclavo no se agrega a la lista. en este momento. Este parche libera el tiempo de ejecuci\u00f3n esclavo en la ruta del error de configuraci\u00f3n para corregir la p\u00e9rdida de memoria."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47054.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47054",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.413",
"lastModified": "2024-02-29T23:15:07.413",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbus: qcom: Put child node before return\n\nPut child node before return to fix potential reference count leak.\nGenerally, the reference count of child is incremented and decremented\nautomatically in the macro for_each_available_child_of_node() and should\nbe decremented manually if the loop is broken in loop body."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: bus: qcom: Colocar el nodo secundario antes del retorno. Colocar el nodo secundario antes del retorno para corregir una posible p\u00e9rdida del recuento de referencias. Generalmente, el recuento de referencia del ni\u00f1o se incrementa y disminuye autom\u00e1ticamente en la macro for_each_available_child_of_node() y debe disminuirse manualmente si el bucle se rompe en el cuerpo del bucle."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47055.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47055",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.473",
"lastModified": "2024-02-29T23:15:07.473",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmtd: require write permissions for locking and badblock ioctls\n\nMEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require\nwrite permission. Depending on the hardware MEMLOCK might even be\nwrite-once, e.g. for SPI-NOR flashes with their WP# tied to GND. OTPLOCK\nis always write-once.\n\nMEMSETBADBLOCK modifies the bad block table."
},
{
"lang": "es",
"value": "En el kernel de Linux se ha solucionado la siguiente vulnerabilidad: mtd: requiere permisos de escritura para bloqueo y badblock ioctls MEMLOCK, MEMUNLOCK y OTPLOCK modifican los bits de protecci\u00f3n. Por lo tanto, requiere permiso de escritura. Dependiendo del hardware, MEMLOCK podr\u00eda incluso ser de escritura \u00fanica, por ejemplo, para flashes SPI-NOR con su WP# vinculado a GND. OTPLOCK siempre se escribe una vez. MEMSETBADBLOCK modifica la tabla de bloques defectuosos."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47056.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47056",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.530",
"lastModified": "2024-02-29T23:15:07.530",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init\n\nADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown()\nbefore calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the\nvf2pf_lock is initialized in adf_dev_init(), which can fail and when it\nfail, the vf2pf_lock is either not initialized or destroyed, a subsequent\nuse of vf2pf_lock will cause issue.\nTo fix this issue, only set this flag if adf_dev_init() returns 0.\n\n[ 7.178404] BUG: KASAN: user-memory-access in __mutex_lock.isra.0+0x1ac/0x7c0\n[ 7.180345] Call Trace:\n[ 7.182576] mutex_lock+0xc9/0xd0\n[ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat]\n[ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat]\n[ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat]\n[ 7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf]"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: qat - ADF_STATUS_PF_RUNNING debe configurarse despu\u00e9s de adf_dev_init ADF_STATUS_PF_RUNNING es (solo) usado y verificado por adf_vf2pf_shutdown() antes de llamar a adf_iov_putmsg()-&gt;mutex_lock(vf2pf_lock), sin embargo, vf2pf_lock es inicializado en adf_dev_init(), que puede fallar y cuando falla, vf2pf_lock no se inicializa o se destruye, un uso posterior de vf2pf_lock causar\u00e1 problemas. Para solucionar este problema, establezca este indicador solo si adf_dev_init() devuelve 0. [7.178404] ERROR: KASAN: acceso a memoria de usuario en __mutex_lock.isra.0+0x1ac/0x7c0 [7.180345] Seguimiento de llamadas: [7.182576] mutex_lock+0xc9 /0xd0 [ 7.183257] adf_iov_putmsg+0x118/0x1a0 [intel_qat] [ 7.183541] adf_vf2pf_shutdown+0x4d/0x7b [intel_qat] [ 7.183834] adf_dev_shutdown+0x172/0x2b0 [intel_qat] [7.184127] adf_probe+0x5e9/0x600 [qat_dh895xccvf]"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47057.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47057",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.590",
"lastModified": "2024-02-29T23:15:07.590",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ss - Fix memory leak of object d when dma_iv fails to map\n\nIn the case where the dma_iv mapping fails, the return error path leaks\nthe memory allocated to object d. Fix this by adding a new error return\nlabel and jumping to this to ensure d is free'd before the return.\n\nAddresses-Coverity: (\"Resource leak\")"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: crypto: sun8i-ss: corrige la p\u00e9rdida de memoria del objeto d cuando dma_iv no se puede asignar. En el caso de que falle la asignaci\u00f3n de dma_iv, la ruta de error de retorno pierde la memoria asignada al objeto d. Solucione este problema agregando una nueva etiqueta de devoluci\u00f3n de error y saltando a ella para asegurarse de que d est\u00e9 libre antes de la devoluci\u00f3n. Direcciones-Cobertura: (\"Fuga de recursos\")"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47058.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47058",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.640",
"lastModified": "2024-02-29T23:15:07.640",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nregmap: set debugfs_name to NULL after it is freed\n\nThere is a upstream commit cffa4b2122f5(\"regmap:debugfs:\nFix a memory leak when calling regmap_attach_dev\") that\nadds a if condition when create name for debugfs_name.\nWith below function invoking logical, debugfs_name is\nfreed in regmap_debugfs_exit(), but it is not created again\nbecause of the if condition introduced by above commit.\nregmap_reinit_cache()\n\tregmap_debugfs_exit()\n\t...\n\tregmap_debugfs_init()\nSo, set debugfs_name to NULL after it is freed."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: regmap: establece debugfs_name en NULL despu\u00e9s de liberarlo. Hay una confirmaci\u00f3n ascendente cffa4b2122f5(\"regmap:debugfs: corrige una p\u00e9rdida de memoria al llamar a regmap_attach_dev\") que agrega una condici\u00f3n if al crear nombre para debugfs_name. Con la siguiente funci\u00f3n que invoca l\u00f3gica, debugfs_name se libera en regmap_debugfs_exit(), pero no se vuelve a crear debido a la condici\u00f3n if introducida por la confirmaci\u00f3n anterior. regmap_reinit_cache() regmap_debugfs_exit() ... regmap_debugfs_init() Entonces, establezca debugfs_name en NULL despu\u00e9s de liberarlo."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47059.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47059",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.690",
"lastModified": "2024-02-29T23:15:07.690",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: sun8i-ss - fix result memory leak on error path\n\nThis patch fixes a memory leak on an error path."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: crypto: sun8i-ss - resultado de correcci\u00f3n de p\u00e9rdida de memoria en una ruta de error Este parche corrige una p\u00e9rdida de memoria en una ruta de error."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47060.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47060",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.740",
"lastModified": "2024-02-29T23:15:07.740",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Stop looking for coalesced MMIO zones if the bus is destroyed\n\nAbort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev()\nfails to allocate memory for the new instance of the bus. If it can't\ninstantiate a new bus, unregister_dev() destroys all devices _except_ the\ntarget device. But, it doesn't tell the caller that it obliterated the\nbus and invoked the destructor for all devices that were on the bus. In\nthe coalesced MMIO case, this can result in a deleted list entry\ndereference due to attempting to continue iterating on coalesced_zones\nafter future entries (in the walk) have been deleted.\n\nOpportunistically add curly braces to the for-loop, which encompasses\nmany lines but sneaks by without braces due to the guts being a single\nif statement."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: deja de buscar zonas MMIO fusionadas si el bus se destruye. Cancela el recorrido de las zonas MMIO fusionadas si kvm_io_bus_unregister_dev() no puede asignar memoria para la nueva instancia del bus. Si no puede crear una instancia de un nuevo bus, unregister_dev() destruye todos los dispositivos _excepto_ el dispositivo de destino. Pero no le dice a la persona que llama que destruy\u00f3 el bus e invoc\u00f3 el destructor para todos los dispositivos que estaban en el bus. En el caso de MMIO fusionado, esto puede resultar en una desreferencia de entrada de lista eliminada debido al intento de continuar iterando en coalesced_zones despu\u00e9s de que se hayan eliminado entradas futuras (en el recorrido). De manera oportunista, agregue llaves al bucle for, que abarca muchas l\u00edneas pero se escapa sin llaves debido a que el valor es una sola declaraci\u00f3n if."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47061.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47061",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.793",
"lastModified": "2024-02-29T23:15:07.793",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU\n\nIf allocating a new instance of an I/O bus fails when unregistering a\ndevice, wait to destroy the device until after all readers are guaranteed\nto see the new null bus. Destroying devices before the bus is nullified\ncould lead to use-after-free since readers expect the devices on their\nreference of the bus to remain valid."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: KVM: Destruye los dispositivos del bus de E/S al cancelar el registro _despu\u00e9s_ de sincronizar SRCU Si falla la asignaci\u00f3n de una nueva instancia de un bus de E/S al cancelar el registro de un dispositivo, espere para destruir el dispositivo hasta que todos los lectores tengan la garant\u00eda de ver el nuevo bus nulo. Destruir dispositivos antes de que se anule el bus podr\u00eda dar lugar a un uso posterior a la liberaci\u00f3n, ya que los lectores esperan que los dispositivos en su referencia del bus sigan siendo v\u00e1lidos."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47062.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47062",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.843",
"lastModified": "2024-02-29T23:15:07.843",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nKVM: SVM: Use online_vcpus, not created_vcpus, to iterate over vCPUs\n\nUse the kvm_for_each_vcpu() helper to iterate over vCPUs when encrypting\nVMSAs for SEV, which effectively switches to use online_vcpus instead of\ncreated_vcpus. This fixes a possible null-pointer dereference as\ncreated_vcpus does not guarantee a vCPU exists, since it is updated at\nthe very beginning of KVM_CREATE_VCPU. created_vcpus exists to allow the\nbulk of vCPU creation to run in parallel, while still correctly\nrestricting the max number of max vCPUs."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: KVM: SVM: use online_vcpus, no creado_vcpus, para iterar sobre vCPU. Use el asistente kvm_for_each_vcpu() para iterar sobre vCPU al cifrar VMSA para SEV, que efectivamente cambia para usar online_vcpus en lugar de creado_vcpus. Esto corrige una posible desreferencia de puntero nulo ya que create_vcpus no garantiza que exista una vCPU, ya que se actualiza al comienzo de KVM_CREATE_VCPU. create_vcpus existe para permitir que la mayor parte de la creaci\u00f3n de vCPU se ejecute en paralelo, al mismo tiempo que restringe correctamente la cantidad m\u00e1xima de vCPU m\u00e1ximas."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47063.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47063",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.893",
