From bb009e8cf78bb4ca0b7243c892c417b7b965546b Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Mon, 18 Nov 2024 17:03:23 +0000 Subject: [PATCH] Auto-Update: 2024-11-18T17:00:19.742228+00:00 --- CVE-2020/CVE-2020-260xx/CVE-2020-26062.json | 72 ++++++ CVE-2020/CVE-2020-260xx/CVE-2020-26063.json | 68 ++++++ CVE-2020/CVE-2020-260xx/CVE-2020-26071.json | 56 +++++ CVE-2020/CVE-2020-260xx/CVE-2020-26073.json | 64 ++++++ CVE-2020/CVE-2020-260xx/CVE-2020-26074.json | 60 +++++ CVE-2020/CVE-2020-271xx/CVE-2020-27124.json | 64 ++++++ CVE-2020/CVE-2020-34xx/CVE-2020-3420.json | 60 +++++ CVE-2020/CVE-2020-34xx/CVE-2020-3431.json | 56 +++++ CVE-2020/CVE-2020-35xx/CVE-2020-3525.json | 72 ++++++ CVE-2020/CVE-2020-35xx/CVE-2020-3532.json | 68 ++++++ CVE-2020/CVE-2020-35xx/CVE-2020-3538.json | 64 ++++++ CVE-2020/CVE-2020-35xx/CVE-2020-3539.json | 60 +++++ CVE-2020/CVE-2020-35xx/CVE-2020-3548.json | 56 +++++ CVE-2021/CVE-2021-11xx/CVE-2021-1132.json | 76 ++++++ CVE-2021/CVE-2021-12xx/CVE-2021-1232.json | 68 ++++++ CVE-2021/CVE-2021-12xx/CVE-2021-1234.json | 56 +++++ CVE-2021/CVE-2021-12xx/CVE-2021-1285.json | 56 +++++ CVE-2021/CVE-2021-13xx/CVE-2021-1379.json | 60 +++++ CVE-2021/CVE-2021-14xx/CVE-2021-1410.json | 56 +++++ CVE-2021/CVE-2021-14xx/CVE-2021-1424.json | 51 ++++ CVE-2021/CVE-2021-14xx/CVE-2021-1425.json | 56 +++++ CVE-2021/CVE-2021-14xx/CVE-2021-1440.json | 51 ++++ CVE-2021/CVE-2021-14xx/CVE-2021-1444.json | 56 +++++ CVE-2021/CVE-2021-14xx/CVE-2021-1461.json | 51 ++++ CVE-2021/CVE-2021-14xx/CVE-2021-1462.json | 56 +++++ CVE-2021/CVE-2021-14xx/CVE-2021-1465.json | 56 +++++ CVE-2021/CVE-2021-37xx/CVE-2021-3742.json | 26 ++- CVE-2021/CVE-2021-38xx/CVE-2021-3838.json | 26 ++- CVE-2021/CVE-2021-39xx/CVE-2021-3902.json | 26 ++- CVE-2023/CVE-2023-391xx/CVE-2023-39180.json | 16 +- CVE-2024/CVE-2024-00xx/CVE-2024-0012.json | 78 +++++++ CVE-2024/CVE-2024-105xx/CVE-2024-10531.json | 59 ++++- CVE-2024/CVE-2024-106xx/CVE-2024-10684.json | 32 ++- CVE-2024/CVE-2024-110xx/CVE-2024-11007.json | 123 +++++++++- CVE-2024/CVE-2024-110xx/CVE-2024-11023.json | 26 ++- CVE-2024/CVE-2024-111xx/CVE-2024-11143.json | 32 ++- CVE-2024/CVE-2024-111xx/CVE-2024-11182.json | 24 +- CVE-2024/CVE-2024-113xx/CVE-2024-11304.json | 78 +++++++ CVE-2024/CVE-2024-113xx/CVE-2024-11319.json | 24 +- CVE-2024/CVE-2024-275xx/CVE-2024-27528.json | 39 +++- CVE-2024/CVE-2024-275xx/CVE-2024-27529.json | 39 +++- CVE-2024/CVE-2024-275xx/CVE-2024-27530.json | 14 +- CVE-2024/CVE-2024-280xx/CVE-2024-28058.json | 25 ++ CVE-2024/CVE-2024-33xx/CVE-2024-3370.json | 24 +- CVE-2024/CVE-2024-33xx/CVE-2024-3379.json | 24 +- CVE-2024/CVE-2024-354xx/CVE-2024-35410.json | 39 +++- CVE-2024/CVE-2024-354xx/CVE-2024-35418.json | 39 +++- CVE-2024/CVE-2024-354xx/CVE-2024-35420.json | 39 +++- CVE-2024/CVE-2024-35xx/CVE-2024-3501.json | 24 +- CVE-2024/CVE-2024-35xx/CVE-2024-3502.json | 24 +- CVE-2024/CVE-2024-371xx/CVE-2024-37155.json | 64 ++++++ CVE-2024/CVE-2024-373xx/CVE-2024-37398.json | 81 ++++++- CVE-2024/CVE-2024-411xx/CVE-2024-41151.json | 27 ++- CVE-2024/CVE-2024-424xx/CVE-2024-42499.json | 24 +- CVE-2024/CVE-2024-43xx/CVE-2024-4311.json | 24 +- CVE-2024/CVE-2024-450xx/CVE-2024-45087.json | 41 +++- CVE-2024/CVE-2024-450xx/CVE-2024-45088.json | 48 +++- CVE-2024/CVE-2024-455xx/CVE-2024-45505.json | 27 ++- CVE-2024/CVE-2024-457xx/CVE-2024-45791.json | 27 ++- CVE-2024/CVE-2024-479xx/CVE-2024-47905.json | 138 ++++++++++- CVE-2024/CVE-2024-479xx/CVE-2024-47907.json | 107 ++++++++- CVE-2024/CVE-2024-479xx/CVE-2024-47909.json | 138 ++++++++++- CVE-2024/CVE-2024-480xx/CVE-2024-48073.json | 39 +++- CVE-2024/CVE-2024-488xx/CVE-2024-48896.json | 27 ++- CVE-2024/CVE-2024-488xx/CVE-2024-48898.json | 27 ++- CVE-2024/CVE-2024-489xx/CVE-2024-48901.json | 27 ++- CVE-2024/CVE-2024-495xx/CVE-2024-49592.json | 17 +- CVE-2024/CVE-2024-503xx/CVE-2024-50317.json | 57 ++++- CVE-2024/CVE-2024-503xx/CVE-2024-50318.json | 57 ++++- CVE-2024/CVE-2024-503xx/CVE-2024-50319.json | 57 ++++- CVE-2024/CVE-2024-503xx/CVE-2024-50320.json | 57 ++++- CVE-2024/CVE-2024-503xx/CVE-2024-50321.json | 57 ++++- CVE-2024/CVE-2024-503xx/CVE-2024-50322.json | 92 +++++++- CVE-2024/CVE-2024-503xx/CVE-2024-50323.json | 92 +++++++- CVE-2024/CVE-2024-508xx/CVE-2024-50823.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50824.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50825.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50826.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50827.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50828.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50829.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50830.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50831.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50832.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50833.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50834.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50835.json | 57 ++++- CVE-2024/CVE-2024-508xx/CVE-2024-50836.json | 64 +++++- CVE-2024/CVE-2024-511xx/CVE-2024-51157.json | 39 +++- CVE-2024/CVE-2024-515xx/CVE-2024-51586.json | 47 +++- CVE-2024/CVE-2024-515xx/CVE-2024-51590.json | 57 ++++- CVE-2024/CVE-2024-515xx/CVE-2024-51593.json | 47 +++- CVE-2024/CVE-2024-515xx/CVE-2024-51598.json | 47 +++- CVE-2024/CVE-2024-516xx/CVE-2024-51663.json | 47 +++- CVE-2024/CVE-2024-516xx/CVE-2024-51664.json | 57 ++++- CVE-2024/CVE-2024-516xx/CVE-2024-51668.json | 47 +++- CVE-2024/CVE-2024-523xx/CVE-2024-52316.json | 27 ++- CVE-2024/CVE-2024-523xx/CVE-2024-52317.json | 39 +++- CVE-2024/CVE-2024-523xx/CVE-2024-52318.json | 39 +++- CVE-2024/CVE-2024-524xx/CVE-2024-52419.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52422.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52423.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52424.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52425.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52426.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52427.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52428.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52429.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52430.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52431.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52432.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52433.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52434.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52435.json | 56 +++++ CVE-2024/CVE-2024-524xx/CVE-2024-52436.json | 56 +++++ CVE-2024/CVE-2024-525xx/CVE-2024-52565.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52566.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52567.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52568.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52569.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52570.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52571.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52572.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52573.json | 100 ++++++++ CVE-2024/CVE-2024-525xx/CVE-2024-52574.json | 100 ++++++++ CVE-2024/CVE-2024-529xx/CVE-2024-52912.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52913.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52914.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52915.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52916.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52917.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52918.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52919.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52920.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52921.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52940.json | 43 +++- CVE-2024/CVE-2024-529xx/CVE-2024-52941.json | 14 +- CVE-2024/CVE-2024-529xx/CVE-2024-52942.json | 14 +- CVE-2024/CVE-2024-529xx/CVE-2024-52943.json | 22 +- CVE-2024/CVE-2024-94xx/CVE-2024-9474.json | 78 +++++++ README.md | 72 ++++-- _state.csv | 243 ++++++++++++-------- 142 files changed, 7622 insertions(+), 309 deletions(-) create mode 100644 CVE-2020/CVE-2020-260xx/CVE-2020-26062.json create mode 100644 CVE-2020/CVE-2020-260xx/CVE-2020-26063.json create mode 100644 CVE-2020/CVE-2020-260xx/CVE-2020-26071.json create mode 100644 CVE-2020/CVE-2020-260xx/CVE-2020-26073.json create mode 100644 CVE-2020/CVE-2020-260xx/CVE-2020-26074.json create mode 100644 CVE-2020/CVE-2020-271xx/CVE-2020-27124.json create mode 100644 CVE-2020/CVE-2020-34xx/CVE-2020-3420.json create mode 100644 CVE-2020/CVE-2020-34xx/CVE-2020-3431.json create mode 100644 CVE-2020/CVE-2020-35xx/CVE-2020-3525.json create mode 100644 CVE-2020/CVE-2020-35xx/CVE-2020-3532.json create mode 100644 CVE-2020/CVE-2020-35xx/CVE-2020-3538.json create mode 100644 CVE-2020/CVE-2020-35xx/CVE-2020-3539.json create mode 100644 CVE-2020/CVE-2020-35xx/CVE-2020-3548.json create mode 100644 CVE-2021/CVE-2021-11xx/CVE-2021-1132.json create mode 100644 CVE-2021/CVE-2021-12xx/CVE-2021-1232.json create mode 100644 CVE-2021/CVE-2021-12xx/CVE-2021-1234.json create mode 100644 CVE-2021/CVE-2021-12xx/CVE-2021-1285.json create mode 100644 CVE-2021/CVE-2021-13xx/CVE-2021-1379.json create mode 100644 CVE-2021/CVE-2021-14xx/CVE-2021-1410.json create mode 100644 CVE-2021/CVE-2021-14xx/CVE-2021-1424.json create mode 100644 CVE-2021/CVE-2021-14xx/CVE-2021-1425.json create mode 100644 CVE-2021/CVE-2021-14xx/CVE-2021-1440.json create mode 100644 CVE-2021/CVE-2021-14xx/CVE-2021-1444.json create mode 100644 CVE-2021/CVE-2021-14xx/CVE-2021-1461.json create mode 100644 CVE-2021/CVE-2021-14xx/CVE-2021-1462.json create mode 100644 CVE-2021/CVE-2021-14xx/CVE-2021-1465.json create mode 100644 CVE-2024/CVE-2024-00xx/CVE-2024-0012.json create mode 100644 CVE-2024/CVE-2024-113xx/CVE-2024-11304.json create mode 100644 CVE-2024/CVE-2024-280xx/CVE-2024-28058.json create mode 100644 CVE-2024/CVE-2024-371xx/CVE-2024-37155.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52419.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52422.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52423.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52424.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52425.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52426.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52427.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52428.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52429.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52430.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52431.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52432.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52433.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52434.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52435.json create mode 100644 CVE-2024/CVE-2024-524xx/CVE-2024-52436.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52565.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52566.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52567.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52568.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52569.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52570.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52571.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52572.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52573.json create mode 100644 CVE-2024/CVE-2024-525xx/CVE-2024-52574.json create mode 100644 CVE-2024/CVE-2024-94xx/CVE-2024-9474.json diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26062.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26062.json new file mode 100644 index 00000000000..15d78a92b0e --- /dev/null +++ b/CVE-2020/CVE-2020-260xx/CVE-2020-26062.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2020-26062", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:05.170", + "lastModified": "2024-11-18T16:15:05.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application.\r\nThe vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-203" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-enum-CyheP3B7", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26063.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26063.json new file mode 100644 index 00000000000..bbafce2b0e4 --- /dev/null +++ b/CVE-2020/CVE-2020-260xx/CVE-2020-26063.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2020-26063", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:05.460", + "lastModified": "2024-11-18T16:15:05.460", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization.\r\nThe vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-269" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cimc-auth-zWkppJxL", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanx3-vrZbOqqD", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-teams-xss-zLW9tD3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26071.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26071.json new file mode 100644 index 00000000000..7991ea8f467 --- /dev/null +++ b/CVE-2020/CVE-2020-260xx/CVE-2020-26071.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2020-26071", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:05.710", + "lastModified": "2024-11-18T16:15:05.710", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition.\r\nThe vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vsoln-arbfile-gtsEYxns", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26073.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26073.json new file mode 100644 index 00000000000..3844fea1f81 --- /dev/null +++ b/CVE-2020/CVE-2020-260xx/CVE-2020-26073.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2020-26073", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:05.947", + "lastModified": "2024-11-18T16:15:05.947", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information.\r\nThe vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-traversal-hQh24tmk", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-260xx/CVE-2020-26074.json b/CVE-2020/CVE-2020-260xx/CVE-2020-26074.json new file mode 100644 index 00000000000..7280719f141 --- /dev/null +++ b/CVE-2020/CVE-2020-260xx/CVE-2020-26074.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2020-26074", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:06.170", + "lastModified": "2024-11-18T16:15:06.170", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system.\r\nThe vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-250" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-escalation-Jhqs5Skf", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-271xx/CVE-2020-27124.json b/CVE-2020/CVE-2020-271xx/CVE-2020-27124.json new file mode 100644 index 00000000000..3fd5f25a2b2 --- /dev/null +++ b/CVE-2020/CVE-2020-271xx/CVE-2020-27124.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2020-27124", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:06.397", + "lastModified": "2024-11-18T16:15:06.397", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition.\r\nThe vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-457" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ssl-dos-7uZWwSEy", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-34xx/CVE-2020-3420.json b/CVE-2020/CVE-2020-34xx/CVE-2020-3420.json new file mode 100644 index 00000000000..b4730d4ce97 --- /dev/null +++ b/CVE-2020/CVE-2020-34xx/CVE-2020-3420.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2020-3420", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:06.630", + "lastModified": "2024-11-18T16:15:06.630", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-xss-bLZw4Ctq", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-34xx/CVE-2020-3431.json b/CVE-2020/CVE-2020-34xx/CVE-2020-3431.json new file mode 100644 index 00000000000..b3808354af8 --- /dev/null +++ b/CVE-2020/CVE-2020-34xx/CVE-2020-3431.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2020-3431", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:06.897", + "lastModified": "2024-11-18T16:15:06.897", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.\r\nThe vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sa-rv-routers-xss-K7Z5U6q3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-35xx/CVE-2020-3525.json b/CVE-2020/CVE-2020-35xx/CVE-2020-3525.json new file mode 100644 index 00000000000..f2d25210c00 --- /dev/null +++ b/CVE-2020/CVE-2020-35xx/CVE-2020-3525.json @@ -0,0 +1,72 @@ +{ + "id": "CVE-2020-3525", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:07.127", + "lastModified": "2024-11-18T16:15:07.127", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system.\r\nThe vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-XtpzfM5e", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-pass-disclosure-K8p2Nsgg", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-35xx/CVE-2020-3532.json b/CVE-2020/CVE-2020-35xx/CVE-2020-3532.json new file mode 100644 index 00000000000..cdb4926019c --- /dev/null +++ b/CVE-2020/CVE-2020-35xx/CVE-2020-3532.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2020-3532", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:07.367", + "lastModified": "2024-11-18T16:15:07.367", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface.\r\nThe vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-cuc-imp-xss-XtpzfM5e", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-35xx/CVE-2020-3538.json b/CVE-2020/CVE-2020-35xx/CVE-2020-3538.json new file mode 100644 index 00000000000..59686631379 --- /dev/null +++ b/CVE-2020/CVE-2020-35xx/CVE-2020-3538.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2020-3538", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:07.660", + "lastModified": "2024-11-18T16:15:07.660", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device.\r\nThe vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.1, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-pa-trav-bMdfSTTq", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-35xx/CVE-2020-3539.json b/CVE-2020/CVE-2020-35xx/CVE-2020-3539.json new file mode 100644 index 00000000000..d2394f3f6f1 --- /dev/null +++ b/CVE-2020/CVE-2020-35xx/CVE-2020-3539.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2020-3539", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:07.880", + "lastModified": "2024-11-18T16:15:07.880", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization.\r\nThe vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. An attacker could exploit this vulnerability by convincing a user to click a malicious URL. A successful exploit could allow a low-privileged attacker to list, view, create, edit, and delete templates in the same manner as a user with Administrator privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-285" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dcnm-authbypass-YVJzqgk2", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2020/CVE-2020-35xx/CVE-2020-3548.json b/CVE-2020/CVE-2020-35xx/CVE-2020-3548.json new file mode 100644 index 00000000000..a57e3b9aec4 --- /dev/null +++ b/CVE-2020/CVE-2020-35xx/CVE-2020-3548.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2020-3548", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:08.100", + "lastModified": "2024-11-18T16:15:08.100", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition.\r\nThe vulnerability is due to inefficient processing of incoming TLS traffic. An attacker could exploit this vulnerability by sending a series of crafted TLS packets to an affected device. A successful exploit could allow the attacker to trigger a prolonged state of high CPU utilization. The affected device would still be operative, but response time and overall performance may be degraded.There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-407" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-tls-dos-xW53TBhb", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-11xx/CVE-2021-1132.json b/CVE-2021/CVE-2021-11xx/CVE-2021-1132.json new file mode 100644 index 00000000000..99bb6b13a21 --- /dev/null +++ b/CVE-2021/CVE-2021-11xx/CVE-2021-1132.json @@ -0,0 +1,76 @@ +{ + "id": "CVE-2021-1132", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:08.343", + "lastModified": "2024-11-18T16:15:08.343", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data.\r\nThis vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-35" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nso-path-trvsl-dZRQE8Lc", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1232.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1232.json new file mode 100644 index 00000000000..e3f02b65841 --- /dev/null +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1232.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2021-1232", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:08.567", + "lastModified": "2024-11-18T16:15:08.567", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system.\r\nThis vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-522" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwanvman-infodis1-YuQScHB", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1234.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1234.json new file mode 100644 index 00000000000..c13a5c79481 --- /dev/null +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1234.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-1234", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:08.813", + "lastModified": "2024-11-18T16:15:08.813", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode.\r\nThis vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-497" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vmaninfdis3-OvdR6uu8", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-12xx/CVE-2021-1285.json b/CVE-2021/CVE-2021-12xx/CVE-2021-1285.json new file mode 100644 index 00000000000..33bdbf6b698 --- /dev/null +++ b/CVE-2021/CVE-2021-12xx/CVE-2021-1285.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-1285", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:09.087", + "lastModified": "2024-11-18T16:15:09.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition.\r\nThe vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-13xx/CVE-2021-1379.json b/CVE-2021/CVE-2021-13xx/CVE-2021-1379.json new file mode 100644 index 00000000000..b969ea8825c --- /dev/null +++ b/CVE-2021/CVE-2021-13xx/CVE-2021-1379.json @@ -0,0 +1,60 @@ +{ + "id": "CVE-2021-1379", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:09.310", + "lastModified": "2024-11-18T16:15:09.310", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone.\r\nThese vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipphone-rce-dos-U2PsSkz3", + "source": "ykramarz@cisco.com" + }, + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1410.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1410.json new file mode 100644 index 00000000000..b9d9777464e --- /dev/null +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1410.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-1410", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:09.553", + "lastModified": "2024-11-18T16:15:09.553", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization.\r\nThe vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attacker to modify a distribution list that belongs to a user other than themselves.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-distupd-N87eB6Z3", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1424.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1424.json new file mode 100644 index 00000000000..67a2f57fe20 --- /dev/null +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1424.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2021-1424", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:09.823", + "lastModified": "2024-11-18T16:15:09.823", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition.\r\nThis vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 (IKEv2) packets. An attacker could exploit this vulnerability by sending specifically malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause the ipsecmgr process to restart, which would disrupt ongoing IKE negotiations and result in a temporary DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-119" + } + ] + } + ], + "references": [] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1425.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1425.json new file mode 100644 index 00000000000..f3d7e34eca7 --- /dev/null +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1425.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-1425", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:10.180", + "lastModified": "2024-11-18T16:15:10.180", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device.\r\nThe vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-201" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-sma-info-disclo-VOu2GHbZ", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1440.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1440.json new file mode 100644 index 00000000000..113559ff5ee --- /dev/null +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1440.