diff --git a/CVE-2020/CVE-2020-103xx/CVE-2020-10367.json b/CVE-2020/CVE-2020-103xx/CVE-2020-10367.json index e1b791a0d7d..8989891c801 100644 --- a/CVE-2020/CVE-2020-103xx/CVE-2020-10367.json +++ b/CVE-2020/CVE-2020-103xx/CVE-2020-10367.json @@ -2,13 +2,17 @@ "id": "CVE-2020-10367", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T23:15:04.170", - "lastModified": "2024-11-11T00:15:13.480", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory access via a \"Spectra\" attack." + }, + { + "lang": "es", + "value": "Ciertos chips Cypress (y Broadcom) Wireless Combo, cuando no hay una actualizaci\u00f3n de firmware de enero de 2021, permiten el acceso a la memoria a trav\u00e9s de un ataque \"Spectra\"." } ], "metrics": {}, diff --git a/CVE-2020/CVE-2020-103xx/CVE-2020-10368.json b/CVE-2020/CVE-2020-103xx/CVE-2020-10368.json index 85c44c68768..3630e8ef040 100644 --- a/CVE-2020/CVE-2020-103xx/CVE-2020-10368.json +++ b/CVE-2020/CVE-2020-103xx/CVE-2020-10368.json @@ -2,13 +2,17 @@ "id": "CVE-2020-10368", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T23:15:04.247", - "lastModified": "2024-11-11T00:15:13.607", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory read access via a \"Spectra\" attack." + }, + { + "lang": "es", + "value": "Ciertos chips Cypress (y Broadcom) Wireless Combo, cuando no hay una actualizaci\u00f3n de firmware de enero de 2021, permiten el acceso de lectura de memoria a trav\u00e9s de un ataque \"Spectra\"." } ], "metrics": {}, diff --git a/CVE-2020/CVE-2020-103xx/CVE-2020-10369.json b/CVE-2020/CVE-2020-103xx/CVE-2020-10369.json index ac2f15c2f2a..f6120e5fc64 100644 --- a/CVE-2020/CVE-2020-103xx/CVE-2020-10369.json +++ b/CVE-2020/CVE-2020-103xx/CVE-2020-10369.json @@ -2,13 +2,17 @@ "id": "CVE-2020-10369", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T23:15:04.307", - "lastModified": "2024-11-11T00:15:13.660", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow inferences about memory content via a \"Spectra\" attack." + }, + { + "lang": "es", + "value": "Ciertos chips Cypress (y Broadcom) Wireless Combo, cuando no hay una actualizaci\u00f3n de firmware de enero de 2021, permiten inferencias sobre el contenido de la memoria a trav\u00e9s de un ataque \"Spectra\"." } ], "metrics": {}, diff --git a/CVE-2020/CVE-2020-103xx/CVE-2020-10370.json b/CVE-2020/CVE-2020-103xx/CVE-2020-10370.json index dc3447de18f..cbe2b44d202 100644 --- a/CVE-2020/CVE-2020-103xx/CVE-2020-10370.json +++ b/CVE-2020/CVE-2020-103xx/CVE-2020-10370.json @@ -2,13 +2,17 @@ "id": "CVE-2020-10370", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T00:15:13.707", - "lastModified": "2024-11-11T00:15:13.707", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a \"Spectra\" attack." + }, + { + "lang": "es", + "value": "Ciertos chips combinados inal\u00e1mbricos Cypress (y Broadcom) como CYW43455, cuando no hay una actualizaci\u00f3n de firmware Bluetooth del 26/01/2021, permiten una interrupci\u00f3n del Bluetooth a trav\u00e9s de un ataque \"Spectra\"." } ], "metrics": {}, diff --git a/CVE-2021/CVE-2021-354xx/CVE-2021-35473.json b/CVE-2021/CVE-2021-354xx/CVE-2021-35473.json index 84b65b376ea..1be97116315 100644 --- a/CVE-2021/CVE-2021-354xx/CVE-2021-35473.json +++ b/CVE-2021/CVE-2021-354xx/CVE-2021-35473.json @@ -2,13 +2,17 @@ "id": "CVE-2021-35473", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T23:15:04.383", - "lastModified": "2024-11-10T23:15:04.383", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in LemonLDAP::NG before 2.0.12. There is a missing expiration check in the OAuth2.0 handler, i.e., it does not verify access token validity. An attacker can use a expired access token from an OIDC client to access the OAuth2 handler The earliest affected version is 2.0.4." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en LemonLDAP::NG antes de la versi\u00f3n 2.0.12. Falta una comprobaci\u00f3n de caducidad en el controlador OAuth2.0, es decir, no verifica la validez del token de acceso. Un atacante puede usar un token de acceso caducado de un cliente OIDC para acceder al controlador OAuth2. La primera versi\u00f3n afectada es la 2.0.4." } ], "metrics": {}, diff --git a/CVE-2021/CVE-2021-417xx/CVE-2021-41737.json b/CVE-2021/CVE-2021-417xx/CVE-2021-41737.json index 7ac13d7136f..eedd8c600f9 100644 --- a/CVE-2021/CVE-2021-417xx/CVE-2021-41737.json +++ b/CVE-2021/CVE-2021-417xx/CVE-2021-41737.json @@ -2,13 +2,17 @@ "id": "CVE-2021-41737", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T23:15:04.450", - "lastModified": "2024-11-10T23:15:04.450", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Faust 2.23.1, an input file with the lines \"// r visualisation tCst\" and \"//process = +: L: abM-^Q;\" and \"process = route(3333333333333333333,2,1,2,3,1) : *;\" leads to stack consumption." + }, + { + "lang": "es", + "value": "En Faust 2.23.1, un archivo de entrada con las l\u00edneas \"// r visualisation tCst\" y \"//process = +: L: abM-^Q;\" y \"process = route(3333333333333333333,2,1,2,3,1) : *;\" conduce al consumo de la pila." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-327xx/CVE-2023-32736.json b/CVE-2023/CVE-2023-327xx/CVE-2023-32736.json new file mode 100644 index 00000000000..a3830866d6d --- /dev/null +++ b/CVE-2023/CVE-2023-327xx/CVE-2023-32736.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2023-32736", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:05.527", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions < V17 Update 8), SIMATIC STEP 7 Safety V18 (All versions < V18 Update 5), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions < V17 Update 8), SIMATIC STEP 7 V18 (All versions < V18 Update 5), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions < V17 Update 8), SIMATIC WinCC Unified V18 (All versions < V18 Update 5), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions < V17 Update 8), SIMATIC WinCC V18 (All versions < V18 Update 5), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions < V17 Update 8), SIMOCODE ES V18 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SIRIUS Safety ES V17 (All versions < V17 Update 8), SIRIUS Safety ES V18 (All versions), SIRIUS Soft Starter ES V17 (All versions < V17 Update 8), SIRIUS Soft Starter ES V18 (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions < V4.6.0.1), TIA Portal Cloud V18 (All versions < V4.6.1.0). Affected products do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.0, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-871035.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2023/CVE-2023-404xx/CVE-2023-40457.json b/CVE-2023/CVE-2023-404xx/CVE-2023-40457.json index 4b5aa4a99cc..f2ef4485d7c 100644 --- a/CVE-2023/CVE-2023-404xx/CVE-2023-40457.json +++ b/CVE-2023/CVE-2023-404xx/CVE-2023-40457.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40457", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T00:15:13.817", - "lastModified": "2024-11-11T00:15:13.817", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is \"evaluating support for RFC 7606 as a future feature\" and believes that \"customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks.\"" + }, + { + "lang": "es", + "value": "El daemon BGP en Extreme Networks ExtremeXOS (tambi\u00e9n conocido como EXOS) 30.7.1.1 permite que un atacante (que no est\u00e1 en una red conectada directamente) provoque una denegaci\u00f3n de servicio (reinicio de sesi\u00f3n BGP) debido a un manejo incorrecto de errores de atributos BGP (para los atributos 21 y 25). NOTA: el proveedor lo niega porque est\u00e1 \"evaluando la compatibilidad con RFC 7606 como una caracter\u00edstica futura\" y cree que \"los clientes que han optado por no requerir o implementar RFC 7606 lo han hecho voluntariamente y con conocimiento de lo que se necesita para defenderse contra este tipo de ataques\"." } ], "metrics": {}, diff --git a/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json b/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json index ae35cd80074..98a86e3a70f 100644 --- a/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json +++ b/CVE-2023/CVE-2023-462xx/CVE-2023-46280.json @@ -2,13 +2,13 @@ "id": "CVE-2023-46280", "sourceIdentifier": "productcert@siemens.com", "published": "2024-05-14T16:15:40.800", - "lastModified": "2024-10-08T09:15:08.837", + "lastModified": "2024-11-12T13:15:05.960", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." + "value": "A vulnerability has been identified in S7-PCT (All versions), Security Configuration Tool (SCT) (All versions), SIMATIC Automation Tool (All versions < V5.0 SP2), SIMATIC BATCH V9.1 (All versions < V9.1 SP2 Upd5), SIMATIC NET PC Software V16 (All versions < V16 Update 8), SIMATIC NET PC Software V17 (All versions), SIMATIC NET PC Software V18 (All versions < V18 SP1), SIMATIC NET PC Software V19 (All versions < V19 Update 2), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC PDM V9.2 (All versions < V9.2 SP2 Upd3), SIMATIC Route Control V9.1 (All versions < V9.1 SP2 Upd3), SIMATIC STEP 7 V5 (All versions), SIMATIC WinCC OA V3.17 (All versions), SIMATIC WinCC OA V3.18 (All versions < V3.18 P025), SIMATIC WinCC OA V3.19 (All versions < V3.19 P010), SIMATIC WinCC Runtime Advanced (All versions), SIMATIC WinCC Runtime Professional V16 (All versions < V16 Update 6), SIMATIC WinCC Runtime Professional V17 (All versions < V17 Update 8), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 4), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5), SINAMICS Startdrive (All versions < V19 SP1), SINEC NMS (All versions < V3.0), SINEC NMS (All versions < V3.0 SP1), SINUMERIK ONE virtual (All versions < V6.23), SINUMERIK PLC Programming Tool (All versions < V3.3.12), TIA Portal Cloud Connector (All versions < V2.0), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 4), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 2). The affected applications contain an out of bounds read vulnerability. This could allow an attacker to cause a Blue Screen of Death (BSOD) crash of the underlying Windows kernel." }, { "lang": "es", @@ -96,6 +96,10 @@ } ], "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "source": "productcert@siemens.com" + }, { "url": "https://cert-portal.siemens.com/productcert/html/ssa-784301.html", "source": "productcert@siemens.com" diff --git a/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json b/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json index c583e1adab2..efca70f7d24 100644 --- a/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json +++ b/CVE-2023/CVE-2023-490xx/CVE-2023-49069.json @@ -2,13 +2,13 @@ "id": "CVE-2023-49069", "sourceIdentifier": "productcert@siemens.com", "published": "2024-09-10T10:15:08.947", - "lastModified": "2024-10-10T15:15:14.937", + "lastModified": "2024-11-12T13:15:06.193", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames." + "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.16 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.32 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-101xx/CVE-2024-10179.json b/CVE-2024/CVE-2024-101xx/CVE-2024-10179.json index 8ae65230576..1c0eb7722dc 100644 --- a/CVE-2024/CVE-2024-101xx/CVE-2024-10179.json +++ b/CVE-2024/CVE-2024-101xx/CVE-2024-10179.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10179", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T07:15:03.377", - "lastModified": "2024-11-12T07:15:03.377", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Slickstream: Engagement and Conversions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's slick-grid shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Slickstream: Engagement and Conversions para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del c\u00f3digo abreviado slick-grid del complemento en todas las versiones hasta la 1.4.4 incluida, debido a una desinfecci\u00f3n de entrada insuficiente y al escape de salida en los atributos proporcionados por el usuario. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10245.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10245.json index 6120c278b5e..f64e9a8b8e9 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10245.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10245.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10245", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T10:15:04.003", - "lastModified": "2024-11-12T10:15:04.003", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10261.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10261.json index 0bda575f866..b46975520de 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10261.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10261.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10261", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T12:15:16.800", - "lastModified": "2024-11-09T12:15:16.800", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.13.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + }, + { + "lang": "es", + "value": "El complemento The Paid Membership Subscriptions \u2013 Effortless Memberships, Recurring Payments & Content Restriction para WordPress es vulnerable a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios en todas las versiones hasta la 2.13.0 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10265.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10265.json index f7e31cca97c..fcbb1fc1f79 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10265.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10265.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10265", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-10T13:15:03.657", - "lastModified": "2024-11-10T13:15:03.657", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.15.30. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Form Maker by 10Web \u2013 Mobile-Friendly Drag & Drop Contact Form Builder para WordPress, es vulnerable a ataques de Cross-site Scripting reflejado debido al uso de add_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 1.15.30 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10284.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10284.json index fad1f8d3e3d..4de50d94503 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10284.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10284.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10284", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:03.943", - "lastModified": "2024-11-09T03:15:03.943", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The CE21 Suite plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.2.0. This is due to hardcoded encryption key in the 'ce21_authentication_phrase' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email." + }, + { + "lang": "es", + "value": "El complemento CE21 Suite para WordPress es vulnerable a la omisi\u00f3n de autenticaci\u00f3n en versiones hasta la 2.2.0 incluida. Esto se debe a una clave de cifrado codificada en la funci\u00f3n 'ce21_authentication_phrase'. Esto permite que atacantes no autenticados inicien sesi\u00f3n como cualquier usuario existente en el sitio, como un administrador, si tienen acceso al correo electr\u00f3nico." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10285.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10285.json index f0f9db0ba29..aa70c882684 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10285.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10285.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10285", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:04.410", - "lastModified": "2024-11-09T03:15:04.410", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The CE21 Suite plugin for WordPress is vulnerable to sensitive information disclosure via the plugin-log.txt in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to log in the user associated with the JWT token." + }, + { + "lang": "es", + "value": "El complemento CE21 Suite para WordPress es vulnerable a la divulgaci\u00f3n de informaci\u00f3n confidencial a trav\u00e9s del archivo plugin-log.txt en versiones hasta la 2.2.0 incluida. Esto permite que atacantes no autenticados inicien sesi\u00f3n en el usuario asociado con el token JWT." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-102xx/CVE-2024-10294.json b/CVE-2024/CVE-2024-102xx/CVE-2024-10294.json index d2edc8742a5..2483911f56e 100644 --- a/CVE-2024/CVE-2024-102xx/CVE-2024-10294.json +++ b/CVE-2024/CVE-2024-102xx/CVE-2024-10294.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10294", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:04.647", - "lastModified": "2024-11-09T03:15:04.647", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The CE21 Suite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ce21_single_sign_on_save_api_settings' function in versions up to, and including, 2.2.0. This makes it possible for unauthenticated attackers to change plugin settings." + }, + { + "lang": "es", + "value": "El complemento CE21 Suite para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n 'ce21_single_sign_on_save_api_settings' en versiones hasta la 2.2.0 incluida. Esto hace posible que atacantes no autenticados cambien la configuraci\u00f3n del complemento." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10314.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10314.json index 62732ee10d0..b7879a09828 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10314.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10314.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10314", "sourceIdentifier": "security@puppet.com", "published": "2024-11-11T14:15:14.190", - "lastModified": "2024-11-11T14:15:14.190", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Wi\u0119sek." + "value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the auto-generation function was identified. Reported by Karol Wi?sek." + }, + { + "lang": "es", + "value": "En versiones de Helix Core anteriores a 2024.2, se identific\u00f3 una denegaci\u00f3n de servicio (DoS) remota no autenticada a trav\u00e9s de la funci\u00f3n de generaci\u00f3n autom\u00e1tica. Informado por Karol Wi?sek." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10315.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10315.json index 15368544e00..592b59ba6a5 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10315.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10315.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10315", "sourceIdentifier": "security@puppet.com", "published": "2024-11-11T20:15:17.223", - "lastModified": "2024-11-11T20:15:17.223", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Gliffy Online an insecure configuration was discovered in versions before 4.14.0-6" + }, + { + "lang": "es", + "value": "En Gliffy Online se descubri\u00f3 una configuraci\u00f3n insegura en versiones anteriores a 4.14.0-6" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10323.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10323.json index bcd0eaa8cb4..b4ea44c03a3 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10323.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10323.json @@ -2,8 +2,8 @@ "id": "CVE-2024-10323", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T07:15:03.770", - "lastModified": "2024-11-12T07:15:03.770", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10344.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10344.json index 6753dad9635..8481574efc4 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10344.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10344.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10344", "sourceIdentifier": "security@puppet.com", "published": "2024-11-11T14:15:14.453", - "lastModified": "2024-11-11T14:15:14.453", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Wi\u0119sek." + "value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the refuse function was identified. Reported by Karol Wi?sek." + }, + { + "lang": "es", + "value": "En versiones de Helix Core anteriores a 2024.2, se identific\u00f3 una denegaci\u00f3n de servicio (DoS) remota no autenticada a trav\u00e9s de la funci\u00f3n de rechazo. Informado por Karol Wi?sek." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10345.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10345.json index 6e35f242be7..fbba97f348e 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10345.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10345.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10345", "sourceIdentifier": "security@puppet.com", "published": "2024-11-11T14:15:14.563", - "lastModified": "2024-11-11T14:15:14.563", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Wi\u0119sek." + "value": "In Helix Core versions prior to 2024.2, an unauthenticated remote Denial of Service (DoS) via the shutdown function was identified. Reported by Karol Wi?sek." + }, + { + "lang": "es", + "value": "En versiones de Helix Core anteriores a 2024.2, se identific\u00f3 una denegaci\u00f3n de servicio (DoS) remota no autenticada a trav\u00e9s de la funci\u00f3n de apagado. Informado por Karol Wi?sek." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-103xx/CVE-2024-10352.json b/CVE-2024/CVE-2024-103xx/CVE-2024-10352.json index f9745af0ae6..2a192d4d000 100644 --- a/CVE-2024/CVE-2024-103xx/CVE-2024-10352.json +++ b/CVE-2024/CVE-2024-103xx/CVE-2024-10352.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10352", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T12:15:17.243", - "lastModified": "2024-11-09T12:15:17.243", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Magical Addons For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.4 via the get_content_type function in includes/widgets/content-reveal.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data." + }, + { + "lang": "es", + "value": "El complemento Magical Addons For Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 1.2.4 incluida a trav\u00e9s de la funci\u00f3n get_content_type en features/widgets/content-reveal.php. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos confidenciales de plantillas privadas, pendientes y en borrador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-104xx/CVE-2024-10470.json b/CVE-2024/CVE-2024-104xx/CVE-2024-10470.json index b246ba64fd4..f7fcd90bcd7 100644 --- a/CVE-2024/CVE-2024-104xx/CVE-2024-10470.json +++ b/CVE-2024/CVE-2024-104xx/CVE-2024-10470.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10470", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T06:15:15.967", - "lastModified": "2024-11-09T06:15:15.967", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks in the readfile and unlink functions in all versions up to, and including, 4.962. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). The theme is vulnerable even when it is not activated." + }, + { + "lang": "es", + "value": "El tema WPLMS Learning Management System para WordPress, WordPress LMS para WordPress, es vulnerable a la lectura y eliminaci\u00f3n arbitraria de archivos debido a la insuficiente validaci\u00f3n de la ruta de archivo y las comprobaciones de permisos en las funciones readfile y unlink en todas las versiones hasta la 4.962 incluida. Esto hace posible que atacantes no autenticados eliminen archivos arbitrarios en el servidor, lo que puede conducir f\u00e1cilmente a la ejecuci\u00f3n remota de c\u00f3digo cuando se elimina el archivo correcto (como wp-config.php). El tema es vulnerable incluso cuando no est\u00e1 activado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10508.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10508.json index 73289824890..d3c06c56f80 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10508.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10508.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10508", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T08:15:02.920", - "lastModified": "2024-11-09T08:15:02.920", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0.2.6. This is due to the plugin not properly validating the password reset token prior to updating a user's password. This makes it possible for unauthenticated attackers to reset the password of arbitrary users, including administrators, and gain access to these accounts." + }, + { + "lang": "es", + "value": "El complemento RegistrationMagic \u2013 User Registration Plugin with Custom Registration Forms para WordPress es vulnerable a la escalada de privilegios mediante la apropiaci\u00f3n de cuentas en todas las versiones hasta la 6.0.2.6 incluida. Esto se debe a que el complemento no valida correctamente el token de restablecimiento de contrase\u00f1a antes de actualizar la contrase\u00f1a de un usuario. Esto permite que atacantes no autenticados restablezcan la contrase\u00f1a de usuarios arbitrarios, incluidos los administradores, y obtengan acceso a estas cuentas." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10538.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10538.json index a8dd8ce3918..c11e04bccf1 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10538.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10538.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10538", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T04:15:03.933", - "lastModified": "2024-11-12T04:15:03.933", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the before_label parameter in the Image Comparison widget in all versions up to, and including, 3.12.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Happy Addons para Elementor para WordPress es vulnerable a Cross Site Scripting almacenado a trav\u00e9s del par\u00e1metro before_label en el widget Comparaci\u00f3n de im\u00e1genes en todas las versiones hasta la 3.12.5 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10547.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10547.json index f17a6682f5d..63a147db0f5 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10547.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10547.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10547", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T08:15:03.563", - "lastModified": "2024-11-09T08:15:03.563", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.6.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento WP Membership para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n user_profile_image_upload() en todas las versiones hasta la 1.6.2 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10586.