"lastModified": "2024-02-29T23:15:07.893",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm: bridge/panel: Cleanup connector on bridge detach\n\nIf we don't call drm_connector_cleanup() manually in\npanel_bridge_detach(), the connector will be cleaned up with the other\nDRM objects in the call to drm_mode_config_cleanup(). However, since our\ndrm_connector is devm-allocated, by the time drm_mode_config_cleanup()\nwill be called, our connector will be long gone. Therefore, the\nconnector must be cleaned up when the bridge is detached to avoid\nuse-after-free conditions.\n\nv2: Cleanup connector only if it was created\n\nv3: Add FIXME\n\nv4: (Use connector->dev) directly in if() block"
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm: bridge/panel: Limpiar conector en bridge detach Si no llamamos a drm_connector_cleanup() manualmente en panel_bridge_detach(), el conector se limpiar\u00e1 con los dem\u00e1s objetos DRM en la llamada a drm_mode_config_cleanup(). Sin embargo, dado que nuestro drm_connector est\u00e1 asignado por devm, para cuando se llame a drm_mode_config_cleanup(), nuestro conector ya no existir\u00e1. Por lo tanto, el conector debe limpiarse cuando se retira el puente para evitar condiciones de uso despu\u00e9s de su liberaci\u00f3n. v2: Limpiar el conector solo si fue creado v3: Agregar FIXME v4: (Usar conector-&gt;dev) directamente en el bloque if()"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47064.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47064",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:07.947",
"lastModified": "2024-02-29T23:15:07.947",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: fix potential DMA mapping leak\n\nWith buf uninitialized in mt76_dma_tx_queue_skb_raw, its field skip_unmap\ncould potentially inherit a non-zero value from stack garbage.\nIf this happens, it will cause DMA mappings for MCU command frames to not be\nunmapped after completion"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: mt76: corrige una posible fuga de mapeo DMA Con buf no inicializado en mt76_dma_tx_queue_skb_raw, su campo skip_unmap podr\u00eda potencialmente heredar un valor distinto de cero de la basura de la pila. Si esto sucede, las asignaciones DMA para las tramas de comando MCU no se desasignar\u00e1n una vez finalizadas."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47065.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47065",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.000",
"lastModified": "2024-02-29T23:15:08.000",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtw88: Fix array overrun in rtw_get_tx_power_params()\n\nUsing a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the\nfollowing array overrun is logged:\n\n================================================================================\nUBSAN: array-index-out-of-bounds in /home/finger/wireless-drivers-next/drivers/net/wireless/realtek/rtw88/phy.c:1789:34\nindex 5 is out of range for type 'u8 [5]'\nCPU: 2 PID: 84 Comm: kworker/u16:3 Tainted: G O 5.12.0-rc5-00086-gd88bba47038e-dirty #651\nHardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014\nWorkqueue: phy0 ieee80211_scan_work [mac80211]\nCall Trace:\n dump_stack+0x64/0x7c\n ubsan_epilogue+0x5/0x40\n __ubsan_handle_out_of_bounds.cold+0x43/0x48\n rtw_get_tx_power_params+0x83a/drivers/net/wireless/realtek/rtw88/0xad0 [rtw_core]\n ? rtw_pci_read16+0x20/0x20 [rtw_pci]\n ? check_hw_ready+0x50/0x90 [rtw_core]\n rtw_phy_get_tx_power_index+0x4d/0xd0 [rtw_core]\n rtw_phy_set_tx_power_level+0xee/0x1b0 [rtw_core]\n rtw_set_channel+0xab/0x110 [rtw_core]\n rtw_ops_config+0x87/0xc0 [rtw_core]\n ieee80211_hw_config+0x9d/0x130 [mac80211]\n ieee80211_scan_state_set_channel+0x81/0x170 [mac80211]\n ieee80211_scan_work+0x19f/0x2a0 [mac80211]\n process_one_work+0x1dd/0x3a0\n worker_thread+0x49/0x330\n ? rescuer_thread+0x3a0/0x3a0\n kthread+0x134/0x150\n ? kthread_create_worker_on_cpu+0x70/0x70\n ret_from_fork+0x22/0x30\n================================================================================\n\nThe statement where an array is being overrun is shown in the following snippet:\n\n\tif (rate <= DESC_RATE11M)\n\t\ttx_power = pwr_idx_2g->cck_base[group];\n\telse\n====>\t\ttx_power = pwr_idx_2g->bw40_base[group];\n\nThe associated arrays are defined in main.h as follows:\n\nstruct rtw_2g_txpwr_idx {\n\tu8 cck_base[6];\n\tu8 bw40_base[5];\n\tstruct rtw_2g_1s_pwr_idx_diff ht_1s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_2s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_3s_diff;\n\tstruct rtw_2g_ns_pwr_idx_diff ht_4s_diff;\n};\n\nThe problem arises because the value of group is 5 for channel 14. The trivial\nincrease in the dimension of bw40_base fails as this struct must match the layout of\nefuse. The fix is to add the rate as an argument to rtw_get_channel_group() and set\nthe group for channel 14 to 4 if rate <= DESC_RATE11M.\n\nThis patch fixes commit fa6dfe6bff24 (\"rtw88: resolve order of tx power setting routines\")"
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: rtw88: corrige el desbordamiento de la matriz en rtw_get_tx_power_params() Al utilizar un kernel con el Verificador de estado de comportamiento indefinido (UBSAN) habilitado, se registra el siguiente desbordamiento de la matriz: ======== ==================================================== ====================== UBSAN: \u00edndice de matriz fuera de los l\u00edmites en /home/finger/wireless-drivers-next/drivers/net/wireless /realtek/rtw88/phy.c:1789:34 el \u00edndice 5 est\u00e1 fuera de rango para el tipo 'u8 [5]' CPU: 2 PID: 84 Comm: kworker/u16:3 Tainted: GO 5.12.0-rc5-00086- gd88bba47038e-dirty #651 Nombre del hardware: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS versi\u00f3n 4.50 29/09/2014 Cola de trabajo: phy0 ieee80211_scan_work [mac80211] Seguimiento de llamadas: dump_stack+0x64/0x7c ubsan_epilogue+0x5/0x40 __ubsan _handle_out_of_bounds.cold +0x43/0x48 rtw_get_tx_power_params+0x83a/drivers/net/wireless/realtek/rtw88/0xad0 [rtw_core] ? rtw_pci_read16+0x20/0x20 [rtw_pci] ? check_hw_ready+0x50/0x90 [rtw_core] rtw_phy_get_tx_power_index+0x4d/0xd0 [rtw_core] rtw_phy_set_tx_power_level+0xee/0x1b0 [rtw_core] rtw_set_channel+0xab/0x110 [rtw_core] rtw_ops_config+0x87/0xc 0 [rtw_core] ieee80211_hw_config+0x9d/0x130 [mac80211] ieee80211_scan_state_set_channel+ 0x81/0x170 [mac80211] ieee80211_scan_work+0x19f/0x2a0 [mac80211] Process_one_work+0x1dd/0x3a0 trabajador_thread+0x49/0x330? hilo_rescate+0x3a0/0x3a0 kthread+0x134/0x150 ? kthread_create_worker_on_cpu+0x70/0x70 ret_from_fork+0x22/0x30 ========================================== ========================================= Se muestra la declaraci\u00f3n donde se est\u00e1 invadiendo una matriz en el siguiente fragmento: if (rate &lt;= DESC_RATE11M) tx_power = pwr_idx_2g-&gt;cck_base[group]; else ====&gt; tx_power = pwr_idx_2g-&gt;bw40_base[grupo]; Las matrices asociadas se definen en main.h de la siguiente manera: struct rtw_2g_txpwr_idx { u8 cck_base[6]; u8 bw40_base[5]; estructura rtw_2g_1s_pwr_idx_diff ht_1s_diff; estructura rtw_2g_ns_pwr_idx_diff ht_2s_diff; estructura rtw_2g_ns_pwr_idx_diff ht_3s_diff; estructura rtw_2g_ns_pwr_idx_diff ht_4s_diff; }; El problema surge porque el valor del grupo es 5 para el canal 14. El aumento trivial en la dimensi\u00f3n de bw40_base falla ya que esta estructura debe coincidir con el dise\u00f1o de efuse. La soluci\u00f3n es agregar la tasa como argumento a rtw_get_channel_group() y configurar el grupo para el canal 14 en 4 si la tasa &lt;= DESC_RATE11M. Este parche corrige la confirmaci\u00f3n fa6dfe6bff24 (\"rtw88: resolver el orden de las rutinas de configuraci\u00f3n de energ\u00eda de transmisi\u00f3n\")"
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47066.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47066",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.057",
"lastModified": "2024-02-29T23:15:08.057",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nasync_xor: increase src_offs when dropping destination page\n\nNow we support sharing one page if PAGE_SIZE is not equal stripe size. To\nsupport this, it needs to support calculating xor value with different\noffsets for each r5dev. One offset array is used to record those offsets.\n\nIn RMW mode, parity page is used as a source page. It sets\nASYNC_TX_XOR_DROP_DST before calculating xor value in ops_run_prexor5.\nSo it needs to add src_list and src_offs at the same time. Now it only\nneeds src_list. So the xor value which is calculated is wrong. It can\ncause data corruption problem.\n\nI can reproduce this problem 100% on a POWER8 machine. The steps are:\n\n mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G\n mkfs.xfs /dev/md0\n mount /dev/md0 /mnt/test\n mount: /mnt/test: mount(2) system call failed: Structure needs cleaning."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: async_xor: aumenta src_offs al eliminar la p\u00e1gina de destino. Ahora admitimos compartir una p\u00e1gina si PAGE_SIZE no tiene el mismo tama\u00f1o de banda. Para respaldar esto, debe admitir el c\u00e1lculo del valor xor con diferentes compensaciones para cada r5dev. Se utiliza una matriz de desplazamiento para registrar esos desplazamientos. En el modo RMW, la p\u00e1gina de paridad se utiliza como p\u00e1gina de origen. Establece ASYNC_TX_XOR_DROP_DST antes de calcular el valor xor en ops_run_prexor5. Por lo tanto, es necesario agregar src_list y src_offs al mismo tiempo. Ahora s\u00f3lo necesita src_list. Entonces el valor xor que se calcula es incorrecto. Puede causar problemas de corrupci\u00f3n de datos. Puedo reproducir este problema al 100% en una m\u00e1quina POWER8. Los pasos son: mdadm -CR /dev/md0 -l5 -n3 /dev/sdb1 /dev/sdc1 /dev/sdd1 --size=3G mkfs.xfs /dev/md0 mount /dev/md0 /mnt/test mount: /mnt/test: la llamada al sistema mount(2) fall\u00f3: la estructura necesita limpieza."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47067.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47067",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.117",
"lastModified": "2024-02-29T23:15:08.117",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsoc/tegra: regulators: Fix locking up when voltage-spread is out of range\n\nFix voltage coupler lockup which happens when voltage-spread is out\nof range due to a bug in the code. The max-spread requirement shall be\naccounted when CPU regulator doesn't have consumers. This problem is\nobserved on Tegra30 Ouya game console once system-wide DVFS is enabled\nin a device-tree."
},
{
"lang": "es",
"value": "En el kernel de Linux, se resolvi\u00f3 la siguiente vulnerabilidad: soc/tegra: regulators: se corrigi\u00f3 el bloqueo cuando la dispersi\u00f3n de voltaje est\u00e1 fuera de rango. Se corrigi\u00f3 el bloqueo del acoplador de voltaje que ocurre cuando la dispersi\u00f3n de voltaje est\u00e1 fuera de rango debido a un error en el c\u00f3digo. . El requisito de dispersi\u00f3n m\u00e1xima se tendr\u00e1 en cuenta cuando el regulador de CPU no tenga consumidores. Este problema se observa en la consola de juegos Tegra30 Ouya una vez que se habilita DVFS en todo el sistema en un \u00e1rbol de dispositivos."
}
],
"metrics": {},