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2021-1440", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:10.400", + "lastModified": "2024-11-18T16:15:10.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition.\r\nThis vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a specifically crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2021 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.2, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-617" + } + ] + } + ], + "references": [] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1444.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1444.json new file mode 100644 index 00000000000..d38d96201fc --- /dev/null +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1444.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-1444", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:10.627", + "lastModified": "2024-11-18T16:15:10.627", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface.\r\nThis vulnerability is due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see ." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-xss-webui-gQLSFyPM", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1461.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1461.json new file mode 100644 index 00000000000..e12336d223c --- /dev/null +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1461.json @@ -0,0 +1,51 @@ +{ + "id": "CVE-2021-1461", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:10.850", + "lastModified": "2024-11-18T16:15:10.850", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device.\r\nThe vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-347" + } + ] + } + ], + "references": [] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1462.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1462.json new file mode 100644 index 00000000000..27cf13104c7 --- /dev/null +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1462.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-1462", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:11.087", + "lastModified": "2024-11-18T16:15:11.087", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system.\r\nThe vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to an affected system with an Administrator account and creating a malicious file, which the system would parse at a later time. A successful exploit could allow the attacker to obtain root privileges on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-vman-kth3c82B", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-14xx/CVE-2021-1465.json b/CVE-2021/CVE-2021-14xx/CVE-2021-1465.json new file mode 100644 index 00000000000..6c752f86bc7 --- /dev/null +++ b/CVE-2021/CVE-2021-14xx/CVE-2021-1465.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2021-1465", + "sourceIdentifier": "ykramarz@cisco.com", + "published": "2024-11-18T16:15:11.350", + "lastModified": "2024-11-18T16:15:11.350", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system.\r\n The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "ykramarz@cisco.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vman-dir-trav-Bpwc5gtm", + "source": "ykramarz@cisco.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2021/CVE-2021-37xx/CVE-2021-3742.json b/CVE-2021/CVE-2021-37xx/CVE-2021-3742.json index 0c67cbd3ef8..b8c645f5109 100644 --- a/CVE-2021/CVE-2021-37xx/CVE-2021-3742.json +++ b/CVE-2021/CVE-2021-37xx/CVE-2021-3742.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3742", "sourceIdentifier": "security@huntr.dev", "published": "2024-11-15T11:15:05.547", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-18T15:35:00.667", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.9, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 6.0 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", diff --git a/CVE-2021/CVE-2021-38xx/CVE-2021-3838.json b/CVE-2021/CVE-2021-38xx/CVE-2021-3838.json index faa2dda0c90..4e5943476d3 100644 --- a/CVE-2021/CVE-2021-38xx/CVE-2021-3838.json +++ b/CVE-2021/CVE-2021-38xx/CVE-2021-3838.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3838", "sourceIdentifier": "security@huntr.dev", "published": "2024-11-15T11:15:05.763", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-18T15:35:01.380", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", diff --git a/CVE-2021/CVE-2021-39xx/CVE-2021-3902.json b/CVE-2021/CVE-2021-39xx/CVE-2021-3902.json index 6d12a3443af..a8877912375 100644 --- a/CVE-2021/CVE-2021-39xx/CVE-2021-3902.json +++ b/CVE-2021/CVE-2021-39xx/CVE-2021-3902.json @@ -2,8 +2,8 @@ "id": "CVE-2021-3902", "sourceIdentifier": "security@huntr.dev", "published": "2024-11-15T11:15:06.190", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-18T15:35:01.797", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", diff --git a/CVE-2023/CVE-2023-391xx/CVE-2023-39180.json b/CVE-2023/CVE-2023-391xx/CVE-2023-39180.json index b384f78448d..e43d4b2e84f 100644 --- a/CVE-2023/CVE-2023-391xx/CVE-2023-39180.json +++ b/CVE-2023/CVE-2023-391xx/CVE-2023-39180.json @@ -2,13 +2,17 @@ "id": "CVE-2023-39180", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-18T10:15:05.217", - "lastModified": "2024-11-18T10:15:05.217", + "lastModified": "2024-11-18T15:35:02.397", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en el manejo de comandos SMB2_READ en el m\u00f3dulo ksmbd del kernel. El problema se debe a que no se libera memoria despu\u00e9s de su vida \u00fatil efectiva. Un atacante puede aprovechar esto para crear una condici\u00f3n de denegaci\u00f3n de servicio en las instalaciones afectadas de Linux. No se requiere autenticaci\u00f3n para explotar esta vulnerabilidad, pero solo los sistemas con ksmbd habilitado son vulnerables." } ], "metrics": { @@ -45,6 +49,16 @@ "value": "CWE-400" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] } ], "references": [ diff --git a/CVE-2024/CVE-2024-00xx/CVE-2024-0012.json b/CVE-2024/CVE-2024-00xx/CVE-2024-0012.json new file mode 100644 index 00000000000..b25da6e1f0d --- /dev/null +++ b/CVE-2024/CVE-2024-00xx/CVE-2024-0012.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-0012", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2024-11-18T16:15:11.683", + "lastModified": "2024-11-18T16:15:11.683", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 .\n\nThe risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended\u00a0 best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 .\n\nThis issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "LOW", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NO", + "recovery": "USER", + "valueDensity": "CONCENTRATED", + "vulnerabilityResponseEffort": "HIGH", + "providerUrgency": "RED", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + } + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2024-0012", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10531.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10531.json index a7dd9f38145..d92de80990b 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10531.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10531.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10531", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-13T03:15:04.153", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:02:30.197", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "security@wordfence.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + }, + { + "source": "security@wordfence.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", @@ -51,18 +71,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kognetiks:kognetiks_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.8", + "matchCriteriaId": "917C98DD-406E-4E56-AF96-586C86C3E2EB" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php#L524", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://plugins.trac.wordpress.org/changeset/3183413/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cc083470-3b43-42f3-8979-7fa6cce6ee75?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10684.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10684.json index bc78f033e03..367fa94ea47 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10684.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10684.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10684", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-13T03:15:04.600", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:03:08.437", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kognetiks:kognetiks_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.8", + "matchCriteriaId": "917C98DD-406E-4E56-AF96-586C86C3E2EB" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3183413/chatbot-chatgpt/trunk/includes/settings/chatbot-settings-support.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d6fcd334-4d9a-4c11-ab11-b96cdda698c4?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11007.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11007.json index 5eb2e152cf4..9404efcbbf3 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11007.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11007.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11007", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:20.050", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:08:22.883", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,97 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11023.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11023.json index 7c553b5d9d3..a15964d2bb1 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11023.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11023.json @@ -2,13 +2,13 @@ "id": "CVE-2024-11023", "sourceIdentifier": "cve-coordination@google.com", "published": "2024-11-18T11:15:05.507", - "lastModified": "2024-11-18T11:15:05.507", + "lastModified": "2024-11-18T15:35:03.307", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Firebase JavaScript SDK utilizes a \"FIREBASE_DEFAULTS\" cookie to store configuration data, including an \"_authTokenSyncURL\" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the \"_authTokenSyncURL\" to point to their own server and it would allow am actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0." + "value": "Firebase JavaScript SDK utilizes a \"FIREBASE_DEFAULTS\" cookie to store configuration data, including an \"_authTokenSyncURL\" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the \"_authTokenSyncURL\" to point to their own server and it would allow an actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0." } ], "metrics": { @@ -55,6 +55,28 @@ "baseSeverity": "MEDIUM" } } + ], + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } ] }, "weaknesses": [ diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11143.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11143.json index 7e5404435ef..d3a20dbc445 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11143.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11143.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11143", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-13T03:15:05.110", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:03:56.927", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -51,14 +51,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kognetiks:kognetiks_chatbot:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "2.1.9", + "matchCriteriaId": "BBB305B4-E5F6-430E-9792-79263302FD45" + } + ] + } + ] + } + ], "references": [ { "url": "https://plugins.trac.wordpress.org/changeset/3185255/chatbot-chatgpt/trunk/includes/utilities/chatbot-assistants.php", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Patch" + ] }, { "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/f16b11b0-11df-4fb7-a6af-123f6c09d791?source=cve", - "source": "security@wordfence.com" + "source": "security@wordfence.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11182.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11182.json index b3ba7143609..70668a14869 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11182.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11182.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11182", "sourceIdentifier": "security@eset.com", "published": "2024-11-15T11:15:10.410", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-18T15:35:03.553", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ @@ -59,6 +59,28 @@ "baseSeverity": "MEDIUM" } } + ], + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } ] }, "weaknesses": [ diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11304.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11304.json new file mode 100644 index 00000000000..c4583013fa8 --- /dev/null +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11304.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-11304", + "sourceIdentifier": "office@cyberdanube.com", + "published": "2024-11-18T15:15:05.663", + "lastModified": "2024-11-18T15:15:05.663", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS). This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "office@cyberdanube.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "office@cyberdanube.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://cyberdanube.com/en/en-st-polten-uas-stored-cross-site-scripting-in-seh-utnserver-pro/index.html", + "source": "office@cyberdanube.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-113xx/CVE-2024-11319.json b/CVE-2024/CVE-2024-113xx/CVE-2024-11319.json index d61b23b8597..0cac04ea623 100644 --- a/CVE-2024/CVE-2024-113xx/CVE-2024-11319.json +++ b/CVE-2024/CVE-2024-113xx/CVE-2024-11319.json @@ -2,7 +2,7 @@ "id": "CVE-2024-11319", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-11-18T12:15:17.853", - "lastModified": "2024-11-18T12:15:17.853", + "lastModified": "2024-11-18T15:35:04.247", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -55,6 +55,28 @@ "baseSeverity": "CRITICAL" } } + ], + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.8, + "impactScore": 6.0 + } ] }, "weaknesses": [ diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27528.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27528.json index ff6d7a349b2..d84dd147f81 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27528.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27528.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27528", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.360", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-18T15:35:04.500", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "wasm3 139076a sufre una lectura de memoria no v\u00e1lida, lo que genera un ataque de denegaci\u00f3n de servicio (DoS) y una posible ejecuci\u00f3n de c\u00f3digo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/haruki3hhh/baa757c4af4fefb410d9c74d7a68152e", diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27529.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27529.json index b5e4d44628c..fe887c7e912 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27529.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27529.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27529", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.440", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-18T15:35:05.340", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "wasm3 139076a contiene p\u00e9rdidas de memoria en Read_utf8." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/haruki3hhh/ac70bd83b9c0ed1de6289d818488da78", diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27530.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27530.json index 577800f0f07..84277f97f28 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27530.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27530.json @@ -2,7 +2,7 @@ "id": "CVE-2024-27530", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.520", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-18T15:35:06.170", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -16,6 +16,18 @@ } ], "metrics": {}, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/haruki3hhh/94dd274487b58e037bcc8839dc88b203", diff --git a/CVE-2024/CVE-2024-280xx/CVE-2024-28058.json b/CVE-2024/CVE-2024-280xx/CVE-2024-28058.json new file mode 100644 index 00000000000..a72c78f61fb --- /dev/null +++ b/CVE-2024/CVE-2024-280xx/CVE-2024-28058.json @@ -0,0 +1,25 @@ +{ + "id": "CVE-2024-28058", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-11-18T15:15:05.843", + "lastModified": "2024-11-18T15:15:05.843", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://community.netwitness.com/t5/netwitness-platform-online/tkb-p/netwitness-online-documentation", + "source": "cve@mitre.org" + }, + { + "url": "https://community.netwitness.com/t5/netwitness-platform-product/nw-2024-06-netwitness-platform-broken-access-control/ta-p/719454", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3370.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3370.json index ff4e94c663c..890429629df 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3370.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3370.json @@ -2,7 +2,7 @@ "id": "CVE-2024-3370", "sourceIdentifier": "iletisim@usom.gov.tr", "published": "2024-11-18T13:15:04.310", - "lastModified": "2024-11-18T13:15:04.310", + "lastModified": "2024-11-18T15:35:10.060", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -55,6 +55,28 @@ "baseSeverity": "HIGH" } } + ], + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 8.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } ] }, "weaknesses": [ diff --git a/CVE-2024/CVE-2024-33xx/CVE-2024-3379.json b/CVE-2024/CVE-2024-33xx/CVE-2024-3379.json index ba14c00b66b..1ac5fc0ec68 100644 --- a/CVE-2024/CVE-2024-33xx/CVE-2024-3379.json +++ b/CVE-2024/CVE-2024-33xx/CVE-2024-3379.json @@ -2,7 +2,7 @@ "id": "CVE-2024-3379", "sourceIdentifier": "security@huntr.dev", "published": "2024-11-14T18:15:18.503", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-18T16:35:03.197", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.6, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 5.8 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35410.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35410.json index 20c1bf9fcf2..eec1b00e1e2 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35410.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35410.json @@ -2,7 +2,7 @@ "id": "CVE-2024-35410", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.737", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-18T15:35:06.910", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que el commit 385e1 de wac conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n de interpretaci\u00f3n en /wac-asan/wa.c. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo wasm manipulado a medida." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/haruki3hhh/f686e1d517e8f5d1281b02e633129522", diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35418.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35418.json index bd10e5bdfec..9a9d9c9aa41 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35418.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35418.json @@ -2,7 +2,7 @@ "id": "CVE-2024-35418", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.823", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-18T15:35:07.790", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que el commit 385e1 de wac conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n setup_call en /wac-asan/wa.c. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo wasm manipulado a medida." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/haruki3hhh/29237c52bd0cc30e3cc906f0af221b09", diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35420.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35420.json index a1a1c0173c7..77d57f270d6 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35420.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35420.json @@ -2,7 +2,7 @@ "id": "CVE-2024-35420", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:16.010", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-18T15:35:09.067", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que el commit 385e1 de wac conten\u00eda un desbordamiento de mont\u00f3n." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.2, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.5, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-120" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/haruki3hhh/ebabc705fb04aff38c600f2b63601aae", diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3501.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3501.json index 2e4c882f1fd..2b9684234b5 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3501.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3501.json @@ -2,7 +2,7 @@ "id": "CVE-2024-3501", "sourceIdentifier": "security@huntr.dev", "published": "2024-11-14T18:15:18.713", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-18T16:35:03.523", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3502.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3502.json index 93d9eb369ea..2165fd8d518 100644 --- a/CVE-2024/CVE-2024-35xx/CVE-2024-3502.json +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3502.json @@ -2,7 +2,7 @@ "id": "CVE-2024-3502", "sourceIdentifier": "security@huntr.dev", "published": "2024-11-14T18:15:18.943", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-18T16:35:03.850", "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", diff --git a/CVE-2024/CVE-2024-371xx/CVE-2024-37155.json b/CVE-2024/CVE-2024-371xx/CVE-2024-37155.json new file mode 100644 index 00000000000..aede75ac66d --- /dev/null +++ b/CVE-2024/CVE-2024-371xx/CVE-2024-37155.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-37155", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-11-18T15:15:06.210", + "lastModified": "2024-11-18T15:15:06.210", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`. The regex check in the plkugin can be bypassed by removing the carriage return and line feed characters (`\\r\\n`). Running a curl command against a local instance of OpenCTI will result in a limited error message. By running the same Introspection query without the `\\r\\n` characters, the unauthenticated user is able to successfully run a full Introspection query. Bypassing this restriction allows the attacker to gather a wealth of information about the GraphQL endpoint functionality that can be used to perform actions and/or read data without authorization. These queries can also be weaponized to conduct a Denial of Service (DoS) attack if sent repeatedly. Users should upgrade to version 6.1.9 to receive a patch for the issue." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/OpenCTI-Platform/opencti/blob/6343b82b0b0a5d3ded3b30d08ce282328a556268/opencti-platform/opencti-graphql/src/graphql/graphql.js#L83-L94", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenCTI-Platform/opencti/commit/f87d96918c63b0c3d3ebfbea6c789d48e2f56ad5", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/OpenCTI-Platform/opencti/security/advisories/GHSA-4mvw-j8r9-xcgc", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-373xx/CVE-2024-37398.json b/CVE-2024/CVE-2024-373xx/CVE-2024-37398.json index 69323fa300b..a45a93939cd 100644 --- a/CVE-2024/CVE-2024-373xx/CVE-2024-37398.json +++ b/CVE-2024/CVE-2024-373xx/CVE-2024-37398.json @@ -2,8 +2,8 @@ "id": "CVE-2024-37398", "sourceIdentifier": "support@hackerone.com", "published": "2024-11-13T02:15:18.003", - "lastModified": "2024-11-13T17:01:16.850", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:23:23.543", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ], "cvssMetricV30": [ { "source": "support@hackerone.com", @@ -39,10 +61,63 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "2347060E-FEC7-41EF-A0C0-5ED61B157223" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "C419EC4C-AB98-4D73-82B2-00A0A1F5A435" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "F78C1CDE-FB11-4033-AEBA-D04D937EDD67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "E881D4BF-3222-4EF9-8A9B-0948973CCC89" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:secure_access_client:22.7:r3:*:*:*:*:*:*", + "matchCriteriaId": "D93F7D15-B61D-4EE7-9280-FC0B7C45C940" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "support@hackerone.com" + "source": "support@hackerone.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-411xx/CVE-2024-41151.json b/CVE-2024/CVE-2024-411xx/CVE-2024-41151.json index 51a96931d4e..c536da57055 100644 --- a/CVE-2024/CVE-2024-411xx/CVE-2024-41151.json +++ b/CVE-2024/CVE-2024-411xx/CVE-2024-41151.json @@ -2,7 +2,7 @@ "id": "CVE-2024-41151", "sourceIdentifier": "security@apache.org", "published": "2024-11-18T09:15:05.010", - "lastModified": "2024-11-18T09:15:05.010", + "lastModified": "2024-11-18T15:35:10.290", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "Deserialization of Untrusted Data vulnerability in Apache HertzBeat.\n\nThis vulnerability can only be exploited by authorized attackers.\n\n\nThis issue affects Apache HertzBeat: before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42499.