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10586.json index b71ec328aec..4376dbfeef5 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10586.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10586.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10586", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:04.940", - "lastModified": "2024-11-09T03:15:04.940", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the dbt_pull_image() function and missing file type validation in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to to create arbitrary files such as .php files that can be leveraged for remote code execution." + }, + { + "lang": "es", + "value": "El complemento Debug Tool para WordPress es vulnerable a la creaci\u00f3n de archivos arbitrarios debido a la falta de una comprobaci\u00f3n de capacidad en la funci\u00f3n dbt_pull_image() y la falta de validaci\u00f3n del tipo de archivo en todas las versiones hasta la 2.2 incluida. Esto hace posible que atacantes no autenticados creen archivos arbitrarios, como archivos .php, que pueden aprovecharse para la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10588.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10588.json index cbd4801611c..36722ae1f69 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10588.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10588.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10588", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:05.210", - "lastModified": "2024-11-09T03:15:05.210", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Debug Tool plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the info() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to obtain information from phpinfo(). When WP_DEBUG is enabled, this can be exploited by unauthenticated users as well." + }, + { + "lang": "es", + "value": "El complemento Debug Tool para WordPress es vulnerable al acceso no autorizado a los datos debido a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n info() en todas las versiones hasta la 2.2 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, obtengan informaci\u00f3n de phpinfo(). Cuando WP_DEBUG est\u00e1 habilitado, esto tambi\u00e9n puede ser explotado por usuarios no autenticados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-105xx/CVE-2024-10589.json b/CVE-2024/CVE-2024-105xx/CVE-2024-10589.json index ee9e00f9bf1..ab9e0074805 100644 --- a/CVE-2024/CVE-2024-105xx/CVE-2024-10589.json +++ b/CVE-2024/CVE-2024-105xx/CVE-2024-10589.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10589", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T08:15:03.910", - "lastModified": "2024-11-09T08:15:03.910", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the import_settings() function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site." + }, + { + "lang": "es", + "value": "El complemento Leopard - WordPress Offload Media para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos que puede provocar una escalada de privilegios debido a una falta de comprobaci\u00f3n de capacidad en la funci\u00f3n import_settings() en todas las versiones hasta la 3.1.1 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, actualicen opciones arbitrarias en el sitio de WordPress. Esto se puede aprovechar para actualizar el rol predeterminado para el registro como administrador y habilitar el registro de usuarios para que los atacantes obtengan acceso de usuario administrativo a un sitio vulnerable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10625.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10625.json index 42ba5f1a118..0735047fd9a 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10625.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10625.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10625", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T04:15:03.393", - "lastModified": "2024-11-09T04:15:03.393", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_tmp_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Support Ticket System para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n insuficiente de la ruta de archivo en la funci\u00f3n delete_tmp_uploaded_file() en todas las versiones hasta la 17.7 incluida. Esto hace posible que atacantes no autenticados eliminen archivos arbitrarios en el servidor, lo que puede provocar f\u00e1cilmente la ejecuci\u00f3n remota de c\u00f3digo cuando se elimina el archivo correcto (como wp-config.php)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10626.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10626.json index 76fd7b575b1..85a4ea81478 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10626.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10626.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10626", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T04:15:03.747", - "lastModified": "2024-11-09T04:15:03.747", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_uploaded_file() function in all versions up to, and including, 17.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Support Ticket System para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n insuficiente de la ruta de archivo en la funci\u00f3n delete_uploaded_file() en todas las versiones hasta la 17.7 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, eliminen archivos arbitrarios en el servidor, lo que puede provocar f\u00e1cilmente la ejecuci\u00f3n remota de c\u00f3digo cuando se elimina el archivo correcto (como wp-config.php)." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10627.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10627.json index 39d6a57ba9a..da31edc9e57 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10627.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10627.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10627", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T04:15:04.053", - "lastModified": "2024-11-09T04:15:04.053", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WooCommerce Support Ticket System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 17.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible." + }, + { + "lang": "es", + "value": "El complemento WooCommerce Support Ticket System para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n ajax_manage_file_chunk_upload() en todas las versiones hasta la 17.7 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10640.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10640.json index 0ee5a10a52d..04306f4fc60 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10640.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10640.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10640", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T12:15:17.460", - "lastModified": "2024-11-09T12:15:17.460", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The The FOX \u2013 Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.2.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + }, + { + "lang": "es", + "value": "El complemento FOX \u2013 Currency Switcher Professional para WooCommerce para WordPress es vulnerable a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios en todas las versiones hasta la 1.4.2.2 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10667.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10667.json index 72c6031c86c..d203b42d47a 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10667.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10667.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10667", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T05:15:07.640", - "lastModified": "2024-11-09T05:15:07.640", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento Content Slider Block para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 3.1.5 incluida a trav\u00e9s del c\u00f3digo corto [csb] debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones protegidas con contrase\u00f1a, privadas o en borrador a las que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10669.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10669.json index 7bff6320fb1..44b92588c52 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10669.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10669.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10669", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T05:15:08.017", - "lastModified": "2024-11-09T05:15:08.017", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Countdown Timer block \u2013 Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento The Countdown Timer block \u2013 Display the event's date into a timer para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 1.2.4 incluida a trav\u00e9s del c\u00f3digo corto [ctb] debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones protegidas con contrase\u00f1a, privadas o borradores a los que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10672.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10672.json index cc5e9ef89f1..9977a3e7ea2 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10672.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10672.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10672", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T04:15:04.170", - "lastModified": "2024-11-12T04:15:04.170", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Multiple Page Generator Plugin \u2013 MPG plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the mpg_upsert_project_source_block() function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with editor-level access and above, to delete limited files on the server." + }, + { + "lang": "es", + "value": "El complemento Multiple Page Generator Plugin \u2013 MPG para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n insuficiente de la ruta de archivo en la funci\u00f3n mpg_upsert_project_source_block() en todas las versiones hasta la 4.0.2 incluida. Esto permite que atacantes autenticados, con acceso de nivel de editor o superior, eliminen archivos limitados en el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10673.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10673.json index b92513dd982..2a0cd67bb73 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10673.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10673.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10673", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T04:15:04.363", - "lastModified": "2024-11-09T04:15:04.363", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Top Store theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the top_store_install_and_activate_callback() function in all versions up to, and including, 1.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins which can contain other exploitable vulnerabilities to elevate privileges and gain remote code execution." + }, + { + "lang": "es", + "value": "El tema Top Store para WordPress es vulnerable a la instalaci\u00f3n no autorizada de complementos arbitrarios debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n top_store_install_and_activate_callback() en todas las versiones hasta la 1.5.4 incluida. Esto hace posible que atacantes autenticados, con acceso de nivel de suscriptor y superior, instalen complementos arbitrarios que pueden contener otras vulnerabilidades explotables para elevar privilegios y obtener ejecuci\u00f3n remota de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10674.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10674.json index c0d42fe53d8..abd49428b8f 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10674.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10674.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10674", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T04:15:04.677", - "lastModified": "2024-11-09T04:15:04.677", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation." + }, + { + "lang": "es", + "value": "El tema Th Shop Mania para WordPress es vulnerable a la instalaci\u00f3n no autorizada de complementos arbitrarios debido a una falta de verificaci\u00f3n de capacidad en la funci\u00f3n th_shop_mania_install_and_activate_callback() en todas las versiones hasta la 1.4.9 incluida. Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, instalen complementos arbitrarios que pueden aprovecharse para explotar otras vulnerabilidades y lograr la ejecuci\u00f3n remota de c\u00f3digo y la escalada de privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10676.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10676.json index 21dcbaf3819..f985195fd42 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10676.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10676.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10676", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:04.117", - "lastModified": "2024-11-09T10:15:04.117", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wojciech Borowicz Conversion Helper allows Reflected XSS.This issue affects Conversion Helper: from n/a through 1.12." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Wojciech Borowicz Conversion Helper permite XSS reflejado. Este problema afecta a Conversion Helper: desde n/a hasta 1.12." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10683.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10683.json index 1eb2fc42e75..97fcc1b01c8 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10683.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10683.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10683", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T07:15:03.523", - "lastModified": "2024-11-09T07:15:03.523", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form 7 \u2013 PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This is only exploitable when the leave a review notice is present in the dashboard." + }, + { + "lang": "es", + "value": "El complemento Contact Form 7 \u2013 PayPal & Stripe para WordPress es vulnerable a ataques Cross-Site Scripting reflejado debido al uso de add_query_arg y remove_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 2.3.1 incluida. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace. Esto solo se puede explotar cuando el aviso para dejar una rese\u00f1a est\u00e1 presente en el panel de control." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10685.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10685.json index 51a896ccc0a..eff373fce58 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10685.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10685.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10685", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T04:15:04.410", - "lastModified": "2024-11-12T04:15:04.410", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Contact Form 7 Redirect & Thank You Page para WordPress es vulnerable a Cross Site Scripting reflejado a trav\u00e9s del par\u00e1metro 'tab' en todas las versiones hasta la 1.0.6 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10688.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10688.json index 47a8d7e2ff8..9da3096f7a9 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10688.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10688.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10688", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T07:15:05.720", - "lastModified": "2024-11-09T07:15:05.720", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento Attesa Extra para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 1.4.2 incluida a trav\u00e9s del c\u00f3digo abreviado 'attesa-template' debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones protegidas con contrase\u00f1a, privadas o borradores a las que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10693.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10693.json index 959ebd4559c..50e5a2f0590 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10693.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10693.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10693", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T04:15:04.943", - "lastModified": "2024-11-09T04:15:04.943", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SKT Addons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.3 via the Unfold widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento SKT Addons for Elementor para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 3.3 incluida a trav\u00e9s del widget Unfold debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones privadas o borradores creadas por Elementor a las que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-106xx/CVE-2024-10695.json b/CVE-2024/CVE-2024-106xx/CVE-2024-10695.json index 08d5b196d13..a38ca1af08d 100644 --- a/CVE-2024/CVE-2024-106xx/CVE-2024-10695.json +++ b/CVE-2024/CVE-2024-106xx/CVE-2024-10695.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10695", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T04:15:04.610", - "lastModified": "2024-11-12T04:15:04.610", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Futurio Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.0.13 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento Futurio Extra para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 2.0.13 incluida a trav\u00e9s del c\u00f3digo abreviado 'elementor-template' debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones privadas o borradores a los que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10770.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10770.json index 2d02a8eaf9f..3f143c57578 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10770.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10770.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10770", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T05:15:08.277", - "lastModified": "2024-11-09T05:15:08.277", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento Envo Extra para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 1.9.3 incluida a trav\u00e9s del c\u00f3digo abreviado 'elementor-template' debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones privadas o borradores creadas por Elementor a las que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10779.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10779.json index 730df84c192..13d24f7db1a 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10779.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10779.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10779", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:05.507", - "lastModified": "2024-11-09T03:15:05.507", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.0 via the 'ce_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to." + }, + { + "lang": "es", + "value": "El complemento Cowidgets \u2013 Elementor Addons para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n en todas las versiones hasta la 1.2.0 incluida a trav\u00e9s del c\u00f3digo abreviado 'ce_template' debido a restricciones insuficientes sobre qu\u00e9 publicaciones se pueden incluir. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, extraigan datos de publicaciones privadas o borradores creadas por Elementor a las que no deber\u00edan tener acceso." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-107xx/CVE-2024-10790.json b/CVE-2024/CVE-2024-107xx/CVE-2024-10790.json index edb391c453e..fdd777d8c05 100644 --- a/CVE-2024/CVE-2024-107xx/CVE-2024-10790.json +++ b/CVE-2024/CVE-2024-107xx/CVE-2024-10790.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10790", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T06:15:03.123", - "lastModified": "2024-11-12T06:15:03.123", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Admin and Site Enhancements (ASE) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 7.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. This feature must be enabled, and for specific roles in order to be exploitable." + }, + { + "lang": "es", + "value": "El complemento Admin and Site Enhancements (ASE) para WordPress es vulnerable a Cross Site Scripting almacenado mediante cargas de archivos SVG en todas las versiones hasta la 7.5.1 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel personalizado y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG. Esta funci\u00f3n debe estar habilitada y para roles espec\u00edficos para que sea explotable." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10801.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10801.json index 25277cdc5fc..38282eb62b2 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10801.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10801.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10801", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T08:15:04.260", - "lastModified": "2024-11-09T08:15:04.260", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_manage_file_chunk_upload() function in all versions up to, and including, 16.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. User registration must be enabled for this to be exploited." + }, + { + "lang": "es", + "value": "El complemento User Extra Fields de WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n ajax_manage_file_chunk_upload() en todas las versiones hasta la 16.5 incluida. Esto hace posible que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que puede hacer posible la ejecuci\u00f3n remota de c\u00f3digo. El registro de usuarios debe estar habilitado para que esto se pueda aprovechar." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10814.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10814.json index 0ede6476e5a..aee34f509e2 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10814.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10814.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10814", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T05:15:08.533", - "lastModified": "2024-11-09T05:15:08.533", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated attackers, with contributor-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services." + }, + { + "lang": "es", + "value": "El complemento Code Embed para WordPress es vulnerable a Server-Side Request Forgery en todas las versiones hasta la 2.5 incluida a trav\u00e9s de la funci\u00f3n ce_get_file(). Esto permite que atacantes autenticados, con acceso de nivel de colaborador y superior, realicen solicitudes web a ubicaciones arbitrarias que se originan en la aplicaci\u00f3n web y se pueden usar para consultar y modificar informaci\u00f3n de servicios internos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10837.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10837.json index debbb94c074..a95410cb488 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10837.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10837.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10837", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T13:15:04.737", - "lastModified": "2024-11-09T13:15:04.737", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SysBasics Customize My Account for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the \u2018tab\u2019 parameter in all versions up to, and including, 2.7.29 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento SysBasics Customize My Account for WooCommerce para WordPress es vulnerable a Cross-Site Scripting Reflejado a trav\u00e9s del par\u00e1metro 'tab' en todas las versiones hasta la 2.7.29 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10871.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10871.json index 732150e1252..e674991da6b 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10871.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10871.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10871", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T08:15:04.530", - "lastModified": "2024-11-09T08:15:04.530", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Category Ajax Filter plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.8.2 via the 'params[caf-post-layout]' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where files with a .php extension can be uploaded and included." + }, + { + "lang": "es", + "value": "El complemento Category Ajax Filter para WordPress es vulnerable a la inclusi\u00f3n de archivos locales en todas las versiones hasta la 2.8.2 incluida a trav\u00e9s del par\u00e1metro 'params[caf-post-layout]'. Esto permite que atacantes no autenticados incluyan y ejecuten archivos arbitrarios en el servidor, lo que permite la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos archivos. Esto se puede utilizar para eludir los controles de acceso, obtener datos confidenciales o lograr la ejecuci\u00f3n de c\u00f3digo en casos en los que se puedan cargar e incluir archivos con una extensi\u00f3n .php." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-108xx/CVE-2024-10876.json b/CVE-2024/CVE-2024-108xx/CVE-2024-10876.json index b062f5bd737..c2072f5c83f 100644 --- a/CVE-2024/CVE-2024-108xx/CVE-2024-10876.json +++ b/CVE-2024/CVE-2024-108xx/CVE-2024-10876.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10876", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T07:15:06.307", - "lastModified": "2024-11-09T07:15:06.307", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.8.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Charitable \u2013 Donation Plugin for WordPress \u2013 Fundraising with Recurring Donations & More para WordPress es vulnerable a Cross-Site Scripting reflejado debido al uso de add_query_arg y remove_query_arg sin el escape adecuado en la URL en todas las versiones hasta la 1.8.3 incluida. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10917.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10917.json index 27bd2a3093e..dc11b2ac160 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10917.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10917.