8
CVE-2021/CVE-2021-470xx/CVE-2021-47068.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2021-47068",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-29T23:15:08.170",
"lastModified": "2024-02-29T23:15:08.170",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/nfc: fix use-after-free llcp_sock_bind/connect\n\nCommits 8a4cd82d (\"nfc: fix refcount leak in llcp_sock_connect()\")\nand c33b1cc62 (\"nfc: fix refcount leak in llcp_sock_bind()\")\nfixed a refcount leak bug in bind/connect but introduced a\nuse-after-free if the same local is assigned to 2 different sockets.\n\nThis can be triggered by the following simple program:\n int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );\n int sock2 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP );\n memset( &addr, 0, sizeof(struct sockaddr_nfc_llcp) );\n addr.sa_family = AF_NFC;\n addr.nfc_protocol = NFC_PROTO_NFC_DEP;\n bind( sock1, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )\n bind( sock2, (struct sockaddr*) &addr, sizeof(struct sockaddr_nfc_llcp) )\n close(sock1);\n close(sock2);\n\nFix this by assigning NULL to llcp_sock->local after calling\nnfc_llcp_local_put.\n\nThis addresses CVE-2021-23134."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net/nfc: corrige use-after-free llcp_sock_bind/connect Commits 8a4cd82d (\"nfc: corrige la fuga de refcount en llcp_sock_connect()\") y c33b1cc62 (\"nfc: corrige la fuga de refcount en llcp_sock_bind()\") corrigi\u00f3 un error de fuga de recuento en bind/connect pero introdujo un Use-After-Free si el mismo local est\u00e1 asignado a 2 sockets diferentes. Esto puede activarse mediante el siguiente programa simple: int sock1 = socket( AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP ); int sock2 = conector (AF_NFC, SOCK_STREAM, NFC_SOCKPROTO_LLCP); memset( &amp;addr, 0, sizeof(struct sockaddr_nfc_llcp) ); addr.sa_family = AF_NFC; addr.nfc_protocol = NFC_PROTO_NFC_DEP; bind( sock1, (struct sockaddr*) &amp; addr, sizeof(struct sockaddr_nfc_llcp) ) bind( sock2, (struct sockaddr*) &amp; addr, sizeof(struct sockaddr_nfc_llcp) ) close(sock1); cerrar(calcet\u00edn2); Solucione este problema asignando NULL a llcp_sock-&gt;local despu\u00e9s de llamar a nfc_llcp_local_put. Esto aborda CVE-2021-23134."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-285xx/CVE-2023-28525.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28525",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-01T02:15:06.860",
"lastModified": "2024-03-01T02:15:06.860",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 251052."
},
{
"lang": "es",
"value": "IBM Engineering Requisitos Management 9.7.2.7 es vulnerable a cross-site scripting. Esta vulnerabilidad permite a los usuarios incrustar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista, lo que podr\u00eda conducir a la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n confiable. ID de IBM X-Force: 251052."
}
],
"metrics": {