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42499.json index 89c8846b39a..f56484ed121 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42499.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42499.json @@ -2,7 +2,7 @@ "id": "CVE-2024-42499", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-11-15T06:15:04.933", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-18T16:35:04.877", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ], "cvssMetricV30": [ { "source": "vultures@jpcert.or.jp", diff --git a/CVE-2024/CVE-2024-43xx/CVE-2024-4311.json b/CVE-2024/CVE-2024-43xx/CVE-2024-4311.json index 275112769f2..d63557619a2 100644 --- a/CVE-2024/CVE-2024-43xx/CVE-2024-4311.json +++ b/CVE-2024/CVE-2024-43xx/CVE-2024-4311.json @@ -2,7 +2,7 @@ "id": "CVE-2024-4311", "sourceIdentifier": "security@huntr.dev", "published": "2024-11-14T18:15:19.473", - "lastModified": "2024-11-15T13:58:08.913", + "lastModified": "2024-11-18T16:35:13.737", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -16,6 +16,28 @@ } ], "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 4.2 + } + ], "cvssMetricV30": [ { "source": "security@huntr.dev", diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45087.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45087.json index d797cf4042c..d0c0a9da2b4 100644 --- a/CVE-2024/CVE-2024-450xx/CVE-2024-45087.json +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45087.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45087", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-11T17:15:04.957", - "lastModified": "2024-11-12T13:55:21.227", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:34:23.010", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -40,6 +40,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "psirt@us.ibm.com", "type": "Secondary", @@ -51,10 +61,35 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:*", + "matchCriteriaId": "E30E8CE2-9137-4669-AE86-FB8ED0899736" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:*", + "matchCriteriaId": "C4F6F77C-2C0D-4A31-B2A0-DB1C4296FF5E" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7175393", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45088.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45088.json index 2192364b07e..923a9227628 100644 --- a/CVE-2024/CVE-2024-450xx/CVE-2024-45088.json +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45088.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45088", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-11T16:15:14.950", - "lastModified": "2024-11-12T13:55:21.227", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:33:34.060", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "psirt@us.ibm.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, + { + "source": "psirt@us.ibm.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", @@ -51,10 +71,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ibm:maximo_asset_management:7.6.1.3:*:*:*:*:*:*:*", + "matchCriteriaId": "B0279056-1BD2-4CD6-86BA-DDAA6AB53C6F" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.ibm.com/support/pages/node/7174818", - "source": "psirt@us.ibm.com" + "source": "psirt@us.ibm.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45505.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45505.json index c58a311f7c6..16353d781ff 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45505.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45505.json @@ -2,7 +2,7 @@ "id": "CVE-2024-45505", "sourceIdentifier": "security@apache.org", "published": "2024-11-18T09:15:05.870", - "lastModified": "2024-11-18T09:15:05.870", + "lastModified": "2024-11-18T15:35:10.743", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating).\n\nThis vulnerability can only be exploited by authorized attackers.\nThis issue affects Apache HertzBeat (incubating): before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", diff --git a/CVE-2024/CVE-2024-457xx/CVE-2024-45791.json b/CVE-2024/CVE-2024-457xx/CVE-2024-45791.json index 27b98f1fad2..b757c174193 100644 --- a/CVE-2024/CVE-2024-457xx/CVE-2024-45791.json +++ b/CVE-2024/CVE-2024-457xx/CVE-2024-45791.json @@ -2,7 +2,7 @@ "id": "CVE-2024-45791", "sourceIdentifier": "security@apache.org", "published": "2024-11-18T09:15:05.990", - "lastModified": "2024-11-18T09:15:05.990", + "lastModified": "2024-11-18T15:35:10.970", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat.\n\nThis issue affects Apache HertzBeat: before 1.6.1.\n\nUsers are recommended to upgrade to version 1.6.1, which fixes the issue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47905.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47905.json index e6b179fd5a0..919a8724ad5 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47905.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47905.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47905", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:22.473", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:08:47.280", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,112 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47907.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47907.json index ce6107105a4..4ed3e0fc23f 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47907.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47907.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47907", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:22.887", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:09:30.573", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,81 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47909.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47909.json index 84f30c39d8a..508d69028cc 100644 --- a/CVE-2024/CVE-2024-479xx/CVE-2024-47909.json +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47909.json @@ -2,8 +2,8 @@ "id": "CVE-2024-47909", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:23.080", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:09:45.750", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,112 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "201EB882-0B2A-47DB-B517-1E72A0542B27" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "F788F6D9-5368-4B8E-BFA0-E8FB3CDADB01" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "2927A40D-E8A3-4DB6-9C93-04A6C6035C3D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "1399BBB4-E62B-4FF6-B9E3-6AAC68D4D583" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.2:*:*:*:*:*:*", + "matchCriteriaId": "1EAD1423-4477-4C35-BF93-697A2C0697C6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.3:*:*:*:*:*:*", + "matchCriteriaId": "858353BC-12CB-4014-BFCA-DA7B1B3DD4B9" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.4:*:*:*:*:*:*", + "matchCriteriaId": "865F72BF-57B2-4B0C-BACE-3500E0AE6751" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r1.5:*:*:*:*:*:*", + "matchCriteriaId": "39E11407-E0C0-454F-B731-7DA4CBC696EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2:*:*:*:*:*:*", + "matchCriteriaId": "247E71F8-A03B-4097-B7BF-09F8BF3ED4D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.1:*:*:*:*:*:*", + "matchCriteriaId": "E0059C69-4A18-4153-9D9A-5C1B03AD1453" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:connect_secure:22.7:r2.2:*:*:*:*:*:*", + "matchCriteriaId": "FC523C88-115E-4CD9-A8CB-AE6E6610F7D4" + } + ] + } + ] + }, + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:*:*:*:*:*:*:*:*", + "versionEndExcluding": "22.7", + "matchCriteriaId": "FAD0FC91-CA1E-4DC3-A37E-1BF98906D07C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:-:*:*:*:*:*:*", + "matchCriteriaId": "1F22B988-2585-4853-9838-AB3746C8B888" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1:*:*:*:*:*:*", + "matchCriteriaId": "FD9BE8C2-43EB-4870-A4B7-267CB17A19F1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:policy_secure:22.7:r1.1:*:*:*:*:*:*", + "matchCriteriaId": "C8915BB2-C1C0-4189-A847-DDB2EF161D62" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48073.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48073.json index 490cb7df20c..ba97af8b516 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48073.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48073.json @@ -2,7 +2,7 @@ "id": "CVE-2024-48073", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:20.787", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-18T15:35:11.227", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "sunniwell HT3300 anterior a 1.0.0.B022.2 es vulnerable a permisos inseguros. El programa /usr/local/bin/update, que es responsable de actualizar el software en el dispositivo HT3300, tiene asignado el modo de ejecuci\u00f3n sudo NOPASSWD. Este programa es vulnerable a una vulnerabilidad de inyecci\u00f3n de comandos, que podr\u00eda permitir a un atacante pasar comandos a este programa a trav\u00e9s de argumentos de l\u00ednea de comandos para obtener privilegios elevados de superusuario." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + } + ], "references": [ { "url": "https://gist.github.com/Giles-one/56f677b96aab5a67fbe31dd41fd1303d", diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48896.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48896.json index df2c67b2da5..2f093686f70 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48896.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48896.json @@ -2,7 +2,7 @@ "id": "CVE-2024-48896", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-18T12:15:18.093", - "lastModified": "2024-11-18T12:15:18.093", + "lastModified": "2024-11-18T15:35:12.090", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "A vulnerability was found in Moodle. It is possible for users with the \"send message\" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48898.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48898.json index ef1bc9dda84..92ede7eebd7 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48898.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48898.json @@ -2,7 +2,7 @@ "id": "CVE-2024-48898", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-18T12:15:18.363", - "lastModified": "2024-11-18T12:15:18.363", + "lastModified": "2024-11-18T15:35:12.320", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, "weaknesses": [ { "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48901.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48901.json index e992fff8824..a01d9a62de7 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48901.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48901.json @@ -2,7 +2,7 @@ "id": "CVE-2024-48901", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-18T12:15:18.493", - "lastModified": "2024-11-18T12:15:18.493", + "lastModified": "2024-11-18T15:35:12.557", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, "weaknesses": [ { "source": "secalert@redhat.com", diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49592.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49592.json index e08dc5e087e..dfdc9664f16 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49592.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49592.json @@ -2,13 +2,24 @@ "id": "CVE-2024-49592", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-15T21:15:11.070", - "lastModified": "2024-11-15T21:15:11.070", + "lastModified": "2024-11-18T16:15:25.520", "vulnStatus": "Received", - "cveTags": [], + "cveTags": [ + { + "sourceIdentifier": "cve@mitre.org", + "tags": [ + "unsupported-when-assigned" + ] + } + ], "descriptions": [ { "lang": "en", - "value": "McAfee Trial Installer 16.0.53 has Incorrect Access Control that leads to Local Escalation of Privileges." + "value": "Trial installer for McAfee Total Protection (legacy trial installer software) 16.0.53 allows local privilege escalation because of an Uncontrolled Search Path Element. The attacker could be \"an adversary or knowledgeable user\" and the type of attack could be called \"DLL-squatting.\" The issue only affects execution of this installer, and does not leave McAfee Total Protection in a vulnerable state after installation is completed. NOTE: This vulnerability only affects products that are no longer supported by the maintainer." + }, + { + "lang": "es", + "value": "McAfee Trial Installer 16.0.53 tiene un control de acceso incorrecto que conduce a una escalada local de privilegios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50317.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50317.json index 81f243d5604..aa008c90049 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50317.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50317.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50317", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:23.347", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:06:49.627", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*", + "versionEndExcluding": "6.4.6", + "matchCriteriaId": "8BF6AFA9-1E31-410B-BCC3-83F137769FC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50318.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50318.json index 3207dbb73f1..5f0ef191657 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50318.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50318.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50318", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:23.537", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:06:52.807", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*", + "versionEndExcluding": "6.4.6", + "matchCriteriaId": "8BF6AFA9-1E31-410B-BCC3-83F137769FC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50319.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50319.json index 500dc43ed73..ab866fdf7da 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50319.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50319.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50319", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:23.713", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:06:25.480", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*", + "versionEndExcluding": "6.4.6", + "matchCriteriaId": "8BF6AFA9-1E31-410B-BCC3-83F137769FC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50320.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50320.json index 3684fabaec0..454654b6b18 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50320.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50320.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50320", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:23.910", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:06:28.707", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*", + "versionEndExcluding": "6.4.6", + "matchCriteriaId": "8BF6AFA9-1E31-410B-BCC3-83F137769FC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50321.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50321.json index 0a5c09f720f..27b40fcb2cc 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50321.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50321.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50321", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:24.100", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T15:06:30.603", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-835" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:avalanche:*:*:*:*:premise:*:*:*", + "versionEndExcluding": "6.4.6", + "matchCriteriaId": "8BF6AFA9-1E31-410B-BCC3-83F137769FC2" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Avalanche-Multiple-CVEs-Q4-2024-Release", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50322.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50322.json index b26b6583381..10ec87a181a 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50322.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50322.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50322", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:24.280", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-18T16:30:49.997", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022", + "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*", + "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*", + "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*", + "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*", + "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*", + "matchCriteriaId": "1877FB55-76BA-4714-ABB8-47258132F537" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*", + "matchCriteriaId": "4F9E8D45-5F12-4D45-A74E-C314FA3618A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*", + "matchCriteriaId": "6C7283FE-C10A-4E37-B004-15FB0CAC49A5" + } + ] + } + ] + } + ], "references": [ { "url": "https://https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50323.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50323.json index 9a726a50261..6fd192511fa 100644 --- a/CVE-2024/CVE-2024-503xx/CVE-2024-50323.json +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50323.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50323", "sourceIdentifier": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "published": "2024-11-12T16:15:24.473", - "lastModified": "2024-11-13T17:01:58.603", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-11-18T16:32:43.733", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", "type": "Secondary", @@ -51,10 +81,66 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2022", + "matchCriteriaId": "B1F6549B-CF5D-4607-B67D-5489905A1705" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:-:*:*:*:*:*:*", + "matchCriteriaId": "46580865-5177-4E55-BDAC-73DA4B472B35" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su1:*:*:*:*:*:*", + "matchCriteriaId": "E57E12B5-B789-450C-9476-6C4C151E6993" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su2:*:*:*:*:*:*", + "matchCriteriaId": "E47C65B3-56DD-4D65-8B4B-6AFFE28E94F2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su3:*:*:*:*:*:*", + "matchCriteriaId": "10D6EAB7-B14B-45E9-92B9-4FADFBBB08AF" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su4:*:*:*:*:*:*", + "matchCriteriaId": "1877FB55-76BA-4714-ABB8-47258132F537" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2022:su5:*:*:*:*:*:*", + "matchCriteriaId": "4F9E8D45-5F12-4D45-A74E-C314FA3618A3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:ivanti:endpoint_manager:2024:-:*:*:*:*:*:*", + "matchCriteriaId": "6C7283FE-C10A-4E37-B004-15FB0CAC49A5" + } + ] + } + ] + } + ], "references": [ { "url": "https://forums.ivanti.com/s/article/Security-Advisory-EPM-November-2024-for-EPM-2024-and-EPM-2022", - "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75" + "source": "3c1d8aa1-5a33-4ea4-8992-aadd6440af75", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50823.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50823.json index 9ccce1db9bc..ebffc6ef2cf 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50823.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50823.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50823", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:19.940", - "lastModified": "2024-11-15T20:35:09.490", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:38:57.740", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20admin%20login.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50824.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50824.json index 02f7d2f5dc1..1c0607a01b4 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50824.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50824.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50824", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:20.107", - "lastModified": "2024-11-15T20:35:10.823", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:39:08.460", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20class.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50825.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50825.json index 37272d9fe37..48868adef2d 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50825.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50825.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50825", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:20.230", - "lastModified": "2024-11-15T20:35:12.167", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:39:12.563", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20school%20year.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50826.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50826.json index ed61463db20..116a6c623b2 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50826.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50826.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50826", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:20.350", - "lastModified": "2024-11-15T20:35:13.500", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:39:16.613", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20add%20content.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50827.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50827.json index b35d26a9bdc..71df13ff6e5 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50827.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50827.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50827", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:20.457", - "lastModified": "2024-11-15T20:35:14.820", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:36:35.027", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20add%20subject.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50828.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50828.json index c2e04be1d48..eb79630ed76 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50828.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50828.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50828", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:20.580", - "lastModified": "2024-11-15T20:35:16.143", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:36:57.377", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20edit%20department.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50829.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50829.json index 7f1200fc1c2..daa21e4cc37 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50829.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50829.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50829", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:20.853", - "lastModified": "2024-11-15T20:35:17.460", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:37:17.363", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20edit%20subject.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50830.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50830.json index e0b3400234c..ea39d82792e 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50830.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50830.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50830", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:21.063", - "lastModified": "2024-11-15T20:35:18.800", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:37:21.377", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20Calendar%20of%20Events.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50831.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50831.json index 5be517e0946..b100b20edfb 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50831.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50831.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50831", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T18:15:21.180", - "lastModified": "2024-11-15T20:35:20.133", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:37:24.967", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20admin%20user.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50832.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50832.json index df835c76ced..11720f8b119 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50832.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50832.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50832", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T17:15:06.823", - "lastModified": "2024-11-15T20:35:21.483", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:37:57.470", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/SQL%20Injection%20-%20edit%20class.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50833.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50833.json index 4ce4a3a8716..5c47c457358 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50833.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50833.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50833", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T17:15:06.917", - "lastModified": "2024-11-15T20:35:22.847", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:38:12.770", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20login%20page.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50834.