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10917", "sourceIdentifier": "emo@eclipse.org", "published": "2024-11-11T17:15:04.203", - "lastModified": "2024-11-11T17:15:04.203", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In Eclipse OpenJ9 versions up to 0.47, the JNI function GetStringUTFLength may return an incorrect value which has wrapped around. From 0.48 the value is correct but may be truncated to include a smaller number of characters." + }, + { + "lang": "es", + "value": "En las versiones de Eclipse OpenJ9 hasta la 0.47, la funci\u00f3n JNI GetStringUTFLength puede devolver un valor incorrecto que se ha repetido una y otra vez. A partir de la 0.48, el valor es correcto, pero puede estar truncado para incluir una cantidad menor de caracteres." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10953.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10953.json index 5e93d333d19..c6db3b6c5f8 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10953.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10953.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10953", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2024-11-09T01:15:03.427", - "lastModified": "2024-11-09T02:15:17.443", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of." + }, + { + "lang": "es", + "value": "Un usuario autenticado de data.all puede realizar operaciones de ACTUALIZACI\u00d3N mutantes en registros de notificaci\u00f3n persistentes en data.all para notificaciones de grupo de las cuales su usuario no es miembro." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-109xx/CVE-2024-10958.json b/CVE-2024/CVE-2024-109xx/CVE-2024-10958.json index 9c0ae50384c..bbb0cfb14ad 100644 --- a/CVE-2024/CVE-2024-109xx/CVE-2024-10958.json +++ b/CVE-2024/CVE-2024-109xx/CVE-2024-10958.json @@ -2,13 +2,17 @@ "id": "CVE-2024-10958", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-10T13:15:03.940", - "lastModified": "2024-11-10T13:15:03.940", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution via getshortcodedrenderedfenodelay AJAX action in all versions up to, and including, 8.8.08.007 . This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes." + }, + { + "lang": "es", + "value": "El complemento The WP Photo Album Plus para WordPress es vulnerable a la ejecuci\u00f3n de c\u00f3digos cortos arbitrarios mediante la acci\u00f3n AJAX getshortcodedrenderedfenodelay en todas las versiones hasta la 8.8.08.007 incluida. Esto se debe a que el software permite a los usuarios ejecutar una acci\u00f3n que no valida correctamente un valor antes de ejecutar do_shortcode. Esto hace posible que atacantes no autenticados ejecuten c\u00f3digos cortos arbitrarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11016.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11016.json index 42d732c1f07..2bda96a696f 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11016.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11016.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11016", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T07:15:04.400", - "lastModified": "2024-11-11T07:15:04.400", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents." + }, + { + "lang": "es", + "value": "Webopac de Grand Vice info tiene una vulnerabilidad de inyecci\u00f3n SQL, lo que permite ataques remotos no autenticados para inyectar comandos SQL arbitrarios para leer, modificar y eliminar contenidos de bases de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11017.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11017.json index b417b00cc60..8c300ae6ca2 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11017.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11017.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11017", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T07:15:04.910", - "lastModified": "2024-11-11T07:15:04.910", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Webopac from Grand Vice info does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload and execute webshells, which could lead to arbitrary code execution on the server." + }, + { + "lang": "es", + "value": "Webopac de Grand Vice info no valida correctamente los tipos de archivos cargados, lo que permite a atacantes remotos con privilegios regulares cargar y ejecutar webshells, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11018.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11018.json index 35bb3478ece..f36a7d9f2ea 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11018.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11018.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11018", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T07:15:05.210", - "lastModified": "2024-11-11T07:15:05.210", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Webopac from Grand Vice info does not properly validate uploaded file types, allowing unauthenticated remote attackers to upload and execute webshells, which could lead to arbitrary code execution on the server." + }, + { + "lang": "es", + "value": "Webopac de Grand Vice info no valida correctamente los tipos de archivos cargados, lo que permite que atacantes remotos no autenticados carguen y ejecuten webshells, lo que podr\u00eda conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario en el servidor." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11019.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11019.json index 650959e3fe3..d1baf68fc35 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11019.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11019.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11019", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T07:15:05.517", - "lastModified": "2024-11-11T07:15:05.517", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Webopac from Grand Vice info has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript code in the user's browser through phishing techniques." + }, + { + "lang": "es", + "value": "Webopac de Grand Vice info tiene una vulnerabilidad de Cross-site Scripting reflejado, que permite a atacantes remotos no autenticados ejecutar c\u00f3digo JavaScript arbitrario en el navegador del usuario a trav\u00e9s de t\u00e9cnicas de phishing." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11020.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11020.json index 52abb61a123..539611ae16f 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11020.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11020.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11020", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:03.610", - "lastModified": "2024-11-11T08:15:03.610", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Webopac from Grand Vice info has a SQL Injection vulnerability, allowing unauthenticated remote attacks to inject arbitrary SQL commands to read, modify, and delete database contents." + }, + { + "lang": "es", + "value": "Webopac de Grand Vice info tiene una vulnerabilidad de inyecci\u00f3n SQL, lo que permite ataques remotos no autenticados para inyectar comandos SQL arbitrarios para leer, modificar y eliminar contenidos de bases de datos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11021.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11021.json index 61863c84bfe..3c1871aea92 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11021.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11021.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11021", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:04.987", - "lastModified": "2024-11-11T08:15:04.987", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Webopac from Grand Vice info has Stored Cross-site Scripting vulnerability. Remote attackers with regular privileges can inject arbitrary JavaScript code into the server. When users visit the compromised page, the code is automatically executed in their browser." + }, + { + "lang": "es", + "value": "Webopac de Grand Vice Info presenta una vulnerabilidad de Cross-site Scripting almacenado. Los atacantes remotos con privilegios normales pueden inyectar c\u00f3digo JavaScript arbitrario en el servidor. Cuando los usuarios visitan la p\u00e1gina comprometida, el c\u00f3digo se ejecuta autom\u00e1ticamente en su navegador." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11026.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11026.json index 6598ba97c3f..4b1bd5b98ac 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11026.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11026.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11026", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-08T22:15:14.610", - "lastModified": "2024-11-08T22:15:14.610", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Intelligent Apps Freenow App 12.10.0 on Android. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ch/qos/logback/core/net/ssl/SSL.java of the component Keystore Handler. The manipulation of the argument DEFAULT_KEYSTORE_PASSWORD with the input changeit leads to use of hard-coded password. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Intelligent Apps Freenow App 12.10.0 para Android. Se ha calificado como problem\u00e1tica. Este problema afecta a una funcionalidad desconocida del archivo ch/qos/logback/core/net/ssl/SSL.java del componente Keystore Handler. La manipulaci\u00f3n del argumento DEFAULT_KEYSTORE_PASSWORD con la entrada changeit conduce al uso de una contrase\u00f1a codificada. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. La explotaci\u00f3n se ha divulgado al p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta divulgaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11046.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11046.json index c6c88f201f7..29205f213a8 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11046.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11046.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11046", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T03:15:03.940", - "lastModified": "2024-11-10T03:15:03.940", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been classified as critical. Affected is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en D-Link DI-8003 16.07.16A1. Se ha clasificado como cr\u00edtica. La funci\u00f3n upgrade_filter_asp del archivo /upgrade_filter.asp est\u00e1 afectada. La manipulaci\u00f3n de la ruta de argumentos conduce a la inyecci\u00f3n de comandos del sistema operativo. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11047.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11047.json index c09c42b30bf..0d9b267d309 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11047.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11047.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11047", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T04:15:15.950", - "lastModified": "2024-11-10T04:15:15.950", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been declared as critical. Affected by this vulnerability is the function upgrade_filter_asp of the file /upgrade_filter.asp. The manipulation of the argument path leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en D-Link DI-8003 16.07.16A1. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a la funci\u00f3n upgrade_filter_asp del archivo /upgrade_filter.asp. La manipulaci\u00f3n de la ruta de argumentos provoca un desbordamiento del b\u00fafer basado en la pila. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11048.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11048.json index 5732bf4140a..8f9c5c9f73b 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11048.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11048.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11048", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T04:15:16.220", - "lastModified": "2024-11-10T04:15:16.220", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in D-Link DI-8003 16.07.16A1. It has been rated as critical. Affected by this issue is the function dbsrv_asp of the file /dbsrv.asp. The manipulation of the argument str leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en D-Link DI-8003 16.07.16A1. Se ha calificado como cr\u00edtica. Este problema afecta a la funci\u00f3n dbsrv_asp del archivo /dbsrv.asp. La manipulaci\u00f3n del argumento str provoca un desbordamiento del b\u00fafer basado en la pila. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11049.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11049.json index eb49024cdb2..a1d3d22e4fe 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11049.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11049.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11049", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T06:15:03.390", - "lastModified": "2024-11-10T06:15:03.390", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in ZKTeco ZKBio Time 9.0.1. Affected is an unknown function of the file /auth_files/photo/ of the component Image File Handler. The manipulation leads to direct request. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en ZKTeco ZKBio Time 9.0.1. Se ve afectada una funci\u00f3n desconocida del archivo /auth_files/photo/ del componente Image File Handler. La manipulaci\u00f3n conduce a una solicitud directa. Es posible lanzar el ataque de forma remota. La complejidad de un ataque es bastante alta. Se dice que la explotabilidad es dif\u00edcil. El exploit se ha revelado al p\u00fablico y puede usarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11050.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11050.json index bb9ba6a30d0..c2a25cea70c 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11050.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11050.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11050", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T07:15:03.450", - "lastModified": "2024-11-10T07:15:03.450", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204 and classified as problematic. This issue affects some unknown processing of the file /language.php. The manipulation of the argument LangID/LangName/LangEName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en AMTT Hotel Broadband Operation System hasta la versi\u00f3n 3.0.3.151204 y se ha clasificado como problem\u00e1tica. Este problema afecta a algunos procesos desconocidos del archivo /language.php. La manipulaci\u00f3n del argumento LangID/LangName/LangEName provoca Cross-site Scripting. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11051.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11051.json index a95c9867d7e..7d3d523ba09 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11051.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11051.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11051", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T08:15:03.380", - "lastModified": "2024-11-10T08:15:03.380", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in AMTT Hotel Broadband Operation System up to 3.0.3.151204. It has been classified as critical. Affected is an unknown function of the file /manager/frontdesk/online_status.php. The manipulation of the argument AccountID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en AMTT Hotel Broadband Operation System hasta la versi\u00f3n 3.0.3.151204. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /manager/frontdesk/online_status.php. La manipulaci\u00f3n del argumento AccountID provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Se contact\u00f3 al proveedor con anticipaci\u00f3n sobre esta revelaci\u00f3n, pero no respondi\u00f3 de ninguna manera." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11054.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11054.json index b8146e54f09..452d51ac19c 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11054.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11054.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11054", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T10:15:03.800", - "lastModified": "2024-11-10T10:15:03.800", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Simple Music Cloud Community System 1.0. This vulnerability affects unknown code of the file /music/ajax.php?action=signup. The manipulation of the argument pp leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Simple Music Cloud Community System 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /music/ajax.php?action=signup. La manipulaci\u00f3n del argumento pp permite la carga sin restricciones. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11055.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11055.json index 3e5acf86d08..1023f1b0471 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11055.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11055.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11055", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T15:15:13.970", - "lastModified": "2024-11-10T15:15:13.970", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en 1000 Projects Beauty Parlour Management System 1.0. Este problema afecta a algunos procesos desconocidos del archivo /admin/admin-profile.php. La manipulaci\u00f3n del argumento adminname conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11056.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11056.json index 783a89fab0a..0f23d0b72eb 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11056.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11056.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11056", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T17:15:15.697", - "lastModified": "2024-11-10T17:15:15.697", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Tenda AC10 16.03.10.13. Affected is the function FUN_0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Tenda AC10 16.03.10.13. La funci\u00f3n FUN_0046AC38 del archivo /goform/WifiExtraSet est\u00e1 afectada. La manipulaci\u00f3n del argumento wpapsk_crypto provoca un desbordamiento del b\u00fafer basado en la pila. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11057.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11057.json index 2e8bea8a90b..f70e742e2fb 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11057.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11057.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11057", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T18:15:16.517", - "lastModified": "2024-11-10T18:15:16.517", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in Codezips Hospital Appointment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /removeBranchResult.php. The manipulation of the argument ID/Name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Codezips Hospital Appointment System 1.0 y se ha clasificado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /removeBranchResult.php. La manipulaci\u00f3n del argumento ID/Name conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11058.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11058.json index d2f813c398a..6d09a274b24 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11058.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11058.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11058", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-10T23:15:04.570", - "lastModified": "2024-11-10T23:15:04.570", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in CodeAstro Real Estate Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /aboutedit.php of the component About Us Page. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en CodeAstro Real Estate Management System hasta la versi\u00f3n 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /aboutedit.php del componente About Us Page. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11059.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11059.json index 5a101a1e57d..edbec242abc 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11059.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11059.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11059", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T00:15:13.957", - "lastModified": "2024-11-11T00:15:13.957", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en Project Worlds Free Download Online Shopping System hasta 192.168.1.88. Se ha calificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /online-shopping-webvsite-in-php-master/success.php. La manipulaci\u00f3n del argumento id conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha revelado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11060.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11060.json index 6bd29dc2bae..6fe13413f19 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11060.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11060.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11060", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T01:15:04.233", - "lastModified": "2024-11-11T01:15:04.233", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform \u91d1\u548c\u6570\u5b57\u5316\u667a\u80fd\u529e\u516c\u5e73\u53f0 1.0. Affected is an unknown function of the file /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + "value": "A vulnerability classified as critical has been found in Jinher Network Collaborative Management Platform ??????????? 1.0. Affected is an unknown function of the file /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Jinher Network Collaborative Management Platform ??????????? 1.0. Se ve afectada una funci\u00f3n desconocida del archivo /C6/JHSoft.Web.AcceptAip/AcceptShow.aspx/. La manipulaci\u00f3n del argumento id provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11061.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11061.json index c14cd8d1130..36b91cb096f 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11061.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11061.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11061", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T01:15:04.523", - "lastModified": "2024-11-11T01:15:04.523", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function FUN_0044db3c of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en Tenda AC10 16.03.10.13. La funci\u00f3n FUN_0044db3c del archivo /goform/fast_setting_wifi_set se ve afectada por esta vulnerabilidad. La manipulaci\u00f3n del argumento timeZone provoca un desbordamiento del b\u00fafer basado en la pila. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11062.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11062.json index ca3b7fe8db3..38f45e92010 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11062.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11062.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11062", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:05.530", - "lastModified": "2024-11-11T08:15:05.530", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet." + }, + { + "lang": "es", + "value": "El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo, que permite a atacantes remotos con privilegios de administrador inyectar y ejecutar comandos de sistema arbitrarios a trav\u00e9s de una funcionalidad espec\u00edfica proporcionada por SSH y Telnet." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11063.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11063.json index 29bf661f3e9..835911c19a1 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11063.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11063.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11063", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:06.120", - "lastModified": "2024-11-11T08:15:06.120", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet." + }, + { + "lang": "es", + "value": "El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo, que permite a atacantes remotos con privilegios de administrador inyectar y ejecutar comandos de sistema arbitrarios a trav\u00e9s de una funcionalidad espec\u00edfica proporcionada por SSH y Telnet." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11064.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11064.json index 31898a84e8a..a8be3757d6b 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11064.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11064.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11064", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:06.653", - "lastModified": "2024-11-11T08:15:06.653", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet." + }, + { + "lang": "es", + "value": "El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo, que permite a atacantes remotos con privilegios de administrador inyectar y ejecutar comandos de sistema arbitrarios a trav\u00e9s de una funcionalidad espec\u00edfica proporcionada por SSH y Telnet." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11065.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11065.json index 33c6f76d5db..a5514f542e1 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11065.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11065.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11065", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:07.180", - "lastModified": "2024-11-11T08:15:07.180", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through a specific functionality provided by SSH and Telnet." + }, + { + "lang": "es", + "value": "El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo, que permite a atacantes remotos con privilegios de administrador inyectar y ejecutar comandos de sistema arbitrarios a trav\u00e9s de una funcionalidad espec\u00edfica proporcionada por SSH y Telnet." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11066.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11066.json index 8343e1132a4..91298982db5 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11066.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11066.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11066", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:07.730", - "lastModified": "2024-11-11T08:15:07.730", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The D-Link DSL6740C modem has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject and execute arbitrary system commands through the specific web page." + }, + { + "lang": "es", + "value": "El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de inyecci\u00f3n de comandos del sistema operativo, que permite a atacantes remotos con privilegios de administrador inyectar y ejecutar comandos de sistema arbitrarios a trav\u00e9s de la p\u00e1gina web espec\u00edfica." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11067.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11067.json index 3f4a479bd9c..f8ced6d8152 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11067.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11067.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11067", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:08.263", - "lastModified": "2024-11-11T08:15:08.263", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The D-Link DSL6740C modem has a Path Traversal Vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. Additionally, since the device's default password is a combination of the MAC address, attackers can obtain the MAC address through this vulnerability and attempt to log in to the device using the default password." + }, + { + "lang": "es", + "value": "El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de Path Traversal, que permite a atacantes remotos no autenticados aprovechar esta vulnerabilidad para leer archivos arbitrarios del sistema. Adem\u00e1s, dado que la contrase\u00f1a predeterminada del dispositivo es una combinaci\u00f3n de la direcci\u00f3n MAC, los atacantes pueden obtener la direcci\u00f3n MAC a trav\u00e9s de esta vulnerabilidad e intentar iniciar sesi\u00f3n en el dispositivo utilizando la contrase\u00f1a predeterminada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11068.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11068.json index 99ce4483806..fdc349bcc76 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11068.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11068.json @@ -2,8 +2,8 @@ "id": "CVE-2024-11068", "sourceIdentifier": "twcert@cert.org.tw", "published": "2024-11-11T08:15:08.850", - "lastModified": "2024-11-11T08:15:08.850", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "twcert@cert.org.tw", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any user\u2019s password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that user\u2019s account." + }, + { + "lang": "es", + "value": "El m\u00f3dem D-Link DSL6740C tiene una vulnerabilidad de uso incorrecto de API privilegiadas, que permite a atacantes remotos no autenticados modificar la contrase\u00f1a de cualquier usuario aprovechando la API, otorgando as\u00ed acceso a servicios web, SSH y Telnet utilizando la cuenta de ese usuario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11070.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11070.json index c9a8d2845cd..6666cdb8803 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11070.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11070.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11070", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T15:15:04.863", - "lastModified": "2024-11-11T15:15:04.863", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS 5.202406.d. This issue affects some unknown processing of the file /admin/cmsTagType/save of the component Tag Type Handler. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad, que se ha clasificado como problem\u00e1tica, en Sanluan PublicCMS 5.202406.d. Este problema afecta a algunos procesos desconocidos del archivo /admin/cmsTagType/save del componente Tag Type Handler. La manipulaci\u00f3n del nombre del argumento provoca Cross Site Scripting. El ataque puede iniciarse de forma remota. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11073.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11073.json index e48d43d3f89..7a48a45506b 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11073.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11073.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11073", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T17:15:04.520", - "lastModified": "2024-11-11T17:15:04.520", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as problematic has been found in SourceCodester Hospital Management System 1.0. This affects an unknown part of the file /vm/patient/delete-account.php. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en SourceCodester Hospital Management System 1.0. Afecta a una parte desconocida del archivo /vm/patient/delete-account.php. La manipulaci\u00f3n del argumento id conduce a una autorizaci\u00f3n incorrecta. Es posible iniciar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11074.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11074.json index d6532f22fcd..d0300897384 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11074.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11074.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11074", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T18:15:14.620", - "lastModified": "2024-11-11T18:15:14.620", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. This vulnerability affects unknown code of the file /incadd.php. The manipulation of the argument inccat/desc/date/amount leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter \"inccat\" to be affected. But it must be assumed \"desc\", \"date\", and \"amount\" are affected as well." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en itsourcecode Tailoring Management System 1.0. Esta vulnerabilidad afecta al c\u00f3digo desconocido del archivo /incadd.php. La manipulaci\u00f3n del argumento inccat/desc/date/amount provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. El aviso inicial para investigadores solo menciona que el par\u00e1metro \"inccat\" se ver\u00e1 afectado, pero se debe asumir que \"desc\", \"date\" y \"amount\" tambi\u00e9n se ver\u00e1n afectados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11076.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11076.json index f898740d86d..fb80eb73fd4 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11076.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11076.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11076", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T18:15:14.940", - "lastModified": "2024-11-11T18:15:14.940", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /activation.php. The manipulation of the argument e_hash leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Job Recruitment 1.0. Este problema afecta a algunos procesos desconocidos del archivo /activation.php. La manipulaci\u00f3n del argumento e_hash conduce a una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11077.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11077.json index 5ce6ac45bd3..34d97dc9478 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11077.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11077.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11077", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T19:15:03.660", - "lastModified": "2024-11-11T19:15:03.660", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Job Recruitment 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Job Recruitment 1.0. Se trata de una funci\u00f3n desconocida del archivo /index.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11078.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11078.json index a7587117afe..f201f412e27 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11078.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11078.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11078", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-11T20:15:17.400", - "lastModified": "2024-11-11T20:15:17.400", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en code-projects Job Recruitment 1.0 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /register.php. La manipulaci\u00f3n del argumento e conduce a Cross Site Scripting. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11079.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11079.json index 175bf62c716..a5edaba37b4 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11079.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11079.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11079", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-12T00:15:15.543", - "lastModified": "2024-11-12T00:15:15.543", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in Ansible-Core. This vulnerability allows attackers to bypass unsafe content protections using the hostvars object to reference and execute templated content. This issue can lead to arbitrary code execution if remote data or module outputs are improperly templated within playbooks." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Ansible-Core. Esta vulnerabilidad permite a los atacantes eludir las protecciones de contenido inseguro mediante el objeto hostvars para hacer referencia y ejecutar contenido con plantilla. Este problema puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario si los datos remotos o las salidas de m\u00f3dulos tienen plantillas incorrectas dentro de los playbooks." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11096.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11096.json index df11ab1c5fd..cadf436975b 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11096.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11096.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11096", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-12T01:15:03.607", - "lastModified": "2024-11-12T01:15:03.607", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in code-projects Task Manager 1.0. This affects an unknown part of the file /newProject.php. The manipulation of the argument projectName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad clasificada como cr\u00edtica en code-projects Task Manager 1.0. Afecta a una parte desconocida del archivo /newProject.php. La manipulaci\u00f3n del argumento projectName provoca una inyecci\u00f3n SQL. Es posible iniciar el ataque de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11097.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11097.json index 5c057eb8cac..657baa96083 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11097.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11097.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11097", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-12T02:15:17.817", - "lastModified": "2024-11-12T02:15:17.817", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability has been found in SourceCodester Student Record Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Main Menu. The manipulation leads to infinite loop. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en SourceCodester Student Record Management System 1.0 y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta al c\u00f3digo desconocido del componente Men\u00fa principal. La manipulaci\u00f3n provoca un bucle infinito. Es necesario realizar un ataque local. La vulnerabilidad se ha hecho p\u00fablica y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-110xx/CVE-2024-11099.json b/CVE-2024/CVE-2024-110xx/CVE-2024-11099.json index c0e19ce572b..e5276999475 100644 --- a/CVE-2024/CVE-2024-110xx/CVE-2024-11099.json +++ b/CVE-2024/CVE-2024-110xx/CVE-2024-11099.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11099", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-12T02:15:18.123", - "lastModified": "2024-11-12T02:15:18.123", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en code-projects Job Recruitment 1.0 y se ha clasificado como cr\u00edtica. Este problema afecta a algunos procesos desconocidos del archivo /login.php. La manipulaci\u00f3n del argumento email provoca una inyecci\u00f3n SQL. El ataque puede iniciarse de forma remota. El exploit ha sido divulgado al p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11100.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11100.json index 4240efae05f..252dc9a406b 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11100.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11100.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11100", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-12T04:15:04.823", - "lastModified": "2024-11-12T04:15:04.823", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en 1000 Projects Beauty Parlour Management System 1.0. Se ha declarado como cr\u00edtica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /index.php. La manipulaci\u00f3n del nombre del argumento conduce a una inyecci\u00f3n SQL. El ataque se puede ejecutar de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11101.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11101.json index a49519d9ee4..ce187c63c0e 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11101.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11101.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11101", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-12T04:15:05.080", - "lastModified": "2024-11-12T04:15:05.080", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en 1000 Projects Beauty Parlour Management System 1.0. Se ha clasificado como cr\u00edtica. Se ve afectada una funci\u00f3n desconocida del archivo /admin/search-invoices.php. La manipulaci\u00f3n del argumento searchdata provoca una inyecci\u00f3n SQL. Es posible lanzar el ataque de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11102.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11102.json index 6aa63d8f153..1d6ffe68046 100644 --- a/CVE-2024/CVE-2024-111xx/CVE-2024-11102.json +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11102.json @@ -2,13 +2,17 @@ "id": "CVE-2024-11102", "sourceIdentifier": "cna@vuldb.com", "published": "2024-11-12T04:15:05.340", - "lastModified": "2024-11-12T04:15:05.340", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A vulnerability was found in SourceCodester Hospital Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /vm/doctor/edit-doc.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well." + }, + { + "lang": "es", + "value": "Se ha encontrado una vulnerabilidad en SourceCodester Hospital Management System 1.0. Se ha calificado como problem\u00e1tica. Este problema afecta a algunas funciones desconocidas del archivo /vm/doctor/edit-doc.php. La manipulaci\u00f3n del nombre del argumento provoca Cross Site Scripting. El ataque puede ejecutarse de forma remota. El exploit se ha hecho p\u00fablico y puede utilizarse. Tambi\u00e9n pueden verse afectados otros par\u00e1metros." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11121.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11121.json new file mode 100644 index 00000000000..0c2c97828ac --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11121.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-11121", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-11-12T13:15:06.360", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability classified as critical was found in ???????????? Lingdang CRM up to 8.6.4.3. Affected by this vulnerability is an unknown functionality of the file /crm/WeiXinApp/marketing/index.php?module=Users&action=getActionList. The manipulation of the argument userid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.283969", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.283969", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.436675", + "source": "cna@vuldb.com" + }, + { + "url": "https://wiki.shikangsi.com/post/share/4d05b8c3-5464-48f3-bb14-a852b6e70abc", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11122.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11122.json new file mode 100644 index 00000000000..50d9ff2b86d --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11122.json @@ -0,0 +1,141 @@ +{ + "id": "CVE-2024-11122", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-11-12T13:15:06.700", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as critical, has been found in ???????????? Lingdang CRM up to 8.6.4.3. Affected by this issue is some unknown functionality of the file /crm/wechatSession/index.php?msgid=1&operation=upload. The manipulation of the argument file leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 6.5 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + }, + { + "lang": "en", + "value": "CWE-434" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.283970", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.283970", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.436676", + "source": "cna@vuldb.com" + }, + { + "url": "https://wiki.shikangsi.com/post/share/8c9422c2-ecad-4471-97a2-6f8035a2ddf5", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11123.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11123.json new file mode 100644 index 00000000000..4984b164ba3 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11123.json @@ -0,0 +1,137 @@ +{ + "id": "CVE-2024-11123", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-11-12T13:15:06.987", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability, which was classified as problematic, was found in ???????????? Lingdang CRM up to 8.6.4.3. This affects an unknown part of the file /crm/data/pdf.php. The manipulation of the argument url with the input ../config.inc.php leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "SINGLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.0 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 8.0, + "impactScore": 2.9, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://vuldb.com/?ctiid.283971", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.283971", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?submit.436677", + "source": "cna@vuldb.com" + }, + { + "url": "https://wiki.shikangsi.com/post/share/39d736ad-73d1-49cd-a97f-59f396a58626", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-111xx/CVE-2024-11124.json b/CVE-2024/CVE-2024-111xx/CVE-2024-11124.json new file mode 100644 index 00000000000..975e97815d7 --- /dev/null +++ b/CVE-2024/CVE-2024-111xx/CVE-2024-11124.json @@ -0,0 +1,145 @@ +{ + "id": "CVE-2024-11124", + "sourceIdentifier": "cna@vuldb.com", + "published": "2024-11-12T14:15:16.260", + "lastModified": "2024-11-12T14:15:16.260", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been found in TimGeyssens UIOMatic 5 and classified as critical. This vulnerability affects unknown code of the file /src/UIOMatic/wwwroot/backoffice/resources/uioMaticObject.r. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 4.7, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.4 + } + ], + "cvssMetricV2": [ + { + "source": "cna@vuldb.com", + "type": "Secondary", + "cvssData": { + "version": "2.0", + "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", + "accessVector": "NETWORK", + "accessComplexity": "LOW", + "authentication": "MULTIPLE", + "confidentialityImpact": "PARTIAL", + "integrityImpact": "PARTIAL", + "availabilityImpact": "PARTIAL", + "baseScore": 5.8 + }, + "baseSeverity": "MEDIUM", + "exploitabilityScore": 6.4, + "impactScore": 6.4, + "acInsufInfo": false, + "obtainAllPrivilege": false, + "obtainUserPrivilege": false, + "obtainOtherPrivilege": false, + "userInteractionRequired": false + } + ] + }, + "weaknesses": [ + { + "source": "cna@vuldb.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + }, + { + "lang": "en", + "value": "CWE-89" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/TimGeyssens/UIOMatic/pull/227", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/TimGeyssens/UIOMatic/pull/227#issuecomment-2317993695", + "source": "cna@vuldb.com" + }, + { + "url": "https://github.com/TimGeyssens/UIOMatic/pull/227#issuecomment-2346074453", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?ctiid.283972", + "source": "cna@vuldb.com" + }, + { + "url": "https://vuldb.com/?id.283972", + "source": "cna@vuldb.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-219xx/CVE-2024-21994.json b/CVE-2024/CVE-2024-219xx/CVE-2024-21994.json index e314e85ace1..27d9052efe9 100644 --- a/CVE-2024/CVE-2024-219xx/CVE-2024-21994.json +++ b/CVE-2024/CVE-2024-219xx/CVE-2024-21994.json @@ -2,13 +2,17 @@ "id": "CVE-2024-21994", "sourceIdentifier": "security-alert@netapp.com", "published": "2024-11-08T21:15:16.477", - "lastModified": "2024-11-09T16:35:03.823", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash." + }, + { + "lang": "es", + "value": "Las versiones de StorageGRID (anteriormente StorageGRID Webscale) anteriores a la 11.9 son susceptibles a una vulnerabilidad de denegaci\u00f3n de servicio (DoS). Si un atacante autenticado logra explotarla, podr\u00eda provocar un bloqueo del servicio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23983.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23983.json index aa570d99c66..40ece18a269 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23983.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23983.json @@ -2,13 +2,17 @@ "id": "CVE-2024-23983", "sourceIdentifier": "responsible-disclosure@pingidentity.com", "published": "2024-11-11T23:15:05.217", - "lastModified": "2024-11-11T23:15:05.217", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper handling of canonical URL-encoding may lead to bypass not properly constrained by request rules." + }, + { + "lang": "es", + "value": "El manejo inadecuado de la codificaci\u00f3n de URL can\u00f3nica puede provocar que las reglas de solicitud no limiten correctamente la omisi\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25253.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25253.json index 3d4509cccec..9fe1127d601 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25253.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25253.json @@ -2,13 +2,17 @@ "id": "CVE-2024-25253", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T23:15:05.393", - "lastModified": "2024-11-11T23:15:05.393", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Driver Booster v10.6 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro Host en el m\u00f3dulo Personalizar proxy." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25254.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25254.json index 858f2dfd2fe..95677d1011d 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25254.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25254.json @@ -2,13 +2,17 @@ "id": "CVE-2024-25254", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T23:15:05.460", - "lastModified": "2024-11-11T23:15:05.460", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que SuperScan v4.1 conten\u00eda un desbordamiento de b\u00fafer a trav\u00e9s del par\u00e1metro Nombre de host/IP." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-252xx/CVE-2024-25255.json b/CVE-2024/CVE-2024-252xx/CVE-2024-25255.json index b64a170ea3d..ccf4427c563 100644 --- a/CVE-2024/CVE-2024-252xx/CVE-2024-25255.json +++ b/CVE-2024/CVE-2024-252xx/CVE-2024-25255.json @@ -2,13 +2,17 @@ "id": "CVE-2024-25255", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T23:15:05.523", - "lastModified": "2024-11-11T23:15:05.523", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sublime Text 4 was discovered to contain a command injection vulnerability via the New Build System module." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que Sublime Text 4 conten\u00eda una vulnerabilidad de inyecci\u00f3n de comandos a trav\u00e9s del m\u00f3dulo New Build System." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27527.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27527.json index e8bb57a52ba..e860cc68a38 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27527.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27527.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27527", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.253", - "lastModified": "2024-11-08T22:15:15.253", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wasm3 139076a is vulnerable to Denial of Service (DoS)." + }, + { + "lang": "es", + "value": "wasm3 139076a es vulnerable a denegaci\u00f3n de servicio (DoS)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27528.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27528.json index 0aba69cf932..ff6d7a349b2 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27528.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27528.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27528", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.360", - "lastModified": "2024-11-08T22:15:15.360", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wasm3 139076a suffers from Invalid Memory Read, leading to DoS and potential Code Execution." + }, + { + "lang": "es", + "value": "wasm3 139076a sufre una lectura de memoria no v\u00e1lida, lo que genera un ataque de denegaci\u00f3n de servicio (DoS) y una posible ejecuci\u00f3n de c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27529.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27529.json index 595409ac6d1..b5e4d44628c 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27529.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27529.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27529", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.440", - "lastModified": "2024-11-08T22:15:15.440", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wasm3 139076a contains memory leaks in Read_utf8." + }, + { + "lang": "es", + "value": "wasm3 139076a contiene p\u00e9rdidas de memoria en Read_utf8." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27530.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27530.json index f701e2e1940..577800f0f07 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27530.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27530.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27530", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.520", - "lastModified": "2024-11-08T22:15:15.520", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wasm3 139076a contains a Use-After-Free in ForEachModule." + }, + { + "lang": "es", + "value": "wasm3 139076a contiene un Use-After-Free en ForEachModule." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-275xx/CVE-2024-27532.json b/CVE-2024/CVE-2024-275xx/CVE-2024-27532.json index df2e04616f4..de90c59a496 100644 --- a/CVE-2024/CVE-2024-275xx/CVE-2024-27532.json +++ b/CVE-2024/CVE-2024-275xx/CVE-2024-27532.json @@ -2,13 +2,17 @@ "id": "CVE-2024-27532", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.603", - "lastModified": "2024-11-08T22:15:15.603", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types." + }, + { + "lang": "es", + "value": "wasm-micro-runtime (tambi\u00e9n conocido como WebAssembly Micro Runtime o WAMR) 06df58f es vulnerable a la desreferencia de puntero NULL en la funci\u00f3n `block_type_get_result_types." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-290xx/CVE-2024-29075.json b/CVE-2024/CVE-2024-290xx/CVE-2024-29075.json index dc7535faf05..0c4fc02488a 100644 --- a/CVE-2024/CVE-2024-290xx/CVE-2024-29075.json +++ b/CVE-2024/CVE-2024-290xx/CVE-2024-29075.json @@ -2,13 +2,17 @@ "id": "CVE-2024-29075", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-11-12T06:15:03.520", - "lastModified": "2024-11-12T06:15:03.520", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device ." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de c\u00f3digo de depuraci\u00f3n activa en Mesh Wi-Fi router RP562B firmware versi\u00f3n v1.0.2 y anteriores. Si se aprovecha esta vulnerabilidad, un atacante autenticado adyacente a la red puede obtener o alterar la configuraci\u00f3n del dispositivo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-291xx/CVE-2024-29119.json b/CVE-2024/CVE-2024-291xx/CVE-2024-29119.json new file mode 100644 index 00000000000..a5654c3e551 --- /dev/null +++ b/CVE-2024/CVE-2024-291xx/CVE-2024-29119.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-29119", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:07.263", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Spectrum Power 7 (All versions < V24Q3). The affected product contains several root-owned SUID binaries that could allow an authenticated local attacker to escalate privileges." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.5, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-266" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-616032.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-303xx/CVE-2024-30321.json b/CVE-2024/CVE-2024-303xx/CVE-2024-30321.json index 6110f313274..42e04aafc63 100644 --- a/CVE-2024/CVE-2024-303xx/CVE-2024-30321.json +++ b/CVE-2024/CVE-2024-303xx/CVE-2024-30321.json @@ -2,13 +2,13 @@ "id": "CVE-2024-30321", "sourceIdentifier": "productcert@siemens.com", "published": "2024-07-09T12:15:11.707", - "lastModified": "2024-09-10T10:15:09.340", + "lastModified": "2024-11-12T13:15:07.503", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords." + "value": "A vulnerability has been identified in SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC05), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 2), SIMATIC WinCC V7.4 (All versions < V7.4 SP1 Update 23), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 17), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products do not properly handle certain requests to their web application, which may lead to the leak of privileged information.\r\nThis could allow an unauthenticated remote attacker to retrieve information such as users and passwords." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-336xx/CVE-2024-33698.json b/CVE-2024/CVE-2024-336xx/CVE-2024-33698.json index fbd6057f7ca..d79eb333c4f 100644 --- a/CVE-2024/CVE-2024-336xx/CVE-2024-33698.json +++ b/CVE-2024/CVE-2024-336xx/CVE-2024-33698.json @@ -2,13 +2,13 @@ "id": "CVE-2024-33698", "sourceIdentifier": "productcert@siemens.com", "published": "2024-09-10T10:15:09.707", - "lastModified": "2024-10-08T09:15:10.463", + "lastModified": "2024-11-12T13:15:07.653", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code." + "value": "A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC Information Server 2024 (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions < V4.1 Update 2), SIMATIC PCS neo V5.0 (All versions), SINEC NMS (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions < V17 Update 8), Totally Integrated Automation Portal (TIA Portal) V18 (All versions < V18 Update 5), Totally Integrated Automation Portal (TIA Portal) V19 (All versions < V19 Update 3). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34014.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34014.json index 808608c1bf9..d0f2946cca5 100644 --- a/CVE-2024/CVE-2024-340xx/CVE-2024-34014.json +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34014.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34014", "sourceIdentifier": "security@acronis.com", "published": "2024-11-11T14:15:14.693", - "lastModified": "2024-11-11T22:15:13.773", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818, Acronis Backup extension for Plesk (Linux) before build 599, Acronis Backup plugin for DirectAdmin (Linux) before build 181." + }, + { + "lang": "es", + "value": "Sobrescritura arbitraria de archivos durante la recuperaci\u00f3n debido a un manejo incorrecto de enlaces simb\u00f3licos. Los siguientes productos se ven afectados: Acronis Backup plugin for cPanel & WHM (Linux) anterior a la compilaci\u00f3n 818, Acronis Backup extension for Plesk (Linux) anterior a la compilaci\u00f3n 599, Acronis Backup plugin for DirectAdmin (Linux) anterior a la compilaci\u00f3n 181." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-340xx/CVE-2024-34015.json b/CVE-2024/CVE-2024-340xx/CVE-2024-34015.json index cdf8939c7f7..016e79794c7 100644 --- a/CVE-2024/CVE-2024-340xx/CVE-2024-34015.json +++ b/CVE-2024/CVE-2024-340xx/CVE-2024-34015.json @@ -2,13 +2,17 @@ "id": "CVE-2024-34015", "sourceIdentifier": "security@acronis.com", "published": "2024-11-11T14:15:14.993", - "lastModified": "2024-11-11T22:15:13.860", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 818." + }, + { + "lang": "es", + "value": "Divulgaci\u00f3n de informaci\u00f3n confidencial durante la exploraci\u00f3n de archivos debido a un manejo inadecuado de enlaces simb\u00f3licos. Los siguientes productos se ven afectados: Acronis Backup plugin for cPanel & WHM (Linux) anterior a la compilaci\u00f3n 818." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35410.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35410.json index 9ed5ba7ce1c..20c1bf9fcf2 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35410.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35410.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35410", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.737", - "lastModified": "2024-11-08T22:15:15.737", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wac commit 385e1 was discovered to contain a heap overflow via the interpret function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el commit 385e1 de wac conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n de interpretaci\u00f3n en /wac-asan/wa.c. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo wasm manipulado a medida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35418.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35418.json index 6d6bfdf12f3..bd10e5bdfec 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35418.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35418.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35418", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.823", - "lastModified": "2024-11-08T22:15:15.823", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wac commit 385e1 was discovered to contain a heap overflow via the setup_call function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el commit 385e1 de wac conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n setup_call en /wac-asan/wa.c. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo wasm manipulado a medida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35419.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35419.json index 6df535a2aba..1dc7da72e03 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35419.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35419.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35419", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:15.913", - "lastModified": "2024-11-08T22:15:15.913", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wac commit 385e1 was discovered to contain a heap overflow via the load_module function at /wac-asan/wa.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted wasm file." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el commit 385e1 de wac conten\u00eda un desbordamiento de pila a trav\u00e9s de la funci\u00f3n load_module en /wac-asan/wa.c. Esta vulnerabilidad permite a los atacantes provocar una denegaci\u00f3n de servicio (DoS) a trav\u00e9s de un archivo wasm manipulado a medida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35420.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35420.json index 1ed55377508..a1a1c0173c7 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35420.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35420.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35420", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:16.010", - "lastModified": "2024-11-08T22:15:16.010", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "wac commit 385e1 was discovered to contain a heap overflow." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que el commit 385e1 de wac conten\u00eda un desbordamiento de mont\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35421.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35421.json index 5d56ec6e9c0..e4fead621d2 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35421.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35421.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35421", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:16.090", - "lastModified": "2024-11-08T22:15:16.090", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vmir e8117 was discovered to contain a segmentation violation via the wasm_parse_block function at /src/vmir_wasm_parser.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que vmir e8117 conten\u00eda una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n wasm_parse_block en /src/vmir_wasm_parser.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35422.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35422.json index 2146e01b569..88d28420a92 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35422.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35422.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35422", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:16.180", - "lastModified": "2024-11-08T22:15:16.180", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vmir e8117 was discovered to contain a heap buffer overflow via the wasm_call function at /src/vmir_wasm_parser.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que vmir e8117 conten\u00eda un desbordamiento de b\u00fafer de mont\u00f3n a trav\u00e9s de la funci\u00f3n wasm_call en /src/vmir_wasm_parser.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35423.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35423.json index 6b23f504e3c..f638166c39d 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35423.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35423.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35423", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:16.257", - "lastModified": "2024-11-08T22:15:16.257", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vmir e8117 was discovered to contain a heap buffer overflow via the wasm_parse_section_functions function at /src/vmir_wasm_parser.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que vmir e8117 conten\u00eda un desbordamiento de b\u00fafer de mont\u00f3n a trav\u00e9s de la funci\u00f3n wasm_parse_section_functions en /src/vmir_wasm_parser.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35424.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35424.json index 4d72ad654f0..f8277b1b895 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35424.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35424.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35424", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:16.343", - "lastModified": "2024-11-08T22:15:16.343", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vmir e8117 was discovered to contain a segmentation violation via the import_function function at /src/vmir_wasm_parser.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que vmir e8117 conten\u00eda una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n import_function en /src/vmir_wasm_parser.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35425.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35425.json index 82bd6d52f28..5f7079c3ca6 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35425.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35425.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35425", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:16.430", - "lastModified": "2024-11-08T22:15:16.430", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vmir e8117 was discovered to contain a segmentation violation via the function_prepare_parse function at /src/vmir_function.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que vmir e8117 conten\u00eda una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n function_prepare_parse en /src/vmir_function.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35426.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35426.json index f705984d991..17b05559a03 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35426.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35426.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35426", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T23:15:03.580", - "lastModified": "2024-11-08T23:15:03.580", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vmir e8117 was discovered to contain a stack overflow via the init_local_vars function at /src/vmir_wasm_parser.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que vmir e8117 contiene un desbordamiento de pila a trav\u00e9s de la funci\u00f3n init_local_vars en /src/vmir_wasm_parser.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-354xx/CVE-2024-35427.json b/CVE-2024/CVE-2024-354xx/CVE-2024-35427.json index 6736acfa777..20c0575bfd9 100644 --- a/CVE-2024/CVE-2024-354xx/CVE-2024-35427.json +++ b/CVE-2024/CVE-2024-354xx/CVE-2024-35427.json @@ -2,13 +2,17 @@ "id": "CVE-2024-35427", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T23:15:03.680", - "lastModified": "2024-11-08T23:15:03.680", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "vmir e8117 was discovered to contain a segmentation violation via the export_function function at /src/vmir_wasm_parser.c." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que vmir e8117 conten\u00eda una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n export_function en /src/vmir_wasm_parser.c." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-357xx/CVE-2024-35783.json b/CVE-2024/CVE-2024-357xx/CVE-2024-35783.json index 59b75f34373..4b066855c8e 100644 --- a/CVE-2024/CVE-2024-357xx/CVE-2024-35783.json +++ b/CVE-2024/CVE-2024-357xx/CVE-2024-35783.json @@ -2,13 +2,13 @@ "id": "CVE-2024-35783", "sourceIdentifier": "productcert@siemens.com", "published": "2024-09-10T10:15:09.937", - "lastModified": "2024-10-08T09:15:10.740", + "lastModified": "2024-11-12T13:15:07.830", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges." + "value": "A vulnerability has been identified in SIMATIC BATCH V9.1 (All versions), SIMATIC Information Server 2020 (All versions), SIMATIC Information Server 2022 (All versions), SIMATIC PCS 7 V9.1 (All versions < V9.1 SP2 UC06), SIMATIC Process Historian 2020 (All versions), SIMATIC Process Historian 2022 (All versions), SIMATIC WinCC Runtime Professional V18 (All versions < V18 Update 5), SIMATIC WinCC Runtime Professional V19 (All versions < V19 Update 3), SIMATIC WinCC V7.4 (All versions), SIMATIC WinCC V7.5 (All versions < V7.5 SP2 Update 18), SIMATIC WinCC V8.0 (All versions < V8.0 Update 5). The affected products run their DB server with elevated privileges which could allow an authenticated attacker to execute arbitrary OS commands with administrative privileges." }, { "lang": "es", diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36061.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36061.json index 0c66f3d4517..8e329752eee 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36061.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36061.json @@ -2,13 +2,17 @@ "id": "CVE-2024-36061", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:17.673", - "lastModified": "2024-11-11T20:15:17.673", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "EnGenius EWS356-FIT devices through 1.1.30 allow blind OS command injection. This allows an attacker to execute arbitrary OS commands via shell metacharacters to the Ping and Speed Test utilities." + }, + { + "lang": "es", + "value": "Los dispositivos EnGenius EWS356-FIT hasta la versi\u00f3n 1.1.30 permiten la inyecci\u00f3n ciega de comandos del sistema operativo. Esto permite que un atacante ejecute comandos arbitrarios del sistema operativo a trav\u00e9s de metacaracteres de shell en las utilidades Ping y Speed Test." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-361xx/CVE-2024-36140.json b/CVE-2024/CVE-2024-361xx/CVE-2024-36140.json new file mode 100644 index 00000000000..497255a5d06 --- /dev/null +++ b/CVE-2024/CVE-2024-361xx/CVE-2024-36140.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-36140", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:07.957", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in OZW672 (All versions < V5.2), OZW772 (All versions < V5.2). The user accounts tab of affected devices is vulnerable to stored cross-site scripting (XSS) attacks.\r\n\r\nThis could allow an authenticated remote attacker to inject arbitrary JavaScript code that is later executed by another authenticated victim user with potential higher privileges than the attacker." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:H/VA:N/SC:N/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.2, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.8, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.3, + "impactScore": 4.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-230445.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-362xx/CVE-2024-36250.json b/CVE-2024/CVE-2024-362xx/CVE-2024-36250.json index 5e664b03abb..bc62939f778 100644 --- a/CVE-2024/CVE-2024-362xx/CVE-2024-36250.json +++ b/CVE-2024/CVE-2024-362xx/CVE-2024-36250.json @@ -2,13 +2,17 @@ "id": "CVE-2024-36250", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-11-09T18:15:14.747", - "lastModified": "2024-11-09T18:15:14.747", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 9.11.x <= 9.11.2, and 9.5.x <= 9.5.10 fail to\u00a0protect the mfa code against replay attacks, which allows an attacker to reuse the MFA code within\u00a0~30 seconds" + }, + { + "lang": "es", + "value": "Las versiones 9.11.x <= 9.11.2 y 9.5.x <= 9.5.10 de Mattermost no protegen el c\u00f3digo MFA contra ataques de repetici\u00f3n, lo que permite a un atacante reutilizar el c\u00f3digo MFA en aproximadamente 30 segundos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-388xx/CVE-2024-38826.json b/CVE-2024/CVE-2024-388xx/CVE-2024-38826.json index 14eef1e34f3..6857f1f8da5 100644 --- a/CVE-2024/CVE-2024-388xx/CVE-2024-38826.json +++ b/CVE-2024/CVE-2024-388xx/CVE-2024-38826.json @@ -2,13 +2,17 @@ "id": "CVE-2024-38826", "sourceIdentifier": "security@vmware.com", "published": "2024-11-11T06:15:04.963", - "lastModified": "2024-11-11T06:15:04.963", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authenticated users can upload specifically crafted files to leak server resources. This behavior can potentially be used to run a denial of service attack against Cloud Controller.\n\nThe Cloud Foundry project recommends upgrading the following releases:\n\n * Upgrade capi release version to 1.194.0 or greater\n * Upgrade cf-deployment version to v44.1.0 or greater. This includes a patched capi release" + }, + { + "lang": "es", + "value": "Los usuarios autenticados pueden cargar archivos manipulado espec\u00edficamente para filtrar recursos del servidor. Este comportamiento puede usarse potencialmente para ejecutar un ataque de denegaci\u00f3n de servicio contra Cloud Controller. El proyecto Cloud Foundry recomienda actualizar las siguientes versiones: * Actualizar la versi\u00f3n de lanzamiento de capi a 1.194.0 o superior * Actualizar la versi\u00f3n de cf-deployment a v44.1.0 o superior. Esto incluye una versi\u00f3n de capi parcheada" } ], "metrics": { diff --git a/CVE-2024/CVE-2024-393xx/CVE-2024-39354.json b/CVE-2024/CVE-2024-393xx/CVE-2024-39354.json index 97ab6bb712f..fd083e3d1e9 100644 --- a/CVE-2024/CVE-2024-393xx/CVE-2024-39354.json +++ b/CVE-2024/CVE-2024-393xx/CVE-2024-39354.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39354", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-11-11T15:15:05.243", - "lastModified": "2024-11-11T15:15:05.243", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in CEtherIPTagItem can be exploited, allowing the attacker to remotely execute arbitrary code." + }, + { + "lang": "es", + "value": "Si un atacante enga\u00f1a a un usuario v\u00e1lido para que ejecute Delta Electronics DIAScreen con un archivo que contiene c\u00f3digo malicioso, se puede explotar un desbordamiento de b\u00fafer basado en pila en CEtherIPTagItem, lo que permite al atacante ejecutar de forma remota c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-396xx/CVE-2024-39605.json b/CVE-2024/CVE-2024-396xx/CVE-2024-39605.json index debb4fa4145..df9422a5da0 100644 --- a/CVE-2024/CVE-2024-396xx/CVE-2024-39605.json +++ b/CVE-2024/CVE-2024-396xx/CVE-2024-39605.json @@ -2,13 +2,17 @@ "id": "CVE-2024-39605", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-11-11T15:15:05.527", - "lastModified": "2024-11-11T15:15:05.527", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetParameter can be exploited, allowing the attacker to remotely execute arbitrary code." + }, + { + "lang": "es", + "value": "Si un atacante enga\u00f1a a un usuario v\u00e1lido para que ejecute Delta Electronics DIAScreen con un archivo que contiene c\u00f3digo malicioso, se puede explotar un desbordamiento de b\u00fafer basado en pila en BACnetParameter, lo que permite al atacante ejecutar de forma remota c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-419xx/CVE-2024-41992.json b/CVE-2024/CVE-2024-419xx/CVE-2024-41992.json index 76ec526507d..6c34d96c427 100644 --- a/CVE-2024/CVE-2024-419xx/CVE-2024-41992.json +++ b/CVE-2024/CVE-2024-419xx/CVE-2024-41992.json @@ -2,13 +2,17 @@ "id": "CVE-2024-41992", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T01:15:04.813", - "lastModified": "2024-11-11T01:15:04.813", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Wi-Fi Alliance wfa_dut (in Wi-Fi Test Suite) through 9.0.0 allows OS command injection via 802.11x frames because the system() library function is used. For example, on Arcadyan FMIMG51AX000J devices, this leads to wfaTGSendPing remote code execution as root via traffic to TCP port 8000 or 8080 on a LAN interface. On other devices, this may be exploitable over a WAN interface." + }, + { + "lang": "es", + "value": "La versi\u00f3n wfa_dut de Wi-Fi Alliance (en Wi-Fi Test Suite) hasta la versi\u00f3n 9.0.0 permite la inyecci\u00f3n de comandos del sistema operativo a trav\u00e9s de tramas 802.11x porque se utiliza la funci\u00f3n de librer\u00eda system(). Por ejemplo, en los dispositivos Arcadyan FMIMG51AX000J, esto lleva a la ejecuci\u00f3n remota del c\u00f3digo wfaTGSendPing como root a trav\u00e9s del tr\u00e1fico al puerto TCP 8000 o 8080 en una interfaz LAN. En otros dispositivos, esto puede ser explotable a trav\u00e9s de una interfaz WAN." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-420xx/CVE-2024-42000.json b/CVE-2024/CVE-2024-420xx/CVE-2024-42000.json index 017f1c7986a..2dcc8b13620 100644 --- a/CVE-2024/CVE-2024-420xx/CVE-2024-42000.json +++ b/CVE-2024/CVE-2024-420xx/CVE-2024-42000.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42000", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-11-09T18:15:14.993", - "lastModified": "2024-11-09T18:15:14.993", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 and 10.0.x <= 10.0.0 fail to properly authorize the requests to\u00a0/api/v4/channels \u00a0which allows\u00a0a User or System Manager, with \"Read Groups\" permission but with no access for channels to retrieve details about private channels that they were not a member of by sending a request to\u00a0/api/v4/channels." + }, + { + "lang": "es", + "value": "Las versiones de Mattermost 9.10.x <= 9.10.2, 9.11.x <= 9.11.1, 9.5.x <= 9.5.9 y 10.0.x <= 10.0.0 no autorizan correctamente las solicitudes a /api/v4/channels, lo que permite que un usuario o administrador del sistema, con permiso de \"Leer grupos\" pero sin acceso a canales, recupere detalles sobre canales privados de los que no era miembro enviando una solicitud a /api/v4/channels." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42372.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42372.json index 76bec5258e8..2d5588a2430 100644 --- a/CVE-2024/CVE-2024-423xx/CVE-2024-42372.json +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42372.json @@ -2,13 +2,17 @@ "id": "CVE-2024-42372", "sourceIdentifier": "cna@sap.com", "published": "2024-11-12T01:15:03.940", - "lastModified": "2024-11-12T01:15:03.940", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Due to missing authorization check in SAP NetWeaver AS Java (System Landscape Directory) an unauthorized user can read and modify some restricted global SLD configurations causing low impact on confidentiality and integrity of the application." + }, + { + "lang": "es", + "value": "Debido a la falta de verificaci\u00f3n de autorizaci\u00f3n en SAP NetWeaver AS Java (Directorio del paisaje del sistema), un usuario no autorizado puede leer y modificar algunas configuraciones SLD globales restringidas, lo que provoca un bajo impacto en la confidencialidad e integridad de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43427.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43427.json index 47aa6d3ca55..ad54496aafe 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43427.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43427.