8
CVE-2023/CVE-2023-289xx/CVE-2023-28949.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-28949",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-01T02:15:07.063",
"lastModified": "2024-03-01T02:15:07.063",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 251216."
},
{
"lang": "es",
"value": "IBM Engineering Requisitos Management DOORS 9.7.2.7 es vulnerable a la Cross-Site Request Forgery, lo que podr\u00eda permitir a un atacante ejecutar acciones maliciosas y no autorizadas transmitidas por un usuario en el que conf\u00eda el sitio web. ID de IBM X-Force: 251216."
}
],
"metrics": {

8
CVE-2023/CVE-2023-383xx/CVE-2023-38366.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-38366",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-01T03:15:06.077",
"lastModified": "2024-03-01T03:15:06.077",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 261115."
},
{
"lang": "es",
"value": "IBM Filenet Content Manager Component 5.5.8.0, 5.5.10.0 y 5.5.11.0 podr\u00eda permitir que un atacante remoto atraviese directorios en el sistema. Un atacante podr\u00eda enviar una solicitud URL especialmente manipulada que contenga secuencias de \"puntos\" (/../) para ver archivos arbitrarios en el sistema. ID de IBM X-Force: 261115."
}
],
"metrics": {

55
CVE-2023/CVE-2023-392xx/CVE-2023-39254.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-39254",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T13:15:07.673",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dell Update Package (DUP), Versions prior to 4.9.10 contain an Uncontrolled Search Path vulnerability. A malicious user with local access to the system could potentially exploit this vulnerability to run arbitrary code as admin."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"attackVector": "LOCAL",
"attackComplexity": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-427"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000217701/dsa-2023-338-security-update-for-a-dell-update-package-dup-framework-vulnerability",
"source": "security_alert@emc.com"
}
]
}

28
CVE-2023/CVE-2023-469xx/CVE-2023-46950.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-46950",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:53.030",
"lastModified": "2024-03-01T14:15:53.030",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted URL to the filter functions."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38",
"source": "cve@mitre.org"
},
{
"url": "https://link.org",
"source": "cve@mitre.org"
},
{
"url": "https://www.link.com",
"source": "cve@mitre.org"
}
]
}

28
CVE-2023/CVE-2023-469xx/CVE-2023-46951.json Normal file
View File

@ -0,0 +1,28 @@
{
"id": "CVE-2023-46951",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:53.087",
"lastModified": "2024-03-01T14:15:53.087",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting vulnerability in Contribsys Sidekiq v.6.5.8 allows a remote attacker to obtain sensitive information via a crafted payload to the uniquejobs function."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38",
"source": "cve@mitre.org"
},
{
"url": "https://link.org",
"source": "cve@mitre.org"
},
{
"url": "https://www.link.com",
"source": "cve@mitre.org"
}
]
}

8
CVE-2023/CVE-2023-477xx/CVE-2023-47716.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-47716",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-01T03:15:06.280",
"lastModified": "2024-03-01T03:15:06.280",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656."
},
{
"lang": "es",
"value": "BM CP4BA - Filenet Content Manager Component5.5.8.0, 5.5.10.0 y 5.5.11.0 podr\u00eda permitir a un usuario obtener los privilegios de otro usuario en circunstancias inusuales. ID de IBM X-Force: 271656."
}
],
"metrics": {

55
CVE-2023/CVE-2023-486xx/CVE-2023-48674.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-48674",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T13:15:07.877",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dell Platform BIOS contains an Improper Null Termination vulnerability. A high privilege user with network access to the system could potentially send malicious data to the device in order to cause some services to cease to function."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "CHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.3,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-170"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000220410/dsa-2023-467",
"source": "security_alert@emc.com"
}
]
}

8
CVE-2023/CVE-2023-503xx/CVE-2023-50305.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50305",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-01T02:15:07.590",
"lastModified": "2024-03-01T02:15:07.590",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Engineering Requirements Management DOORS 9.7.2.7 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 273336."
},
{
"lang": "es",
"value": "IBM Engineering Requisitos Management DOORS 9.7.2.7 no requiere que los usuarios tengan contrase\u00f1as seguras de forma predeterminada, lo que facilita que los atacantes comprometan las cuentas de los usuarios. ID de IBM X-Force: 273336."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50312.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50312",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-01T03:15:06.620",
"lastModified": "2024-03-01T03:15:06.620",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than expected security for outbound TLS connections caused by a failure to honor user configuration. IBM X-Force ID: 274711."
},
{
"lang": "es",
"value": "IBM WebSphere Application Server Liberty 17.0.0.3 a 24.0.0.2 podr\u00eda proporcionar una seguridad m\u00e1s d\u00e9bil de lo esperado para las conexiones TLS salientes causadas por una falla al respetar la configuraci\u00f3n del usuario. ID de IBM X-Force: 274711."
}
],
"metrics": {

8
CVE-2023/CVE-2023-503xx/CVE-2023-50324.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-50324",
"sourceIdentifier": "psirt@us.ibm.com",
"published": "2024-03-01T02:15:07.823",
"lastModified": "2024-03-01T02:15:07.823",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "IBM Cognos Command Center 10.2.4.1 and 10.2.5 exposes details the X-AspNet-Version Response Header that could allow an attacker to obtain information of the application environment to conduct further attacks. IBM X-Force ID: 275038."
},
{
"lang": "es",
"value": "IBM Cognos Command Center 10.2.4.1 y 10.2.5 expone detalles del encabezado de respuesta X-AspNet-Version que podr\u00eda permitir a un atacante obtener informaci\u00f3n del entorno de la aplicaci\u00f3n para realizar m\u00e1s ataques. ID de IBM X-Force: 275038."
}
],
"metrics": {

10
CVE-2023/CVE-2023-524xx/CVE-2023-52434.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-52434",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-20T18:15:50.790",
"lastModified": "2024-02-23T09:15:22.130",
"lastModified": "2024-03-01T14:15:53.143",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -16,6 +16,10 @@
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/13fb0fc4917621f3dfa285a27eaf7151d770b5e5",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/17a0f64cc02d4972e21c733d9f21d1c512963afa",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
@ -24,6 +28,10 @@
"url": "https://git.kernel.org/stable/c/1ae3c59355dc9882e09c020afe8ffbd895ad0f29",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/890bc4fac3c0973a49cac35f634579bebba7fe48",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/af1689a9b7701d9907dfc84d2a4b57c4bc907144",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

40
CVE-2023/CVE-2023-524xx/CVE-2023-52497.json Normal file
View File

@ -0,0 +1,40 @@
{
"id": "CVE-2023-52497",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-03-01T14:15:53.273",
"lastModified": "2024-03-01T14:15:53.273",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix lz4 inplace decompression\n\nCurrently EROFS can map another compressed buffer for inplace\ndecompression, that was used to handle the cases that some pages of\ncompressed data are actually not in-place I/O.\n\nHowever, like most simple LZ77 algorithms, LZ4 expects the compressed\ndata is arranged at the end of the decompressed buffer and it\nexplicitly uses memmove() to handle overlapping:\n __________________________________________________________\n |_ direction of decompression --> ____ |_ compressed data _|\n\nAlthough EROFS arranges compressed data like this, it typically maps two\nindividual virtual buffers so the relative order is uncertain.\nPreviously, it was hardly observed since LZ4 only uses memmove() for\nshort overlapped literals and x86/arm64 memmove implementations seem to\ncompletely cover it up and they don't have this issue. Juhyung reported\nthat EROFS data corruption can be found on a new Intel x86 processor.\nAfter some analysis, it seems that recent x86 processors with the new\nFSRM feature expose this issue with \"rep movsb\".\n\nLet's strictly use the decompressed buffer for lz4 inplace\ndecompression for now. Later, as an useful improvement, we could try\nto tie up these two buffers together in the correct order."
}
],
"metrics": {},
"references": [
{
"url": "https://git.kernel.org/stable/c/33bf23c9940dbd3a22aad7f0cda4c84ed5701847",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/3c12466b6b7bf1e56f9b32c366a3d83d87afb4de",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/77cbc04a1a8610e303a0e0d74f2676667876a184",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/a0180e940cf1aefa7d516e20b259ad34f7a8b379",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/bffc4cc334c5bb31ded54bc3cfd651735a3cb79e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/f36d200a80a3ca025532ed60dd1ac21b620e14ae",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2023/CVE-2023-525xx/CVE-2023-52555.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-52555",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T08:15:37.290",
"lastModified": "2024-03-01T08:15:37.290",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection."
},
{
"lang": "es",
"value": "En mongo-express 1.0.2, /admin permite CSRF, como lo demuestra la eliminaci\u00f3n de una colecci\u00f3n."
}
],
"metrics": {},