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50834.json index e98187e4fc8..f32141c94ff 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50834.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50834.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50834", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T17:15:07.003", - "lastModified": "2024-11-15T20:35:24.163", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:38:39.357", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20teacher.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50835.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50835.json index cfa086d32f3..ec09701ee02 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50835.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50835.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50835", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T17:15:07.090", - "lastModified": "2024-11-15T21:35:17.397", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:38:44.020", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/SQL%20Injection%20-%20edit%20student.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50836.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50836.json index 30145a8693f..4eab29f01ee 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50836.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50836.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50836", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-14T17:15:07.177", - "lastModified": "2024-11-15T13:58:08.913", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:38:53.153", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,11 +15,67 @@ "value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) almacenado en /admin/teachers.php in KASHIPARA E-learning Management System Project 1.0. Esta vulnerabilidad permite a atacantes remotos ejecutar secuencias de comandos arbitrarias a trav\u00e9s de los par\u00e1metros firstname y lastname." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:lopalopa:e-learning_management_system:1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "BFD62B66-BEBB-4F0C-9F2F-66A7DC3E83E7" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/m14r41/Writeups/blob/main/CVE/Kashipara/E-learning%20Management%20System%20project/Stored%20XSS%20-%20Teachers.pdf", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Exploit", + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51157.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51157.json index 5fc5071e78a..5665cb5d4c1 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51157.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51157.json @@ -2,7 +2,7 @@ "id": "CVE-2024-51157", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T21:15:20.980", - "lastModified": "2024-11-12T13:56:54.483", + "lastModified": "2024-11-18T15:35:13.060", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,42 @@ "value": "Se descubri\u00f3 que 07FLYCMS V1.3.9 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente http://erp.07fly.net:80/oa/OaSchedule/add.html." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], "references": [ { "url": "https://github.com/xiaoyunzhui/cms/blob/main/2/readme.md", diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51586.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51586.json index e051a626e90..5a0453ecf67 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51586.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51586.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51586", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:04.697", - "lastModified": "2024-11-12T13:56:24.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:45:30.550", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:camilluskillus:elementary_addons:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.4", + "matchCriteriaId": "2158EFD0-9F7A-498C-9098-F848EE4268BD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/elementary-addons/wordpress-elementary-addons-plugin-2-0-4-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51590.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51590.json index ea2468751af..48426d6164c 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51590.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51590.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51590", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:05.557", - "lastModified": "2024-11-12T13:56:24.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:44:27.333", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:hoosoft:hoo_addons_for_elementor:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.0.6", + "matchCriteriaId": "3D00557F-F5D5-49D5-AF40-72910F07722C" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/hoo-addons-for-elementor/wordpress-hoo-addons-for-elementor-plugin-1-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51593.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51593.json index d7fda8918a0..27069924ab5 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51593.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51593.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51593", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:06.197", - "lastModified": "2024-11-12T13:56:24.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:42:06.290", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:glopium:ukrainian-currency:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0", + "matchCriteriaId": "E73ECE15-D627-4AB8-9E78-7244FE7130CB" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/ukrainian-currency/wordpress-kurs-valyut-uah-plugin-2-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51598.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51598.json index b6512a5fe98..f84d7007688 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51598.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51598.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51598", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:07.277", - "lastModified": "2024-11-12T13:56:24.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:37:58.447", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:kendysond:selar.co_widget:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.2", + "matchCriteriaId": "D4696755-9EF5-4E08-B943-11FB46A35944" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/selar-co-widget/wordpress-selar-co-widget-plugin-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51663.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51663.json index 03a407d6377..c1e42170a99 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51663.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51663.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51663", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:17.847", - "lastModified": "2024-11-12T13:56:24.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:54:02.457", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:bricksable:bricksable_for_bricks_builder:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "1.6.60", + "matchCriteriaId": "DC04E22E-4A95-4A37-BB19-BFB1C0A36756" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/bricksable/wordpress-bricksable-for-bricks-builder-plugin-1-6-59-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51664.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51664.json index 38f3beb437c..65ca627677a 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51664.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51664.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51664", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:18.067", - "lastModified": "2024-11-12T13:56:24.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:55:08.183", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +81,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:beds24:online_booking:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "2.0.25", + "matchCriteriaId": "B497F3BF-133E-4EAF-A65B-B46386C9EEC6" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/beds24-online-booking/wordpress-beds24-online-booking-plugin-2-0-25-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51668.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51668.json index f7c34bc5bb1..6c2ecb5ce72 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51668.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51668.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51668", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:18.297", - "lastModified": "2024-11-12T13:56:24.513", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-18T16:51:31.227", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.7, + "impactScore": 2.7 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:target-info:mycurator_content_curation:*:*:*:*:*:wordpress:*:*", + "versionEndIncluding": "3.78", + "matchCriteriaId": "CAB93CF8-2049-4AAC-BA7B-ECD4F6E98B4B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/mycurator/wordpress-mycurator-content-curation-plugin-3-78-cross-site-scripting-xss-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52316.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52316.json index 3fc5d9a868a..5e688310e0c 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52316.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52316.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52316", "sourceIdentifier": "security@apache.org", "published": "2024-11-18T12:15:18.600", - "lastModified": "2024-11-18T12:15:18.600", + "lastModified": "2024-11-18T15:35:14.030", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,30 @@ "value": "Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC)\u00a0ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta\u00a0Authentication components that behave in this way.\n\nThis issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "security@apache.org", diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52317.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52317.json index f021b6be5a1..9aedf058707 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52317.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52317.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52317", "sourceIdentifier": "security@apache.org", "published": "2024-11-18T12:15:18.727", - "lastModified": "2024-11-18T12:15:18.727", + "lastModified": "2024-11-18T15:35:14.303", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Incorrect object re-cycling and re-use vulnerability in Apache Tomcat.\u00a0Incorrect recycling of the request and response used by HTTP/2 requests \ncould lead to request and/or response mix-up between users.\n\nThis issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95.\n\nUsers are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 2.5 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/ty376mrxy1mmxtw3ogo53nc9l3co3dfs", diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52318.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52318.json index 2cd8cdbe5f2..3b1214a537b 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52318.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52318.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52318", "sourceIdentifier": "security@apache.org", "published": "2024-11-18T13:15:04.490", - "lastModified": "2024-11-18T13:15:04.490", + "lastModified": "2024-11-18T15:35:15.203", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "Incorrect object recycling and reuse vulnerability in Apache Tomcat.\n\nThis issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96.\n\nUsers are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-326" + } + ] + } + ], "references": [ { "url": "https://lists.apache.org/thread/co243cw1nlh6p521c5265cm839wkqdp9", diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52419.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52419.json new file mode 100644 index 00000000000..37f44e2b50e --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52419.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52419", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T16:15:25.687", + "lastModified": "2024-11-18T16:15:25.687", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Clipboard Team Copy Anything to Clipboard allows Stored XSS.This issue affects Copy Anything to Clipboard: from n/a through 4.0.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/copy-the-code/wordpress-copy-anything-to-clipboard-plugin-4-0-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52422.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52422.json new file mode 100644 index 00000000000..db35d274e10 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52422.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52422", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T16:15:25.933", + "lastModified": "2024-11-18T16:15:25.933", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Terry Lin WP Githuber MD allows Stored XSS.This issue affects WP Githuber MD: from n/a through 1.16.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-githuber-md/wordpress-wp-githuber-md-plugin-1-16-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52423.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52423.json new file mode 100644 index 00000000000..326fb8b1521 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52423.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52423", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T16:15:26.160", + "lastModified": "2024-11-18T16:15:26.160", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-6-3-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52424.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52424.json new file mode 100644 index 00000000000..1a974bd6a77 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52424.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52424", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T16:15:26.380", + "lastModified": "2024-11-18T16:15:26.380", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-352" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-login-customizer/wordpress-wp-login-customizer-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52425.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52425.json new file mode 100644 index 00000000000..37f1c7c2c9a --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52425.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52425", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T16:15:26.600", + "lastModified": "2024-11-18T16:15:26.600", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Urchenko Drozd \u2013 Addons for Elementor allows Stored XSS.This issue affects Drozd \u2013 Addons for Elementor: from n/a through 1.1.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/drozd-addons-for-elementor/wordpress-drozd-addons-for-elementor-plugin-1-1-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52426.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52426.json new file mode 100644 index 00000000000..1403504b38b --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52426.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52426", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T16:15:26.830", + "lastModified": "2024-11-18T16:15:26.830", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Linear Oy Linear linear allows DOM-Based XSS.This issue affects Linear: from n/a through 2.7.11." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 3.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/linear/wordpress-linear-plugin-2-7-11-cross-site-scripting-xss-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52427.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52427.json new file mode 100644 index 00000000000..113df36f54d --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52427.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52427", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:06.657", + "lastModified": "2024-11-18T15:15:06.657", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1336" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52428.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52428.json new file mode 100644 index 00000000000..fe817746229 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52428.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52428", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:06.923", + "lastModified": "2024-11-18T15:15:06.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-98" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/free-wp-booster-by-ads-pro/wordpress-ads-booster-by-ads-pro-plugin-1-12-local-file-inclusion-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52429.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52429.json new file mode 100644 index 00000000000..3b28698a68d --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52429.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52429", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:07.277", + "lastModified": "2024-11-18T15:15:07.277", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-quick-setup/wordpress-wp-quick-setup-plugin-2-0-arbitrary-plugin-and-theme-installation-to-remote-code-execution-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52430.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52430.json new file mode 100644 index 00000000000..6f2b95cf5df --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52430.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52430", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:07.490", + "lastModified": "2024-11-18T15:15:07.490", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Lis Lis Video Gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through 0.2.1." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/lis-video-gallery/wordpress-lis-video-gallery-plugin-0-2-1-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52431.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52431.json new file mode 100644 index 00000000000..e876831a2f3 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52431.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52431", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:07.707", + "lastModified": "2024-11-18T15:15:07.707", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 9.3, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wp-video-robot/wordpress-wp-video-robot-plugin-1-20-0-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52432.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52432.json new file mode 100644 index 00000000000..d1fabe56484 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52432.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52432", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:07.923", + "lastModified": "2024-11-18T15:15:07.923", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through 0.0.4." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/nix-anti-spam-light/wordpress-nix-anti-spam-light-plugin-0-0-4-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52433.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52433.json new file mode 100644 index 00000000000..2c69ab96cdf --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52433.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52433", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:08.130", + "lastModified": "2024-11-18T15:15:08.130", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/my-geo-posts-free/wordpress-my-geo-posts-free-plugin-1-2-php-object-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52434.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52434.json new file mode 100644 index 00000000000..829f8013cf1 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52434.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52434", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:08.340", + "lastModified": "2024-11-18T15:15:08.340", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-1336" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/popup-by-supsystic/wordpress-popup-by-supsystic-plugin-1-10-29-remote-code-execution-rce-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52435.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52435.json new file mode 100644 index 00000000000..f3da86147c6 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52435.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52435", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:08.543", + "lastModified": "2024-11-18T15:15:08.543", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. Premium Packages allows SQL Injection.This issue affects Premium Packages: from n/a through 5.9.3." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/wpdm-premium-packages/wordpress-premium-packages-sell-digital-products-securely-plugin-5-9-3-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-524xx/CVE-2024-52436.json b/CVE-2024/CVE-2024-524xx/CVE-2024-52436.json new file mode 100644 index 00000000000..e1aa94f42c8 --- /dev/null +++ b/CVE-2024/CVE-2024-524xx/CVE-2024-52436.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-52436", + "sourceIdentifier": "audit@patchstack.com", + "published": "2024-11-18T15:15:08.773", + "lastModified": "2024-11-18T15:15:08.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "audit@patchstack.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "audit@patchstack.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://patchstack.com/database/vulnerability/post-smtp/wordpress-post-smtp-plugin-2-9-9-sql-injection-vulnerability?_s_id=cve", + "source": "audit@patchstack.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52565.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52565.json new file mode 100644 index 00000000000..d61e220139b --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52565.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52565", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:27.020", + "lastModified": "2024-11-18T16:15:27.020", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52566.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52566.json new file mode 100644 index 00000000000..f83d56d9fd2 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52566.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52566", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:27.287", + "lastModified": "2024-11-18T16:15:27.287", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52567.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52567.json new file mode 100644 index 00000000000..c7b44e9af3d --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52567.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52567", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:27.537", + "lastModified": "2024-11-18T16:15:27.537", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52568.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52568.json new file mode 100644 index 00000000000..4da2085ca5f --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52568.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52568", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:27.773", + "lastModified": "2024-11-18T16:15:27.773", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files.\r\nAn attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52569.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52569.json new file mode 100644 index 00000000000..82a37241ae9 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52569.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52569", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:28.063", + "lastModified": "2024-11-18T16:15:28.063", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52570.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52570.json new file mode 100644 index 00000000000..96c6130da20 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52570.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52570", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:28.300", + "lastModified": "2024-11-18T16:15:28.300", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52571.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52571.json new file mode 100644 index 00000000000..a732380b849 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52571.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52571", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:28.533", + "lastModified": "2024-11-18T16:15:28.533", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52572.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52572.json new file mode 100644 index 00000000000..3fd199b1691 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52572.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52572", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:28.767", + "lastModified": "2024-11-18T16:15:28.767", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-121" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52573.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52573.json new file mode 100644 index 00000000000..3091f28dfe1 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52573.