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43427", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-11T13:15:03.530", - "lastModified": "2024-11-11T13:15:03.530", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. When creating an export of site administration presets, some sensitive secrets and keys are not being excluded from the export, which could result in them unintentionally being leaked if the presets are shared with a third party." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. Al crear una exportaci\u00f3n de ajustes preestablecidos de administraci\u00f3n del sitio, algunos secretos y claves confidenciales no se excluyen de la exportaci\u00f3n, lo que podr\u00eda provocar que se filtren involuntariamente si los ajustes preestablecidos se comparten con un tercero." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43429.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43429.json index 64c44eaf109..3bea43ea6a2 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43429.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43429.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43429", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-11T13:15:03.880", - "lastModified": "2024-11-11T13:15:03.880", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. Some hidden user profile fields are visible in gradebook reports, which could result in users without the \"view hidden user fields\" capability having access to the information." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. Algunos campos de perfil de usuario ocultos son visibles en los informes del libro de calificaciones, lo que podr\u00eda provocar que los usuarios sin la capacidad de \"ver campos de usuario ocultos\" tengan acceso a la informaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43430.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43430.json index d70f0e7435e..e9a252c4552 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43430.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43430.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43430", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-11T13:15:04.053", - "lastModified": "2024-11-11T13:15:04.053", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. External API access to Quiz can override contained insufficient access control." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. El acceso a la API externa a Quiz puede anular el control de acceso insuficiente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43432.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43432.json index ef7561f2155..26bf7a65bf0 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43432.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43432.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43432", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-11T13:15:04.233", - "lastModified": "2024-11-11T13:15:04.233", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. The cURL wrapper in Moodle strips HTTPAUTH and USERPWD headers during emulated redirects, but retains other original request headers, so HTTP authorization header information could be unintentionally sent in requests to redirect URLs." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. El contenedor cURL en Moodle elimina los encabezados HTTPAUTH y USERPWD durante las redirecciones emuladas, pero conserva otros encabezados de solicitud originales, por lo que la informaci\u00f3n del encabezado de autorizaci\u00f3n HTTP podr\u00eda enviarse involuntariamente en solicitudes para redireccionar URL." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43433.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43433.json index 5f791ee74ba..2512aa363cf 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43433.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43433.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43433", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-11T13:15:04.410", - "lastModified": "2024-11-11T13:15:04.410", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. Matrix room membership and power levels are incorrectly applied and revoked for suspended Moodle users." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. La membres\u00eda de la sala Matrix y los niveles de poder se aplican y revocan incorrectamente para los usuarios suspendidos de Moodle." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43435.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43435.json index f537a557fbd..2e12e444619 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43435.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43435.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43435", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-11T13:15:04.580", - "lastModified": "2024-11-11T13:15:04.580", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. Insufficient capability checks make it possible for users with access to restore glossaries in courses to restore them into the global site glossary." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. Las comprobaciones de capacidad insuficientes hacen que los usuarios con acceso para restaurar glosarios en cursos puedan restaurarlos en el glosario global del sitio." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43437.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43437.json index 368c31e7789..a51ac2e66df 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43437.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43437.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43437", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-11T13:15:04.757", - "lastModified": "2024-11-11T13:15:04.757", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. Insufficient sanitizing of data when performing a restore could result in a cross-site scripting (XSS) risk from malicious backup files." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. Una desinfecci\u00f3n insuficiente de los datos al realizar una restauraci\u00f3n podr\u00eda generar un riesgo de Cross Site Scripting (XSS) a partir de archivos de respaldo maliciosos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-434xx/CVE-2024-43439.json b/CVE-2024/CVE-2024-434xx/CVE-2024-43439.json index 58d90897e62..74b5d678725 100644 --- a/CVE-2024/CVE-2024-434xx/CVE-2024-43439.json +++ b/CVE-2024/CVE-2024-434xx/CVE-2024-43439.json @@ -2,13 +2,17 @@ "id": "CVE-2024-43439", "sourceIdentifier": "patrick@puiterwijk.org", "published": "2024-11-11T16:15:14.770", - "lastModified": "2024-11-11T16:15:14.770", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A flaw was found in moodle. H5P error messages require additional sanitizing to prevent a reflected cross-site scripting (XSS) risk." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una falla en Moodle. Los mensajes de error de H5P requieren una desinfecci\u00f3n adicional para evitar un riesgo de Cross Site Scripting (XSS) reflejado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-441xx/CVE-2024-44102.json b/CVE-2024/CVE-2024-441xx/CVE-2024-44102.json new file mode 100644 index 00000000000..73f1b0b7bfd --- /dev/null +++ b/CVE-2024/CVE-2024-441xx/CVE-2024-44102.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-44102", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:08.203", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in PP TeleControl Server Basic 1000 to 5000 V3.1 (6NH9910-0AA31-0AE1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 256 to 1000 V3.1 (6NH9910-0AA31-0AD1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 32 to 64 V3.1 (6NH9910-0AA31-0AF1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 64 to 256 V3.1 (6NH9910-0AA31-0AC1) (All versions < V3.1.2.1 with redundancy configured), PP TeleControl Server Basic 8 to 32 V3.1 (6NH9910-0AA31-0AB1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 1000 V3.1 (6NH9910-0AA31-0AD0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 256 V3.1 (6NH9910-0AA31-0AC0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 32 V3.1 (6NH9910-0AA31-0AF0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 5000 V3.1 (6NH9910-0AA31-0AE0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 64 V3.1 (6NH9910-0AA31-0AB0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic 8 V3.1 (6NH9910-0AA31-0AA0) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Serv Upgr (6NH9910-0AA31-0GA1) (All versions < V3.1.2.1 with redundancy configured), TeleControl Server Basic Upgr V3.1 (6NH9910-0AA31-0GA0) (All versions < V3.1.2.1 with redundancy configured). The affected system allows remote users to send maliciously crafted objects. Due to insecure deserialization of user-supplied content by the affected software, an unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted serialized object. This could allow the attacker to execute arbitrary code on the device with SYSTEM privileges." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 10.0, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-502" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-454789.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-445xx/CVE-2024-44546.json b/CVE-2024/CVE-2024-445xx/CVE-2024-44546.json index ffd88c2a4f0..6aaf8d1bd93 100644 --- a/CVE-2024/CVE-2024-445xx/CVE-2024-44546.json +++ b/CVE-2024/CVE-2024-445xx/CVE-2024-44546.json @@ -2,13 +2,17 @@ "id": "CVE-2024-44546", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T21:15:06.360", - "lastModified": "2024-11-11T21:15:06.360", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Powerjob >= 3.20 is vulnerable to SQL injection via the version parameter." + }, + { + "lang": "es", + "value": "Powerjob >= 3.20 es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro de versi\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-447xx/CVE-2024-44765.json b/CVE-2024/CVE-2024-447xx/CVE-2024-44765.json index f88e9282a9a..d5e772916d4 100644 --- a/CVE-2024/CVE-2024-447xx/CVE-2024-44765.json +++ b/CVE-2024/CVE-2024-447xx/CVE-2024-44765.json @@ -2,8 +2,8 @@ "id": "CVE-2024-44765", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T19:15:05.590", - "lastModified": "2024-11-12T00:15:15.777", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45087.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45087.json index 6cc22670c5f..733957349ad 100644 --- a/CVE-2024/CVE-2024-450xx/CVE-2024-45087.json +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45087.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45087", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-11T17:15:04.957", - "lastModified": "2024-11-11T17:15:04.957", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM WebSphere Application Server 8.5 y 9.0 es vulnerable a ataques de Cross Site Scripting. Esta vulnerabilidad permite a un usuario privilegiado incorporar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales en una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-450xx/CVE-2024-45088.json b/CVE-2024/CVE-2024-450xx/CVE-2024-45088.json index d45ab9d6524..3858e8d03d0 100644 --- a/CVE-2024/CVE-2024-450xx/CVE-2024-45088.json +++ b/CVE-2024/CVE-2024-450xx/CVE-2024-45088.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45088", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-11-11T16:15:14.950", - "lastModified": "2024-11-11T16:15:14.950", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session." + }, + { + "lang": "es", + "value": "IBM Maximo Asset Management 7.6.1.3 es vulnerable a Cross Site Scripting almacenado. Esta vulnerabilidad permite a los usuarios autenticados incorporar c\u00f3digo JavaScript arbitrario en la interfaz de usuario web, alterando as\u00ed la funcionalidad prevista y pudiendo provocar la divulgaci\u00f3n de credenciales dentro de una sesi\u00f3n de confianza." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-458xx/CVE-2024-45827.json b/CVE-2024/CVE-2024-458xx/CVE-2024-45827.json index f2c47371ae0..beea26dccbb 100644 --- a/CVE-2024/CVE-2024-458xx/CVE-2024-45827.json +++ b/CVE-2024/CVE-2024-458xx/CVE-2024-45827.json @@ -2,13 +2,17 @@ "id": "CVE-2024-45827", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-11-12T06:15:03.820", - "lastModified": "2024-11-12T06:15:03.820", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may execute an arbitrary OS command." + }, + { + "lang": "es", + "value": "Existe un problema de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando del sistema operativo ('Inyecci\u00f3n de comando del sistema operativo') en Mesh Wi-Fi router RP562B firmware versi\u00f3n v1.0.2 y anteriores. Si se aprovecha esta vulnerabilidad, un atacante autenticado adyacente a la red puede ejecutar un comando arbitrario del sistema operativo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46613.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46613.json index 30e8a737a4c..6c0e9d38e42 100644 --- a/CVE-2024/CVE-2024-466xx/CVE-2024-46613.json +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46613.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46613", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T21:15:14.790", - "lastModified": "2024-11-10T21:15:14.790", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "WeeChat before 4.4.2 has an integer overflow and resultant buffer overflow at core/core-string.c when there are more than two billion items in a list. This affects string_free_split_shared , string_free_split, string_free_split_command, and string_free_split_tags." + }, + { + "lang": "es", + "value": "En las versiones anteriores a la versi\u00f3n 4.4.2 de WeeChat se produce un desbordamiento de enteros y un desbordamiento de b\u00fafer resultante en core/core-string.c cuando hay m\u00e1s de dos mil millones de elementos en una lista. Esto afecta a string_free_split_shared, string_free_split, string_free_split_command y string_free_split_tags." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46888.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46888.json new file mode 100644 index 00000000000..7aea2bc6661 --- /dev/null +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46888.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-46888", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:08.927", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly sanitize user provided paths for SFTP-based file up- and downloads. This could allow an authenticated remote attacker to manipulate arbitrary files on the filesystem and achieve arbitrary code execution on the device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.9, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.1, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46889.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46889.json new file mode 100644 index 00000000000..d22ad0add90 --- /dev/null +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46889.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-46889", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:09.200", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application uses hard-coded cryptographic key material to obfuscate configuration files. This could allow an attacker to learn that cryptographic key material through reverse engineering of the application binary and decrypt arbitrary backup files." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-321" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46890.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46890.json new file mode 100644 index 00000000000..ecd1c223a20 --- /dev/null +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46890.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-46890", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:09.463", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate input sent to specific endpoints of its web API. This could allow an authenticated remote attacker with high privileges on the application to execute arbitrary code on the underlying OS." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "HIGH", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 9.4, + "baseSeverity": "CRITICAL" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.1, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 2.3, + "impactScore": 6.0 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-78" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46891.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46891.json new file mode 100644 index 00000000000..8f6f269c9b2 --- /dev/null +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46891.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-46891", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:09.693", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly restrict the size of generated log files. This could allow an unauthenticated remote attacker to trigger a large amount of logged events to exhaust the system's resources and create a denial of service condition." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-400" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46892.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46892.json new file mode 100644 index 00000000000..30a1d60f6d6 --- /dev/null +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46892.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-46892", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:09.940", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly invalidate sessions when the associated user is deleted or disabled or their permissions are modified. This could allow an authenticated attacker to continue performing malicious actions even after their user account has been disabled." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-613" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-468xx/CVE-2024-46894.json b/CVE-2024/CVE-2024-468xx/CVE-2024-46894.json new file mode 100644 index 00000000000..e26f558b21f --- /dev/null +++ b/CVE-2024/CVE-2024-468xx/CVE-2024-46894.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-46894", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:10.193", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC INS (All versions < V1.0 SP2 Update 3). The affected application does not properly validate authorization of a user to query the \"/api/sftp/users\" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured users of the SFTP service and also modify that configuration." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "LOW", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 6.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-915275.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46951.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46951.json index d0b07cb147c..b7893cc7970 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46951.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46951.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46951", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T21:15:14.880", - "lastModified": "2024-11-10T21:15:14.880", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. An unchecked Implementation pointer in Pattern color space could lead to arbitrary code execution." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en psi/zcolor.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. Un puntero de implementaci\u00f3n sin marcar en el espacio de color Pattern podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46952.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46952.json index 99143c7b2b9..a08d6c46885 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46952.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46952.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46952", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T22:15:12.677", - "lastModified": "2024-11-10T22:15:12.677", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in pdf/pdf_xref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream (related to W array values)." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en pdf/pdf_xref.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. Se produce un desbordamiento del b\u00fafer durante el procesamiento de una secuencia XRef de PDF (relacionada con los valores de la matriz W)." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46953.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46953.json index 2704bbdf2dc..3ce3f427efc 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46953.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46953.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46953", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T22:15:12.750", - "lastModified": "2024-11-10T22:15:12.750", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in base/gsdevice.c in Artifex Ghostscript before 10.04.0. An integer overflow when parsing the filename format string (for the output filename) results in path truncation, and possible path traversal and code execution." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en base/gsdevice.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. Un desbordamiento de enteros al analizar la cadena de formato de nombre de archivo (para el nombre de archivo de salida) da como resultado el truncamiento de la ruta y la posible traves\u00eda de la ruta y la ejecuci\u00f3n del c\u00f3digo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46954.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46954.json index 4bb6cb2e7cb..d6600fc27e9 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46954.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46954.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46954", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T22:15:12.813", - "lastModified": "2024-11-10T22:15:12.813", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in decode_utf8 in base/gp_utf8.c in Artifex Ghostscript before 10.04.0. Overlong UTF-8 encoding leads to possible ../ directory traversal." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en decode_utf8 en base/gp_utf8.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. La codificaci\u00f3n UTF-8 demasiado larga puede provocar un posible directory traversal ../." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46955.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46955.json index 3ae1a54a5b3..904067e4e08 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46955.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46955.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46955", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T22:15:12.887", - "lastModified": "2024-11-10T22:15:12.887", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in psi/zcolor.c in Artifex Ghostscript before 10.04.0. There is an out-of-bounds read when reading color in Indexed color space." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en psi/zcolor.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. Hay una lectura fuera de los l\u00edmites al leer colores en el espacio de color indexado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46956.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46956.json index 9340a3c7a9b..8a3c65b6919 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46956.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46956.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46956", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-10T22:15:12.943", - "lastModified": "2024-11-10T22:15:12.943", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue was discovered in psi/zfile.c in Artifex Ghostscript before 10.04.0. Out-of-bounds data access in filenameforall can lead to arbitrary code execution." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 un problema en psi/zfile.c en Artifex Ghostscript anterior a la versi\u00f3n 10.04.0. El acceso a datos fuera de los l\u00edmites en filenameforall puede provocar la ejecuci\u00f3n de c\u00f3digo arbitrario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46962.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46962.json index cfb25d486d8..0b98325baf2 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46962.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46962.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46962", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T21:15:06.437", - "lastModified": "2024-11-11T21:15:06.437", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n SYQ com.downloader.video.fast (tambi\u00e9n conocida como Master Video Downloader) hasta la versi\u00f3n 2.0 para Android permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente com.downloader.video.fast.SpeedMainAct." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46963.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46963.json index 07697d19f9f..822351633e5 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46963.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46963.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46963", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T21:15:06.493", - "lastModified": "2024-11-11T21:15:06.493", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n com.superfast.video.downloader (tambi\u00e9n conocida como Super Unlimited Video Downloader - All in One) hasta la versi\u00f3n 5.1.9 para Android permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente com.bluesky.browser.ui.BrowserMainActivity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46964.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46964.json index 144c1c918a9..e2374d41682 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46964.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46964.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46964", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T21:15:06.560", - "lastModified": "2024-11-11T21:15:06.560", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n com.video.downloader.all (tambi\u00e9n conocida como All Video Downloader) hasta la versi\u00f3n 11.28 para Android permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente com.video.downloader.all.StartActivity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46965.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46965.json index 8ea6620cb10..481056a756e 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46965.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46965.