8
CVE-2023/CVE-2023-61xx/CVE-2023-6132.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2023-6132",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-29T18:15:16.283",
"lastModified": "2024-02-29T18:15:16.283",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nThe vulnerability, if exploited, could allow a malicious entity with access to the file system to achieve arbitrary code execution and privilege escalation by tricking AVEVA Edge to load an unsafe DLL.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad, si se explota, podr\u00eda permitir que una entidad maliciosa con acceso al sistema de archivos logre la ejecuci\u00f3n de c\u00f3digo arbitrario y una escalada de privilegios enga\u00f1ando a AVEVA Edge para que cargue una DLL insegura."
}
],
"metrics": {

8
CVE-2024/CVE-2024-00xx/CVE-2024-0068.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0068",
"sourceIdentifier": "security@hypr.com",
"published": "2024-02-29T20:15:41.023",
"lastModified": "2024-02-29T20:15:41.023",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1.\n\n"
},
{
"lang": "es",
"value": "La vulnerabilidad de resoluci\u00f3n de enlace incorrecta antes del acceso a archivos (\"siguiente enlace\") en HYPR Workforce Access en MacOS permite la manipulaci\u00f3n de archivos. Este problema afecta a Workforce Access: versiones anteriores a 8.7.1."
}
],
"metrics": {

8
CVE-2024/CVE-2024-04xx/CVE-2024-0403.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0403",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-03-01T00:15:51.850",
"lastModified": "2024-03-01T00:15:51.850",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Recipes version 1.5.10 allows arbitrary HTTP requests to be made\n\nthrough the server. This is possible because the application is\n\nvulnerable to SSRF.\n\n\n\n\n"
},
{
"lang": "es",
"value": "La versi\u00f3n 1.5.10 de Recipes permite realizar solicitudes HTTP arbitrarias a trav\u00e9s del servidor. Esto es posible porque la aplicaci\u00f3n es vulnerable a SSRF."
}
],
"metrics": {

8
CVE-2024/CVE-2024-06xx/CVE-2024-0692.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-0692",
"sourceIdentifier": "psirt@solarwinds.com",
"published": "2024-03-01T09:15:09.600",
"lastModified": "2024-03-01T09:15:09.600",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds\u2019 service, resulting in remote code execution."
},
{
"lang": "es",
"value": "SolarWinds Security Event Manager era susceptible a una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad permite que un usuario no autenticado abuse del servicio de SolarWinds, lo que resulta en la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-11xx/CVE-2024-1120.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1120",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-01T10:15:07.173",
"lastModified": "2024-03-01T10:15:07.173",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The NextMove Lite \u2013 Thank You Page for WooCommerce and Finale Lite \u2013 Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack."
},
{
"lang": "es",
"value": "Los complementos The NextMove Lite \u2013 Thank You Page for WooCommerce and Finale Lite \u2013 Sales Countdown Timer &amp; Discount for WooCommerce para WordPress son vulnerables al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n download_tools_settings() en todas las versiones hasta e incluyendo , 2.17.0. Esto hace posible que atacantes no autenticados exporten informaci\u00f3n del sistema que puede ayudar a los atacantes en un ataque."
}
],
"metrics": {

8
CVE-2024/CVE-2024-15xx/CVE-2024-1595.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1595",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-02-29T20:15:41.227",
"lastModified": "2024-02-29T20:15:41.227",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82\n\n insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed.\n\n"
},
{
"lang": "es",
"value": "Delta Electronics CNCSoft-B DOPSoft anterior a v4.0.0.82 carga librer\u00edas de forma insegura, lo que puede permitir a un atacante utilizar el secuestro de DLL y apoderarse del sistema donde est\u00e1 instalado el software."
}
],
"metrics": {

8
CVE-2024/CVE-2024-18xx/CVE-2024-1859.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1859",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-03-01T07:15:06.133",
"lastModified": "2024-03-01T07:15:06.133",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "The Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code."
},
{
"lang": "es",
"value": "El complemento Slider Responsive Slideshow \u2013 Image slider, Gallery slideshow para WordPress es vulnerable a la inyecci\u00f3n de objetos PHP en todas las versiones hasta la 1.3.8 incluida, a trav\u00e9s de la deserializaci\u00f3n de entradas que no son de confianza a la funci\u00f3n awl_slider_responsive_shortcode. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten un objeto PHP. No hay ninguna cadena POP conocida presente en el complemento vulnerable. Si hay una cadena POP presente a trav\u00e9s de un complemento o tema adicional instalado en el sistema de destino, podr\u00eda permitir al atacante eliminar archivos arbitrarios, recuperar datos confidenciales o ejecutar c\u00f3digo."
}
],
"metrics": {

8
CVE-2024/CVE-2024-19xx/CVE-2024-1941.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-1941",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-03-01T01:15:07.110",
"lastModified": "2024-03-01T01:15:07.110",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\nDelta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code.\n\n"
},
{
"lang": "es",
"value": "Delta Electronics CNCSoft-B versiones 1.0.0.4 y anteriores son vulnerables a un desbordamiento de b\u00fafer en la regi\u00f3n stack de la memoria, lo que puede permitir a un atacante ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {

8
CVE-2024/CVE-2024-20xx/CVE-2024-2009.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2009",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-02-29T20:15:41.870",
"lastModified": "2024-02-29T20:15:41.870",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Nway Pro 9. Se ha calificado como problem\u00e1tica. La funci\u00f3n ajax_login_submit_form del archivo login\\index.php del componente Argument Handler es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento rsargs[] conduce a la exposici\u00f3n de informaci\u00f3n a trav\u00e9s de mensajes de error. El ataque puede lanzarse de forma remota. VDB-255266 es el identificador asignado a esta vulnerabilidad. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-20xx/CVE-2024-2021.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2021",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T00:15:52.070",
"lastModified": "2024-03-01T00:15:52.070",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Netentsec NS-ASG Application Security Gateway 6.3. Ha sido clasificada como cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/list_localuser.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento ResId conduce a la inyecci\u00f3n de SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. El identificador de esta vulnerabilidad es VDB-255300. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-20xx/CVE-2024-2022.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2022",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T00:15:52.290",
"lastModified": "2024-03-01T00:15:52.290",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Netentsec NS-ASG Application Security Gateway 6.3. Ha sido declarada cr\u00edtica. Una funci\u00f3n desconocida del archivo /admin/list_ipAddressPolicy.php es afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento GroupId conduce a la inyecci\u00f3n de SQL. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-255301. NOTA: Se contact\u00f3 primeramente con el proveedor sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera."
}
],
"metrics": {

8
CVE-2024/CVE-2024-20xx/CVE-2024-2045.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-2045",
"sourceIdentifier": "help@fluidattacks.com",
"published": "2024-03-01T00:15:52.493",
"lastModified": "2024-03-01T00:15:52.493",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Session version 1.17.5 allows obtaining internal application files and public\n\nfiles from the user's device without the user's consent. This is possible\n\nbecause the application is vulnerable to Local File Read via chat attachments.\n\n\n\n\n"
},
{
"lang": "es",
"value": "La versi\u00f3n de sesi\u00f3n 1.17.5 permite obtener archivos de aplicaciones internas y archivos p\u00fablicos del dispositivo del usuario sin el consentimiento del usuario. Esto es posible porque la aplicaci\u00f3n es vulnerable a la lectura de archivos locales a trav\u00e9s de archivos adjuntos del chat."
}
],
"metrics": {