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52573", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:29.110", + "lastModified": "2024-11-18T16:15:29.110", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52574.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52574.json new file mode 100644 index 00000000000..de37914de38 --- /dev/null +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52574.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-52574", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-18T16:15:29.400", + "lastModified": "2024-11-18T16:15:29.400", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files.\r\nThis could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543)" + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-824503.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52912.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52912.json index 4bb97615162..3be7dbf4bc8 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52912.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52912.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52912", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.443", - "lastModified": "2024-11-18T04:15:04.443", + "lastModified": "2024-11-18T16:35:14.273", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug." + }, + { + "lang": "es", + "value": "Bitcoin Core anterior a 0.21.0 permite una divisi\u00f3n de red que es resultado de un desbordamiento de enteros (calcular el desfase horario para los nuevos pares que se conectan) y un error de l\u00f3gica abs64." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/03/disclose-timestamp-overflow/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52913.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52913.json index 814e5001042..64152a3107c 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52913.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52913.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52913", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.500", - "lastModified": "2024-11-18T04:15:04.500", + "lastModified": "2024-11-18T16:35:15.113", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled." + }, + { + "lang": "es", + "value": "En Bitcoin Core anterior a la versi\u00f3n 0.21.0, un atacante pod\u00eda impedir que un nodo viera una transacci\u00f3n espec\u00edfica no confirmada, porque las nuevas solicitudes de transacciones se gestionaban incorrectamente." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/03/disclose_already_asked_for/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52914.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52914.json index 76fd86ef650..86bb7951c1c 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52914.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52914.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52914", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.567", - "lastModified": "2024-11-18T04:15:04.567", + "lastModified": "2024-11-18T16:35:16.680", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction." + }, + { + "lang": "es", + "value": "En Bitcoin Core anterior a la versi\u00f3n 0.18.0, un nodo pod\u00eda quedar bloqueado durante horas al procesar los hu\u00e9rfanos de una transacci\u00f3n no confirmada creada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/03/disclose-orphan-dos/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52915.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52915.json index e2d2fc177bd..d4aaef99cf4 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52915.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52915.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52915", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.633", - "lastModified": "2024-11-18T04:15:04.633", + "lastModified": "2024-11-18T16:35:17.807", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message." + }, + { + "lang": "es", + "value": "Bitcoin Core anterior a 0.20.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria) a trav\u00e9s de un mensaje INV manipulado espec\u00edficamente para ello." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/03/disclose-inv-buffer-blowup/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52916.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52916.json index c6da621b01e..1245625a5f4 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52916.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52916.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52916", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.697", - "lastModified": "2024-11-18T04:15:04.697", + "lastModified": "2024-11-18T16:35:18.907", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers." + }, + { + "lang": "es", + "value": "Bitcoin Core anterior a 0.15.0 permite una denegaci\u00f3n de servicio (eliminaci\u00f3n OOM de un proceso daemon) a trav\u00e9s de una inundaci\u00f3n de encabezados de dificultad m\u00ednima." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/03/disclose-header-spam/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52917.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52917.json index 6d9175ce698..d91ec0b1b40 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52917.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52917.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52917", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.760", - "lastModified": "2024-11-18T04:15:04.760", + "lastModified": "2024-11-18T16:35:19.943", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device." + }, + { + "lang": "es", + "value": "Bitcoin Core anterior a 22.0 tiene un bucle infinito miniupnp en el que asigna memoria en funci\u00f3n de datos aleatorios recibidos a trav\u00e9s de la red, por ejemplo, grandes respuestas M-SEARCH de un dispositivo UPnP falso." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/31/disclose-upnp-oom/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52918.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52918.json index 248cc43f90a..55e13451a52 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52918.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52918.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52918", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.823", - "lastModified": "2024-11-18T04:15:04.823", + "lastModified": "2024-11-18T16:35:20.793", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file." + }, + { + "lang": "es", + "value": "Bitcoin-Qt en Bitcoin Core anterior a 0.20.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de memoria y bloqueo de la aplicaci\u00f3n) a trav\u00e9s de un par\u00e1metro BIP21 r para una URL que tiene un archivo grande." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/03/disclose-bip70-crash/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52919.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52919.json index 587735c66c1..e9ccd929fd2 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52919.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52919.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52919", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.890", - "lastModified": "2024-11-18T04:15:04.890", + "lastModified": "2024-11-18T16:35:21.600", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages." + }, + { + "lang": "es", + "value": "Bitcoin Core anterior a 22.0 tiene un desbordamiento de entero nIdCount de CAddrMan y una falla de afirmaci\u00f3n resultante (y salida del daemon) a trav\u00e9s de una inundaci\u00f3n de mensajes addr." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "ADJACENT_NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/31/disclose-addrman-int-overflow/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52920.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52920.json index fb8e14ef7b0..bc73c98a20f 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52920.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52920.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52920", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:04.960", - "lastModified": "2024-11-18T04:15:04.960", + "lastModified": "2024-11-18T16:35:22.413", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message." + }, + { + "lang": "es", + "value": "Bitcoin Core anterior a 0.20.0 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de un mensaje GETDATA malformado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-770" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/07/03/disclose-getdata-cpu/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52921.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52921.json index a469ef36274..8d69125b646 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52921.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52921.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52921", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T04:15:05.023", - "lastModified": "2024-11-18T04:15:05.023", + "lastModified": "2024-11-18T16:35:23.227", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block." + }, + { + "lang": "es", + "value": "En Bitcoin Core anterior a la versi\u00f3n 25.0, un par puede afectar el estado de descarga de otros pares enviando un bloque mutado." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://bitcoincore.org/en/2024/10/08/disclose-mutated-blocks-hindering-propagation/", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52940.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52940.json index 92a067cd811..bbb557f0bbc 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52940.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52940.json @@ -2,16 +2,55 @@ "id": "CVE-2024-52940", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T05:15:05.200", - "lastModified": "2024-11-18T05:15:05.200", + "lastModified": "2024-11-18T16:35:24.040", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", "value": "AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID." + }, + { + "lang": "es", + "value": "AnyDesk hasta la versi\u00f3n 8.1.0 en Windows, cuando est\u00e1 habilitada la opci\u00f3n Permitir conexiones directas, expone inadvertidamente una direcci\u00f3n IP p\u00fablica dentro del tr\u00e1fico de la red. El atacante debe conocer el ID de AnyDesk de la v\u00edctima." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-532" + } + ] } ], - "metrics": {}, "references": [ { "url": "https://download.anydesk.com/changelog.txt", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52941.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52941.json index 36a9c115ce1..624ba24235a 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52941.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52941.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52941", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T06:15:05.283", - "lastModified": "2024-11-18T06:15:05.283", + "lastModified": "2024-11-18T16:35:24.863", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -35,6 +35,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/support/en_US/security/VTS24-013", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52942.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52942.json index 7567319438f..cdbed1bf8e6 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52942.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52942.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52942", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T06:15:05.543", - "lastModified": "2024-11-18T06:15:05.543", + "lastModified": "2024-11-18T16:35:25.583", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -35,6 +35,18 @@ } ] }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], "references": [ { "url": "https://www.veritas.com/support/en_US/security/VTS24-013", diff --git a/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json b/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json index 3f47a354f73..7163429e2e4 100644 --- a/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json +++ b/CVE-2024/CVE-2024-529xx/CVE-2024-52943.json @@ -2,7 +2,7 @@ "id": "CVE-2024-52943", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-18T06:15:05.793", - "lastModified": "2024-11-18T06:15:05.793", + "lastModified": "2024-11-18T16:35:26.300", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -32,6 +32,26 @@ }, "exploitabilityScore": 2.3, "impactScore": 2.7 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 2.7 } ] }, diff --git a/CVE-2024/CVE-2024-94xx/CVE-2024-9474.json b/CVE-2024/CVE-2024-94xx/CVE-2024-9474.json new file mode 100644 index 00000000000..e21996655ad --- /dev/null +++ b/CVE-2024/CVE-2024-94xx/CVE-2024-9474.json @@ -0,0 +1,78 @@ +{ + "id": "CVE-2024-9474", + "sourceIdentifier": "psirt@paloaltonetworks.com", + "published": "2024-11-18T16:15:29.780", + "lastModified": "2024-11-18T16:15:29.780", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges.\n\nCloud NGFW and Prisma Access are not impacted by this vulnerability." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:N/R:U/V:C/RE:H/U:Red", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NO", + "recovery": "USER", + "valueDensity": "CONCENTRATED", + "vulnerabilityResponseEffort": "HIGH", + "providerUrgency": "RED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ] + }, + "weaknesses": [ + { + "source": "psirt@paloaltonetworks.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://security.paloaltonetworks.com/CVE-2024-9474", + "source": "psirt@paloaltonetworks.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index 500009611e2..19910f0ae01 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-18T15:01:01.016198+00:00 +2024-11-18T17:00:19.742228+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-18T14:59:30.173000+00:00 +2024-11-18T16:55:08.183000+00:00 ``` ### Last Data Feed Release @@ -33,31 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -270152 +270209 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `57` -- [CVE-2024-11303](CVE-2024/CVE-2024-113xx/CVE-2024-11303.json) (`2024-11-18T14:15:04.963`) -- [CVE-2024-11318](CVE-2024/CVE-2024-113xx/CVE-2024-11318.json) (`2024-11-18T14:15:05.233`) -- [CVE-2024-3370](CVE-2024/CVE-2024-33xx/CVE-2024-3370.json) (`2024-11-18T13:15:04.310`) -- [CVE-2024-52318](CVE-2024/CVE-2024-523xx/CVE-2024-52318.json) (`2024-11-18T13:15:04.490`) -- [CVE-2024-8781](CVE-2024/CVE-2024-87xx/CVE-2024-8781.json) (`2024-11-18T14:15:05.730`) -- [CVE-2024-9526](CVE-2024/CVE-2024-95xx/CVE-2024-9526.json) (`2024-11-18T14:15:05.873`) +- [CVE-2024-52423](CVE-2024/CVE-2024-524xx/CVE-2024-52423.json) (`2024-11-18T16:15:26.160`) +- [CVE-2024-52424](CVE-2024/CVE-2024-524xx/CVE-2024-52424.json) (`2024-11-18T16:15:26.380`) +- [CVE-2024-52425](CVE-2024/CVE-2024-524xx/CVE-2024-52425.json) (`2024-11-18T16:15:26.600`) +- [CVE-2024-52426](CVE-2024/CVE-2024-524xx/CVE-2024-52426.json) (`2024-11-18T16:15:26.830`) +- [CVE-2024-52427](CVE-2024/CVE-2024-524xx/CVE-2024-52427.json) (`2024-11-18T15:15:06.657`) +- [CVE-2024-52428](CVE-2024/CVE-2024-524xx/CVE-2024-52428.json) (`2024-11-18T15:15:06.923`) +- [CVE-2024-52429](CVE-2024/CVE-2024-524xx/CVE-2024-52429.json) (`2024-11-18T15:15:07.277`) +- [CVE-2024-52430](CVE-2024/CVE-2024-524xx/CVE-2024-52430.json) (`2024-11-18T15:15:07.490`) +- [CVE-2024-52431](CVE-2024/CVE-2024-524xx/CVE-2024-52431.json) (`2024-11-18T15:15:07.707`) +- [CVE-2024-52432](CVE-2024/CVE-2024-524xx/CVE-2024-52432.json) (`2024-11-18T15:15:07.923`) +- [CVE-2024-52433](CVE-2024/CVE-2024-524xx/CVE-2024-52433.json) (`2024-11-18T15:15:08.130`) +- [CVE-2024-52434](CVE-2024/CVE-2024-524xx/CVE-2024-52434.json) (`2024-11-18T15:15:08.340`) +- [CVE-2024-52435](CVE-2024/CVE-2024-524xx/CVE-2024-52435.json) (`2024-11-18T15:15:08.543`) +- [CVE-2024-52436](CVE-2024/CVE-2024-524xx/CVE-2024-52436.json) (`2024-11-18T15:15:08.773`) +- [CVE-2024-52565](CVE-2024/CVE-2024-525xx/CVE-2024-52565.json) (`2024-11-18T16:15:27.020`) +- [CVE-2024-52566](CVE-2024/CVE-2024-525xx/CVE-2024-52566.json) (`2024-11-18T16:15:27.287`) +- [CVE-2024-52567](CVE-2024/CVE-2024-525xx/CVE-2024-52567.json) (`2024-11-18T16:15:27.537`) +- [CVE-2024-52568](CVE-2024/CVE-2024-525xx/CVE-2024-52568.json) (`2024-11-18T16:15:27.773`) +- [CVE-2024-52569](CVE-2024/CVE-2024-525xx/CVE-2024-52569.json) (`2024-11-18T16:15:28.063`) +- [CVE-2024-52570](CVE-2024/CVE-2024-525xx/CVE-2024-52570.json) (`2024-11-18T16:15:28.300`) +- [CVE-2024-52571](CVE-2024/CVE-2024-525xx/CVE-2024-52571.json) (`2024-11-18T16:15:28.533`) +- [CVE-2024-52572](CVE-2024/CVE-2024-525xx/CVE-2024-52572.json) (`2024-11-18T16:15:28.767`) +- [CVE-2024-52573](CVE-2024/CVE-2024-525xx/CVE-2024-52573.json) (`2024-11-18T16:15:29.110`) +- [CVE-2024-52574](CVE-2024/CVE-2024-525xx/CVE-2024-52574.json) (`2024-11-18T16:15:29.400`) +- [CVE-2024-9474](CVE-2024/CVE-2024-94xx/CVE-2024-9474.json) (`2024-11-18T16:15:29.780`) ### CVEs modified in the last Commit -Recently modified CVEs: `6` +Recently modified CVEs: `83` -- [CVE-2024-10529](CVE-2024/CVE-2024-105xx/CVE-2024-10529.json) (`2024-11-18T14:59:15.043`) -- [CVE-2024-10530](CVE-2024/CVE-2024-105xx/CVE-2024-10530.json) (`2024-11-18T14:59:30.173`) -- [CVE-2024-43704](CVE-2024/CVE-2024-437xx/CVE-2024-43704.json) (`2024-11-18T14:35:02.840`) -- [CVE-2024-44765](CVE-2024/CVE-2024-447xx/CVE-2024-44765.json) (`2024-11-18T14:35:03.200`) -- [CVE-2024-5030](CVE-2024/CVE-2024-50xx/CVE-2024-5030.json) (`2024-11-18T14:35:05.030`) -- [CVE-2024-50809](CVE-2024/CVE-2024-508xx/CVE-2024-50809.json) (`2024-11-18T14:35:04.110`) +- [CVE-2024-51157](CVE-2024/CVE-2024-511xx/CVE-2024-51157.json) (`2024-11-18T15:35:13.060`) +- [CVE-2024-51586](CVE-2024/CVE-2024-515xx/CVE-2024-51586.json) (`2024-11-18T16:45:30.550`) +- [CVE-2024-51590](CVE-2024/CVE-2024-515xx/CVE-2024-51590.json) (`2024-11-18T16:44:27.333`) +- [CVE-2024-51593](CVE-2024/CVE-2024-515xx/CVE-2024-51593.json) (`2024-11-18T16:42:06.290`) +- [CVE-2024-51598](CVE-2024/CVE-2024-515xx/CVE-2024-51598.json) (`2024-11-18T16:37:58.447`) +- [CVE-2024-51663](CVE-2024/CVE-2024-516xx/CVE-2024-51663.json) (`2024-11-18T16:54:02.457`) +- [CVE-2024-51664](CVE-2024/CVE-2024-516xx/CVE-2024-51664.json) (`2024-11-18T16:55:08.183`) +- [CVE-2024-51668](CVE-2024/CVE-2024-516xx/CVE-2024-51668.json) (`2024-11-18T16:51:31.227`) +- [CVE-2024-52316](CVE-2024/CVE-2024-523xx/CVE-2024-52316.json) (`2024-11-18T15:35:14.030`) +- [CVE-2024-52317](CVE-2024/CVE-2024-523xx/CVE-2024-52317.json) (`2024-11-18T15:35:14.303`) +- [CVE-2024-52318](CVE-2024/CVE-2024-523xx/CVE-2024-52318.json) (`2024-11-18T15:35:15.203`) +- [CVE-2024-52912](CVE-2024/CVE-2024-529xx/CVE-2024-52912.json) (`2024-11-18T16:35:14.273`) +- [CVE-2024-52913](CVE-2024/CVE-2024-529xx/CVE-2024-52913.json) (`2024-11-18T16:35:15.113`) +- [CVE-2024-52914](CVE-2024/CVE-2024-529xx/CVE-2024-52914.json) (`2024-11-18T16:35:16.680`) +- [CVE-2024-52915](CVE-2024/CVE-2024-529xx/CVE-2024-52915.json) (`2024-11-18T16:35:17.807`) +- [CVE-2024-52916](CVE-2024/CVE-2024-529xx/CVE-2024-52916.json) (`2024-11-18T16:35:18.907`) +- [CVE-2024-52917](CVE-2024/CVE-2024-529xx/CVE-2024-52917.json) (`2024-11-18T16:35:19.943`) +- [CVE-2024-52918](CVE-2024/CVE-2024-529xx/CVE-2024-52918.json) (`2024-11-18T16:35:20.793`) +- [CVE-2024-52919](CVE-2024/CVE-2024-529xx/CVE-2024-52919.json) (`2024-11-18T16:35:21.600`) +- [CVE-2024-52920](CVE-2024/CVE-2024-529xx/CVE-2024-52920.json) (`2024-11-18T16:35:22.413`) +- [CVE-2024-52921](CVE-2024/CVE-2024-529xx/CVE-2024-52921.json) (`2024-11-18T16:35:23.227`) +- [CVE-2024-52940](CVE-2024/CVE-2024-529xx/CVE-2024-52940.json) (`2024-11-18T16:35:24.040`) +- [CVE-2024-52941](CVE-2024/CVE-2024-529xx/CVE-2024-52941.json) (`2024-11-18T16:35:24.863`) +- [CVE-2024-52942](CVE-2024/CVE-2024-529xx/CVE-2024-52942.json) (`2024-11-18T16:35:25.583`) +- [CVE-2024-52943](CVE-2024/CVE-2024-529xx/CVE-2024-52943.json) (`2024-11-18T16:35:26.300`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 16f91553c5c..6c694633605 100644 --- a/_state.csv +++ b/_state.csv @@ -155179,12 +155179,17 @@ CVE-2020-26052,0,0,a07ae9c9df8aed0b10b33ac6419abbd81faedddd00d694b9b2be4bd052a39 CVE-2020-26053,0,0,7c7f74e869b26ac6fddfe010b02541c7f47338a10762619f17be95bfa6d71909,2023-11-07T03:20:28.813000 CVE-2020-2606,0,0,525b8acfb481411ccc0f174e56a0273af30bbf2d9f2b6a85fec1411f99070c9a,2022-04-29T14:54:42.183000 CVE-2020-26061,0,0,eba06bbf4664d07dc50f78db70d85029e20095294f2f7e4f3b5c3856d0f5688a,2021-07-21T11:39:23.747000 +CVE-2020-26062,1,1,6ac27361a2c4af8418483d64490d03bec461e03750ca1d4f7e83a6f4692325cc,2024-11-18T16:15:05.170000 +CVE-2020-26063,1,1,c71123b29798e6950a8ff5d2aea43abceb602916d7b0eba2fcf8212f4ccb8f60,2024-11-18T16:15:05.460000 CVE-2020-26064,0,0,695928ebd20ca0ecda3f135501ea1d07b664c6398012314fc05c32000cf83c95,2024-01-25T17:15:13.730000 CVE-2020-26065,0,0,9b66946512c60f0953b887f0ddd115f660f88e661cb4d4d8847b1599fa9759fb,2024-01-25T17:15:14.010000 CVE-2020-26068,0,0,b31c43a3584b8e5b2724f7f3b13c81dee7cbb9072d097f7471f77f92bc118e9b,2023-11-07T03:20:28.877000 CVE-2020-2607,0,0,f16383735a6aecdfb7ccf3e9137cd9d624fbabe121f8dc8a7e6412a81fe969ec,2022-04-29T14:54:53.110000 CVE-2020-26070,0,0,64a022b667acf4b556447a34b4e6ffd0037dcd6a02c7e9126dcc0c6fef8ee6c5,2023-11-07T03:20:29.040000 +CVE-2020-26071,1,1,fa0ea8d82d1b9d2e856eab6b447db58db6bb510499af63d77b70304b884947bc,2024-11-18T16:15:05.710000 CVE-2020-26072,0,0,cf092625bd1f72f4ad74375f716d1f8a7ea124364e756f37ad9c3cb956960edf,2020-11-25T19:13:51.127000 +CVE-2020-26073,1,1,ef11ed45c9eaaa21e6ce1a6a554a18a7b1c82921ca89e47c31f0b34e7e6576e4,2024-11-18T16:15:05.947000 +CVE-2020-26074,1,1,4268ade33eeb0bbb56586d68ab531438f049b2ef5822ec46bb9a0671f57f06c3,2024-11-18T16:15:06.170000 CVE-2020-26075,0,0,5ba19911cfccdb0b55a8d479ea6f04a891a3766fe22b0d2edb9e5a3cfa8a51d8,2020-11-25T19:25:45.490000 CVE-2020-26076,0,0,6d77c171f4efa0d4c85939ad41961848c0baa8614ba2a221227f9c435a8ad01e,2020-11-28T20:36:52.107000 CVE-2020-26077,0,0,a6d7aef7b8ab0111094ca9374c4d392cbd654c3dd7964b902ed47cea686c8ac3,2020-11-25T17:48:03.443000 @@ -155969,6 +155974,7 @@ CVE-2020-2712,0,0,877b40b3e2bc13d79ccdfb5572d5f9cb685dd5fa6fc951aa2941e9cef698c9 CVE-2020-27121,0,0,b0180b5382b180c621f805dd81fbeb285a8f4a65835edea0c9b5bfdaf6cfec55,2023-11-07T03:20:47.470000 CVE-2020-27122,0,0,bd0fd9bd9b716f4af786ec55634bb57321f198d69bc8d166abf39ef21f227c8c,2020-11-20T16:51:25.437000 CVE-2020-27123,0,0,c20884058d9a510b5de2ce60db329ec5035ed828198f26077d1cac42646bba79,2023-11-07T03:20:47.650000 +CVE-2020-27124,1,1,85879ccb4996fc74c4b0ec6aa5800bb409155121e60cdd565204a7f0603acffc,2024-11-18T16:15:06.397000 CVE-2020-27125,0,0,32d5df89894af515616c0513731458b77a5dc1d6464a83397b11397a7a8b265b,2023-11-07T03:20:47.807000 CVE-2020-27126,0,0,4dab6dfc14d6cb8758947cd066e690c2a89957975b783cfd8e32fb31d00f0e23,2023-11-07T03:20:47.970000 CVE-2020-27127,0,0,c05bfc76df14d76c89d996b04315ea8b6dcd067dd15e3faf025b670f1831adca,2023-11-07T03:20:48.163000 @@ -157944,6 +157950,7 @@ CVE-2020-3416,0,0,c3160ebc280c11e34e6656fcd98bc414ffd93d397bf1047c66aa198811af58 CVE-2020-3417,0,0,0bce31ba32ea9315d49c0c0d5f33d4b196bb9bbe9e3d06e7d3d78dd6efeaba88,2023-11-07T03:22:41.223000 CVE-2020-3418,0,0,97de2d9b1618fe024bb7946d7a6fb2534d522b489416bdba10179321ead51331,2021-08-06T18:57:08.053000 CVE-2020-3419,0,0,c12e3825ce5b905fda16f811c42c566e853fb0e2142f37d4417b9debcb113bad,2023-11-07T03:22:41.467000 +CVE-2020-3420,1,1,fb052141998389706f273068383bd39f98ea3926695082a4dc79e8c10abb7c56,2024-11-18T16:15:06.630000 CVE-2020-3421,0,0,ba0233dff4d2a5b761956182b29729309eba955c46c6aa5bbda8dfe3ce422172,2023-11-07T03:22:41.670000 CVE-2020-3422,0,0,9598c1ed15b5f85992b1da43caa1fef9056074dc3912858a657710e94df97b74,2023-05-22T18:57:24.750000 CVE-2020-3423,0,0,4a137255d7b78a6fa1145c26ca0da1d7a1e0c9c1c94cd9b91b22e21a5c961081,2023-11-07T03:22:41.860000 @@ -157953,6 +157960,7 @@ CVE-2020-3427,0,0,112a9e43fcdbb25b3343b99c51e4f8f06673e9baf58efa9540a2dd588c2ea1 CVE-2020-3428,0,0,cfdaba74d7f899f3f843dd8c12b427c82eba73839e66d14ad70ca6a540f97275,2023-05-22T18:57:24.750000 CVE-2020-3429,0,0,178db1b0b08f4fcaa05cede3de16745e53449147839f00a31c1e7cbd69667851,2021-08-06T19:03:16.813000 CVE-2020-3430,0,0,70a8b81d2f33c4a65c291522487faaf46965c003d49a8ee14f3a8082ddd4fc71,2023-11-07T03:22:42.457000 +CVE-2020-3431,1,1,cd125d3eea06fa245002c1de936f80243b57b136191b8af0cd75ffc48c2edd78,2024-11-18T16:15:06.897000 CVE-2020-3433,0,0,3b06a9d2e8ef57e126e735879ff9ca23b1992c90afe9ea757e8d229c41a50c53,2024-06-28T13:56:43.943000 CVE-2020-3434,0,0,ea05b0a501f6f4d895471aad21b0cacf00354490e1635db9730def03823ea427,2023-11-07T03:22:42.793000 CVE-2020-3435,0,0,46b4adae8183929cde4a1d7bc58810f86b89abf114ff534d2b1e8a96a37ae426,2023-11-07T03:22:42.963000 @@ -158155,6 +158163,7 @@ CVE-2020-35243,0,0,34e7f96910087c9ffe2793bb21efb175ed3cd5e18044bd755a51b4e4f4de2 CVE-2020-35244,0,0,3902ecf6edd019b5dd9e32f069bdd396d0241c0aa7296e94c0050fc4662b56f3,2020-12-29T20:19:25.150000 CVE-2020-35245,0,0,3f4156d0e7aa089aef1462c6dec953adb03eab594015e6ce6ec42eff381c3b4e,2020-12-29T20:14:45.633000 CVE-2020-35249,0,0,ec7bd9bbad761cd00127148d13868c623dd8e36200b95033fa427ca3bfdc17cf,2021-11-03T01:43:30.673000 +CVE-2020-3525,1,1,6de5750d39ff6a84e4525063e266579ab794a7ef4caeff68c14795727874fc22,2024-11-18T16:15:07.127000 CVE-2020-35252,0,0,c9864b0c08ff44d3b6a12a047256be3453631c766d04313d7e4c18a58ecf07a7,2020-12-23T20:18:39.557000 CVE-2020-35257,0,0,428fff52645584fd3da00450f464f9fea6f07b07d9091488b56a04c08c8056f7,2023-11-07T03:21:53.853000 CVE-2020-35259,0,0,5a73a66e5aabfa93d670cdb2ada20d3dd60d9f8357bb9343366839914ee5fdd9,2023-11-07T03:21:53.900000 @@ -158183,6 +158192,7 @@ CVE-2020-3531,0,0,d987cd64baac03651b8dd696df5be3acea7cc37f727fff17934a1a1df7ae52 CVE-2020-35310,0,0,1d2d893793cc2e3fc93b8251bfa436dba6d8953efb49989492dd75cb5b7e1677,2023-11-07T03:21:54.030000 CVE-2020-35313,0,0,6cbb70b83b146052ef9a0f7493cef63280e7b9d72e92d409d78c51c0c85c57f7,2021-04-23T21:18:21 CVE-2020-35314,0,0,8edff9b7c38ff1a147c69fa46d76d4e3eda485398a28adfc9172fb4ef97b9363,2021-06-01T20:34:58.733000 +CVE-2020-3532,1,1,ac8244c9578abdb02c8c251f5c8468fe827b9f7e69b892c2615e8de3ea997bcd,2024-11-18T16:15:07.367000 CVE-2020-35326,0,0,086c5752580cc3cea705d41f64fdcc7e023f1e3210817c731141cb8815ac346f,2023-01-25T19:32:04.047000 CVE-2020-35327,0,0,0286113bc6fd47c4f8106f687f5c6d4679dbfe1824c508b8cb4142003a722993,2021-03-10T20:58:27.273000 CVE-2020-35328,0,0,095aa227393fdf552415e14d3b5eff942292ac9071403af50c2efe312a2adb66,2021-03-04T21:44:45.227000 @@ -158208,10 +158218,12 @@ CVE-2020-35370,0,0,83b8fb1082d6a16ecef000da2e1567406fb37ad78b52005e1b91e35b3a29c CVE-2020-35373,0,0,601c2c24e850a7f2c55e7592205df7252a9ce2bb1877818b37479a9b9edd912d,2024-02-14T01:17:43.863000 CVE-2020-35376,0,0,b4566d696f3c7772ce0b72c3be363c6393d45b5d7f72cb4318bfcba9b4f3a6da,2023-11-07T03:21:54.200000 CVE-2020-35378,0,0,147e245daf3b62749f0d2d2646b7a7a07af6a6145b9caa1f910b63dc2cf34235,2020-12-14T21:21:22.667000 +CVE-2020-3538,1,1,50bb2d23483e31fff0b112543aee364634ee2d043af3ff70269a38f555041145,2024-11-18T16:15:07.660000 CVE-2020-35380,0,0,77679992049dd27edbdc0fe4c9cedf999a82763f3da3505d0e945343a6466415,2020-12-17T20:45:19.083000 CVE-2020-35381,0,0,bc62dfb2d1cee82d765c831ef7cbdf60846ee5ed06019bf61d45518b1ea0c750,2023-11-07T03:21:54.267000 CVE-2020-35382,0,0,d28c91d6a2842de7ba1a798e2529222efa235e70038ebfb8abb77ff2fcdade5d,2020-12-14T21:30:21.100000 CVE-2020-35388,0,0,2a4faf38d13016b175d75aa5e165c8eea3cc81ee6dc4c446ec3820d21bc91761,2020-12-29T17:35:38.583000 +CVE-2020-3539,1,1,680726ae797f2fb3159d4436ac593720768ff42b08b7d097bded1ed5e018ee86,2024-11-18T16:15:07.880000 CVE-2020-35391,0,0,97dc2aaf96dec4c190362e2e8353f974807847fb0886657398d3f0a574ecda11,2023-11-07T03:21:54.343000 CVE-2020-35395,0,0,060b9e663410bbd39fccd9d97a61df6273675d9a54e0622238ce714d2e58acb5,2020-12-16T21:10:45.507000 CVE-2020-35396,0,0,90ec6477d1e9de5dd6b799c307bb339025a98ccc0b1727227a87277577356244,2020-12-16T20:30:30.510000 @@ -158261,6 +158273,7 @@ CVE-2020-35476,0,0,db8f184781439fafd8912a611b64d170ab60e3c603e4a6485d47d0ecac3cb CVE-2020-35477,0,0,a682cf750c7000c53b911716c22ffd8b214f6105b6756dd0e66b0806f2089d2e,2023-11-07T03:21:55.070000 CVE-2020-35478,0,0,4377660fd6d56b14348e7c05363ba70f4636727e5f793e9c88b272cada67d848,2023-11-07T03:21:55.150000 CVE-2020-35479,0,0,b222e7e72d38b69b049736f70a4decd6c091496cefcd8b1206cfbed404c13826,2023-11-07T03:21:55.227000 +CVE-2020-3548,1,1,c1b01f97f7d61bb493345e83b08f637d2dc7aa5e62642afa1abb61794c104582,2024-11-18T16:15:08.100000 CVE-2020-35480,0,0,35620f7c3d6baf7d49e2b4e4b85df1d9afe6d5c59ff7dd7ea16bc7d6ba8a2b78,2023-11-07T03:21:55.303000 CVE-2020-35481,0,0,25529bae7d88d6ce90cbea1255d6034e83781c37d7b68714b7426697b1605677,2021-02-05T20:15:24.293000 CVE-2020-35482,0,0,00e274245694f8fc82a5bf640828072eade4dc9b76c32b6eb81531c8f77041d3,2021-02-04T19:42:27.730000 @@ -165586,6 +165599,7 @@ CVE-2021-1128,0,0,b73adf56eea0448d2dc8957c2d4685ac584965b01ebbb0fd63d25ad32ca18b CVE-2021-1129,0,0,e35c9e46f4d88612d4745a666bf86aaafba3b1de9ea361a0160fd7c1ee9d13c7,2023-11-07T03:27:27.770000 CVE-2021-1130,0,0,9a1293938e40569ec65b61b505e1e1b437e79c392f2f778b6f263860c147517d,2023-11-07T03:27:27.950000 CVE-2021-1131,0,0,888c7a3753cbe656caf55dffa177ee583a592cb49a90d2fb79abc99b7bc18713,2023-11-07T03:27:28.110000 +CVE-2021-1132,1,1,f8eba224a60e2d9d8116fb457a36722415e6e4347b93ef4adb69cc3041fc9e8e,2024-11-18T16:15:08.343000 CVE-2021-1133,0,0,7636a759e42342c5292c4db697a0407109722369911ea9c3defed35a308818b6,2023-11-07T03:27:28.270000 CVE-2021-1134,0,0,782837573abe396ed35de75e6a848c38b5fe09256474400f58534eb1983ee5b4,2021-07-02T15:34:48.493000 CVE-2021-1135,0,0,43e053627154f197d50b85648f0b0619c5d7cddff16f2ba1b28eac888a4baca5,2023-11-07T03:27:28.467000 @@ -165685,7 +165699,9 @@ CVE-2021-1228,0,0,edfadddf9ef009c088379b10c90dd83b82f146e89b9069b83b153450cfd9c1 CVE-2021-1229,0,0,e3fbf91cf4b60acc6e572f356088ba6bc8471519472467b8875ee2399377fdc8,2023-11-07T03:27:45.160000 CVE-2021-1230,0,0,0c00a6c1319a1d1fd605f49028b74b5f75cd5abe35d01b56d55dd04d5444b790,2023-11-07T03:27:45.377000 CVE-2021-1231,0,0,1cc284e4eddf1bd96d6e280e53b5f8f770fe394faf03c7356a3099da5feee9f7,2023-11-07T03:27:45.573000 +CVE-2021-1232,1,1,0bcf5a47c5c0fb64c725d608fe69844200aea8eced752ffd07939f41f737e8b5,2024-11-18T16:15:08.567000 CVE-2021-1233,0,0,9851e50c87302c9eb77d95b30ae9d923775f230312041d2bd67936329ea38246,2023-10-06T16:24:48.993000 +CVE-2021-1234,1,1,daea391bb9fc68247f7b3799087bf37a3c34c5dd3bb9407107197e4796fc2d0b,2024-11-18T16:15:08.813000 CVE-2021-1235,0,0,51e39173d03dbd8704ef7dd872e07caf5e65b90e6f1d3c675d952203931b99bb,2021-01-27T20:47:20.633000 CVE-2021-1236,0,0,b9b42429b079ac869ae6567e9de37c8a4dcdf350fb8837e7c84dee49b13af870,2023-05-22T18:57:24.750000 CVE-2021-1237,0,0,a30c61a48af897528f0bafbc9f542ee0b5e0211050e588ca4e1194655f347360,2023-11-07T03:27:45.790000 @@ -165736,6 +165752,7 @@ CVE-2021-1281,0,0,425e7a6e7aa4cd156c3964d8e38a6b40e3254112ab1f37210be662d6c9f2fd CVE-2021-1282,0,0,e24e7290f39a87cd7490f94b6f90a60211a1a5473e62aa8bd2eb29b4bd484598,2023-11-07T03:27:52.047000 CVE-2021-1283,0,0,b7528855e910c21ea5f5fab79bd60a9e90df3ed2356c305d9851da986a04a82b,2023-11-07T03:27:52.227000 CVE-2021-1284,0,0,05dc87ff7d22f146257b2839c67f913320007a439f42c81377ca088dee2b194f,2023-11-07T03:27:52.397000 +CVE-2021-1285,1,1,c64cc1cfcb0db6c60c1ab12bfdc137eca09de6c47244344d0d6de4f2d8aae514,2024-11-18T16:15:09.087000 CVE-2021-1286,0,0,24d85d7f89f9f74929fa86c32f636925c0d39c5e4c6d0c24888e162d0dfa5d5a,2023-11-07T03:27:52.637000 CVE-2021-1287,0,0,7eef7e2db3708b22be9d34c2e543123a34f56929b735e64c5b28fe3523f25238,2023-11-07T03:27:52.810000 CVE-2021-1288,0,0,89325ac7b25c50f14c8b8a1238e6c2b3c2e8444281e83b13dc170916c31c92a2,2023-11-07T03:27:52.997000 @@ -165829,6 +165846,7 @@ CVE-2021-1375,0,0,fce3255f4f2d3447aada6559cc4ab0533ac482a8ecb5571bae9e4fbd33fcb3 CVE-2021-1376,0,0,c184718a18958a62e23a6e4f494fdb62ca386c78543810057c8ea091794e7b93,2021-03-30T14:34:54.303000 CVE-2021-1377,0,0,17625f23a13fecf553bd149a507860f9bca842264ec80e8001811a1c653cd6dc,2023-11-07T03:28:08.260000 CVE-2021-1378,0,0,1f14397d99d6ea8a3e3d653d03b22431a3ad376aeda598c097f0aaf468ac6090,2023-11-07T03:28:08.503000 +CVE-2021-1379,1,1,5b45ca85b7bd8360fb35f6b1adc760815bb6f56c103563bd7744139dea623c5d,2024-11-18T16:15:09.310000 CVE-2021-1380,0,0,895abc19efacd50dd8c4befb636c4c749bfb9426764e790db09201cfb04d5430,2023-11-07T03:28:08.687000 CVE-2021-1381,0,0,9d930fdaf59233c40c0e97cf2da565598eba00ce9b74ae6c8ec48f11d94578f5,2023-11-07T03:28:08.867000 CVE-2021-1382,0,0,475e9f46d48ace7c83f67c79794486c7fd03c08e10da509b711e9b65fb82fc77,2023-11-07T03:28:09.047000 @@ -165859,6 +165877,7 @@ CVE-2021-1406,0,0,2be4d235c20e613eb6bc554fd74edbdde6ac1e420fdf2d98ae4405cf614d13 CVE-2021-1407,0,0,b21a049dc1cb8b92aef492af6a2d378d8ccca7c42198c80e6184f5e66780b9af,2023-11-07T03:28:13.893000 CVE-2021-1408,0,0,90c5cc90c1e75d340eecddd331f2d70ce0676c66f803b2030547a072a7df034f,2023-11-07T03:28:14.063000 CVE-2021-1409,0,0,60e01e05cc314e268b0191fcdbe3fd7b29299ea52b48e5e7d03b6831a81f77b8,2023-11-07T03:28:14.253000 +CVE-2021-1410,1,1,4674252d4413b3cbe9c269fe68cebb6976e26273019a3606dbe77fec4834b116,2024-11-18T16:15:09.553000 CVE-2021-1411,0,0,110d553b83283b07b7455cf697e4f6cb972f29779b41c0e710d1ba9983c8097e,2023-11-07T03:28:14.433000 CVE-2021-1412,0,0,4f32f9b9a2841afdd806b31fe1271433dd55110857fe172ed644d31ce1967f84,2023-11-07T03:28:14.643000 CVE-2021-1413,0,0,8d8354196a68de35d8fd89f112d7790257d38e6cc3b85ead5df8b7c5827244cc,2023-11-07T03:28:14.820000 @@ -165872,6 +165891,8 @@ CVE-2021-1420,0,0,e12797d2794378bfc6df02415930cd0b7c60a75324da866fe358f7950dc8f7 CVE-2021-1421,0,0,7b928d17adcf0e839e221a962d8b9fb2e922bcd12abcee998ab15458ab7c92fd,2023-11-07T03:28:16.357000 CVE-2021-1422,0,0,f215d7f2eac60c50491f1999b16afc3eb29e1917e48f80b8ff2ea5e0998fcc9a,2023-11-07T03:28:16.533000 CVE-2021-1423,0,0,63322d2e7c43f7460ba94f80ff4b760e8526e54732425a034de84bef9aa524bc,2023-11-07T03:28:16.720000 +CVE-2021-1424,1,1,266cd431d58b3ceb1b086e18074c7e0b05f755587acf9a2629485ad261f7e2a4,2024-11-18T16:15:09.823000 +CVE-2021-1425,1,1,e31f9f573767a7d035f9f5651a089355ea29e0c800aaa48c95e2667a98d3084f,2024-11-18T16:15:10.180000 CVE-2021-1426,0,0,ebe9ca018dd46681ce0078914b420957fcca639848f71401e5a58069aa613d0d,2023-11-07T03:28:16.900000 CVE-2021-1427,0,0,f16182235d58cf27e7b8738ce57f0a50c063b7261887b3554fd7712eec5a40f7,2023-11-07T03:28:17.087000 CVE-2021-1428,0,0,490ed46414aa08c341191dc5c92ecfb39bb8270923c4717b644ce938785ad0ad,2023-11-07T03:28:17.243000 @@ -165886,9 +165907,11 @@ CVE-2021-1436,0,0,0c08055943c2c8c511702e946e2aa2d48324b6bbcd7e69d5ca562c6a389104 CVE-2021-1437,0,0,86763f5db28948eb3b869558beae4bdfd9a07d03bc01a7781597b5ebccf61945,2023-11-07T03:28:18.740000 CVE-2021-1438,0,0,b654c09ac116369b6063ae87256adb7e11a55f964fd45e01ba178d30aec59c19,2023-11-07T03:28:18.920000 CVE-2021-1439,0,0,1ed649cc05f4b47442f4db1aa8c8af2d881f223b313d796adbc38c40e8677545,2023-11-07T03:28:19.093000 +CVE-2021-1440,1,1,f33e68f17539dc6bb2c8f931d51dbbde52850cfe249a931056b23a649be1d014,2024-11-18T16:15:10.400000 CVE-2021-1441,0,0,453c620e41a59b11025c2e222648f061783051bb1a143596fc432561606ce311,2023-11-07T03:28:19.263000 CVE-2021-1442,0,0,86e705333e456a35320dadcbd4afb56556626ce8cc943e8c2c3105788239c4f2,2021-03-30T18:24:08.240000 CVE-2021-1443,0,0,0fcd37106fded36c7310cd0a9765c8a79de255d08a1f6df047a6ad34ef274891,2023-11-07T03:28:19.460000 +CVE-2021-1444,1,1,dd451470a24c626a6fca8c7e5a377294c7f1e40f783acf7419dd199832162e72,2024-11-18T16:15:10.627000 CVE-2021-1445,0,0,0db9d6473611caddf4a43338826c826815d95ca820469d07c3998fa008c844a3,2023-11-07T03:28:19.637000 CVE-2021-1446,0,0,6beb3f5f28e4343a8647941ab756c0ed43df261f409c35b621d88eafec916c8c,2023-11-07T03:28:19.810000 CVE-2021-1447,0,0,2dc25827eba1f2a2801d96ac6e664e81e9aba39f800e4e936f31469820e7db2d,2023-11-07T03:28:20.010000 @@ -165905,8 +165928,11 @@ CVE-2021-1457,0,0,05257c54e232315057982275f043e8ba48103e3ab51bdfa1f97592929ce1d6 CVE-2021-1458,0,0,263d7494ed4bb1b0a3432ebf81af384e2ec6ecfdaed8077bd168e517083debae,2023-11-07T03:28:21.700000 CVE-2021-1459,0,0,56b2fc01d86da20d71515cb6213cc91e2ec296f51bc138bcb5820738f8e3248e,2023-11-07T03:28:21.880000 CVE-2021-1460,0,0,47be0f201f45cd0b8ceb48b3499e1efa0d43c1877b8142245b65f7263a024596,2023-11-07T03:28:22.057000 +CVE-2021-1461,1,1,faa2514940d9fbd5aecb5eca5f0ce090007e39a77a53dcecee259c6789f264f6,2024-11-18T16:15:10.850000 +CVE-2021-1462,1,1,df0e245e85d144d5ae2596bd065ad96f1b51df58e260743d0f34d97a61ca0985,2024-11-18T16:15:11.087000 CVE-2021-1463,0,0,ffc195d1166bc0d6787fdfc0cec2580a3b2a53f31d28fce59ec0c8b46d296b2b,2023-11-07T03:28:22.227000 CVE-2021-1464,0,0,69edcf99fca42452877c7d99e0481d6c6243b3bf0d342c9185950d620f44722b,2024-11-15T17:15:07.350000 +CVE-2021-1465,1,1,d8fb4e8a517abcf1108069e05d4581926c0df703cd39f244ce8dd3dc78baf3df,2024-11-18T16:15:11.350000 CVE-2021-1466,0,0,144b47122f71eb87a6dfc75681d4034620a616551c642a5d0941c7094143eeb3,2024-11-15T17:15:07.670000 CVE-2021-1467,0,0,16d0ae18a4d2970e8bc1800d9eb7f8e62737768f457e02f2477f0502b07369d4,2023-11-07T03:28:22.400000 CVE-2021-1468,0,0,b25464624e6ccf5128973d4bf048ad5c527411837ef5d1b126d3a376b7afb008,2023-11-07T03:28:22.600000 @@ -179906,7 +179932,7 @@ CVE-2021-37416,0,0,2e6268d3c4aec7d053473a27b3499f3c904bb8afa46207b20648c1d9d3251 CVE-2021-37417,0,0,0af7afec4419ac71323dbe19fcafecf8b5620734ea16d7bba48e8df850d31058,2022-07-12T17:42:04.277000 CVE-2021-37418,0,0,146b4ef0e7964748fbc25b1e94686917c4647a3307c5708e67798876e0feddf4,2023-11-07T03:36:57.323000 CVE-2021-37419,0,0,9464053d73f212e534a6909af63b44d1c351a4729e973af190457c0a1d02f2c9,2022-03-18T20:43:55.713000 -CVE-2021-3742,0,0,e6beb8378dac536963062c75373aaaf7538dd7cb6ac45905aa8bf7a058793cb6,2024-11-15T13:58:08.913000 +CVE-2021-3742,0,1,a47643b0ecd90a4a22309618a200637649d0c1a40d4f586857b1d98cf81f9b50,2024-11-18T15:35:00.667000 CVE-2021-37420,0,0,b52aa49c12ed23f5fc454663899c9e989f90752f3b6225dd6ef1f0904854480f,2022-07-12T17:42:04.277000 CVE-2021-37421,0,0,72a802fc9066861ac62eb2ef177ad824c7c5b2ea14bb5783b3fe6f6887532709,2022-07-12T17:42:04.277000 CVE-2021-37422,0,0,04c08c63b243212678162abf332587426643acf6f890ec905ee35d9fbe2fb7d5,2021-09-17T18:11:03.127000 @@ -180626,7 +180652,7 @@ CVE-2021-38376,0,0,d4485ca92681558168e0fd9a80da3a4ca7d974684f50f50f1dbd03a5e1f21 CVE-2021-38377,0,0,48443da60f90ac4652bc515c5c3f88029b2bd62277bc482a3739e4f453b49065,2022-07-12T17:42:04.277000 CVE-2021-38378,0,0,432e746fcb98480b06b83fac0fe9649e434fa56a8d7663d16931ad26e7f975bd,2022-07-12T17:42:04.277000 CVE-2021-38379,0,0,b8dbd9bba6856ef42bc651ecfafd71af15e01cfb8b87f0442cabe4efd9091d1e,2021-11-04T13:37:43.773000 -CVE-2021-3838,0,0,73ee934f950bc7bf45ef2754d13869d83992608338f01cd6970c5f24e125feeb,2024-11-15T13:58:08.913000 +CVE-2021-3838,0,1,df8411524ca90e9699cf70d047681b57e8ae84756a155d8ef5cb2d4075b873b4,2024-11-18T15:35:01.380000 CVE-2021-38380,0,0,966a303a4461fc8fabdefd21a52860a9a0545818ea34433392a6e6db9ea93c3d,2023-11-07T03:37:24.547000 CVE-2021-38381,0,0,f90987e628b6ca7ec620183d6ef4cd28fb101753b7f8f85a6534a6827c2cc9bb,2023-11-07T03:37:24.610000 CVE-2021-38382,0,0,56aeb4bbf5aec265fc686978fb16984a29124462e10ec9d950e4eb086e18c989,2023-11-07T03:37:24.670000 @@ -181147,7 +181173,7 @@ CVE-2021-39016,0,0,88d7422235623a2db52d08ccbb930b8332e62a309f55b1a0bb58ad6b4c307 CVE-2021-39017,0,0,43da2de1e5021798d5e2da169cbabdb2f1ea3bc804f6e06fdd5bba1a80d8bbae,2023-08-08T14:22:24.967000 CVE-2021-39018,0,0,ccad4b84b3066dd393e4dd8123dc7a6269ea1c28676cd9811de926207c38696c,2022-07-18T19:27:57.433000 CVE-2021-39019,0,0,469fabcf38af6844701fed49a6e80d48722d455ad28af8536243f61e3be90191,2022-07-18T19:18:23.533000 -CVE-2021-3902,0,0,0fc4ab0f3340e7aff4180ba39bd3b7680dbefdc5ebb9f68ca355d98694913531,2024-11-15T13:58:08.913000 +CVE-2021-3902,0,1,58e86e3d39b9aab6397309783470cb70ec58b241abea607985f0183600df9127,2024-11-18T15:35:01.797000 CVE-2021-39020,0,0,f8a046ed21eb98ee1f2ce9e6feab22d062faea367e7e86b10085c29b6de05cd6,2022-05-13T17:16:25.233000 CVE-2021-39021,0,0,c20de8bb5efb66e3ec217f01f9525cf7c58f1792615ff1990e77c2bd1881bc03,2022-03-24T16:02:52.140000 CVE-2021-39022,0,0,12f9551c868b6c453d5c84008020f3db65f37eb2f4891591958baa35af27c010,2022-03-22T13:43:39.510000 @@ -229893,7 +229919,7 @@ CVE-2023-39174,0,0,c6d2e823a977d91e23e51acd8d719844156eb21bb7500fe830b5bef64c5b8 CVE-2023-39175,0,0,bc456592ae9ac6c2adcc5162a962f99df7fdd9b829de4a2da8a4cbf033cf9c8e,2023-08-01T01:08:48.417000 CVE-2023-39176,0,0,aa563df238200eb898c9484b61b6445b97e9c0ed2befabe3252028130688420b,2024-11-18T10:15:04.667000 CVE-2023-39179,0,0,80222f972e2daa94434b13860108378b7ce180e0683db0fb066e37927d819acd,2024-11-18T10:15:04.980000 -CVE-2023-39180,0,0,22caad6df3b2bbbd75cf24534daad75037755088aa22f2cce57a87e2a9eff3ff,2024-11-18T10:15:05.217000 +CVE-2023-39180,0,1,c4fcfd20619d0100c8cc176e17ba2fc79a4a9f561608ec0e6641b28050002556,2024-11-18T15:35:02.397000 CVE-2023-39181,0,0,5779a7e12127c05426caed1b79cbad0420f35a50b8e5299eea089f21f74c95df,2023-08-10T15:56:38.890000 CVE-2023-39182,0,0,55a8ec3c40df58e32d7c6d55926b018855a6b6f54a0171e66bfc574495807417,2023-08-10T16:02:54.477000 CVE-2023-39183,0,0,964d0db7c48d041c6935cc07d25789a2cd8767124a64f3f9f2f3583c72690437,2023-08-10T16:04:10.890000 @@ -241610,6 +241636,7 @@ CVE-2024-0008,0,0,899bae3dea0b6932a6d046356f47764b32f025595d0eef60d8e0e433b2b040 CVE-2024-0009,0,0,31a37345511ab8f9e782cdcb9d09dfe3dad4751b5c25ab7a9b1c5c74d0c64c05,2024-02-15T06:23:39.303000 CVE-2024-0010,0,0,0619a8beffc460e406861d5436887a98d4820a4ca409aea20f604a00879fcec0,2024-02-15T06:23:39.303000 CVE-2024-0011,0,0,871bd2790e1644ed9a3dece6c89b7131ea036c72c23f82726bf2a5f6003f50ac,2024-02-15T06:23:39.303000 +CVE-2024-0012,1,1,8c030c3d83b71435ab782c5e6322192a684add6528960980887b9972a630da1a,2024-11-18T16:15:11.683000 CVE-2024-0014,0,0,57b1d977bcf36a4089ab5ef9c9905bf2b69a9e66b00e8c3e91bd20eccc0f8b75,2024-08-26T18:35:03.770000 CVE-2024-0015,0,0,00e8b369d8c884be684dc161c3d8d59320e06337f56989191711b768cfe02c9b,2024-08-28T17:35:03.353000 CVE-2024-0016,0,0,07b99aa38f7f021ca30f24587ae8679400297ca98f5e8da8ccc928cbae430ba9,2024-10-31T15:35:18.640000 @@ -242868,10 +242895,10 @@ CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef CVE-2024-10523,0,0,a761a52195ca091ecc100fefe31fd4eadda4d831fe94860e2a159923b6d0d68d,2024-11-08T15:14:30.070000 CVE-2024-10525,0,0,cfad79154f466fe96736eabfa65cac8f6409e21deb7f07d79c02c68ee3f19eb2,2024-11-01T12:57:03.417000 CVE-2024-10526,0,0,0fa46d8ccf5c219359a0535980da66887fa2b5cd7efbd75d68b15fd2b882e15b,2024-11-08T19:01:03.880000 -CVE-2024-10529,0,1,9539d9165463c4ef6062f503e118501e5313e51d190262ed2198af5f2a5dc85d,2024-11-18T14:59:15.043000 +CVE-2024-10529,0,0,9539d9165463c4ef6062f503e118501e5313e51d190262ed2198af5f2a5dc85d,2024-11-18T14:59:15.043000 CVE-2024-1053,0,0,3d9e5b8218feb39348551f4e96f20fbacd04f2b39830165bb00a553a3d3c5ccf,2024-02-22T19:07:27.197000 -CVE-2024-10530,0,1,e3e8a5aa8af87ef0e63a2252d7fc1dd4e05e13d53a5214a349201baf61c39609,2024-11-18T14:59:30.173000 -CVE-2024-10531,0,0,e8a99e3947962fa1716c15c30d166a85cfe0edf0e3b4f56c81c0f6c7e992f302,2024-11-13T17:01:16.850000 +CVE-2024-10530,0,0,e3e8a5aa8af87ef0e63a2252d7fc1dd4e05e13d53a5214a349201baf61c39609,2024-11-18T14:59:30.173000 +CVE-2024-10531,0,1,df38d7e5a1658b1a8b93a62cc54b1bd8d1c78902bdfb878f57607636df4c49c4,2024-11-18T15:02:30.197000 CVE-2024-10533,0,0,74ef37a599912b5086a41dd08113d34c5b498ce14043f9595827a5922b8b41f9,2024-11-16T04:15:04.810000 CVE-2024-10534,0,0,df761b6d87b593c42e2ec312a2991a8ebb6274d59b353fff12911b0bdc63befd,2024-11-15T13:58:08.913000 CVE-2024-10535,0,0,14a566633b856f0bcfd07185d246772590c919ba8cb5a244786d38adaffa8830,2024-11-08T21:19:27.540000 @@ -242962,7 +242989,7 @@ CVE-2024-10674,0,0,d16f584849190e67ddd9b044fe809cc53716f0604b4d903c0b675313c791d CVE-2024-10676,0,0,c4d26028c65dae8ee24a6ae71fbafbbbdf2f434e1b4ee4c7591876108357a5b0,2024-11-12T13:56:24.513000 CVE-2024-1068,0,0,affccf40ed47a318eb2ecd8e307c56fa640a43f94e3b3e8b50a778ab4a9c998f,2024-08-26T19:35:04.287000 CVE-2024-10683,0,0,81b5edc9806b9d41a626cf134b47e67b5d64e10aaf06aa6e2f1151e4509d5dd6,2024-11-12T13:56:24.513000 -CVE-2024-10684,0,0,93a277d7ab438b6a4fb270ab2315b6af7623781a6c0c1569446fa3964d272d4a,2024-11-13T17:01:16.850000 +CVE-2024-10684,0,1,b85c7de6b850f9f6fa924663653093a088927ba9544123a6c6da8464be6e3906,2024-11-18T15:03:08.437000 CVE-2024-10685,0,0,1d5e3517448dda5f262310078551ab26523509e6a1746aada937566f5315b2a6,2024-11-14T19:40:14.953000 CVE-2024-10686,0,0,fcdad82b29385ae50029c826386214a0438adfef3126687e07ca7cc6d49750a6,2024-11-14T18:15:17.943000 CVE-2024-10687,0,0,2d74811f2fc6d3aaef423135ea18016bd4a20ce3a927ba94efb8aa3eac4c5b2f,2024-11-08T15:26:52.523000 @@ -243149,7 +243176,7 @@ CVE-2024-11000,0,0,a7e8d5385c553ca345a72fc5358bdef9d69bb9b3c3980e31af7a0cfb92d81 CVE-2024-11004,0,0,ae81cd254161ae2b32edcbdeb3c8b9257e0a408bd5a5695d4038ccc9e5adaac9,2024-11-13T17:01:58.603000 CVE-2024-11005,0,0,18600e5d1e147dc33df6674b63d788b55c4a385ff97d609bb37b926f35b08fad,2024-11-13T17:01:58.603000 CVE-2024-11006,0,0,061dbbb4d5e160bf001f7720eb41186dcf120f20d17fa119f965812b96c1ebfa,2024-11-13T17:01:58.603000 -CVE-2024-11007,0,0,49e9de6ba3c2fbd39c26db048a1fe8769d84c424bd5d8a3b549661a03c74290e,2024-11-13T17:01:58.603000 +CVE-2024-11007,0,1,739b4480808aaf35beb15593b539eb1864eda053bfdf0d68bd7e2f6002d0197b,2024-11-18T15:08:22.883000 CVE-2024-11016,0,0,d24a4ef547b8db93612dd948add59f18f08d5f729dd643b0e0ee56cabc76c4d5,2024-11-14T21:53:49.530000 CVE-2024-11017,0,0,615d13f4614fb6189004494f6f7bcc0196d98191fb1c6c5582606270a0f1f5ce,2024-11-12T13:55:21.227000 CVE-2024-11018,0,0,67e2bdeaae57fbd6c74bb8768664499e1b600050abb1f3c70030429c7d4a1a43,2024-11-12T13:55:21.227000 @@ -243157,7 +243184,7 @@ CVE-2024-11019,0,0,06c9591e4e5c6d656b8baab894d6c2f87e1056846bc80e098fe357c255272 CVE-2024-1102,0,0,0928bf44049eedf97e0b54e5fbfa6f0206fb5c0a5ae4e275eff0db0e3aa685dd,2024-10-16T15:15:15.150000 CVE-2024-11020,0,0,963165b309d98fa5de51d6a8811a97c5874fd64e0767359ebe01a6a8b627fb39,2024-11-12T13:55:21.227000 CVE-2024-11021,0,0,4d0c567ca6da32cdf6e4235111bcf9fdb7e328dc15e30ef740c5a8d047e64dcf,2024-11-12T13:55:21.227000 -CVE-2024-11023,0,0,7f8f2a02c518743080070fe65ebb3bb1e6dddc4e4b1139f8776b4d018a742a81,2024-11-18T11:15:05.507000 +CVE-2024-11023,0,1,9e37aad0616c088340996391674fad007c134f5bca246cb5de4faa1ad7507ac3,2024-11-18T15:35:03.307000 CVE-2024-11026,0,0,5bad097199e56ffd1f4b7755738c2445dc243d6c7a33468e0f417dfbc0b75e4b,2024-11-12T13:56:54.483000 CVE-2024-11028,0,0,a5fce876a39d3e00d472044131a8d336932258a82ff3a02e40bb7ab1cc37c8ff,2024-11-13T17:01:16.850000 CVE-2024-1103,0,0,7224a9abc8ad2624b19754063e5e3f1dd278d487bc1541d6b3a3ae6b5907a9fc,2024-05-17T02:35:14.273000 @@ -243228,7 +243255,7 @@ CVE-2024-11130,0,0,15b63aa205de6a4f54c182b134585f269cb8266092a000bd91d13bef5e0da CVE-2024-11136,0,0,24240577f7b850705f8148f1e2257c636c3b9dc696f019566c5d55e0511cc8a2,2024-11-15T13:58:08.913000 CVE-2024-11138,0,0,7b0edb369e2d9df427aea00759a3991acb4ee32080a1e83cba9502f5a7a362f2,2024-11-13T17:01:58.603000 CVE-2024-1114,0,0,4ba1cd03fbc35862ac6b2ce79da50122dd303ea22f4f4a45a352ffb5be12a8ee,2024-05-17T02:35:14.777000 -CVE-2024-11143,0,0,afa973c0d7b6775e8a3e1501bb8b50b00d0cf24b4f20e280bf1c57dfbd3fd51b,2024-11-13T17:01:16.850000 +CVE-2024-11143,0,1,96ffaa2455664e18d60b42605835ada70f7b0d6d8faec6d0bfd534d22c653ec3,2024-11-18T15:03:56.927000 CVE-2024-1115,0,0,4dae9d3d8bef65fab3d547368288cc3126446be18b7fc740123f9a96bd6241e2,2024-05-17T02:35:14.880000 CVE-2024-11150,0,0,3e3c713e3eaad09aa014087e1c0cf6ec0a3f52a733d6f796982bf46a36311d42,2024-11-13T17:01:16.850000 CVE-2024-11159,0,0,acc315ccca82d4dda8527171d6a7ed0296dd6177834223afd6bc1a7bd47506e8,2024-11-13T17:01:16.850000 @@ -243238,7 +243265,7 @@ CVE-2024-11168,0,0,5e610ba56b770f0c45b8e5f1da8a18409af80ecc6fd32d397017d56ba5ace CVE-2024-1117,0,0,0eff4d8f06fdd3645727772834638be79e19128758cbe94b2a8e7a297167b8d0,2024-05-17T02:35:15.090000 CVE-2024-11175,0,0,a70e7384355b41e57dbae42f60548787ddcd5e64369094201d6e3104c030e304,2024-11-15T22:50:48.817000 CVE-2024-1118,0,0,6c399aaded9e96cfac900ecbd30e202d5a6a42d5625667c3de9725b65dc62fc3,2024-02-10T04:13:01.030000 -CVE-2024-11182,0,0,bbc5823c925fc2184a2a83877cc09875c80439dc02976bdda973bfb6b8b76dea,2024-11-15T13:58:08.913000 +CVE-2024-11182,0,1,43e4e2251d845a1f0d31bd2b62102b26d7d278b2b068b2f8e9e82735945af2ae,2024-11-18T15:35:03.553000 CVE-2024-1119,0,0,5426bc48e63724893c52e881a8535fb7954cf4e6383fc287bdb9896410f7d3a0,2024-03-20T13:00:16.367000 CVE-2024-11193,0,0,a70708fa48dd67ba3a86a48525d6b9656d6da3b4be924e80c673ce5d9c638eff,2024-11-15T14:00:09.720000 CVE-2024-1120,0,0,4ae965ad3da5f8a3235e6e58dd82dd504b21e474d229ae465351f9f2ed6318d2,2024-03-01T14:04:04.827000 @@ -243284,7 +243311,8 @@ CVE-2024-1127,0,0,fc004f13d69dd65990588f481257d3c8dd60a3804cfac37ac389768e5b88f0 CVE-2024-1128,0,0,de5352d9c421a908307277eb7da3f5f6fcfc08a095ea033ab740d4804aa5ccea,2024-02-29T13:49:29.390000 CVE-2024-1129,0,0,bb6d36851ed2d72741a575302302ac57d511f2bf349c6ca7db7385fd53c3529a,2024-02-29T13:49:29.390000 CVE-2024-1130,0,0,19461582000c347e1c07ca83a1d00e23feee8e20532d52fc093ba50686691b5b,2024-02-29T13:49:29.390000 -CVE-2024-11303,1,1,9da6acbc13b8b94f12460b376e430401cf7dc7201a4560e3f86e7a663c5de78e,2024-11-18T14:15:04.963000 +CVE-2024-11303,0,0,9da6acbc13b8b94f12460b376e430401cf7dc7201a4560e3f86e7a663c5de78e,2024-11-18T14:15:04.963000 +CVE-2024-11304,1,1,0ebe85cb7126f33024892f8e4152c3168cbcf0c601c7b0d0b9d96a563bc5125e,2024-11-18T15:15:05.663000 CVE-2024-11305,0,0,5328a95bbf7e662e12a857ef5dea77eab4ecc316fb4f536e8772e1db4fed63e6,2024-11-18T01:15:16.307000 CVE-2024-11306,0,0,f77aaaa67be9242d576d27dffde714b37bfb854f091ee9b96d0ca7ce4c9e08c4,2024-11-18T02:15:15.577000 CVE-2024-11308,0,0,7e0a566461a1a25058b504b1b076a10b434fc2fde4d7646a8b9f4bf31fc5a5d5,2024-11-18T06:15:04.263000 @@ -243295,8 +243323,8 @@ CVE-2024-11312,0,0,71db06e2a096f0449f94df279bc5cb863b993686028b0aa9e878b169c9d8d CVE-2024-11313,0,0,890f011cbf9b34450e7704907c25d098bdda5249e8660c02c0f3a68f1c57debc,2024-11-18T07:15:15.420000 CVE-2024-11314,0,0,77b62bdc6299b6d60a12b7a7152852e6fe05a08406e9a701a9a1af91def37fef,2024-11-18T07:15:15.993000 CVE-2024-11315,0,0,cc9ed50e7db63318901354c8ed077ff950a09534cf38b4d91deb60ae50f13e1d,2024-11-18T07:15:16.673000 -CVE-2024-11318,1,1,c8d49187a5efe2783469b03b708c4e2e5613cc8fbe66c94c34d585263b5d3164,2024-11-18T14:15:05.233000 -CVE-2024-11319,0,0,cecbe2297dcb3803a189d8053634c3a4c17cea5ade2b89f632f2b5b9eca8384c,2024-11-18T12:15:17.853000 +CVE-2024-11318,0,0,c8d49187a5efe2783469b03b708c4e2e5613cc8fbe66c94c34d585263b5d3164,2024-11-18T14:15:05.233000 +CVE-2024-11319,0,1,03535002bb7861c8dfa29a1f50005884bae7a36a487f8342041e970c5f3ac585,2024-11-18T15:35:04.247000 