4
CVE-2024/CVE-2024-20xx/CVE-2024-2057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2057",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T12:15:48.670",
"lastModified": "2024-03-01T12:15:48.670",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-20xx/CVE-2024-2058.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2058",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T11:15:08.237",
"lastModified": "2024-03-01T11:15:08.237",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-20xx/CVE-2024-2059.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2059",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T12:15:48.890",
"lastModified": "2024-03-01T12:15:48.890",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

88
CVE-2024/CVE-2024-20xx/CVE-2024-2060.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2060",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T13:15:08.460",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/app/login_crud.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255375."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/login_crud.php%20SQL%20Injection.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255375",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255375",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-20xx/CVE-2024-2061.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2061",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T13:15:08.670",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/edit_supplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255376."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_supplier.php%20SQL%20Injection.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255376",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255376",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-20xx/CVE-2024-2062.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2062",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T13:15:08.913",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. This issue affects some unknown processing of the file /admin/edit_categories.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255377 was assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "LOW",
"baseScore": 4.7,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 3.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 6.4,
"impactScore": 6.4,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-89"
}
]
}
],
"references": [
{
"url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_categories.php%20SQL%20Injection.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255377",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255377",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-20xx/CVE-2024-2063.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2063",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T13:15:09.130",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 2.4,
"baseSeverity": "LOW"
},
"exploitabilityScore": 0.9,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "MULTIPLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 3.3
},
"baseSeverity": "LOW",
"exploitabilityScore": 6.4,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/profile_crud.php%20Unauthenticated%20STORED%20XSS.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255378",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255378",
"source": "cna@vuldb.com"
}
]
}

88
CVE-2024/CVE-2024-20xx/CVE-2024-2064.json Normal file
View File

@ -0,0 +1,88 @@
{
"id": "CVE-2024-2064",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-03-01T14:15:54.350",
"lastModified": "2024-03-01T14:15:54.350",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"availabilityImpact": "NONE",
"baseScore": 4.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "cna@vuldb.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-74"
}
]
}
],
"references": [
{
"url": "https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.255379",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?id.255379",
"source": "cna@vuldb.com"
}
]
}

4
CVE-2024/CVE-2024-20xx/CVE-2024-2078.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-2078",
"sourceIdentifier": "cve-coordination@incibe.es",
"published": "2024-03-01T12:15:49.100",
"lastModified": "2024-03-01T12:15:49.100",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-221xx/CVE-2024-22100.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22100",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-03-01T01:15:07.330",
"lastModified": "2024-03-01T01:15:07.330",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\n\n\nMicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability.\n\n\n\n\n\n"
},
{
"lang": "es",
"value": "MicroDicom DICOM Viewer versiones 2023.3 (compilaci\u00f3n 9342) y anteriores se ven afectadas por una vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico, que podr\u00eda permitir a un atacante ejecutar c\u00f3digo arbitrario en instalaciones afectadas de DICOM Viewer. Un usuario debe abrir un archivo DCM malicioso para poder explotar la vulnerabilidad."
}
],
"metrics": {

4
CVE-2024/CVE-2024-224xx/CVE-2024-22457.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22457",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T11:15:07.127",
"lastModified": "2024-03-01T11:15:07.127",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

4
CVE-2024/CVE-2024-224xx/CVE-2024-22458.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-22458",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T11:15:07.910",
"lastModified": "2024-03-01T11:15:07.910",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-228xx/CVE-2024-22891.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-22891",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T06:15:48.280",
"lastModified": "2024-03-01T06:15:48.280",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que Nteract v.0.28.0 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del enlace Markdown."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-242xx/CVE-2024-24246.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-24246",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.407",
"lastModified": "2024-02-29T20:15:41.407",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h."
},
{
"lang": "es",
"value": "La vulnerabilidad de desbordamiento de b\u00fafer de almacenamiento din\u00e1mico en qpdf 11.9.0 permite a los atacantes bloquear la aplicaci\u00f3n a trav\u00e9s de la funci\u00f3n std::__shared_count() en /bits/shared_ptr_base.h."
}
],
"metrics": {},

55
CVE-2024/CVE-2024-249xx/CVE-2024-24900.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24900",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T13:15:08.090",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:L/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.5,
"impactScore": 4.2
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-285"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-249xx/CVE-2024-24903.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24903",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T14:15:53.320",
"lastModified": "2024-03-01T14:15:53.320",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.0,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.1,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-640"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-249xx/CVE-2024-24904.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24904",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T14:15:53.517",
"lastModified": "2024-03-01T14:15:53.517",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-249xx/CVE-2024-24905.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24905",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T14:15:53.683",
"lastModified": "2024-03-01T14:15:53.683",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-249xx/CVE-2024-24906.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24906",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T13:15:08.277",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

55
CVE-2024/CVE-2024-249xx/CVE-2024-24907.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-24907",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-03-01T14:15:53.843",
"lastModified": "2024-03-01T14:15:53.843",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N",
"attackVector": "ADJACENT_NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 1.2,
"impactScore": 5.8
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

8
CVE-2024/CVE-2024-250xx/CVE-2024-25091.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25091",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-01T09:15:09.820",
"lastModified": "2024-03-01T09:15:09.820",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment."
},
{
"lang": "es",
"value": "Existe un problema de falla del mecanismo de protecci\u00f3n en RevoWorks SCVX anterior a scvimage4.10.21_1013 (cuando se usa la funci\u00f3n 'VirusChecker' o 'ThreatChecker') y en RevoWorks Browser anterior a 2.2.95 (cuando se usa la funci\u00f3n 'VirusChecker' o 'ThreatChecker'). Si los datos que contienen malware se guardan en un formato de archivo espec\u00edfico (eml, dmg, vhd, iso, msi), es posible que el malware se saque del entorno aislado."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-251xx/CVE-2024-25180.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25180",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T18:15:16.520",
"lastModified": "2024-02-29T18:15:16.520",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'."
},
{
"lang": "es",
"value": "Un problema descubierto en pdfmake 0.2.9 permite a atacantes remotos ejecutar c\u00f3digo arbitrario mediante una solicitud POST manipulada en la ruta '/pdf'."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-252xx/CVE-2024-25293.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25293",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T06:15:48.347",
"lastModified": "2024-03-01T06:15:48.347",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que las versiones 3.0.4 y 3.1.0-beta de mjml-app contienen una ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del atributo href."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-253xx/CVE-2024-25386.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25386",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T06:15:48.390",
"lastModified": "2024-03-01T06:15:48.390",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal vulnerability in DICOM\u00ae Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file."
},
{
"lang": "es",
"value": "Vulnerabilidad de Directory Traversal en DICOM\u00ae Connectivity Framework de laurelbridge anterior a v.2.7.6b permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del archivo format_logfile.pl."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-255xx/CVE-2024-25552.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25552",
"sourceIdentifier": "info@cert.vde.com",
"published": "2024-03-01T08:15:37.660",
"lastModified": "2024-03-01T08:15:37.660",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product."
},
{
"lang": "es",
"value": "Un atacante local puede obtener privilegios administrativos insertando un archivo ejecutable en la ruta del producto afectado."
}
],
"metrics": {

8
CVE-2024/CVE-2024-255xx/CVE-2024-25578.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25578",
"sourceIdentifier": "ics-cert@hq.dhs.gov",
"published": "2024-03-01T01:15:07.550",
"lastModified": "2024-03-01T01:15:07.550",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "\n\n\nMicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application.\n\n\n\n"
},
{
"lang": "es",
"value": "MicroDicom DICOM Viewer versiones 2023.3 (compilaci\u00f3n 9342) y anteriores contienen una falta de validaci\u00f3n adecuada de los datos proporcionados por el usuario, lo que podr\u00eda provocar da\u00f1os en la memoria dentro de la aplicaci\u00f3n."
}
],
"metrics": {

8
CVE-2024/CVE-2024-259xx/CVE-2024-25972.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-25972",
"sourceIdentifier": "vultures@jpcert.or.jp",
"published": "2024-03-01T10:15:07.413",
"lastModified": "2024-03-01T10:15:07.413",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product."
},
{
"lang": "es",
"value": "La inicializaci\u00f3n de un recurso con una vulnerabilidad predeterminada insegura en OET-213H-BTS1 vendido en Jap\u00f3n por Atsumi Electric Co., Ltd. permite a un atacante no autenticado adyacente a la red configurar y controlar el producto afectado."
}
],
"metrics": {},

4
CVE-2024/CVE-2024-262xx/CVE-2024-26280.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-26280",
"sourceIdentifier": "security@apache.org",
"published": "2024-03-01T11:15:08.123",
"lastModified": "2024-03-01T11:15:08.123",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-265xx/CVE-2024-26548.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-26548",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.457",
"lastModified": "2024-02-29T20:15:41.457",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component."
},
{
"lang": "es",
"value": "Un problema en vivotek Network Camera v.FD8166A-VVTK-0204j permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s de un payload manipulado en el componente upload_file.cgi."
}
],
"metrics": {},

10
CVE-2024/CVE-2024-265xx/CVE-2024-26590.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-26590",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-22T17:15:09.103",
"lastModified": "2024-02-22T19:07:27.197",
"lastModified": "2024-03-01T14:15:54.007",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: fix inconsistent per-file compression format\n\nEROFS can select compression algorithms on a per-file basis, and each\nper-file compression algorithm needs to be marked in the on-disk\nsuperblock for initialization.\n\nHowever, syzkaller can generate inconsistent crafted images that use\nan unsupported algorithmtype for specific inodes, e.g. use MicroLZMA\nalgorithmtype even it's not set in `sbi->available_compr_algs`. This\ncan lead to an unexpected \"BUG: kernel NULL pointer dereference\" if\nthe corresponding decompressor isn't built-in.\n\nFix this by checking against `sbi->available_compr_algs` for each\nm_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset\nbitmap is now fixed together since it was harmless previously."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: erofs: corrige el formato de compresi\u00f3n por archivo inconsistente EROFS puede seleccionar algoritmos de compresi\u00f3n por archivo, y cada algoritmo de compresi\u00f3n por archivo debe marcarse en el superbloque del disco para la inicializaci\u00f3n. Sin embargo, syzkaller puede generar im\u00e1genes manipuladas inconsistentes que usan un tipo de algoritmo no compatible para inodos espec\u00edficos, por ejemplo, usa el tipo de algoritmo MicroLZMA incluso si no est\u00e1 configurado en `sbi-&gt;available_compr_algs`. Esto puede provocar un \"ERROR: desreferencia del puntero NULL del kernel\" inesperado si el descompresor correspondiente no est\u00e1 integrado. Solucione este problema comprobando con `sbi-&gt;available_compr_algs` para cada solicitud de m_algorithmformat. El mapa de bits preestablecido !erofs_sb_has_compr_cfgs incorrecto ahora se corrige porque antes era inofensivo."
}
],
"metrics": {},
@ -16,6 +20,10 @@
"url": "https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

14
CVE-2024/CVE-2024-266xx/CVE-2024-26601.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-26601",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:27:59.987",
"lastModified": "2024-02-26T16:32:25.577",
"lastModified": "2024-03-01T14:15:54.050",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\next4: regenerate buddy after block freeing failed if under fc replay\n\nThis mostly reverts commit 6bd97bf273bd (\"ext4: remove redundant\nmb_regenerate_buddy()\") and reintroduces mb_regenerate_buddy(). Based on\ncode in mb_free_blocks(), fast commit replay can end up marking as free\nblocks that are already marked as such. This causes corruption of the\nbuddy bitmap so we need to regenerate it in that case."
},
{
"lang": "es",
"value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ext4: regenerar amigo despu\u00e9s de que fall\u00f3 la liberaci\u00f3n del bloque si se encuentra en reproducci\u00f3n fc. Esto revierte principalmente el commit 6bd97bf273bd (\"ext4: eliminar mb_regenerate_buddy() redundante\") y reintroduce mb_regenerate_buddy(). Seg\u00fan el c\u00f3digo en mb_free_blocks(), la repetici\u00f3n de commit r\u00e1pido puede terminar marcando como bloques libres que ya est\u00e1n marcados como tales. Esto causa corrupci\u00f3n en el mapa de bits del amigo, por lo que debemos regenerarlo en ese caso."
}
],
"metrics": {},
@ -20,6 +24,14 @@
"url": "https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"

14
CVE-2024/CVE-2024-266xx/CVE-2024-26603.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2024-26603",
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"published": "2024-02-26T16:28:00.097",
"lastModified": "2024-02-28T03:15:08.647",
"lastModified": "2024-03-01T14:15:54.097",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
@ -24,6 +24,10 @@
"url": "https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
@ -31,14 +35,6 @@
{
"url": "https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
},
{
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OX4EWCYDZRTOEMC2C6OF7ZACAP23SUB5/",
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67"
}
]
}

8
CVE-2024/CVE-2024-272xx/CVE-2024-27294.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27294",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-02-29T23:15:08.250",
"lastModified": "2024-02-29T23:15:08.250",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files \u2014 including the compiler binary \u2014 with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group"
},
{
"lang": "es",
"value": "dp-golang es un m\u00f3dulo Puppet para instalaciones Go. Antes de 1.2.7, dp-golang pod\u00eda instalar archivos, incluido el binario del compilador, con la propiedad incorrecta cuando Puppet se ejecutaba como root y el paquete instalado era En macOS: vaya a la versi\u00f3n 1.4.3 a 1.21rc3, inclusive, go1.4 -bootstrap-20170518.tar.gz o go1.4-bootstrap-20170531.tar.gz. El usuario y el grupo especificados en el c\u00f3digo Puppet se ignoraron para los archivos dentro del archivo. La versi\u00f3n 1.2.7 de dp-puppet recrear\u00e1 las instalaciones si el propietario o grupo de cualquier archivo o directorio dentro de esa instalaci\u00f3n no coincide con el propietario o grupo solicitado."
}
],
"metrics": {

20
CVE-2024/CVE-2024-275xx/CVE-2024-27567.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27567",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:54.143",
"lastModified": "2024-03-01T14:15:54.143",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/config_vpn_pptp.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-275xx/CVE-2024-27568.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27568",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:54.180",
"lastModified": "2024-03-01T14:15:54.180",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/setupEC20Apn.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-275xx/CVE-2024-27569.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27569",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:54.213",
"lastModified": "2024-03-01T14:15:54.213",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-275xx/CVE-2024-27570.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27570",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:54.247",
"lastModified": "2024-03-01T14:15:54.247",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_conf_router.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-275xx/CVE-2024-27571.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27571",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:54.280",
"lastModified": "2024-03-01T14:15:54.280",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md",
"source": "cve@mitre.org"
}
]
}

20
CVE-2024/CVE-2024-275xx/CVE-2024-27572.json Normal file
View File

@ -0,0 +1,20 @@
{
"id": "CVE-2024-27572",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-03-01T14:15:54.313",
"lastModified": "2024-03-01T14:15:54.313",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md",
"source": "cve@mitre.org"
}
]
}

8
CVE-2024/CVE-2024-276xx/CVE-2024-27655.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27655",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.500",
"lastModified": "2024-02-29T20:15:41.500",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro SOAPACTION. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada y posiblemente la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27656.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27656",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.547",
"lastModified": "2024-02-29T20:15:41.547",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro Cookie. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada y posiblemente la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27657.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27657",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.597",
"lastModified": "2024-02-29T20:15:41.597",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda un desbordamiento del b\u00fafer a trav\u00e9s del par\u00e1metro User-Agent. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada y posiblemente la ejecuci\u00f3n remota de c\u00f3digo."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27658.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27658",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.640",
"lastModified": "2024-02-29T20:15:41.640",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda desreferencias de puntero nulo en sub_4484A8(). Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27659.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27659",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.687",
"lastModified": "2024-02-29T20:15:41.687",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda desreferencias de puntero nulo en sub_42AF30(). Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27660.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27660",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.730",
"lastModified": "2024-02-29T20:15:41.730",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda desreferencias de puntero nulo en sub_41C488(). Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27661.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27661",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.773",
"lastModified": "2024-02-29T20:15:41.773",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda desreferencias de puntero nulo en sub_4484A8(). Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-276xx/CVE-2024-27662.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27662",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-29T20:15:41.817",
"lastModified": "2024-02-29T20:15:41.817",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input."
},
{
"lang": "es",
"value": "Se descubri\u00f3 que D-Link DIR-823G A1V1.0.2B05 conten\u00eda desreferencias de puntero nulo en sub_4110f4(). Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) mediante una entrada manipulada."
}
],
"metrics": {},