CVE-2024-1132,0,0,3de6e62885ac8497a4c1d8f4950ebedc171b13b33dfedd6a9eea9ae164fd993a,2024-07-03T01:45:01.507000 CVE-2024-1133,0,0,b8b851364368259dd533f1c71b437f741276dcf99770b03558b5d9cd5d3f095a,2024-02-29T13:49:29.390000 CVE-2024-1134,0,0,92ca7b611a6a52333e888fa3a581b5dbc5c29b22a5e7e62eb553cb40e2cb6d77,2024-05-24T13:03:05.093000 @@ -249907,10 +249935,10 @@ CVE-2024-27521,0,0,142655bf7422b3c81bdc37fb7ef4329756d07238f339af47f3bda39ff16ed CVE-2024-27524,0,0,08e4bd6ccc21c266f96d6111b83d7d95158b2c7ca600162e7e70631b4fc240b9,2024-11-04T20:35:04.913000 CVE-2024-27525,0,0,e06f7e0695efcbe9bfa15a3ac23251ff54875c477a75b737778895eddfe51566,2024-11-04T20:35:05.800000 CVE-2024-27527,0,0,561071f55bf39a5eae90c6ffa4f2a2bf64edcd1946d8640c93068818852a00d5,2024-11-13T21:35:05.767000 -CVE-2024-27528,0,0,8e5e64d5896bb4f08bd65010fee44fd4bc816b91322c1d5da165f686fa4515e5,2024-11-12T13:56:54.483000 -CVE-2024-27529,0,0,ae5ac30d91d813ffb496447ac8ec9db4673e6f5f2a047bfebea87038b4ba4195,2024-11-12T13:56:54.483000 +CVE-2024-27528,0,1,684946450688e414ae8a0e60d1b11cba358ae04d632db84749b9fabb05d89c8c,2024-11-18T15:35:04.500000 +CVE-2024-27529,0,1,6f2f1e63a4b9dd375f7852c59b4a3b6a624c209c9335fb0779107f3a745cefa3,2024-11-18T15:35:05.340000 CVE-2024-2753,0,0,49ae39425f6531deb039d8727a759281a000c2c0b8058f4a13a0491f93794534,2024-08-30T22:15:06.227000 -CVE-2024-27530,0,0,d0e8cf9b008d00f34dc2439135c42d2b17ad385268aed8a62bc7cc21862e8d54,2024-11-12T13:56:54.483000 +CVE-2024-27530,0,1,c97aacf77b892ac56a4dc1aa81533416df2a035271ce715380578673eab043c3,2024-11-18T15:35:06.170000 CVE-2024-27532,0,0,33108dad0c7ee7bb8522025ebca4a44eac30b0fdc3bf3f3af35b25e37a41b55f,2024-11-12T13:56:54.483000 CVE-2024-27536,0,0,c377b0d21fbb5c7de68c4946896ec2f8ec67ef0d39bad02515cbb41c44d1bebd,2024-04-23T22:15:07.037000 CVE-2024-27537,0,0,3cbe9bcef09fe4fba870050d9e0c130363a525b398fa9371487301911d20249d,2024-04-23T22:15:07.087000 @@ -250295,6 +250323,7 @@ CVE-2024-28052,0,0,c15d25a82fbb807832ff1bc94dd565bcc8e771a56ab0af0e3e3891fe636a1 CVE-2024-28053,0,0,c6161d8eec33d0d4874e655333f8b3d42189dbff5254c952286bcd697b2efc85,2024-03-15T12:53:06.423000 CVE-2024-28054,0,0,42bd8bafc554125a5c189382c84c5d77dd5214fa492ad959b0494172465d0aa0,2024-03-23T03:15:11.510000 CVE-2024-28056,0,0,c35a08b2cbca4e8b19728715e17e817ce4b19045fe6d73162e692c29df0fb231,2024-08-15T19:35:07.857000 +CVE-2024-28058,1,1,5c0f05ce0ed7cfc6789c4082c032ffd2fea28b85b8d3b0f49e9d3771a52b9e97,2024-11-18T15:15:05.843000 CVE-2024-2806,0,0,d5f508ca75cb9f6fa1405297772fa31ca59b69e9c9f039686470ebea3a3dfe0a,2024-05-17T02:38:30.940000 CVE-2024-28060,0,0,749ab409791184ab9b217e9bb8a98b7497dfd8e9ca8e8b87425c211be02834c2,2024-05-29T13:02:09.280000 CVE-2024-28061,0,0,0da8d5a46b5a84ef03a399421122389044f0b8af2c6bbfd8c56d0b659ead8cad,2024-11-01T20:35:10.410000 @@ -254363,7 +254392,7 @@ CVE-2024-33696,0,0,8adc0db7b8cce33b994e835fa3f282e25f1f4ef5644a2aed7cd50d800fe73 CVE-2024-33697,0,0,4a571113caa6ccf495d29be30608c42f9dddf9084d1562bed260e698c04aae88,2024-04-26T15:32:22.523000 CVE-2024-33698,0,0,80f9728a007b76bec9e55fcababf9ce2d8cb5c11944f565f0d36feef068c4511,2024-11-12T13:15:07.653000 CVE-2024-33699,0,0,81b1f37e6f990294e3d0e58469f3ce075096d2792432fa2b41bba58241b973e9,2024-11-08T17:09:29.790000 -CVE-2024-3370,1,1,22a6725c7e1cbd619086f438626f44daba63173c7fa7a2ccfdbce153918ade8b,2024-11-18T13:15:04.310000 +CVE-2024-3370,0,1,020e6a4428c9d697bab005e8ce8d542679f3c7059d1793a65aa6d28314cfb774,2024-11-18T15:35:10.060000 CVE-2024-33700,0,0,800096d409fd3a2a3a42bcca491373284624d5b7e93ac5ccde5cb0263c58657d,2024-11-08T17:06:16.147000 CVE-2024-3371,0,0,d2e6ea20ce5eb692a4e48c27aedae40a56c8f7db204eed4d633cbd78a04f68c4,2024-04-26T15:15:49.357000 CVE-2024-3372,0,0,a196d1e45ccce196e4deb1ea2387c2fe4f6bf89b27a8a7cd4be5ebcd31c9a0db,2024-05-14T19:17:55.627000 @@ -254395,7 +254424,7 @@ CVE-2024-33786,0,0,4c34eaaeb6404bd11728362ca0ccaf1f06d8896bfaa0a8e30f5a7055f9db9 CVE-2024-33787,0,0,c79d3756f20fa8608bd38338556aeaa798aa21ec0e9c3dffe176487918ad4adc,2024-08-06T15:35:13.693000 CVE-2024-33788,0,0,db496e414e9eacb69df835d7ad8cccbd3f6da6b6998f07eaab69cafc694fe336,2024-07-03T01:58:47 CVE-2024-33789,0,0,1b705f261bdfdb3c7c0384a6685c74908e5e41969953d5575683a1d41efd63d5,2024-07-03T01:58:47.770000 -CVE-2024-3379,0,0,e776f04686becdee7e5bee331d50f368d0ba5251e64da990de4631e2975a6437,2024-11-15T13:58:08.913000 +CVE-2024-3379,0,1,d47e51a4e3de73b79c4c139f8c725df94042956f212de1ca635c2c94a5e5992d,2024-11-18T16:35:03.197000 CVE-2024-33791,0,0,4a99a46cc9bc13330a58a77df6070e766b5a533f0015633cf295877892d64b94,2024-07-03T01:58:48.567000 CVE-2024-33792,0,0,7c7c9a5cdc3e6c8c82320ec108a0ab3708c01bb96dfb27d34785495a231c6066,2024-07-03T01:58:49.357000 CVE-2024-33793,0,0,657ddfb93c384e79c20456942320d557ebaeb8c427e62d4fba5eb78b0e45cbc0,2024-07-03T01:58:50.130000 @@ -255348,11 +255377,11 @@ CVE-2024-34995,0,0,c5ae887edb3d68f5b17625c821aa1f4eef9c82bfd086996cef9a6f896adae CVE-2024-34997,0,0,5fbdf010972a8268fd5a9463e95189eba51629c3cae1b641fade25965bb6360c,2024-08-27T15:35:16.800000 CVE-2024-3500,0,0,65f7cd29cdae6ff6308db5dac7c1e408d4ae13919a645c3f45d14d5a6eb829b1,2024-05-02T18:00:37.360000 CVE-2024-35009,0,0,3fe7a6685d547c8f13c78e6aa6b52334336d0dbec9afe2301a9c305ba9814939,2024-08-08T15:35:12.080000 -CVE-2024-3501,0,0,2c8ff451d5a9427aaf909dcd82c3a2a25f785233552510a3d1161572da1c30c0,2024-11-15T13:58:08.913000 +CVE-2024-3501,0,1,ce8024ca1053c5b49eacc4afc2f5ea059327fb5a952e6dfa1ac835cd61cacc02,2024-11-18T16:35:03.523000 CVE-2024-35010,0,0,6e4b79d2c02224bc0070ffd30b8ebbf9821b5f9a967abd7e45b682dfed020dc3,2024-08-20T14:35:18.007000 CVE-2024-35011,0,0,20c56ae7701ad2e917dd6b2ccceeffea8e94a8ddd9a2b2ca02beb893f0a0b7e1,2024-08-19T17:35:16.943000 CVE-2024-35012,0,0,c8bd09796e971cbd360d6bb5909687d1917c7ee2369b2a3730c7a0355d3c5511,2024-07-03T02:01:12.127000 -CVE-2024-3502,0,0,beaa7a1820cbcdcb8cd3f5dc47679871118ab1c58c785114cebcce6c52f28dc0,2024-11-15T13:58:08.913000 +CVE-2024-3502,0,1,23129de5f948decb1cb9b7e191dd4a8dc744f0940e392a69120e1554c79fd17d,2024-11-18T16:35:03.850000 CVE-2024-35039,0,0,16789b799d84c4b57ca393e0c1f64a27f89bdf5208029185a91c381dd5f853e1,2024-07-03T02:01:12.907000 CVE-2024-3504,0,0,e2de0e6f69991c8d2671ce35086e9faed799d2b484a27eddaabccf584b0c7ea8,2024-10-09T15:27:06.437000 CVE-2024-35048,0,0,7d2e40c430e02cb68d065988844aba370a92c807c6984a33499abbf4ef502def,2024-07-03T02:01:13.607000 @@ -255597,11 +255626,11 @@ CVE-2024-35401,0,0,e20c7deeda0300f83b1078cc4b3716ac7ed24c4deff40921468ca6f87181f CVE-2024-35403,0,0,4d9a98843a184aa3f7fed28ea2e26cfcf04b1cff379a69b2f7e72017e9a927ab,2024-07-03T02:01:44.377000 CVE-2024-35409,0,0,c1e09f17fc040d1a54c6ca919b4e6df91e3a03195ff96673036c48a4d8f8f539,2024-08-20T15:35:15.637000 CVE-2024-3541,0,0,14abae851d976e531eb89e36d00e68f1b4222a58cf78e09467f8f13cc823ff73,2024-05-17T02:40:00.373000 -CVE-2024-35410,0,0,9934f2e6e366ff34bdd808724edcc20da9d4ffa302f6042b1ef31ec5c87c8f5b,2024-11-12T13:56:54.483000 -CVE-2024-35418,0,0,127590939381ac9ea1bca215e8e87a187a90e6c39b1f8c2664dbc969ec02cf66,2024-11-12T13:56:54.483000 +CVE-2024-35410,0,1,52671e43e1c98458ff052108b26bb6efc4b640d270a72c17011f8f9bb7bf5922,2024-11-18T15:35:06.910000 +CVE-2024-35418,0,1,381932b4d565644b8a31b6be16605f8633f195d7cc6d282ad1c81ad730a8c88a,2024-11-18T15:35:07.790000 CVE-2024-35419,0,0,77ead0780a68b696ac114e0cafe1c352c44b6817832d7b710fb85987af543cdc,2024-11-12T16:35:09.570000 CVE-2024-3542,0,0,5a8537177eac38ffc4c0459430c529ffd4234d4390bfe331be843583f4e31e36,2024-06-26T18:15:15.750000 -CVE-2024-35420,0,0,4c667b45d6476240fa11c340168a28995c519352d0d8af72f70403dfb921e277,2024-11-12T13:56:54.483000 +CVE-2024-35420,0,1,0d0b01a3d569270d8acec8b01619e9099dbd6673e118b59864f36647656f85b5,2024-11-18T15:35:09.067000 CVE-2024-35421,0,0,352e363e5c883c2c66505e433f951e8999b219db6cbd6293c4bdd2f64e99938a,2024-11-12T16:35:10.447000 CVE-2024-35422,0,0,1241ed0ebb5f391f2364e38fffd979f9b99255d936a154e4d0a9366f235ba4b3,2024-11-12T16:35:14.203000 CVE-2024-35423,0,0,33eb9412472842bd71735d54f4c85e836f85667840484c5493e4d718f535e52a,2024-11-12T16:35:15.027000 @@ -256914,6 +256943,7 @@ CVE-2024-37151,0,0,8369ee3c4d467fa86763a95ad47c05c55ab1bf8ab2582315661b340a8d9a5 CVE-2024-37152,0,0,ac6f3acf11b3a1f516e05266cf8046e8001605f3fd121de5700d8dfd6dcff917,2024-09-18T12:51:04.430000 CVE-2024-37153,0,0,9f4424de0035ce52fbc12758883da96bd3d6274fe3ec25134b2ea0b426063640,2024-10-15T19:40:12.917000 CVE-2024-37154,0,0,dd0ccf9a2b9c80e8d5e5d3b5ee95b70b33aa0e3330c8531821fb592ab05146b2,2024-10-15T19:43:51.117000 +CVE-2024-37155,1,1,b6f432a06d7e3263c8fb3a36f2e291289944fea84428f03a1d9f3dbb5a9987a1,2024-11-18T15:15:06.210000 CVE-2024-37156,0,0,a4629359601329a252e33b03a4ccc833dd9e2ce7a4a6bb980b335d8342668158,2024-10-09T15:08:29.647000 CVE-2024-37157,0,0,a07622f963d285fd9e3dcfe8c8c66929285017ffcec83ca71975fa9dd7c880ca,2024-09-18T13:50:23.367000 CVE-2024-37158,0,0,d89015f3d5c7061659d9d0607cd8f932d19692ba0c53081aaf8195c4a3e4e008,2024-06-20T12:44:22.977000 @@ -257128,7 +257158,7 @@ CVE-2024-37391,0,0,e99f92be626b4b841a6b299b2728912f45fefbd409010bfee05135471d62a CVE-2024-37392,0,0,aacf1862268af2cdf1c4491d7b5ae4c041bcfa60748ed52139bf258567ef92c9,2024-10-27T14:35:09.803000 CVE-2024-37393,0,0,b93d796f3c4283b87dfd22c20f36a8116f582a381c44650f39c5ea43e6b806f2,2024-07-03T02:04:18.707000 CVE-2024-37397,0,0,7fbcc51c6b175128d4a712387aaad70ff152c7c1c439f81c942699a1e4599add,2024-09-13T16:35:09.630000 -CVE-2024-37398,0,0,94c37aceedc403fbc8848d0ca610112e27ebc69bc3aad63946c7f56b596ac098,2024-11-13T17:01:16.850000 +CVE-2024-37398,0,1,d014b7eb9a15e5e3eb9081a631750734a91337406ca89540557d8e0fe4675904,2024-11-18T15:23:23.543000 CVE-2024-37399,0,0,308e730bcc199d112d6cfe8bdbdbf7120fa96451bfff020b7962dbf1afddf5e4,2024-08-15T17:31:49.067000 CVE-2024-3740,0,0,cf4cd6bcfe639a4f771a19ddc36f820864da86f0d9d9f91c68694d8633fab251,2024-05-17T02:40:06.170000 CVE-2024-37400,0,0,fd4f533eac30efcd3f16887561cfe66601f6740f751d3f8ba2c9c44e9b1a623f,2024-11-13T17:35:04.687000 @@ -259730,7 +259760,7 @@ CVE-2024-41143,0,0,e8899d473fa3a8ea11660d6f2ba88aff617e29347ef6b002447e4155241e1 CVE-2024-41144,0,0,a99ced5ff39791199789f8b7404cf70d5ada3bff5c6dc65a7803cc1121e905e5,2024-09-04T17:25:48.123000 CVE-2024-4115,0,0,89bc89df66a101d446d6568b359dec67345256fa579984420e2e2fe7ea4994ac,2024-06-04T19:20:29.937000 CVE-2024-41150,0,0,f29e18c57230cbc3b76f00f0b7fe1001f55bb08bda82442884bf5072f9726b00,2024-08-27T14:35:09.013000 -CVE-2024-41151,0,0,ac2e20cfe18937f41a25987ff4765d4d73273b765d5092fe92ec19e25f2d0d10,2024-11-18T09:15:05.010000 +CVE-2024-41151,0,1,433e59e3d1a295fa75cf194a270eed460d96149649f776978d81b487e9be661a,2024-11-18T15:35:10.290000 CVE-2024-41153,0,0,dafb89be97200d81ac5d60fe35f2a445ceac861b85bb58f78c85df804ae27889,2024-10-31T14:37:48.533000 CVE-2024-41156,0,0,c0093084afabf89304f87b01eeae3792e9c6bc73b0c168ddc8c792fe08c67a19,2024-10-31T14:49:39.800000 CVE-2024-41157,0,0,7a282611d45c2fbb6f2dc936e4617dedd23e7f4d2ca4cbf354d2844aba4fb55d,2024-09-04T16:30:40.737000 @@ -260664,7 +260694,7 @@ CVE-2024-42493,0,0,62acde285327354a8bf885be4a4449e2ac155d363ca62a755a0d6560a4377 CVE-2024-42495,0,0,9abc7330eac6d6df1f12abde56401fb389a89e85bdfac6db206d32a19ef64c3e,2024-10-04T14:37:36.703000 CVE-2024-42496,0,0,82629bcd722b8cb6d341bed3916823c994361fb6b4946b9099c29ac012cbc5a4,2024-09-30T12:45:57.823000 CVE-2024-42497,0,0,6c95277a74b4240375f9e65f5c21a104fec038817af68c50a8b421844638164c,2024-10-16T20:05:09.183000 -CVE-2024-42499,0,0,c9441ed075a7bfd8e58b67a4fefec6e1fb82fdc6387117c2032cf13cf05f22de,2024-11-15T13:58:08.913000 +CVE-2024-42499,0,1,2f55b7d29eccf27765c0ee4e672821ca8be7416e8b0531bb369bed1ddddc47a9,2024-11-18T16:35:04.877000 CVE-2024-4250,0,0,29d8096febeb47af7a705b5c5f44b0e0121b5483d3074c39ff1bff1155e9a3a5,2024-06-04T19:20:34.200000 CVE-2024-42500,0,0,f0bcaea9090b49f77db24a21554ec397886059105966434018e3d2adca5c9151,2024-09-10T12:09:50.377000 CVE-2024-42501,0,0,2d6a46c355be0708ff7db2c58107fc669881111adf034802ab42261dde0a7bbe,2024-09-20T12:30:51.220000 @@ -260985,7 +261015,7 @@ CVE-2024-4310,0,0,08f5e8e76073c3640785934b5dbc198d89dde47497c02b1ac3fc670d20c22f CVE-2024-43102,0,0,08e196b4c8739548226238903033d07bdd98395e1a6fb3461533ef08cfa70faf,2024-09-05T21:23:40.503000 CVE-2024-43105,0,0,65a66601afd2de184f3745e025013cb99c4a6cae651d4eabc58a96778d4da9f8,2024-08-23T16:18:28.547000 CVE-2024-43108,0,0,d9bd8ea3b307dd054ae1953991304a1a331018261701e1f611f2a6906461a05c,2024-10-17T17:15:11.883000 -CVE-2024-4311,0,0,1206cb174e395a911dfce9fc5257fd99b4e97e70b5a158c70161cd9e4c52115f,2024-11-15T13:58:08.913000 +CVE-2024-4311,0,1,260cadd2549199e33a1b79e7fc0d0dc9ef60c4c01c2585bbf87fe2c17f408838,2024-11-18T16:35:13.737000 CVE-2024-43110,0,0,1fe822a52c0b3af1ede7bdafa556f57158a1ace3adaf6fcd1e0c1b1f3c86485b,2024-09-05T21:22:04.810000 CVE-2024-43111,0,0,45754d9244b10ae48023a8465600f12d5ca692d4146e1c9ba1d4a0e6fcd0734a,2024-08-29T16:53:16.233000 CVE-2024-43112,0,0,72269ebdb7b810fe860916d34468320e2e91d1a609ed10c8290e69cc95ee1d45,2024-08-29T16:51:55.937000 @@ -261523,7 +261553,7 @@ CVE-2024-43699,0,0,78534d33d290678062dddcdfe24e803feecb99e21dbcb3ac97f746608e5c5 CVE-2024-4370,0,0,3c1f5b342c087fc6587c8bc9012541b58d80e50fdee9d14eea44daecdec82901,2024-05-15T16:40:19.330000 CVE-2024-43700,0,0,0a06b833e6fd1b1e874ef27bf2dcddebe6eeed2fb3b70101d743561cb29959e0,2024-10-15T14:35:01.987000 CVE-2024-43701,0,0,806d05bc9a9c57505164825be7dbf8680f4cf63f26e698ce90f59cb6324208a0,2024-10-15T15:35:16.050000 -CVE-2024-43704,0,1,4f037fb81f21fb6df9ec6ed12f104c8ae2db70fc795e157699f6df159f03a38c,2024-11-18T14:35:02.840000 +CVE-2024-43704,0,0,4f037fb81f21fb6df9ec6ed12f104c8ae2db70fc795e157699f6df159f03a38c,2024-11-18T14:35:02.840000 CVE-2024-4371,0,0,a0b0e0fb8c98057b2328743d7da5c32e9a585001a67e08f1632ceab0df487dfa,2024-07-15T16:42:39.107000 CVE-2024-4372,0,0,9ae4f43bf2d0d90214ce2e4715e0031799e31627a4319bb26ad2a73cf60988cf,2024-05-21T12:37:59.687000 CVE-2024-4373,0,0,95ffe3cd6afce20664a5281c9740358c7cd9b7c7a4c9be8031ba5b0e36cac33d,2024-05-15T16:40:19.330000 @@ -262158,7 +262188,7 @@ CVE-2024-44759,0,0,b9649314fac826d03abe6e58586192745a7059e4a9b66144d374bc1358b57 CVE-2024-44760,0,0,c31c484463dbcf8debf14f8cb14c4edde2aeacb7ab3b47695b1fc32577e35939,2024-11-15T20:15:20.270000 CVE-2024-44761,0,0,2cb43df04a70791b0f0fb8982142da3403b663e9582e8c16ce12d7edd85714da,2024-08-30T16:00:30.557000 CVE-2024-44762,0,0,a4d9c40079155e25bc23610bf9eb4b9c915e9b457539684228b809ce3110b930,2024-10-18T12:53:04.627000 -CVE-2024-44765,0,1,25fdaadf2c1ed2eab9647bf4bce6cea1d4c8cf1ff3e8ed1f0809e94c749aba6a,2024-11-18T14:35:03.200000 +CVE-2024-44765,0,0,25fdaadf2c1ed2eab9647bf4bce6cea1d4c8cf1ff3e8ed1f0809e94c749aba6a,2024-11-18T14:35:03.200000 CVE-2024-4477,0,0,b275cf91a81ef0e33ced77c1c5ba5e17245e6b33fc991fd87901e463b723d83e,2024-07-12T16:12:03.717000 CVE-2024-44775,0,0,205ee8ae27d9197291c9317d68e5db327a872699c5adb78e1d5b21baab0f0fd4,2024-10-16T19:35:10.167000 CVE-2024-44776,0,0,553f0ea6859d4ff6b6f354ecc1fde63fb20d3cedbc33d036b9304dfd1b315c86,2024-09-03T18:33:26.287000 @@ -262376,8 +262406,8 @@ CVE-2024-45076,0,0,5fb321e82c08a6c58252337bee6e5fcb4b13786a863fe8ca643f04e713d05 CVE-2024-4508,0,0,26388c420646a8ddc4ee2de628a691e0fa51808e2f848ae0f9b7aad58ccb1298,2024-05-17T02:40:26.220000 CVE-2024-45085,0,0,a565381ecb911dfe05cdd12fd3e31f62bfcf9bb3dc78353a9c71e368d734c50b,2024-11-08T15:13:11.307000 CVE-2024-45086,0,0,4c6cc09258471d9b9c2c13bdbf534b3ba8ab7fabaf8d588e8672331873d00305,2024-11-06T23:04:04.673000 -CVE-2024-45087,0,0,2ac0266a4e1eef71ae39b06cbede35d1471b0d9212f9b85636998eb2d48767cc,2024-11-12T13:55:21.227000 -CVE-2024-45088,0,0,9354557077320e7dd796b0639bc9ccc8c1be1a8523af83ab0dce0384e1784f9c,2024-11-12T13:55:21.227000 +CVE-2024-45087,0,1,5dd0c92afab1cb6f2018491b006ec4063a6ccc2d4c2aae946e4887e2c597e05c,2024-11-18T16:34:23.010000 +CVE-2024-45088,0,1,8ea4459d29b32873a2b9c91b0fe95ab15fbcb3a8eaf2aa8421a47e7e5522c39b,2024-11-18T16:33:34.060000 CVE-2024-4509,0,0,996942a0a2c59f4d53067a2868fbad35944719504585e3998bbd4d788c545588,2024-06-04T19:20:40.347000 CVE-2024-45096,0,0,d4f642a1e6bb8f30a3a63abc6de33d2a734d4a63841c63adbbf0861fc10b1ff8,2024-09-06T12:34:17.957000 CVE-2024-45097,0,0,66f33176e0c07f5466116654bcd7c2847267016c1af22914a830c235e4290102,2024-09-06T12:51:59.750000 @@ -262689,7 +262719,7 @@ CVE-2024-45496,0,0,cb4145e26d358c15cb434585f9bcb20449ce473167aa6d60e18e039ff47cf CVE-2024-45498,0,0,ead799fee90d0be791c926b84a8db9a257cc85e76c202f16fed08488baf7d590,2024-11-04T17:35:22.900000 CVE-2024-4550,0,0,ea2693a2208898e22f1b33bfbea2ea7879154431a660b6be5aad9a2659ccd071,2024-09-14T11:47:14.677000 CVE-2024-45504,0,0,3b58dca9312966af1f86033b4db5d926602e7a6d36304d3cb72a6a0485059e81,2024-11-04T21:35:09.173000 -CVE-2024-45505,0,0,9e6cef572aaacd043b7ed07f99d88565dede9c8ee3f5be1766039ff6fd59c83a,2024-11-18T09:15:05.870000 +CVE-2024-45505,0,1,3eb0b8d4332c2328026e4b7a1d206d2d3b95038359abc08a668df6f45242e172,2024-11-18T15:35:10.743000 CVE-2024-45506,0,0,53228a9659d8b3663e59f7b6cd3ffdc01b4518a34e19971e095f98575a886619,2024-10-14T03:15:10.123000 CVE-2024-45507,0,0,b2cf0920dcb75db868de7b4afd51449cea360da72164b9b7e7a575176b0c17c4,2024-09-05T17:53:39.760000 CVE-2024-45508,0,0,a7bf13ff5f2bf318e53d0cc8b12c1b5ac7eae45f1991e7b683a2e3673a166bb9,2024-09-04T16:44:08.247000 @@ -262823,7 +262853,7 @@ CVE-2024-45788,0,0,7ba304e58f1e132a77e708ed9119516e49dd167750ae6faec1e1736fde9ea CVE-2024-45789,0,0,85b2a3e63aad506ab70a8ae8f934d73422c76c344971f05123a4397c0e8661da,2024-09-18T19:55:58.287000 CVE-2024-4579,0,0,b44e5adee861e75c9f2de9111724b513cf79b7a7dcd7134192d107fac1782253,2024-05-14T15:44:07.607000 CVE-2024-45790,0,0,339d5c59c4b08184225ef02e77057a5607db1e407fbacc8325ce6de4811d4a59,2024-09-18T18:38:04.393000 -CVE-2024-45791,0,0,e00e08370eee4826bcdd5006dbdac3841f2b3e17be5d254ae3b822a74efd5814,2024-11-18T09:15:05.990000 +CVE-2024-45791,0,1,19a4dd4984a63e926a8b2a0fb5e2b10ff764aecef7a1440aceec00f102229759,2024-11-18T15:35:10.970000 CVE-2024-45792,0,0,5abb7de999f910eaa61796ecbea33f574a65653e2aa062ee4c5c2e229e356bd5,2024-10-04T13:51:25.567000 CVE-2024-45793,0,0,9df195d476b9f18fe89dd15d9de75cbf87671a956c83113b39ce1c0cbc87094f,2024-09-26T13:32:55.343000 CVE-2024-45794,0,0,19fba7f9f80e8b5484ce94a7454fbad3ec8a7fa0a22390c43e093d2565218be6,2024-11-08T19:01:03.880000 @@ -264156,10 +264186,10 @@ CVE-2024-47901,0,0,351c2de719aa37343f5b8705371f6ea3811b8e193d3e2965a197dc16aa263 CVE-2024-47902,0,0,2363b86854bd24a49201ca293fb87d24363aec990236fe9e9bf134a5daa38aeb,2024-10-30T15:48:39.207000 CVE-2024-47903,0,0,7e28902499cd69638cf23751436e57fbe15e705859d687d60c9f544fac8af41e,2024-10-30T15:54:34.647000 CVE-2024-47904,0,0,21b127b0effcb8b297c48dd7cd57e94387991d137ef282d6dd7cb6727add6e3b,2024-10-30T15:39:06.020000 -CVE-2024-47905,0,0,39feaf78a52f60131d2bdc384acc4026b4ae3ac22c9f12952d970597c21a7846,2024-11-13T17:01:58.603000 +CVE-2024-47905,0,1,342fd0ae2d71ed0ffefa32d6c5d38e51dfe58c451c0902b48087befb9f1020aa,2024-11-18T15:08:47.280000 CVE-2024-47906,0,0,3ed15abb5dece582eac5066e109a653d183f0435fd9bc8ee5d9593e12f00014c,2024-11-13T17:01:58.603000 -CVE-2024-47907,0,0,538884ab8c41108e096758a5e8cfca862b352f2b06ce76b5b4edf7e4b8288a0a,2024-11-13T17:01:58.603000 -CVE-2024-47909,0,0,704fa1a638dc8ee139fceff906ce65d9f9d3b952e02d1a7b5e6001016d77c689,2024-11-13T17:01:58.603000 +CVE-2024-47907,0,1,76ea135eaf975a87092c23d20601ec4ee2afdfde82c00fb738aebc9324f41b4f,2024-11-18T15:09:30.573000 +CVE-2024-47909,0,1,e49b32ebcdd2b33cdea12816d85deb4bedff39c53dd6f92757b307a74c79a7b1,2024-11-18T15:09:45.750000 CVE-2024-4791,0,0,45f7f0badd9eeca0c08f0ffcf78bd3c1e9a171e1e79fba42777d793a804985ff,2024-05-17T02:40:37.090000 CVE-2024-47910,0,0,da0097185007355b026dacc76d86a72088b7bf1d898f5a147fff92f16ae106b9,2024-10-07T19:37:43.677000 CVE-2024-47911,0,0,1780d2f9891b374cce407dc3e6f68171fc1b0dbbc46286fbacc7f087c63dae2c,2024-10-07T19:37:44.613000 @@ -264249,7 +264279,7 @@ CVE-2024-48061,0,0,3afb2ef6eba7f21135f7c2c854e268a2fe30714157a06ae965803eb7d12a5 CVE-2024-48063,0,0,7dad3075f35e3bd4e2e591484ba350f38d4e17902517b9e5e6279458bc0b207a,2024-11-01T13:15:12.020000 CVE-2024-48068,0,0,06b45b29ce3f821e2db622a6716622dc89ea68129fc83706bd80927d88a3593e,2024-11-15T15:15:07.607000 CVE-2024-4807,0,0,e5ccc41d46958232939be978f4766518ab72a806619364a653b00c23b63fbc68,2024-06-04T19:20:50.770000 -CVE-2024-48073,0,0,410986e3bac5b99d20c35e908ba9e14361ecff8b8737388dcc22bfd8d08857aa,2024-11-12T13:56:54.483000 +CVE-2024-48073,0,1,f808f327cec1eb1c4e50210dd8e768204bbea0c1ec8029cba6324c290353d5f5,2024-11-18T15:35:11.227000 CVE-2024-48074,0,0,ad38eed7680db70af45f593399c08c1cb64e93854bc7fa5dd06ea3c6cdff4594,2024-11-08T22:15:20.877000 CVE-2024-48075,0,0,c3cf83a7c1112a907250bd16d631cc7ae5c1880292480daf2a4caebdfa1b94fa,2024-11-13T17:01:16.850000 CVE-2024-4808,0,0,9e98599f6886b9041c106d3216212c5c382436edfce35f9a1807d5234e020eab,2024-05-17T02:40:38.870000 @@ -264530,12 +264560,12 @@ CVE-2024-48870,0,0,b84b2a0a996d006ee4f5fea8401898b5086223eb9bced7a7565798c7f43b1 CVE-2024-48878,0,0,2b15f82c5be65c88d261c3882a75397babc580305d6a252ad1dbf2de5b50020f,2024-11-05T19:44:58.650000 CVE-2024-4888,0,0,ad5e456877e6c4225b3f983ebfcea1f0af64a03667e43f1cd6a0842bed4216c0,2024-11-03T17:15:14.137000 CVE-2024-4889,0,0,98c988bc305180dfde4233cdb25b83940a2a23ecd5fc7825e58f1cc0fbfe5628,2024-10-15T19:00:09.633000 -CVE-2024-48896,0,0,777555d0f73f29600ab6caf64bfedf8c2806dacf20cb334d975bdac5e36061b2,2024-11-18T12:15:18.093000 +CVE-2024-48896,0,1,4f82b81e83a7f5bcee04a8288e16b9f1676c6671d29afe3f85544a2fc3c6dee6,2024-11-18T15:35:12.090000 CVE-2024-48897,0,0,cedced1f76d9370254c4282051d59e9499821e7c7e9c98552837ccbae8d6f332,2024-11-18T12:15:18.243000 -CVE-2024-48898,0,0,bca3caea43810e9752cc6a873f900ac484aca95444990071dd6a11403a014c0d,2024-11-18T12:15:18.363000 +CVE-2024-48898,0,1,d46177f605d73faee499baa910454a7afaf5103caf4071401f342b649193b555,2024-11-18T15:35:12.320000 CVE-2024-4890,0,0,ee7720239380ab5c638f0803999a779457a74687c16e858d2acf0798605f57a2,2024-10-10T20:11:44.610000 CVE-2024-48900,0,0,2b3a5e56342c363922328f10e6f3d06b5c266c3768636276b8919e3a3cee88b7,2024-11-13T17:01:16.850000 -CVE-2024-48901,0,0,7d382d9c855e6ea4d3d15d13dd8dac5090844be34ed2c743269bf06b262c852f,2024-11-18T12:15:18.493000 +CVE-2024-48901,0,1,937e1f06d0e5a977ef942e91b42fe11922563a76fa84b0c908d8c713f3387c4d,2024-11-18T15:35:12.557000 CVE-2024-48902,0,0,fed2bf5b719b321f64381a649376d7e0618bda5baab6f732c38dcd1211106c26,2024-10-16T16:57:23.463000 CVE-2024-48903,0,0,af1ee698040ee7f8c19b83dd0eb3404cde07c42231b0e3832a1aa5561c10194f,2024-10-23T15:12:34.673000 CVE-2024-48904,0,0,56bc56ed1722c08287266703a07bddbd88211e3eebee5fa1d299ad65c198bf37,2024-10-23T15:12:34.673000 @@ -264894,7 +264924,7 @@ CVE-2024-49579,0,0,0f0dd66a3db0fe299ae55b9b0e6c22f11c400dc3ee27d05103041b63e67e9 CVE-2024-4958,0,0,15591ba73d7708bbd560fadc0281274b5c7c2c12545797826fbf6e13e1222639,2024-06-03T14:46:24.250000 CVE-2024-49580,0,0,89085af96d96dbfcdc87aa1d40157bd1a1b8615e2e8f40b207dbbe916ae159de,2024-11-14T19:25:47.433000 CVE-2024-4959,0,0,862ee7700763d202e5d5dada80050e48cca3b83d56a63673f2017bcf5adb7503,2024-07-03T02:08:22.750000 -CVE-2024-49592,0,0,8d58881505aa5166b2d4228f1caec6539241e0d475e52eaca08116f92b39e272,2024-11-15T21:15:11.070000 +CVE-2024-49592,0,1,715889d9da62fb384526376881b7e15d5ac77258b4bdc9daf4aad9f593d32bf8,2024-11-18T16:15:25.520000 CVE-2024-49593,0,0,28b8568333d09b89b040a623f287dcf302e51d7008368ee150b7fde946577e54,2024-10-18T12:53:04.627000 CVE-2024-4960,0,0,1e2962fabc78c9680506fb58bfd339ee733c096965130a77b4df6d334c6fc642,2024-08-01T21:15:53.753000 CVE-2024-49604,0,0,4130a6c1f975a0d07098374dd7fb4ff2ab97718728858633e395173b92657205,2024-10-23T15:49:25.567000 @@ -265471,7 +265501,7 @@ CVE-2024-50261,0,0,946c442cc56e3e8af45dc6329602e8261cd21844e512a68f35505737590fc CVE-2024-50262,0,0,491da488ea3f6be70bbe09eed55bf84625143c296910fe98f090fd0f0e85c13c,2024-11-13T21:10:44.267000 CVE-2024-50263,0,0,031640c798eb6a3a8aeb817df2908ddb318a337ddb803a116f07c15a4af2eba6,2024-11-14T16:23:08.347000 CVE-2024-5028,0,0,6e4747168a055d3478d0389157f1378a0e5efd7245fc9814fa65e0cf7f805db7,2024-08-01T13:59:38.360000 -CVE-2024-5030,0,1,e060a0debd631cb629968dfc8783c3f12caf31d98075661f64e60b5b9a3f945a,2024-11-18T14:35:05.030000 +CVE-2024-5030,0,0,e060a0debd631cb629968dfc8783c3f12caf31d98075661f64e60b5b9a3f945a,2024-11-18T14:35:05.030000 CVE-2024-50305,0,0,b03fd6d501d19d7b209a06f202d725af272151828bcd7418064455026a0a9df5,2024-11-15T13:58:08.913000 CVE-2024-50306,0,0,99b8de1207b2fdc71c13146c7372e7163a77f6f60a3176c55d7bfb57d63fa38c,2024-11-15T13:58:08.913000 CVE-2024-50307,0,0,6d2dcfccb50c0c30fd7d9bda3b36490982da8110db31d087befc4509a1d360cd,2024-10-28T13:58:09.230000 @@ -265481,14 +265511,14 @@ CVE-2024-50311,0,0,a911784e609d4ab74e0290e5d915dbb7b1471b8d97b5435937a13bc8c9811 CVE-2024-50312,0,0,8b68d956a110cf88efd2db7bdd6fdd3dc5b02186497d9ae2cbca0852915a398f,2024-10-30T18:35:56.753000 CVE-2024-50313,0,0,57c773ed95d19cba8304d961904a015105ffc1450a840dde453d207457fba72c,2024-11-15T17:12:44.410000 CVE-2024-50315,0,0,4cc2faf3d8c489bc195ea9b1b71e3db71fb7f18259f91c4f6bf82e911f7ad06a,2024-11-06T18:15:06.173000 -CVE-2024-50317,0,0,28955723a30cc9c8976974b80c9089dbbb0439a26dad6ce452eee2354a021b35,2024-11-13T17:01:58.603000 -CVE-2024-50318,0,0,89a88197e264c920c6451ae2bf11b45bd15675e619fc2a361aaced6f79d587fe,2024-11-13T17:01:58.603000 -CVE-2024-50319,0,0,98ee6398430b759d29f4b7e639c4a90d51fa6e181fa23b0a5b74c3db87faaff1,2024-11-13T17:01:58.603000 +CVE-2024-50317,0,1,a9b84feb780c6ced549efecbc710ff86cb7f1421691770a8a5dc3086df9afc79,2024-11-18T15:06:49.627000 +CVE-2024-50318,0,1,4ae08f274b1401b58aade3ea3262f08d3724e205d6e2f5242c1ec403459b6063,2024-11-18T15:06:52.807000 +CVE-2024-50319,0,1,c250c36ae616a674c4e4f90fbe3fc14ee9e885a6ab4a547c82c433574c109ed7,2024-11-18T15:06:25.480000 CVE-2024-5032,0,0,e2dd01f18d9397a3c892e6f9436384b2c9baea7d6f6081290ca836f05f0fc527,2024-08-01T13:59:38.540000 -CVE-2024-50320,0,0,0c43b76fe87589de4212ce304c016e11af3a171dd2faa9fb99a1c5caebb24514,2024-11-13T17:01:58.603000 -CVE-2024-50321,0,0,f23f01db164629dcfe0965e7e8cf36011543ab62ff89d04e20929b62b74749d3,2024-11-13T17:01:58.603000 -CVE-2024-50322,0,0,c020aa9cd3125a932216c7d58ab3b988421864bef2f94455ab2f311ea704d4b4,2024-11-13T17:01:58.603000 -CVE-2024-50323,0,0,ce9e8c4d60dfb79e108ec5756ce6e51451dff2fd5edcb79f35041faccf315c3e,2024-11-13T17:01:58.603000 +CVE-2024-50320,0,1,0b145167479836196eb5ec8935584bfa0226d5cbc67026d3d2bf840dfc7e775f,2024-11-18T15:06:28.707000 +CVE-2024-50321,0,1,1aac18caa1d9d71ae5e6dee9a0609687248f8efd8ee6ab41ac662d3c543c5ed6,2024-11-18T15:06:30.603000 +CVE-2024-50322,0,1,55f7cfd3f5ed0a79509ab05b00a8f48a430b0a45186c5b31cdd75ac5a704973c,2024-11-18T16:30:49.997000 +CVE-2024-50323,0,1,a562579fcf99dce3ae7437a27c83ad8795056834e06238cc00b9685555ff374f,2024-11-18T16:32:43.733000 CVE-2024-50324,0,0,10936f3abea99b40d246353436c16f322f1e8edd86691c4ed2017ef29b6ac364,2024-11-13T17:01:58.603000 CVE-2024-50326,0,0,f8505e436d1baab155abf9bab1bf26363163cb6a50cac2ccf97fe63c7bf0ba15,2024-11-13T17:01:58.603000 CVE-2024-50327,0,0,6e4385f7adc6653fc0eccea531afee029a2afab56d07230da273a6cc5802e97e,2024-11-13T17:01:58.603000 @@ -265729,26 +265759,26 @@ CVE-2024-50800,0,0,ab830a43039dc3b7687658827fe30858d8d98c5f738791670612919030dff CVE-2024-50801,0,0,b02fd2a4d914f47ebf18861bef14a429b26208dd8058232ee786f89bcea879c0,2024-11-04T19:35:13.810000 CVE-2024-50802,0,0,8492f5be24f5ad2918f47970062e4bc2c1c3f432ad972af1d330cb18adac5b2e,2024-11-04T19:35:14.907000 CVE-2024-50808,0,0,1a667410201903fdc8230c48df98057d6516bd370b3a4500e5037005f86c9f20,2024-11-12T13:56:54.483000 -CVE-2024-50809,0,1,c875db6c22acfe1e061d0cebbfeb9f3b7b26f693a5f07b91a9c5ce4621ac2b6f,2024-11-18T14:35:04.110000 +CVE-2024-50809,0,0,c875db6c22acfe1e061d0cebbfeb9f3b7b26f693a5f07b91a9c5ce4621ac2b6f,2024-11-18T14:35:04.110000 CVE-2024-5081,0,0,0bebffdc717b25462ccb5a198cb29076c0fa0475011c795b0df7ab25d1acf197,2024-08-05T15:35:16.180000 CVE-2024-50810,0,0,7da23b2ab88a2657cb76543548549613aa1f561df30582c648f7520bf514f0d4,2024-11-12T13:56:54.483000 CVE-2024-50811,0,0,d8ef1ac40dcb898d28bb949cb8cb9a8ce73f83d8e224524d33d6a2ba92df335a,2024-11-12T13:56:54.483000 CVE-2024-5082,0,0,3c0f951c5b33762a472b3ea33ccf88b6977979b0c14a32ab8b6cbf67889fd7af,2024-11-15T13:58:08.913000 -CVE-2024-50823,0,0,9e28ccd9a08403be9206c1fa5d06864983d2eb9e0ee859ed9196bb4a5749640a,2024-11-15T20:35:09.490000 -CVE-2024-50824,0,0,35fe569e5a2209990a7b50cac83c485bd9d4fc5c9126e62e9515102607295a98,2024-11-15T20:35:10.823000 -CVE-2024-50825,0,0,78721026e8bda92e94947b276b84f39730aacb6de8d193ace62a531df2853d94,2024-11-15T20:35:12.167000 -CVE-2024-50826,0,0,9ab314a9ae4299550f9cd1128db30ab75635e2b4df9acc44237f8ffee9257b76,2024-11-15T20:35:13.500000 -CVE-2024-50827,0,0,49d717d74c74f3cadb619530991fcd02c4fd10dbb2ae02cf88b0f9b5a884fe3b,2024-11-15T20:35:14.820000 -CVE-2024-50828,0,0,fafb0f73bc6df62cd1e6fb4e462fcaade9c676589e89a8cb22ddd2c1ff8a54d7,2024-11-15T20:35:16.143000 -CVE-2024-50829,0,0,0ee321663baac09b0aac9953d0386c900ebd5fbaf6aad0e241d3a7132ebb7371,2024-11-15T20:35:17.460000 +CVE-2024-50823,0,1,897f8833146d447692eb156b62b06111d7de9e1c8b567c234b9e02469c9a8ba9,2024-11-18T16:38:57.740000 +CVE-2024-50824,0,1,253e2fab01ea70e172af1e32c03253e68d2f52e9d8bb420f1349302793f44bc2,2024-11-18T16:39:08.460000 +CVE-2024-50825,0,1,a852c67a775613f61951784ba1d85aff05fff458a46967d4a2cb3204190cec50,2024-11-18T16:39:12.563000 +CVE-2024-50826,0,1,567effa0d1cbd05266720d07d2dd66e1e6b91192087abd2144b16dd48d7d0918,2024-11-18T16:39:16.613000 +CVE-2024-50827,0,1,435aacc94b8322ca86cfe690b21b579c2653aa61b9b69325d9e5b13661528886,2024-11-18T16:36:35.027000 +CVE-2024-50828,0,1,f962dcec3787b9a5fb3bb7b224d2e641691bae11a517565fe9f4bdf5de52ad2a,2024-11-18T16:36:57.377000 +CVE-2024-50829,0,1,8c8780538cf4ded486475b58e8c5a37ae92ec286bd47b319093dfcc48435888c,2024-11-18T16:37:17.363000 CVE-2024-5083,0,0,732c694a7e1209ed2f8fc7bc4b33638dd34156f3bcdf08e1c465413b90acb66d,2024-11-15T13:58:08.913000 -CVE-2024-50830,0,0,d617c9b7d296513d184f5993b5ea43bd52583e401c6a04117d74d1cf54b1ac96,2024-11-15T20:35:18.800000 -CVE-2024-50831,0,0,44616a4beb14916ca1f00d30b19581dffc684be84504bda456a73fb7729c3ec4,2024-11-15T20:35:20.133000 -CVE-2024-50832,0,0,51c67e0f2769dec09ca7bb0843ab6c7d4db85991d6db2038381aa4452b822ef9,2024-11-15T20:35:21.483000 -CVE-2024-50833,0,0,077ac2f3a9ebcb59ea8cb006c25d9010cb0298acef393e3740698518e254fb50,2024-11-15T20:35:22.847000 -CVE-2024-50834,0,0,c0d48344d094c5c2f6cc477d614ce9495e8d41ba0d081b253eeb62cfbe5dfa7a,2024-11-15T20:35:24.163000 -CVE-2024-50835,0,0,583baa89a3c36b45de164b658380a4083975decf59ae9617f3c0dd1ec6abfbba,2024-11-15T21:35:17.397000 -CVE-2024-50836,0,0,3dbc6b61b8c1a358e32bb19046638121749aaf9ea5b8cca4a971aa8a326c0fbd,2024-11-15T13:58:08.913000 +CVE-2024-50830,0,1,bd775197543a3266c4d4d5c6e77884b321e20fc059826bfff304cab32167cd2d,2024-11-18T16:37:21.377000 +CVE-2024-50831,0,1,29b467fc81fe6a7de10b2d3369cd17349f6b9e9a18bd0075164ebe98d10827e7,2024-11-18T16:37:24.967000 +CVE-2024-50832,0,1,80c3f586991f0018e3613b938030f0ee43ec2ccec3386f6e8282e9d5ed8f5250,2024-11-18T16:37:57.470000 +CVE-2024-50833,0,1,4b348468dd295af5f32f716d125c34bcada9ced033acc8cc1677705146a036ac,2024-11-18T16:38:12.770000 +CVE-2024-50834,0,1,82d5b2af22181751f4f11afb192d84f132318db49ba1a701b0cde42308c0dcb5,2024-11-18T16:38:39.357000 +CVE-2024-50835,0,1,397312567174f26bbc5dab16c33e6c34651311612495b682f2e96b8b94d95b88,2024-11-18T16:38:44.020000 +CVE-2024-50836,0,1,518caf893960ca17e9dbb54f5add7adb4f3ea2434220a423ea3505849dd2f243,2024-11-18T16:38:53.153000 CVE-2024-50837,0,0,fa916683a3dbdfde4d576245ae8ebbe1bad5683debaaa4ab7d920a9d6cde4375,2024-11-15T13:58:08.913000 CVE-2024-50838,0,0,03dc014a97e8c40e12ccc27e79d2f7d1a4be7052e0e877e043248cf17a531f10,2024-11-15T13:58:08.913000 CVE-2024-50839,0,0,3a608a7f42db8a1d3498636aca9211ea343bc7800681c21ae957ddd569de8350,2024-11-15T13:58:08.913000 @@ -265863,7 +265893,7 @@ CVE-2024-51142,0,0,fd30d68982f80038879876bcb7da202ea098b1b06829842cd1d2fd879f794 CVE-2024-5115,0,0,566281473e2daa2487dd251e202869dc3059aeec07f7c63daa38b65c3bae3de7,2024-06-04T19:21:00.323000 CVE-2024-51152,0,0,2fc415b0efc6d5417097e1245b382b91c976aaa5917a1040e7761d3f03c4c572,2024-11-13T20:03:06.083000 CVE-2024-51156,0,0,ab531e15c589d8d218306e8fd6a6995b5bbbca61f7ac15e609aad877e064595a,2024-11-15T13:58:08.913000 -CVE-2024-51157,0,0,15c268449f10cd3f5e2b0f898333f8df5f6a7a275257a0f4491ba5cb90f1b17e,2024-11-12T13:56:54.483000 +CVE-2024-51157,0,1,113cde3c71891d82bf55f2d0b4674fdfc6000fe1838706cb74a6d985959d76d5,2024-11-18T15:35:13.060000 CVE-2024-5116,0,0,8edab88198021b2d3b9901d621d1dabac4b2933945eb225d0257a88c98ac3f15,2024-06-04T19:21:00.430000 CVE-2024-51164,0,0,b9f1776fc3ef4840650c14e1a3f3e7dd8ac91dd3773b241274f401af13a4a1cc,2024-11-15T16:15:37.057000 CVE-2024-5117,0,0,8f71e5dda3348556d6b06143dcd47b79229dad0468d30aa7c38f8c5c1ecb8524,2024-06-04T19:21:00.547000 @@ -266044,20 +266074,20 @@ CVE-2024-51582,0,0,9c6a2abc6ff39ea954384c7b38779cdbe6d44511f3a75194c8ab9223c55c7 CVE-2024-51583,0,0,010a1e766cc75cf146f9c46f237fd66f102136959cced374ac920d84a09d74b4,2024-11-14T02:17:13.323000 CVE-2024-51584,0,0,9c4a52f0d53ee42578cceb9af71c252fa973eb5d3948982134b3891bd8f24f09,2024-11-14T02:23:33.777000 CVE-2024-51585,0,0,0bc0ac1464e29ee44df8444d7c4cdb63f1fa2b443bcb1af0569bc42ab7621110,2024-11-15T17:17:47.730000 -CVE-2024-51586,0,0,7e5916deafdc01f8f190d24ca41c3195fbfb4004dd7f1410ffa7b6f5af1f8429,2024-11-12T13:56:24.513000 +CVE-2024-51586,0,1,2d1b810317c0d8f65bbc319963d9355b4952c0b5006d44f99373798c188f9277,2024-11-18T16:45:30.550000 CVE-2024-51587,0,0,5012d2ea8e67b5c3d09827ef519aa6163b1c4ce17e7784b8af6d96ad392aa639,2024-11-14T20:26:14.467000 CVE-2024-51588,0,0,70526e1ab4d1d5c15696a10cecb0303b3b1171b870de0da3e9c134310aec09dc,2024-11-14T20:26:28.047000 CVE-2024-51589,0,0,f74ef05c06e608fec4a8cb8e6637837c5709985a6e45866d77121ef9596fd10a,2024-11-14T20:26:41.497000 CVE-2024-5159,0,0,6487690749e64572084b0b1ffb84b7950e8b682c3129ca3d21d0dbc204e9ec91,2024-10-25T19:35:15.010000 -CVE-2024-51590,0,0,2903ad914b6dc101bb91d3aabf34b7683a5fd5a07278698b69eab48e4ff822ee,2024-11-12T13:56:24.513000 +CVE-2024-51590,0,1,6c1cae916fe484c86555ba63169dc3ad9ff6121b09849d34400566f0f6e970bc,2024-11-18T16:44:27.333000 CVE-2024-51591,0,0,726468de391ad91b93d7baa9a968a1009926515da7cdc024a9ffcb433fe899c7,2024-11-14T17:51:14.717000 CVE-2024-51592,0,0,6dde9559fc706856c16fa16d5ca27161b15508ec6dfbe02d9bb0b204646f1a04,2024-11-15T17:04:52.197000 -CVE-2024-51593,0,0,543305671afdcf07ef5b3f18b7c3d41de8b30965105a3a9ea6b8385a4387a6a0,2024-11-12T13:56:24.513000 +CVE-2024-51593,0,1,14208f458acbc1944a1f4d7b078b1936cba888671b10f332e0d4198f20f92385,2024-11-18T16:42:06.290000 CVE-2024-51594,0,0,23c2bde634ef42108d5f97125b3187b82c0cbc626b82203b6c3273a5f7560ce9,2024-11-15T17:15:21.580000 CVE-2024-51595,0,0,10c393f98a067c2f8e99f7ad9b6b4c58d89c36bcb5b68d6536bed94af2eb5437,2024-11-15T17:03:07.770000 CVE-2024-51596,0,0,01788e96d18557d9efd5f3a1c0cc87c5c59abd37f0da1cf910d07664ffc536c3,2024-11-15T17:01:15.687000 CVE-2024-51597,0,0,e580da6df611238773fd113640aa155cd0ddae703c31494078adb66dd981bd48,2024-11-14T20:27:46.943000 -CVE-2024-51598,0,0,55b0ac3daaf8ce21ee5b6e41033aeb5189a016af6e1ea2b0a9ec31bbd479802d,2024-11-12T13:56:24.513000 +CVE-2024-51598,0,1,cf58f120b68b7927fe29dc94aa870e27fc89bd9b58085f0a65ebf594ffeae2d8,2024-11-18T16:37:58.447000 CVE-2024-51599,0,0,7acfc4d03f6c4e0241e4f801826852b96d8755f6240b0f8a5702939c52f7cc5a,2024-11-15T16:55:34.480000 CVE-2024-5160,0,0,761bdadb9ac3f89d156978519ca326c5704c62592c7f03e703ecc7e802a865d7,2024-07-03T02:08:36.807000 CVE-2024-51601,0,0,1c0dbdb8639065f7f5ea5f6062d0125a4c4ce4b0c601912e96fe5db543ebfd2a,2024-11-12T13:56:24.513000 @@ -266097,10 +266127,10 @@ CVE-2024-51659,0,0,78d45b532178a143b0c2b377e8ea9093595088b2434d4e401a5f34f0a4ad9 CVE-2024-5166,0,0,5c544eab21844e01fabd3874ed7776a55145987bd3a510311ad16f12f33bd2bc,2024-05-22T18:59:20.240000 CVE-2024-51661,0,0,7f81708d1fd43600536029afc897b01b4855aee3d2fe39c5692b8132139274de,2024-11-08T15:02:08.660000 CVE-2024-51662,0,0,55b3b930a708e0b1f39e971bf0a8031fc7194c46e2d846ee33949a5396059d6a,2024-11-15T17:16:49.063000 -CVE-2024-51663,0,0,91801dc12bcceba9e4ff4a3696fd1dfcbfd977ea4a8b244bd187e2d64b555700,2024-11-12T13:56:24.513000 -CVE-2024-51664,0,0,33bb2307caeb7b40e7c494491c1c582569059bcee5b400415702e07e134e18e6,2024-11-12T13:56:24.513000 +CVE-2024-51663,0,1,520a8635ff522fdc65658b7a70adf68b74653e7c0896676e8030c7152d369f95,2024-11-18T16:54:02.457000 +CVE-2024-51664,0,1,731666371e8e1d3dea3af653d547a841307a12b3ed3c176b0312ba2fc0f9e478,2024-11-18T16:55:08.183000 CVE-2024-51665,0,0,836ecda2a38ee75dca042d09339ec8247ed79262a6a8d01bd25035a2e84a5ce0,2024-11-06T22:07:10.707000 -CVE-2024-51668,0,0,90fbe858d294eb194f7f7d18ddffee7875bab4497100d1e8d725a55bb8334422,2024-11-12T13:56:24.513000 +CVE-2024-51668,0,1,4ac7d5e93cb809510601d69159928326b54ee48272274d0a2c08f9b129fc4bba,2024-11-18T16:51:31.227000 CVE-2024-5167,0,0,a26d674346a63d8730649864e3fcc22e33fb8b5877ed990bcd49874aef8d8c48,2024-08-01T13:59:41.660000 CVE-2024-51670,0,0,6b1c3ded81e899ea83f78c72687b003b0add9ee5b9d5d075c91040d8d36272c7,2024-11-12T13:56:24.513000 CVE-2024-51672,0,0,14a5ef0a87d874231b0f786642aa34aa9f0064d5c86f2b9992f4fe90d62559ab,2024-11-06T22:08:22.747000 @@ -266317,9 +266347,9 @@ CVE-2024-52311,0,0,440cc6f6193f2a4b57d7c7c4a4f4b3f01242ca6df6bc89770050e09d3b499 CVE-2024-52312,0,0,e095caa38b1d55aa1661d9e6b591e2f5164609c3e5c2884b5f60aa22d851bdcc,2024-11-12T13:56:54.483000 CVE-2024-52313,0,0,d6c72d2fda8c652aceb546ca4dc43f0485da383ec6c61ed73ed8a61cc3116669,2024-11-12T13:56:54.483000 CVE-2024-52314,0,0,1573621277321f9a5e33b224990557625938794cd01d39551dd04996aff05f9d,2024-11-12T13:56:54.483000 -CVE-2024-52316,0,0,f475e511ab6499f225f06df35a95cebb1e527e3bab1146ac3762678b3e37ff9a,2024-11-18T12:15:18.600000 -CVE-2024-52317,0,0,0a442788f1b1f07855040f3e082ccc4490d33a2dbf592a49e61163a9177af38a,2024-11-18T12:15:18.727000 -CVE-2024-52318,1,1,73ce82db0f7d9f694e1c73c32867c65cb58190f0628070e8affd1a263803cbe4,2024-11-18T13:15:04.490000 +CVE-2024-52316,0,1,afee392ed72cddc2307bf4fae921b6bad2c7bfa4930281067657dd104f12c5a1,2024-11-18T15:35:14.030000 +CVE-2024-52317,0,1,0377673efaa56035730b0a32a5bd71d6e753c4e4b84ea5d4adac79ce699e8f32,2024-11-18T15:35:14.303000 +CVE-2024-52318,0,1,e1524eb6c03619bf183cecff9397d974c3c18b11df0f7680e3db522a43c9566a,2024-11-18T15:35:15.203000 CVE-2024-5232,0,0,8d68905f3b69b3dadb32694d2c73f30dc32ad3c794d56bacf5b1c8bfed3d3bb6,2024-06-04T19:21:02.890000 CVE-2024-5233,0,0,d230ff373762a089849cb791769c151d4d1eb1a364270894bffa0dbac945e679,2024-06-04T19:21:02.993000 CVE-2024-5234,0,0,14a09ab7485c5dff6a0e2d37ff7f584b26da4a8cf075e00d5ab541632ac32bbb,2024-06-04T19:21:03.100000 @@ -266376,8 +266406,24 @@ CVE-2024-52413,0,0,286dd4e6bb24de0c4b40f057f096c109d9b5bd0dd8fc689e5adc9f157e5f4 CVE-2024-52414,0,0,2bcdc8c63a6446678de8943f63498d036c15d2f5dd4cf11aba50cc66b943d6ed,2024-11-16T22:15:07.730000 CVE-2024-52415,0,0,03b0ea7968dc87ac01fc179fdc8f6b5e46ad23cee96ec28b5a8ef2ebc2bcce5a,2024-11-16T22:15:07.943000 CVE-2024-52416,0,0,b8b97acae55e30819b79a0d1c0ac036d1b23c0e6edb7f8a200566a3d73e8e616,2024-11-16T22:15:08.160000 +CVE-2024-52419,1,1,a387361fbcf9c9da0112760269654bb56d1fc80181927880461b0dc574064032,2024-11-18T16:15:25.687000 CVE-2024-5242,0,0,8cd95bcd77d40a92ee0a6d389bf812b544cb6fb4b8301f7049b84de17fceaeef,2024-05-24T01:15:30.977000 +CVE-2024-52422,1,1,4e22735c92ff7524e78010b928c6bf1c8571f1ade44a5326d0f72d34e9c0b366,2024-11-18T16:15:25.933000 +CVE-2024-52423,1,1,4e063185f516630661b3e4efc4955f879c653348d7ed44c63bada8d22e51e325,2024-11-18T16:15:26.160000 +CVE-2024-52424,1,1,6ce1f214709076c70646fe89900b3f8876d0e00dcebb7f03ef3fa40a1f47f37f,2024-11-18T16:15:26.380000 +CVE-2024-52425,1,1,5b59c0a527f3795050b1c18ff414dbbc3993ba153a9f7eb661cc58e82f49a172,2024-11-18T16:15:26.600000 +CVE-2024-52426,1,1,5acae19ea2b1239e3dde49560c92b435d2d1789550640a4554376c1c3e1919fc,2024-11-18T16:15:26.830000 +CVE-2024-52427,1,1,e77db933d0f03759f523208a3205f2ddb670d11daab48575985218b450d42160,2024-11-18T15:15:06.657000 +CVE-2024-52428,1,1,344182c69f6aca35b6f26b187761740d9c00a28125c3802d89b41b8e3e1bf2fc,2024-11-18T15:15:06.923000 +CVE-2024-52429,1,1,8a243fae9a73cfc6290f3fba82d76f3a1f436cc0ea34b96fe3147158825eff53,2024-11-18T15:15:07.277000 CVE-2024-5243,0,0,a611ca30664e8a20900f5d6960dcfa388a8eac21aa2051106052824f1ce073bc,2024-05-24T01:15:30.977000 +CVE-2024-52430,1,1,78ec55ced63647f778859c218cfc1d5dab8b0b06423891ea21d80ac83290f9ca,2024-11-18T15:15:07.490000 +CVE-2024-52431,1,1,b15bda962599c504c4e2f02581e9cfbef22129263a7c03491bc7f8cde3255404,2024-11-18T15:15:07.707000 +CVE-2024-52432,1,1,0249017616e7cfe18ebc96e7507e9d44c0a29516dd4d45258ed9da8baba046ce,2024-11-18T15:15:07.923000 +CVE-2024-52433,1,1,155be188230db241ef31b51d0705393570d9d4014af0a9f7221c85d43105d619,2024-11-18T15:15:08.130000 +CVE-2024-52434,1,1,7118749fc90354cdd8e7eceb6d15ca349e45d3be79bce663ec2683fb860274db,2024-11-18T15:15:08.340000 +CVE-2024-52435,1,1,f8af4aece0b73aa204b7ebc025df31e708b37f9a2c07a5a7851018b7259d5df5,2024-11-18T15:15:08.543000 +CVE-2024-52436,1,1,e9dd6f384529b185a55c03a76ed19828a5cb2bf322160c659a6134b040a045ab,2024-11-18T15:15:08.773000 CVE-2024-5244,0,0,3de36675ae2f0b5e30ad70179a948c0cef684a516575b6f4510d379552ecc6bb,2024-05-24T01:15:30.977000 CVE-2024-5245,0,0,8367cc316d7fd622697ed020483e2edc6264aea8aa776978b7228518baa31702,2024-05-24T01:15:30.977000 CVE-2024-5246,0,0,481ebf23b779dd3e32e9e0cda77aaee7d0bfc9eca82266cde6c77415f4c9c730,2024-07-03T02:08:44.767000 @@ -266424,7 +266470,17 @@ CVE-2024-52553,0,0,11348c28b862f60d8b3c8dc11ab0fb5f1e53e1358b82b1f8a97199c0de1f5 CVE-2024-52554,0,0,6589eaee43c4794afc2869f1e1fb69f264d40d3a38b215d2e67a517b5a3abbef,2024-11-15T13:58:08.913000 CVE-2024-52555,0,0,5bd2a197b9b62d1570e8e4e5ac858dca21aea78d7b7b9d312bc19de044b868c9,2024-11-15T16:15:38.340000 CVE-2024-5256,0,0,c0c79be075ef53b66bd4c726b840e366d70c6f0c56013178c0440e2e2bf91c1e,2024-09-24T18:41:40.007000 +CVE-2024-52565,1,1,859abd0bdf8233cad1c1d83599906a8645b1b858477b59b1e1f34a38b4407b8e,2024-11-18T16:15:27.020000 +CVE-2024-52566,1,1,65ea9eb0ea203428a60a6d1ceb8ae113bb3a66e48c842e7c297ae793520fc822,2024-11-18T16:15:27.287000 +CVE-2024-52567,1,1,71206ca9b022e1a325115677980c79d7ac7040aa42eedfb8a3eb333f68f2fdf2,2024-11-18T16:15:27.537000 +CVE-2024-52568,1,1,9f5e0ce652b55e6de0708a9f9cab1297501f810761acb225a16d8d9369d59bb1,2024-11-18T16:15:27.773000 +CVE-2024-52569,1,1,3c91a3c112c73a43b533451fa9b7931016fb98e63fc148705ac45fdbf7ee2716,2024-11-18T16:15:28.063000 CVE-2024-5257,0,0,e4fba0a5c9dc635ae9582dcee356a08c90165a6e8c8a0a01b6dfbef5e885cd24,2024-07-12T16:54:34.517000 +CVE-2024-52570,1,1,33e194e02359bfc027fdf690607f5b74ae498873e57aacfb6d947988a091a110,2024-11-18T16:15:28.300000 +CVE-2024-52571,1,1,3ad373a9bd484157ecb835cd80f01e58066c7217e4a83e5a1600817a69b0f1b1,2024-11-18T16:15:28.533000 +CVE-2024-52572,1,1,7584cdefdc20f71f5ae0d7d38fda05e62662881d7ba14cb78c757091b3ed09b8,2024-11-18T16:15:28.767000 +CVE-2024-52573,1,1,94c3b1c76f49770abd095eece0ecc02a7f1dba517c7026c03046e4bc22d9d693,2024-11-18T16:15:29.110000 +CVE-2024-52574,1,1,4b23fe4c59c7ea3b5f5f38efc3799c5b843064b1848919d0ce406c92f35b578d,2024-11-18T16:15:29.400000 CVE-2024-5258,0,0,51134eb56f05332c584317818ff995de56b2de598a9752cb1990f31f73c535e3,2024-05-24T01:15:30.977000 CVE-2024-5259,0,0,b3c664cd11ddb9db1b34b50011b18499fc5ac06e8b6b6a588e8cf7d8bc26fc37,2024-06-11T17:44:42.783000 CVE-2024-5260,0,0,1ea9956e2812efb1ad02a50e6e15b3c5419e86ea96923b6afc83449c65511582,2024-07-02T12:09:16.907000 @@ -266464,25 +266520,25 @@ CVE-2024-5288,0,0,099c1d3c2643003d52a5f473484a6d38731263e3329a5baa027f91acf14938 CVE-2024-5289,0,0,a02da373ddf627c39a88f09ba37230dcf191b29c84a32613f97fcb834cd9c524,2024-06-28T13:13:36.980000 CVE-2024-5290,0,0,35d091933943d3d7227642594800fb6801417d7c5ce37502d2fb6d1c6a076c33,2024-09-17T13:09:13.683000 CVE-2024-5291,0,0,a73212295ca40d57df3fe276c935be7cf4995dc49a26ea7361780508749e211f,2024-05-24T01:15:30.977000 -CVE-2024-52912,0,0,f6c1192b6c6e7b973cf0a3f1c19bd1c2c8355f10e0f30c2623e48f245f378667,2024-11-18T04:15:04.443000 -CVE-2024-52913,0,0,bbc05683b850cc8065457412bf8f03a18ead18e211cbaa2fbadfdc7d9cc379d3,2024-11-18T04:15:04.500000 -CVE-2024-52914,0,0,924e32a0e8cb2e7d1ecdbe0ee7b3f2c66ed32847346d79911d4f8baefa620c88,2024-11-18T04:15:04.567000 -CVE-2024-52915,0,0,be019f94aea0804cc75808dd760669ab2fad40f58ce2f89d0dc6e8ab5b36a7e9,2024-11-18T04:15:04.633000 -CVE-2024-52916,0,0,7690ba750470f1aed7b8dec92fc0c098aebe3f9dc0fe3e8692e203def3168778,2024-11-18T04:15:04.697000 -CVE-2024-52917,0,0,9102f7f7d9fc47b956c15891e67881de133ff5748cc9634cc20d81cef98ffac0,2024-11-18T04:15:04.760000 -CVE-2024-52918,0,0,a73d0f2cdf700c0012dca3c759d37cceed4e616528ee91c077b20e1d7d92071e,2024-11-18T04:15:04.823000 -CVE-2024-52919,0,0,cef0a539618282146f102d0fe98c0422c62e8d82425975ab449c00d92ce22375,2024-11-18T04:15:04.890000 +CVE-2024-52912,0,1,7731ffe6049ba2887e7e3409e2cd49b9e454ae3bea3564fc5bad08ae5d1110dc,2024-11-18T16:35:14.273000 +CVE-2024-52913,0,1,206151d8b5b23f45caf2d0a6c40b9cf1e610ceea76edf868a48f3415c1d7c9a7,2024-11-18T16:35:15.113000 +CVE-2024-52914,0,1,3059e99d9ace138ddec5fe0b60f62fc8bbbc39ca7d1a392356f2e5cfcce9f9d1,2024-11-18T16:35:16.680000 +CVE-2024-52915,0,1,0eaf979c3fff4ad6b5f04a96a5105014cb9539b5c00632c2dd87e9dfb162b045,2024-11-18T16:35:17.807000 +CVE-2024-52916,0,1,58dc8e4891219ffd028df95777970872c88d93d26a7447ba60f4ac76e73e4929,2024-11-18T16:35:18.907000 +CVE-2024-52917,0,1,47fda922d19bb2c9472a7783a82fd99e7130fb820aa9b8f40029a5f6c0ba5197,2024-11-18T16:35:19.943000 +CVE-2024-52918,0,1,569925c852de5b6887cebb28542887bc891949af27000f6d1ca9cc6e464fb774,2024-11-18T16:35:20.793000 +CVE-2024-52919,0,1,dd412698e55d29f3e606c31914db0628a4c9a9e1ccaadd4865c4ff9c35214a02,2024-11-18T16:35:21.600000 CVE-2024-5292,0,0,46d8600092b67d78419e8396a0475f44ad2d697d614c735fcdb066f1cf0c44cc,2024-05-24T01:15:30.977000 -CVE-2024-52920,0,0,a5f6c9eff299a4ba09a42ed0c9241c846d22d91b7cedf4d695f05a6d58b5554c,2024-11-18T04:15:04.960000 -CVE-2024-52921,0,0,ed4278ef3df36ef30c2cce649cf44a8b2eae7bac125243cbe22628ba15916306,2024-11-18T04:15:05.023000 +CVE-2024-52920,0,1,a365c9979aca21dad6b6fa7b7fa870ad020322d0d18562fea5341ae97f5e284c,2024-11-18T16:35:22.413000 +CVE-2024-52921,0,1,1610e1abbcc126dc8407817cb9b2ae6042d92c935d9de599bf9be503f888f5e0,2024-11-18T16:35:23.227000 CVE-2024-52922,0,0,41064221b415d208b3430f5d1dea9756de777280fa574c29151d5624fd8d3f24,2024-11-18T04:15:05.083000 CVE-2024-52926,0,0,85aa8f8bcf430bff337ab36716ca6d5e43ae2b3bc9930c2ea3ecc1651d8bcbe9,2024-11-18T04:15:05.140000 CVE-2024-5293,0,0,a0cc00d9353625760ac0d77b1ffd0d6d05d987e18d154ce46567c1580d6373f0,2024-05-24T01:15:30.977000 CVE-2024-5294,0,0,717ff7ad64d7503e40c366bff13431a98da71a0fd2586ca956ddf2437b8cbb81,2024-05-24T01:15:30.977000 -CVE-2024-52940,0,0,0c271ed0a167b4f1afbe1b4098784f97280b8973c797d78180215b56523d8f3d,2024-11-18T05:15:05.200000 -CVE-2024-52941,0,0,51bd162e4da9767520d98371683fa483d51db8ae6c0a2ab66abeacc7ad6102a6,2024-11-18T06:15:05.283000 -CVE-2024-52942,0,0,d5f0c1b9ccae7646bd21c522a86a46043c2ba2722459ffc9f37022ea81793ad5,2024-11-18T06:15:05.543000 -CVE-2024-52943,0,0,817be99dbe39212ecb7762443fb6d8592291e04f1acdaf485485b5924fdeb77a,2024-11-18T06:15:05.793000 +CVE-2024-52940,0,1,e7d4aa384f7b67190c5024f269617660e85aa41c42486a6e8a7e79a4d9811d64,2024-11-18T16:35:24.040000 +CVE-2024-52941,0,1,1f1d1d2646db7f9e6fbe32ec16f2e067ebbc1d84f8376bb2f33434e25429fb4a,2024-11-18T16:35:24.863000 +CVE-2024-52942,0,1,8eb255b55d7968c56ee645ead487e1034db2abd44ca31f35c2f7679598a36c39,2024-11-18T16:35:25.583000 +CVE-2024-52943,0,1,36e74df3ee9de86580c86ebea278393f7fc04a832a3b340a032ca59125ee68a4,2024-11-18T16:35:26.300000 CVE-2024-52944,0,0,1d9415c3df1effaf2fdd768ecef7969eb9d7287485995e406bc8593dede48522,2024-11-18T06:15:06.017000 CVE-2024-52945,0,0,e54042d64c703df9e8ef816c66f3cff2051889def833fc918055f834dff7d703,2024-11-18T06:15:06.250000 CVE-2024-52946,0,0,92efe9cbd4f19ea913955a20e2df0ccae22f1fbb17a5e4b04f9c5102bfcb8f14,2024-11-18T06:15:06.460000 @@ -269374,7 +269430,7 @@ CVE-2024-8777,0,0,abf6497bbb9ed542a83ea295cf446b5b0a64e2a3685378272b7c6e8d7a6d84 CVE-2024-8778,0,0,04f76622204759cf035b6cf776488dd4e0117dc8a28cbc6a6f40333ff951b555,2024-09-20T14:23:37.697000 CVE-2024-8779,0,0,265c21235e2afe2292182db580bb12dd49935199c0a514bb7965dfbc0ef67e6b,2024-09-17T11:27:50.290000 CVE-2024-8780,0,0,390f3cd9aeaa4212ebd65fe7e603fc1df2783bc2afd801c860ac757dc6f09931,2024-09-20T14:35:20.250000 -CVE-2024-8781,1,1,2c654bf661c293c959d06e86cc607a3c079300764b8e02259277654be925fbed,2024-11-18T14:15:05.730000 +CVE-2024-8781,0,0,2c654bf661c293c959d06e86cc607a3c079300764b8e02259277654be925fbed,2024-11-18T14:15:05.730000 CVE-2024-8782,0,0,ec0da4baac22ae9eceb8ce2507375e0a71b6a51926de3cc40576bcd259fd7175,2024-09-19T01:46:07.003000 CVE-2024-8783,0,0,b434dfc5f50cf2811a1f5688ac574f745dec48e5af54cf5f568ce8560b0e2702,2024-09-19T01:38:57.033000 CVE-2024-8784,0,0,7bc5ed86fd42122481efd27561493828acec6a50cb9d34c0b1c40453c943431f,2024-09-19T01:38:35.177000 @@ -269828,6 +269884,7 @@ CVE-2024-9470,0,0,13c3a583553fbf2e90723a5a0ed6f2354808c5a1753993b658aba04d0ed9b2 CVE-2024-9471,0,0,2517c360d1e41d9c7ea79e15df7f34465e8f98b985f9011876ffa34a1656df21,2024-10-15T16:55:45.090000 CVE-2024-9472,0,0,6dc75bb8c902376e1f062a26c7a99982f272de37330a03e0fbfe9796bed76fac,2024-11-15T13:58:08.913000 CVE-2024-9473,0,0,2610a860a1ec132e11b499793a273ee08374ba46887944874ff47b7b5fdd4588,2024-10-17T06:15:04.983000 +CVE-2024-9474,1,1,d6dbf9f7c18fc2211b2dc10f059a5a75199c26bbaaf42f50d455c0b051687053,2024-11-18T16:15:29.780000 CVE-2024-9475,0,0,273622ecfea8dd0cb8d3a034084a5946e50b2bee83443e844bae24857067e968,2024-10-28T13:58:09.230000 CVE-2024-9476,0,0,e9d7dbd43229ebc9ea9972271d753666a58d144ea232688064d92b4b52fc9277,2024-11-15T14:00:09.720000 CVE-2024-9477,0,0,cf43e95350fa7037b016e95ffdd76723a0091878a7d1f39dfbb116076ef07df2,2024-11-15T22:54:21.233000 @@ -269852,7 +269909,7 @@ CVE-2024-9519,0,0,2bb44dd736fdc130a04995624f7dece0b5eecdbbfca83c65536d849a586e04 CVE-2024-9520,0,0,043b00f2bf4932488b29ee05bd55762d90704159cb97bf4c710160da6d129691,2024-10-15T14:34:59.660000 CVE-2024-9521,0,0,09a594ea849fc5009e458f6cc46742d3176f440810ef4457104bfe2103f1d0c7,2024-10-16T16:38:14.557000 CVE-2024-9522,0,0,884c9004d667a145fae3b3526c4cb56c9d9a1365bd2a57b2af580c0e3b9c19a1,2024-10-15T14:27:41.553000 -CVE-2024-9526,1,1,251fce6ca8df5cc44c0860f1fbb78180e4c258770ef7e2f7982582b4ddb743a6,2024-11-18T14:15:05.873000 +CVE-2024-9526,0,0,251fce6ca8df5cc44c0860f1fbb78180e4c258770ef7e2f7982582b4ddb743a6,2024-11-18T14:15:05.873000 CVE-2024-9528,0,0,ad76266403ba94311c1f58d7258b765d914c39ddcd1148706c2e05f82ca92e87,2024-10-07T17:48:28.117000 CVE-2024-9529,0,0,a74498e9b247fb3cd22f5e7796c9032948030a8869b02aae9fc90324965437c4,2024-11-15T19:35:19.160000 CVE-2024-9530,0,0,a4f4ec0ca4c538513c522bc25437bdee95aa200ea2c8ddaeaa2d301c3f668205,2024-10-25T18:52:10.810000