8
CVE-2024/CVE-2024-279xx/CVE-2024-27949.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27949",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-01T08:15:38.153",
"lastModified": "2024-03-01T08:15:38.153",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:26.010",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Optimizer, Resizer and CDN \u2013 Sirv.This issue affects Image Optimizer, Resizer and CDN \u2013 Sirv: from n/a through 7.2.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de Server-Side Request Forgery (SSRF) en sirv.Com Image Optimizer, Resizer y CDN \u2013 Sirv. Este problema afecta a Image Optimizer, Resizer y CDN \u2013 Sirv: desde n/a hasta 7.2.0."
}
],
"metrics": {

8
CVE-2024/CVE-2024-279xx/CVE-2024-27950.json
View File

@ -2,12 +2,16 @@
"id": "CVE-2024-27950",
"sourceIdentifier": "audit@patchstack.com",
"published": "2024-03-01T08:15:38.437",
"lastModified": "2024-03-01T08:15:38.437",
"vulnStatus": "Received",
"lastModified": "2024-03-01T14:04:04.827",
"vulnStatus": "Awaiting Analysis",
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN \u2013 Sirv.This issue affects Image Optimizer, Resizer and CDN \u2013 Sirv: from n/a through 7.2.0.\n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de autorizaci\u00f3n faltante en sirv.Com Image Optimizer, Resizer y CDN \u2013 Sirv. Este problema afecta a Image Optimizer, Resizer y CDN \u2013 Sirv: desde n/a hasta 7.2.0."
}
],
"metrics": {

64
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-03-01T13:00:23.610492+00:00
2024-03-01T15:01:14.659475+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-03-01T12:15:49.100000+00:00
2024-03-01T14:15:54.350000+00:00
```
### Last Data Feed Release
@ -29,26 +29,66 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
240189
240211
```
### CVEs added in the last Commit
Recently added CVEs: `7`
Recently added CVEs: `22`
* [CVE-2024-22457](CVE-2024/CVE-2024-224xx/CVE-2024-22457.json) (`2024-03-01T11:15:07.127`)
* [CVE-2024-22458](CVE-2024/CVE-2024-224xx/CVE-2024-22458.json) (`2024-03-01T11:15:07.910`)
* [CVE-2024-26280](CVE-2024/CVE-2024-262xx/CVE-2024-26280.json) (`2024-03-01T11:15:08.123`)
* [CVE-2024-2058](CVE-2024/CVE-2024-20xx/CVE-2024-2058.json) (`2024-03-01T11:15:08.237`)
* [CVE-2024-2057](CVE-2024/CVE-2024-20xx/CVE-2024-2057.json) (`2024-03-01T12:15:48.670`)
* [CVE-2024-2059](CVE-2024/CVE-2024-20xx/CVE-2024-2059.json) (`2024-03-01T12:15:48.890`)
* [CVE-2024-2078](CVE-2024/CVE-2024-20xx/CVE-2024-2078.json) (`2024-03-01T12:15:49.100`)
* [CVE-2023-39254](CVE-2023/CVE-2023-392xx/CVE-2023-39254.json) (`2024-03-01T13:15:07.673`)
* [CVE-2023-48674](CVE-2023/CVE-2023-486xx/CVE-2023-48674.json) (`2024-03-01T13:15:07.877`)
* [CVE-2023-46950](CVE-2023/CVE-2023-469xx/CVE-2023-46950.json) (`2024-03-01T14:15:53.030`)
* [CVE-2023-46951](CVE-2023/CVE-2023-469xx/CVE-2023-46951.json) (`2024-03-01T14:15:53.087`)
* [CVE-2023-52497](CVE-2023/CVE-2023-524xx/CVE-2023-52497.json) (`2024-03-01T14:15:53.273`)
* [CVE-2024-24900](CVE-2024/CVE-2024-249xx/CVE-2024-24900.json) (`2024-03-01T13:15:08.090`)
* [CVE-2024-24906](CVE-2024/CVE-2024-249xx/CVE-2024-24906.json) (`2024-03-01T13:15:08.277`)
* [CVE-2024-2060](CVE-2024/CVE-2024-20xx/CVE-2024-2060.json) (`2024-03-01T13:15:08.460`)
* [CVE-2024-2061](CVE-2024/CVE-2024-20xx/CVE-2024-2061.json) (`2024-03-01T13:15:08.670`)
* [CVE-2024-2062](CVE-2024/CVE-2024-20xx/CVE-2024-2062.json) (`2024-03-01T13:15:08.913`)
* [CVE-2024-2063](CVE-2024/CVE-2024-20xx/CVE-2024-2063.json) (`2024-03-01T13:15:09.130`)
* [CVE-2024-24903](CVE-2024/CVE-2024-249xx/CVE-2024-24903.json) (`2024-03-01T14:15:53.320`)
* [CVE-2024-24904](CVE-2024/CVE-2024-249xx/CVE-2024-24904.json) (`2024-03-01T14:15:53.517`)
* [CVE-2024-24905](CVE-2024/CVE-2024-249xx/CVE-2024-24905.json) (`2024-03-01T14:15:53.683`)
* [CVE-2024-24907](CVE-2024/CVE-2024-249xx/CVE-2024-24907.json) (`2024-03-01T14:15:53.843`)
* [CVE-2024-27567](CVE-2024/CVE-2024-275xx/CVE-2024-27567.json) (`2024-03-01T14:15:54.143`)
* [CVE-2024-27568](CVE-2024/CVE-2024-275xx/CVE-2024-27568.json) (`2024-03-01T14:15:54.180`)
* [CVE-2024-27569](CVE-2024/CVE-2024-275xx/CVE-2024-27569.json) (`2024-03-01T14:15:54.213`)
* [CVE-2024-27570](CVE-2024/CVE-2024-275xx/CVE-2024-27570.json) (`2024-03-01T14:15:54.247`)
* [CVE-2024-27571](CVE-2024/CVE-2024-275xx/CVE-2024-27571.json) (`2024-03-01T14:15:54.280`)
* [CVE-2024-27572](CVE-2024/CVE-2024-275xx/CVE-2024-27572.json) (`2024-03-01T14:15:54.313`)
* [CVE-2024-2064](CVE-2024/CVE-2024-20xx/CVE-2024-2064.json) (`2024-03-01T14:15:54.350`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `71`
* [CVE-2024-27656](CVE-2024/CVE-2024-276xx/CVE-2024-27656.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-27657](CVE-2024/CVE-2024-276xx/CVE-2024-27657.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-27658](CVE-2024/CVE-2024-276xx/CVE-2024-27658.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-27659](CVE-2024/CVE-2024-276xx/CVE-2024-27659.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-27660](CVE-2024/CVE-2024-276xx/CVE-2024-27660.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-27661](CVE-2024/CVE-2024-276xx/CVE-2024-27661.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-27662](CVE-2024/CVE-2024-276xx/CVE-2024-27662.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-2009](CVE-2024/CVE-2024-20xx/CVE-2024-2009.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-27294](CVE-2024/CVE-2024-272xx/CVE-2024-27294.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-0403](CVE-2024/CVE-2024-04xx/CVE-2024-0403.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-2021](CVE-2024/CVE-2024-20xx/CVE-2024-2021.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-2022](CVE-2024/CVE-2024-20xx/CVE-2024-2022.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-2045](CVE-2024/CVE-2024-20xx/CVE-2024-2045.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-1941](CVE-2024/CVE-2024-19xx/CVE-2024-1941.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-22100](CVE-2024/CVE-2024-221xx/CVE-2024-22100.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-25578](CVE-2024/CVE-2024-255xx/CVE-2024-25578.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-22891](CVE-2024/CVE-2024-228xx/CVE-2024-22891.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-25293](CVE-2024/CVE-2024-252xx/CVE-2024-25293.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-25386](CVE-2024/CVE-2024-253xx/CVE-2024-25386.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-1859](CVE-2024/CVE-2024-18xx/CVE-2024-1859.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-25552](CVE-2024/CVE-2024-255xx/CVE-2024-25552.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-27949](CVE-2024/CVE-2024-279xx/CVE-2024-27949.json) (`2024-03-01T14:04:26.010`)
* [CVE-2024-26590](CVE-2024/CVE-2024-265xx/CVE-2024-26590.json) (`2024-03-01T14:15:54.007`)
* [CVE-2024-26601](CVE-2024/CVE-2024-266xx/CVE-2024-26601.json) (`2024-03-01T14:15:54.050`)
* [CVE-2024-26603](CVE-2024/CVE-2024-266xx/CVE-2024-26603.json) (`2024-03-01T14:15:54.097`)
## Download and Usage