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46965", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:17.740", - "lastModified": "2024-11-11T20:15:17.740", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n DS allvideo.downloader.browser (tambi\u00e9n conocida como Fast Video Downloader: Browser) hasta la versi\u00f3n 1.6-RC1 para Android permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente allvideo.downloader.browser.DefaultBrowserActivity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46966.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46966.json index 34e66af3e8e..17792d0b927 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46966.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46966.json @@ -2,13 +2,17 @@ "id": "CVE-2024-46966", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T21:15:06.620", - "lastModified": "2024-11-11T21:15:06.620", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component." + }, + { + "lang": "es", + "value": "La aplicaci\u00f3n Ikhgur mn.ikhgur.khotoch (tambi\u00e9n conocida como Video Downloader Pro & Browser) hasta la versi\u00f3n 1.0.42 para Android permite a un atacante ejecutar c\u00f3digo JavaScript arbitrario a trav\u00e9s del componente mn.ikhgur.khotoch.MainActivity." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-471xx/CVE-2024-47131.json b/CVE-2024/CVE-2024-471xx/CVE-2024-47131.json index 9deacec6e2d..37dd19de8c5 100644 --- a/CVE-2024/CVE-2024-471xx/CVE-2024-47131.json +++ b/CVE-2024/CVE-2024-471xx/CVE-2024-47131.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47131", "sourceIdentifier": "ics-cert@hq.dhs.gov", "published": "2024-11-11T15:15:06.153", - "lastModified": "2024-11-11T15:15:06.153", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "If an attacker tricks a valid user into running Delta Electronics DIAScreen with a file containing malicious code, a stack-based buffer overflow in BACnetObjectInfo can be exploited, allowing the attacker to remotely execute arbitrary code." + }, + { + "lang": "es", + "value": "Si un atacante enga\u00f1a a un usuario v\u00e1lido para que ejecute Delta Electronics DIAScreen con un archivo que contiene c\u00f3digo malicioso, se puede explotar un desbordamiento de b\u00fafer basado en pila en BACnetObjectInfo, lo que permite al atacante ejecutar de forma remota c\u00f3digo arbitrario." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47586.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47586.json index 68c14219b10..9daa524da95 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47586.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47586.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47586", "sourceIdentifier": "cna@sap.com", "published": "2024-11-12T01:15:04.190", - "lastModified": "2024-11-12T01:15:04.190", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP NetWeaver Application Server for ABAP and ABAP Platform allows an unauthenticated attacker to send a maliciously crafted http request which could cause a null pointer dereference in the kernel. This dereference will result in the system crashing and rebooting, causing the system to be temporarily unavailable. There is no impact on Confidentiality or Integrity." + }, + { + "lang": "es", + "value": "SAP NetWeaver Application Server para ABAP y la plataforma ABAP permite que un atacante no autenticado env\u00ede una solicitud http manipulada con fines malintencionados que podr\u00eda provocar una desreferencia de puntero nulo en el n\u00facleo. Esta desreferencia provocar\u00e1 que el sistema se bloquee y se reinicie, lo que provocar\u00e1 que el sistema no est\u00e9 disponible temporalmente. No hay ning\u00fan impacto en la confidencialidad ni en la integridad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47587.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47587.json index 270b7b9157b..b1a4192fb3e 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47587.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47587.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47587", "sourceIdentifier": "cna@sap.com", "published": "2024-11-12T01:15:04.470", - "lastModified": "2024-11-12T01:15:04.470", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application." + }, + { + "lang": "es", + "value": "Las operaciones de efectivo no realizan la verificaci\u00f3n de autorizaci\u00f3n necesaria para un usuario autenticado, lo que genera una escalada de privilegios que tiene un impacto bajo en la confidencialidad de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47588.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47588.json index df62bdd401c..568afa6159f 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47588.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47588.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47588", "sourceIdentifier": "cna@sap.com", "published": "2024-11-12T01:15:04.700", - "lastModified": "2024-11-12T01:15:04.700", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In SAP NetWeaver Java (Software Update Manager 1.1), under certain conditions when a software upgrade encounters errors, credentials are written in plaintext to a log file. An attacker with local access to the server, authenticated as a non-administrative user, can acquire the credentials from the logs. This leads to a high impact on confidentiality, with no impact on integrity or availability." + }, + { + "lang": "es", + "value": "En SAP NetWeaver Java (Software Update Manager 1.1), en determinadas circunstancias, cuando una actualizaci\u00f3n de software detecta errores, las credenciales se escriben en texto plano en un archivo de registro. Un atacante con acceso local al servidor, autenticado como usuario no administrativo, puede obtener las credenciales de los registros. Esto genera un gran impacto en la confidencialidad, sin impacto en la integridad o la disponibilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47590.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47590.json index 112316964fb..6740bfa4a38 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47590.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47590.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47590", "sourceIdentifier": "cna@sap.com", "published": "2024-11-12T01:15:04.933", - "lastModified": "2024-11-12T01:15:04.933", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An unauthenticated attacker can create a malicious link which they can make publicly available. When an authenticated victim clicks on this malicious link, input data will be used by the web site page generation to create content which when executed in the victim's browser (XXS) or transmitted to another server (SSRF) gives the attacker the ability to execute arbitrary code on the server fully compromising confidentiality, integrity and availability." + }, + { + "lang": "es", + "value": "Un atacante no autenticado puede crear un enlace malicioso que puede poner a disposici\u00f3n del p\u00fablico. Cuando una v\u00edctima autenticada hace clic en este enlace malicioso, la generaci\u00f3n de p\u00e1ginas del sitio web utilizar\u00e1 los datos de entrada para crear contenido que, cuando se ejecute en el navegador de la v\u00edctima (XXS) o se transmita a otro servidor (SSRF), le dar\u00e1 al atacante la capacidad de ejecutar c\u00f3digo arbitrario en el servidor, comprometiendo por completo la confidencialidad, la integridad y la disponibilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47592.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47592.json index 749ff50fa43..7298b3f3cca 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47592.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47592.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47592", "sourceIdentifier": "cna@sap.com", "published": "2024-11-12T01:15:05.210", - "lastModified": "2024-11-12T01:15:05.210", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP NetWeaver AS Java allows an unauthenticated attacker to brute force the login functionality in order to identify the legitimate user IDs. This has an impact on confidentiality but not on integrity or availability." + }, + { + "lang": "es", + "value": "SAP NetWeaver AS Java permite a un atacante no autenticado forzar la funcionalidad de inicio de sesi\u00f3n para identificar las identificaciones de usuario leg\u00edtimas. Esto afecta la confidencialidad, pero no la integridad ni la disponibilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47593.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47593.json index 3df29e50d98..98417b99608 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47593.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47593.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47593", "sourceIdentifier": "cna@sap.com", "published": "2024-11-12T01:15:05.480", - "lastModified": "2024-11-12T01:15:05.480", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SAP NetWeaver Application Server ABAP allows an unauthenticated attacker with network access to read files from the server, which otherwise would be restricted.This attack is possible only if a Web Dispatcher or some sort of Proxy Server is in use and the file in question was previously opened or downloaded in an application based on SAP GUI for HTML Technology. This will not compromise the application's integrity or availability." + }, + { + "lang": "es", + "value": "SAP NetWeaver Application Server ABAP permite a un atacante no autenticado con acceso a la red leer archivos del servidor, que de otro modo estar\u00eda restringido. Este ataque solo es posible si se utiliza un Web Dispatcher o alg\u00fan tipo de servidor proxy y el archivo en cuesti\u00f3n se abri\u00f3 o descarg\u00f3 previamente en una aplicaci\u00f3n basada en SAP GUI para tecnolog\u00eda HTML. Esto no comprometer\u00e1 la integridad ni la disponibilidad de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-475xx/CVE-2024-47595.json b/CVE-2024/CVE-2024-475xx/CVE-2024-47595.json index 18c6d632e8d..2df7ca49220 100644 --- a/CVE-2024/CVE-2024-475xx/CVE-2024-47595.json +++ b/CVE-2024/CVE-2024-475xx/CVE-2024-47595.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47595", "sourceIdentifier": "cna@sap.com", "published": "2024-11-12T01:15:05.677", - "lastModified": "2024-11-12T01:15:05.677", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An attacker who gains local membership to sapsys group could replace local files usually protected by privileged access. On successful exploitation the attacker could cause high impact on confidentiality and integrity of the application." + }, + { + "lang": "es", + "value": "Un atacante que obtenga la membres\u00eda local del grupo sapsys podr\u00eda reemplazar archivos locales que normalmente est\u00e1n protegidos por acceso privilegiado. Si logra explotar esta vulnerabilidad, el atacante podr\u00eda causar un gran impacto en la confidencialidad e integridad de la aplicaci\u00f3n." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47783.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47783.json new file mode 100644 index 00000000000..4c444776e59 --- /dev/null +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47783.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47783", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:10.433", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIPORT (All versions < V3.4.0). The affected application improperly assigns file permissions to installation folders.\r\n\r\nThis could allow a local attacker with an unprivileged account to override or modify the service executables and subsequently gain elevated privileges." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.5, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-064257.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-477xx/CVE-2024-47799.json b/CVE-2024/CVE-2024-477xx/CVE-2024-47799.json index cbd7a95cdaa..17ae9c9de0b 100644 --- a/CVE-2024/CVE-2024-477xx/CVE-2024-47799.json +++ b/CVE-2024/CVE-2024-477xx/CVE-2024-47799.json @@ -2,13 +2,17 @@ "id": "CVE-2024-47799", "sourceIdentifier": "vultures@jpcert.or.jp", "published": "2024-11-12T06:15:04.097", - "lastModified": "2024-11-12T06:15:04.097", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Exposure of sensitive system information to an unauthorized control sphere issue exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain information of the other devices connected through the Wi-Fi." + }, + { + "lang": "es", + "value": "Existe un problema de exposici\u00f3n de informaci\u00f3n confidencial del sistema a una esfera de control no autorizada en Mesh Wi-Fi router RP562B firmware versi\u00f3n v1.0.2 y anteriores. Si se aprovecha esta vulnerabilidad, un atacante autenticado adyacente a la red puede obtener informaci\u00f3n de los otros dispositivos conectados a trav\u00e9s de Wi-Fi." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-478xx/CVE-2024-47808.json b/CVE-2024/CVE-2024-478xx/CVE-2024-47808.json new file mode 100644 index 00000000000..04006cdc823 --- /dev/null +++ b/CVE-2024/CVE-2024-478xx/CVE-2024-47808.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47808", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:10.677", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SINEC NMS (All versions < V3.0 SP1). The affected application contains a database function, that does not properly restrict the permissions of users to write to the filesystem of the host system.\r\nThis could allow an authenticated medium-privileged attacker to write arbitrary content to any location in the filesystem of the host system." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "HIGH", + "subsequentSystemAvailability": "HIGH", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.0, + "impactScore": 5.8 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-732" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-331112.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47940.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47940.json new file mode 100644 index 00000000000..6ea5e63d95d --- /dev/null +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47940.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47940", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:10.920", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute code in the context of the current process." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47941.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47941.json new file mode 100644 index 00000000000..5f6b4f3c669 --- /dev/null +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47941.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47941", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:11.167", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "HIGH", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.3, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-479xx/CVE-2024-47942.json b/CVE-2024/CVE-2024-479xx/CVE-2024-47942.json new file mode 100644 index 00000000000..d3341a0feec --- /dev/null +++ b/CVE-2024/CVE-2024-479xx/CVE-2024-47942.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-47942", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:11.427", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 9). The affected applications suffer from a DLL hijacking vulnerability. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "PASSIVE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 7.0, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.3, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-427" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-351178.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-480xx/CVE-2024-48073.json b/CVE-2024/CVE-2024-480xx/CVE-2024-48073.json index 997aec6649b..490cb7df20c 100644 --- a/CVE-2024/CVE-2024-480xx/CVE-2024-48073.json +++ b/CVE-2024/CVE-2024-480xx/CVE-2024-48073.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48073", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T22:15:20.787", - "lastModified": "2024-11-08T22:15:20.787", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program is vulnerable to a command injection vulnerability, which could allow an attacker to pass commands to this program via command line arguments to gain elevated root privileges." + }, + { + "lang": "es", + "value": "sunniwell HT3300 anterior a 1.0.0.B022.2 es vulnerable a permisos inseguros. El programa /usr/local/bin/update, que es responsable de actualizar el software en el dispositivo HT3300, tiene asignado el modo de ejecuci\u00f3n sudo NOPASSWD. Este programa es vulnerable a una vulnerabilidad de inyecci\u00f3n de comandos, que podr\u00eda permitir a un atacante pasar comandos a este programa a trav\u00e9s de argumentos de l\u00ednea de comandos para obtener privilegios elevados de superusuario." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-483xx/CVE-2024-48322.json b/CVE-2024/CVE-2024-483xx/CVE-2024-48322.json index f84da7f4d99..7d28b34080b 100644 --- a/CVE-2024/CVE-2024-483xx/CVE-2024-48322.json +++ b/CVE-2024/CVE-2024-483xx/CVE-2024-48322.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48322", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:17.807", - "lastModified": "2024-11-11T20:15:17.807", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability." + }, + { + "lang": "es", + "value": "UsersController.php en Run.codes 1.5.2 y anteriores tiene una vulnerabilidad de condici\u00f3n de ejecuci\u00f3n de restablecimiento de contrase\u00f1a." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48837.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48837.json index 11ea8373d59..9886a09bd25 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48837.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48837.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48837", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-12T04:15:05.613", - "lastModified": "2024-11-12T04:15:05.613", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution" + }, + { + "lang": "es", + "value": "El software Dell SmartFabric OS10, versiones 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contiene una vulnerabilidad de ejecuci\u00f3n con privilegios innecesarios. Un atacante con pocos privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de comandos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-488xx/CVE-2024-48838.json b/CVE-2024/CVE-2024-488xx/CVE-2024-48838.json index f84fa50bf97..6994528c402 100644 --- a/CVE-2024/CVE-2024-488xx/CVE-2024-48838.json +++ b/CVE-2024/CVE-2024-488xx/CVE-2024-48838.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48838", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-12T04:15:05.833", - "lastModified": "2024-11-12T04:15:05.833", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker." + }, + { + "lang": "es", + "value": "El software Dell SmartFabric OS10, versiones 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contiene una vulnerabilidad de acceso a archivos o directorios por parte de terceros. Un atacante con pocos privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que le permitir\u00eda acceder al sistema de archivos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-489xx/CVE-2024-48939.json b/CVE-2024/CVE-2024-489xx/CVE-2024-48939.json index 4d34245b8cc..329f46f61ed 100644 --- a/CVE-2024/CVE-2024-489xx/CVE-2024-48939.json +++ b/CVE-2024/CVE-2024-489xx/CVE-2024-48939.json @@ -2,13 +2,17 @@ "id": "CVE-2024-48939", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T01:15:04.890", - "lastModified": "2024-11-11T01:15:04.890", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Insufficient validation performed on the REST API License file in Paxton Net2 before 6.07.14023.5015 (SR4) enables use of the REST API with an invalid License File. Attackers may be able to retrieve access-log data." + }, + { + "lang": "es", + "value": "La validaci\u00f3n insuficiente realizada en el archivo de licencia de la API REST en Paxton Net2 antes de la versi\u00f3n 6.07.14023.5015 (SR4) permite el uso de la API REST con un archivo de licencia no v\u00e1lido. Los atacantes podr\u00edan recuperar datos del registro de acceso." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49393.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49393.json index 8db34cbb519..298dc36280b 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49393.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49393.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49393", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-12T02:15:18.443", - "lastModified": "2024-11-12T02:15:18.443", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality." + }, + { + "lang": "es", + "value": "En neomutt y mutt, los encabezados de correo electr\u00f3nico Para y Cc no est\u00e1n validados por la firma criptogr\u00e1fica, lo que permite a un atacante que intercepta un mensaje cambiar su valor e incluirse como uno de los destinatarios para comprometer la confidencialidad del mensaje." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49394.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49394.json index 1f3917ef96c..650697a7757 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49394.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49394.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49394", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-12T03:15:03.677", - "lastModified": "2024-11-12T03:15:03.677", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender." + }, + { + "lang": "es", + "value": "En mutt y neomutt, el campo de encabezado de correo electr\u00f3nico In-Reply-To no est\u00e1 protegido por firma criptogr\u00e1fica, lo que permite a un atacante reutilizar un mensaje de correo electr\u00f3nico no cifrado pero firmado para hacerse pasar por el remitente original." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-493xx/CVE-2024-49395.json b/CVE-2024/CVE-2024-493xx/CVE-2024-49395.json index 37c6604bb4a..eacef3b053d 100644 --- a/CVE-2024/CVE-2024-493xx/CVE-2024-49395.json +++ b/CVE-2024/CVE-2024-493xx/CVE-2024-49395.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49395", "sourceIdentifier": "secalert@redhat.com", "published": "2024-11-12T03:15:03.910", - "lastModified": "2024-11-12T03:15:03.910", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info." + }, + { + "lang": "es", + "value": "En mutt y neomutt, el cifrado PGP no utiliza el modo --hidden-recipient que puede filtrar el campo de encabezado de correo electr\u00f3nico CCO al inferir la informaci\u00f3n de los destinatarios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49557.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49557.json index 73f381c3b44..fc1aafea074 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49557.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49557.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49557", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-12T04:15:06.040", - "lastModified": "2024-11-12T04:15:06.040", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution." + }, + { + "lang": "es", + "value": "El software Dell SmartFabric OS10, versiones 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contiene una vulnerabilidad de neutralizaci\u00f3n inadecuada de elementos especiales utilizados en un comando ('inyecci\u00f3n de comando'). Un atacante con pocos privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de c\u00f3digo." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49558.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49558.json index 4e0fc62d37e..fb6f4c553d4 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49558.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49558.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49558", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-12T04:15:06.243", - "lastModified": "2024-11-12T04:15:06.243", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges." + }, + { + "lang": "es", + "value": "El software Dell SmartFabric OS10, versiones 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contiene una vulnerabilidad de administraci\u00f3n de privilegios incorrecta. Un atacante con pocos privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda una elevaci\u00f3n de privilegios." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-495xx/CVE-2024-49560.json b/CVE-2024/CVE-2024-495xx/CVE-2024-49560.json index c0457a26974..4ce61031f58 100644 --- a/CVE-2024/CVE-2024-495xx/CVE-2024-49560.json +++ b/CVE-2024/CVE-2024-495xx/CVE-2024-49560.json @@ -2,13 +2,17 @@ "id": "CVE-2024-49560", "sourceIdentifier": "security_alert@emc.com", "published": "2024-11-12T04:15:06.443", - "lastModified": "2024-11-12T04:15:06.443", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution." + }, + { + "lang": "es", + "value": "El software Dell SmartFabric OS10, versiones 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contiene una vulnerabilidad de inyecci\u00f3n de comandos. Un atacante con pocos privilegios y acceso local podr\u00eda aprovechar esta vulnerabilidad, lo que provocar\u00eda la ejecuci\u00f3n de comandos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50100.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50100.json index ec3236ceafa..d83524c74ad 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50100.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50100.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50100", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.757", - "lastModified": "2024-11-08T16:15:46.740", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-12T14:57:44.877", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,104 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: USB: gadget: dummy-hcd: soluciona el problema de \"tarea colgada\" El fuzzer syzbot ha estado encontrando problemas de \"tarea colgada\" desde que se cambi\u00f3 el controlador dummy-hcd para usar temporizadores hrtimer en lugar de temporizadores normales. Resulta que los problemas son causados por una diferencia sutil entre las API timer_pending() y hrtimer_active(). El cambio reemplaz\u00f3 ciegamente la primera por la segunda. Sin embargo, timer_pending() devuelve True cuando el temporizador est\u00e1 en cola pero no cuando su devoluci\u00f3n de llamada se est\u00e1 ejecutando, mientras que hrtimer_active() devuelve True cuando el hrtimer est\u00e1 en cola _o_ su devoluci\u00f3n de llamada se est\u00e1 ejecutando. Esta diferencia ocasionalmente hizo que dummy_urb_enqueue() pensara que la rutina de devoluci\u00f3n de llamada a\u00fan no hab\u00eda comenzado cuando, de hecho, estaba casi terminada. Como resultado, el hrtimer no se reinici\u00f3, lo que hizo imposible que el controlador quitara de la cola m\u00e1s tarde el URB que acababa de ponerse en cola. Esto provoc\u00f3 que usb_kill_urb() se bloqueara y las cosas empeoraron a partir de ah\u00ed. Dado que los temporizadores hr no tienen una API para saber cu\u00e1ndo est\u00e1n en cola y la devoluci\u00f3n de llamada no se est\u00e1 ejecutando, el controlador debe realizar un seguimiento de esto por s\u00ed mismo. Eso es lo que hace este parche, agregando un nuevo indicador \"timer_pending\" y configur\u00e1ndolo o borr\u00e1ndolo en los momentos apropiados." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.10", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "E1D573E2-61FD-4C3B-B3BD-5FBEFD6391F0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5189df7b8088268012882c220d6aca4e64981348", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7d85884576a3be3616c260fc1fa862a59579d1ab", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf7ee2291da551fc4b109fda1f6a332cb8212065", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f828205ee3e4ddc712a13fba6c9902d51e91ddaf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-501xx/CVE-2024-50101.json b/CVE-2024/CVE-2024-501xx/CVE-2024-50101.json index f6d0b112e00..774b009593c 100644 --- a/CVE-2024/CVE-2024-501xx/CVE-2024-50101.json +++ b/CVE-2024/CVE-2024-501xx/CVE-2024-50101.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50101", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-05T18:15:13.813", - "lastModified": "2024-11-06T18:17:17.287", - "vulnStatus": "Undergoing Analysis", + "lastModified": "2024-11-12T14:59:22.600", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,132 @@ "value": " En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu/vt-d: Se corrige pci_for_each_dma_alias() incorrecto para dispositivos que no sean PCI Anteriormente, la funci\u00f3n domain_context_clear() llamaba incorrectamente a pci_for_each_dma_alias() para configurar entradas de contexto para dispositivos que no sean PCI. Esto podr\u00eda provocar bloqueos del kernel u otro comportamiento inesperado. Agregue una verificaci\u00f3n para llamar solo a pci_for_each_dma_alias() para dispositivos PCI. Para dispositivos que no sean PCI, se llama a domain_context_clear_one() directamente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.142", + "versionEndExcluding": "5.15.169", + "matchCriteriaId": "AAD55F09-0AC2-4348-894A-44EE8E35124F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.114", + "matchCriteriaId": "10FD2B3E-C7D9-4A9C-BD64-41877EDF88EB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.58", + "matchCriteriaId": "6B9489BC-825E-4EEE-8D93-F93C801988C8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.11.5", + "matchCriteriaId": "6E62D61A-F704-44DB-A311-17B7534DA7BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc1:*:*:*:*:*:*", + "matchCriteriaId": "7F361E1D-580F-4A2D-A509-7615F73167A1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc2:*:*:*:*:*:*", + "matchCriteriaId": "925478D0-3E3D-4E6F-ACD5-09F28D5DF82C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.12:rc3:*:*:*:*:*:*", + "matchCriteriaId": "3C95E234-D335-4B6C-96BF-E2CEBD8654ED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/04d6826ba7ba81213422276e96c90c6565169e1c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0bd9a30c22afb5da203386b811ec31429d2caa78", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6e02a277f1db24fa039e23783c8921c7b0e5b1b3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cbfa3a83eba05240ce37839ed48280a05e8e8f6c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fe2e0b6cd00abea3efac66de1da22d844364c1b0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50212.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50212.json index a81f76d8eff..b653a3dab70 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50212.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50212.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50212", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:04.940", - "lastModified": "2024-11-09T11:15:04.940", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nlib: alloc_tag_module_unload must wait for pending kfree_rcu calls\n\nBen Greear reports following splat:\n ------------[ cut here ]------------\n net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload\n WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0\n Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat\n...\n Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020\n RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0\n codetag_unload_module+0x19b/0x2a0\n ? codetag_load_module+0x80/0x80\n\nnf_nat module exit calls kfree_rcu on those addresses, but the free\noperation is likely still pending by the time alloc_tag checks for leaks.\n\nWait for outstanding kfree_rcu operations to complete before checking\nresolves this warning.\n\nReproducer:\nunshare -n iptables-nft -t nat -A PREROUTING -p tcp\ngrep nf_nat /proc/allocinfo # will list 4 allocations\nrmmod nft_chain_nat\nrmmod nf_nat # will WARN.\n\n[akpm@linux-foundation.org: add comment]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: lib: alloc_tag_module_unload debe esperar llamadas kfree_rcu pendientes Ben Greear informa del siguiente splat: ------------[ cortar aqu\u00ed ]------------ net/netfilter/nf_nat_core.c:1114 m\u00f3dulo nf_nat func:nf_nat_register_fn tiene 256 asignados en la descarga del m\u00f3dulo ADVERTENCIA: CPU: 1 PID: 10421 en lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0 M\u00f3dulos vinculados en: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat ... Nombre del hardware: Cadena predeterminada Cadena predeterminada/SKYBAY, BIOS 5.12 08/04/2020 RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0 codetag_unload_module+0x19b/0x2a0 ? codetag_load_module+0x80/0x80 La salida del m\u00f3dulo nf_nat llama a kfree_rcu en esas direcciones, pero es probable que la operaci\u00f3n de liberaci\u00f3n a\u00fan est\u00e9 pendiente en el momento en que alloc_tag verifique si hay fugas. Espere a que se completen las operaciones kfree_rcu pendientes antes de que la verificaci\u00f3n resuelva esta advertencia. Reproductor: unshare -n iptables-nft -t nat -A PREROUTING -p tcp grep nf_nat /proc/allocinfo # enumerar\u00e1 4 asignaciones rmmod nft_chain_nat rmmod nf_nat # emitir\u00e1 una ADVERTENCIA. [akpm@linux-foundation.org: agregar comentario]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50213.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50213.json index 4c3e94c15b1..b069c0defad 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50213.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50213.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50213", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:06.650", - "lastModified": "2024-11-09T11:15:06.650", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/tests: hdmi: Fix memory leaks in drm_display_mode_from_cea_vic()\n\nmodprobe drm_hdmi_state_helper_test and then rmmod it, the following\nmemory leak occurs.\n\nThe `mode` allocated in drm_mode_duplicate() called by\ndrm_display_mode_from_cea_vic() is not freed, which cause the memory leak:\n\n\tunreferenced object 0xffffff80ccd18100 (size 128):\n\t comm \"kunit_try_catch\", pid 1851, jiffies 4295059695\n\t hex dump (first 32 bytes):\n\t 57 62 00 00 80 02 90 02 f0 02 20 03 00 00 e0 01 Wb........ .....\n\t ea 01 ec 01 0d 02 00 00 0a 00 00 00 00 00 00 00 ................\n\t backtrace (crc c2f1aa95):\n\t [<000000000f10b11b>] kmemleak_alloc+0x34/0x40\n\t [<000000001cd4cf73>] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [<00000000f1f3cffa>] drm_mode_duplicate+0x44/0x19c\n\t [<000000008cbeef13>] drm_display_mode_from_cea_vic+0x88/0x98\n\t [<0000000019daaacf>] 0xffffffedc11ae69c\n\t [<000000000aad0f85>] kunit_try_run_case+0x13c/0x3ac\n\t [<00000000a9210bac>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [<000000000a0b2e9e>] kthread+0x2e8/0x374\n\t [<00000000bd668858>] ret_from_fork+0x10/0x20\n\t......\n\nFree `mode` by using drm_kunit_display_mode_from_cea_vic()\nto fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/tests: hdmi: Se corrigen las p\u00e9rdidas de memoria en drm_display_mode_from_cea_vic() modprobe drm_hdmi_state_helper_test y luego rmmod, se produce la siguiente p\u00e9rdida de memoria. El `modo` asignado en drm_mode_duplicate() llamado por drm_display_mode_from_cea_vic() no se libera, lo que causa la p\u00e9rdida de memoria: objeto sin referencia 0xffffff80ccd18100 (tama\u00f1o 128): comm \"kunit_try_catch\", pid 1851, jiffies 4295059695 volcado hexadecimal (primeros 32 bytes): 57 62 00 00 80 02 90 02 f0 02 20 03 00 00 e0 01 Wb........ ..... ea 01 ec 01 0d 02 00 00 0a 00 00 00 00 00 00 00 ................ backtrace (crc c2f1aa95): [<000000000f10b11b>] kmemleak_alloc+0x34/0x40 [<000000001cd4cf73>] __kmalloc_cache_noprof+0x26c/0x2f4 [<00000000f1f3cffa>] modo drm_duplicado+0x44/0x19c [<000000008cbeef13>] modo de visualizaci\u00f3n drm_desde_cea_vic+0x88/0x98 [<0000000019daaacf>] 0xffffffedc11ae69c [<000000000aad0f85>] caso de ejecuci\u00f3n de intentos kunit+0x13c/0x3ac [<00000000a9210bac>] kunit_generic_run_threadfn_adapter+0x80/0xec [<000000000a0b2e9e>] kthread+0x2e8/0x374 [<00000000bd668858>] ret_from_fork+0x10/0x20 ...... Libere el `modo` usando drm_kunit_display_mode_from_cea_vic() para solucionarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50214.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50214.json index 6bc248c0cbc..34ad3e2635c 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50214.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50214.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50214", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:06.777", - "lastModified": "2024-11-09T11:15:06.777", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/connector: hdmi: Fix memory leak in drm_display_mode_from_cea_vic()\n\nmodprobe drm_connector_test and then rmmod drm_connector_test,\nthe following memory leak occurs.\n\nThe `mode` allocated in drm_mode_duplicate() called by\ndrm_display_mode_from_cea_vic() is not freed, which cause the memory leak:\n\n\tunreferenced object 0xffffff80cb0ee400 (size 128):\n\t comm \"kunit_try_catch\", pid 1948, jiffies 4294950339\n\t hex dump (first 32 bytes):\n\t 14 44 02 00 80 07 d8 07 04 08 98 08 00 00 38 04 .D............8.\n\t 3c 04 41 04 65 04 00 00 05 00 00 00 00 00 00 00 <.A.e...........\n\t backtrace (crc 90e9585c):\n\t [<00000000ec42e3d7>] kmemleak_alloc+0x34/0x40\n\t [<00000000d0ef055a>] __kmalloc_cache_noprof+0x26c/0x2f4\n\t [<00000000c2062161>] drm_mode_duplicate+0x44/0x19c\n\t [<00000000f96c74aa>] drm_display_mode_from_cea_vic+0x88/0x98\n\t [<00000000d8f2c8b4>] 0xffffffdc982a4868\n\t [<000000005d164dbc>] kunit_try_run_case+0x13c/0x3ac\n\t [<000000006fb23398>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [<000000006ea56ca0>] kthread+0x2e8/0x374\n\t [<000000000676063f>] ret_from_fork+0x10/0x20\n\t......\n\nFree `mode` by using drm_kunit_display_mode_from_cea_vic()\nto fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/connector: hdmi: Se corrige la p\u00e9rdida de memoria en drm_display_mode_from_cea_vic() modprobe drm_connector_test y luego rmmod drm_connector_test, se produce la siguiente p\u00e9rdida de memoria. El `modo` asignado en drm_mode_duplicate() llamado por drm_display_mode_from_cea_vic() no se libera, lo que causa la p\u00e9rdida de memoria: objeto sin referencia 0xffffff80cb0ee400 (tama\u00f1o 128): comm \"kunit_try_catch\", pid 1948, jiffies 4294950339 volcado hexadecimal (primeros 32 bytes): 14 44 02 00 80 07 d8 07 04 08 98 08 00 00 38 04 .D............8. 3c 04 41 04 65 04 00 00 05 00 00 00 00 00 00 00 <.Ae.......... seguimiento inverso (crc 90e9585c): [<00000000ec42e3d7>] kmemleak_alloc+0x34/0x40 [<00000000d0ef055a>] __kmalloc_cache_noprof+0x26c/0x2f4 [<00000000c2062161>] drm_mode_duplicate+0x44/0x19c [<00000000f96c74aa>] drm_display_mode_from_cea_vic+0x88/0x98 [<00000000d8f2c8b4>] 0xffffffdc982a4868 [<000000005d164dbc>] kunit_try_run_case+0x13c/0x3ac [<000000006fb23398>] kunit_generic_run_threadfn_adapter+0x80/0xec [<000000006ea56ca0>] kthread+0x2e8/0x374 [<000000000676063f>] ret_from_fork+0x10/0x20 ...... Libere el `modo` usando drm_kunit_display_mode_from_cea_vic() para solucionarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50215.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50215.json index 84ee5b3e8e7..b146623ba36 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50215.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50215.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50215", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:06.893", - "lastModified": "2024-11-09T11:15:06.893", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnvmet-auth: assign dh_key to NULL after kfree_sensitive\n\nctrl->dh_key might be used across multiple calls to nvmet_setup_dhgroup()\nfor the same controller. So it's better to nullify it after release on\nerror path in order to avoid double free later in nvmet_destroy_auth().\n\nFound by Linux Verification Center (linuxtesting.org) with Svace." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet-auth: asignar dh_key a NULL despu\u00e9s de que kfree_sensitive ctrl->dh_key se pudiera usar en varias llamadas a nvmet_setup_dhgroup() para el mismo controlador. Por lo tanto, es mejor anularlo despu\u00e9s de la liberaci\u00f3n en la ruta de error para evitar una doble liberaci\u00f3n m\u00e1s adelante en nvmet_destroy_auth(). Encontrado por Linux Verification Center (linuxtesting.org) con Svace." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50216.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50216.json index 3379e322814..beb78200c8c 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50216.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50216.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50216", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:06.987", - "lastModified": "2024-11-09T11:15:06.987", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nxfs: fix finding a last resort AG in xfs_filestream_pick_ag\n\nWhen the main loop in xfs_filestream_pick_ag fails to find a suitable\nAG it tries to just pick the online AG. But the loop for that uses\nargs->pag as loop iterator while the later code expects pag to be\nset. Fix this by reusing the max_pag case for this last resort, and\nalso add a check for impossible case of no AG just to make sure that\nthe uninitialized pag doesn't even escape in theory." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: xfs: se corrige la b\u00fasqueda de un AG de \u00faltimo recurso en xfs_filestream_pick_ag Cuando el bucle principal en xfs_filestream_pick_ag no puede encontrar un AG adecuado, intenta simplemente elegir el AG en l\u00ednea. Pero el bucle para eso usa args->pag como iterador de bucle mientras que el c\u00f3digo posterior espera que se configure pag. Corrija esto reutilizando el caso max_pag para este \u00faltimo recurso y tambi\u00e9n agregue una verificaci\u00f3n para el caso imposible de que no haya AG solo para asegurarse de que el pag no inicializado ni siquiera escape en teor\u00eda." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50217.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50217.json index 7c47a947ce0..e30c93b0e0d 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50217.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50217.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50217", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.103", - "lastModified": "2024-11-09T11:15:07.103", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()\n\nMounting btrfs from two images (which have the same one fsid and two\ndifferent dev_uuids) in certain executing order may trigger an UAF for\nvariable 'device->bdev_file' in __btrfs_free_extra_devids(). And\nfollowing are the details:\n\n1. Attach image_1 to loop0, attach image_2 to loop1, and scan btrfs\n devices by ioctl(BTRFS_IOC_SCAN_DEV):\n\n / btrfs_device_1 \u2192 loop0\n fs_device\n \\ btrfs_device_2 \u2192 loop1\n2. mount /dev/loop0 /mnt\n btrfs_open_devices\n btrfs_device_1->bdev_file = btrfs_get_bdev_and_sb(loop0)\n btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1)\n btrfs_fill_super\n open_ctree\n fail: btrfs_close_devices // -ENOMEM\n\t btrfs_close_bdev(btrfs_device_1)\n fput(btrfs_device_1->bdev_file)\n\t // btrfs_device_1->bdev_file is freed\n\t btrfs_close_bdev(btrfs_device_2)\n fput(btrfs_device_2->bdev_file)\n\n3. mount /dev/loop1 /mnt\n btrfs_open_devices\n btrfs_get_bdev_and_sb(&bdev_file)\n // EIO, btrfs_device_1->bdev_file is not assigned,\n // which points to a freed memory area\n btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1)\n btrfs_fill_super\n open_ctree\n btrfs_free_extra_devids\n if (btrfs_device_1->bdev_file)\n fput(btrfs_device_1->bdev_file) // UAF !\n\nFix it by setting 'device->bdev_file' as 'NULL' after closing the\nbtrfs_device in btrfs_close_one_device()." + "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()\n\nMounting btrfs from two images (which have the same one fsid and two\ndifferent dev_uuids) in certain executing order may trigger an UAF for\nvariable 'device->bdev_file' in __btrfs_free_extra_devids(). And\nfollowing are the details:\n\n1. Attach image_1 to loop0, attach image_2 to loop1, and scan btrfs\n devices by ioctl(BTRFS_IOC_SCAN_DEV):\n\n / btrfs_device_1 ? loop0\n fs_device\n \\ btrfs_device_2 ? loop1\n2. mount /dev/loop0 /mnt\n btrfs_open_devices\n btrfs_device_1->bdev_file = btrfs_get_bdev_and_sb(loop0)\n btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1)\n btrfs_fill_super\n open_ctree\n fail: btrfs_close_devices // -ENOMEM\n\t btrfs_close_bdev(btrfs_device_1)\n fput(btrfs_device_1->bdev_file)\n\t // btrfs_device_1->bdev_file is freed\n\t btrfs_close_bdev(btrfs_device_2)\n fput(btrfs_device_2->bdev_file)\n\n3. mount /dev/loop1 /mnt\n btrfs_open_devices\n btrfs_get_bdev_and_sb(&bdev_file)\n // EIO, btrfs_device_1->bdev_file is not assigned,\n // which points to a freed memory area\n btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1)\n btrfs_fill_super\n open_ctree\n btrfs_free_extra_devids\n if (btrfs_device_1->bdev_file)\n fput(btrfs_device_1->bdev_file) // UAF !\n\nFix it by setting 'device->bdev_file' as 'NULL' after closing the\nbtrfs_device in btrfs_close_one_device()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: se corrige el use-after-free del archivo del dispositivo de bloque en __btrfs_free_extra_devids(). Montar btrfs desde dos im\u00e1genes (que tienen el mismo fsid y dos dev_uuids diferentes) en cierto orden de ejecuci\u00f3n puede activar un UAF para la variable 'device->bdev_file' en __btrfs_free_extra_devids(). Y a continuaci\u00f3n se muestran los detalles: 1. Adjunte image_1 a loop0, adjunte image_2 a loop1 y escanee los dispositivos btrfs con ioctl(BTRFS_IOC_SCAN_DEV): / btrfs_device_1 ? loop0 fs_device \\ btrfs_device_2 ? loop1 2. monte /dev/loop0 /mnt btrfs_open_devices btrfs_device_1->bdev_file = btrfs_get_bdev_and_sb(loop0) btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1) btrfs_fill_super open_ctree fail: btrfs_close_devices // -ENOMEM btrfs_close_bdev(btrfs_device_1) fput(btrfs_device_1->bdev_file) // btrfs_device_1->bdev_file se libera btrfs_close_bdev(btrfs_device_2) fput(btrfs_device_2->bdev_file) 3. mount /dev/loop1 /mnt btrfs_open_devices btrfs_get_bdev_and_sb(&bdev_file) // EIO, btrfs_device_1->bdev_file no est\u00e1 asignado, // lo que apunta a un \u00e1rea de memoria liberada btrfs_device_2->bdev_file = btrfs_get_bdev_and_sb(loop1) btrfs_fill_super open_ctree btrfs_free_extra_devids if (btrfs_device_1->bdev_file) fput(btrfs_device_1->bdev_file) // UAF! Arr\u00e9glelo configurando 'device->bdev_file' como 'NULL' despu\u00e9s de cerrar btrfs_device en btrfs_close_one_device()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50218.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50218.json index 808153d0aa6..9a711a40c0b 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50218.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50218.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50218", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.213", - "lastModified": "2024-11-09T11:15:07.213", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: pass u64 to ocfs2_truncate_inline maybe overflow\n\nSyzbot reported a kernel BUG in ocfs2_truncate_inline. There are two\nreasons for this: first, the parameter value passed is greater than\nocfs2_max_inline_data_with_xattr, second, the start and end parameters of\nocfs2_truncate_inline are \"unsigned int\".\n\nSo, we need to add a sanity check for byte_start and byte_len right before\nocfs2_truncate_inline() in ocfs2_remove_inode_range(), if they are greater\nthan ocfs2_max_inline_data_with_xattr return -EINVAL." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ocfs2: pasar u64 a ocfs2_truncate_inline puede provocar un desbordamiento Syzbot inform\u00f3 de un ERROR del kernel en ocfs2_truncate_inline. Hay dos razones para esto: primero, el valor del par\u00e1metro pasado es mayor que ocfs2_max_inline_data_with_xattr, segundo, los par\u00e1metros de inicio y fin de ocfs2_truncate_inline son \"unsigned int\". Por lo tanto, debemos agregar una comprobaci\u00f3n de cordura para byte_start y byte_len justo antes de ocfs2_truncate_inline() en ocfs2_remove_inode_range(), si son mayores que ocfs2_max_inline_data_with_xattr devuelve -EINVAL." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50220.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50220.json index 1b980e6991a..ee28fd38bc5 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50220.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50220.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50220", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.487", - "lastModified": "2024-11-09T11:15:07.487", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfork: do not invoke uffd on fork if error occurs\n\nPatch series \"fork: do not expose incomplete mm on fork\".\n\nDuring fork we may place the virtual memory address space into an\ninconsistent state before the fork operation is complete.\n\nIn addition, we may encounter an error during the fork operation that\nindicates that the virtual memory address space is invalidated.\n\nAs a result, we should not be exposing it in any way to external machinery\nthat might interact with the mm or VMAs, machinery that is not designed to\ndeal with incomplete state.\n\nWe specifically update the fork logic to defer khugepaged and ksm to the\nend of the operation and only to be invoked if no error arose, and\ndisallow uffd from observing fork events should an error have occurred.\n\n\nThis patch (of 2):\n\nCurrently on fork we expose the virtual address space of a process to\nuserland unconditionally if uffd is registered in VMAs, regardless of\nwhether an error arose in the fork.\n\nThis is performed in dup_userfaultfd_complete() which is invoked\nunconditionally, and performs two duties - invoking registered handlers\nfor the UFFD_EVENT_FORK event via dup_fctx(), and clearing down\nuserfaultfd_fork_ctx objects established in dup_userfaultfd().\n\nThis is problematic, because the virtual address space may not yet be\ncorrectly initialised if an error arose.\n\nThe change in commit d24062914837 (\"fork: use __mt_dup() to duplicate\nmaple tree in dup_mmap()\") makes this more pertinent as we may be in a\nstate where entries in the maple tree are not yet consistent.\n\nWe address this by, on fork error, ensuring that we roll back state that\nwe would otherwise expect to clean up through the event being handled by\nuserland and perform the memory freeing duty otherwise performed by\ndup_userfaultfd_complete().\n\nWe do this by implementing a new function, dup_userfaultfd_fail(), which\nperforms the same loop, only decrementing reference counts.\n\nNote that we perform mmgrab() on the parent and child mm's, however\nuserfaultfd_ctx_put() will mmdrop() this once the reference count drops to\nzero, so we will avoid memory leaks correctly here." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fork: no invocar uffd en fork si ocurre un error Serie de parches \"fork: no exponer mm incompleto en fork\". Durante fork podemos colocar el espacio de direcciones de memoria virtual en un estado inconsistente antes de que se complete la operaci\u00f3n de fork. Adem\u00e1s, podemos encontrar un error durante la operaci\u00f3n de fork que indique que el espacio de direcciones de memoria virtual est\u00e1 invalidado. Como resultado, no deber\u00edamos exponerlo de ninguna manera a maquinaria externa que pueda interactuar con mm o VMAs, maquinaria que no est\u00e1 dise\u00f1ada para lidiar con estado incompleto. Actualizamos espec\u00edficamente la l\u00f3gica de fork para diferir khugepaged y ksm hasta el final de la operaci\u00f3n y solo para ser invocados si no surgi\u00f3 ning\u00fan error, y no permitimos que uffd observe eventos de fork si se ha producido un error. Este parche (de 2): Actualmente en fork exponemos el espacio de direcciones virtuales de un proceso al espacio de usuario incondicionalmente si uffd est\u00e1 registrado en VMAs, independientemente de si surgi\u00f3 un error en la bifurcaci\u00f3n. Esto se realiza en dup_userfaultfd_complete(), que se invoca de manera incondicional y realiza dos tareas: invocar controladores registrados para el evento UFFD_EVENT_FORK a trav\u00e9s de dup_fctx() y limpiar los objetos userfaultfd_fork_ctx establecidos en dup_userfaultfd(). Esto es problem\u00e1tico, porque el espacio de direcciones virtuales puede no estar inicializado correctamente si surge un error. El cambio en el commit d24062914837 (\"fork: use __mt_dup() to duplicate maple tree in dup_mmap()\") hace que esto sea m\u00e1s pertinente, ya que podemos estar en un estado en el que las entradas en el \u00e1rbol de maple a\u00fan no sean consistentes. Abordamos esto, en caso de error de fork, asegur\u00e1ndonos de revertir el estado que de otra manera esperar\u00edamos limpiar a trav\u00e9s del evento que est\u00e1 siendo manejado por el espacio de usuario y realizar la tarea de liberaci\u00f3n de memoria que de otra manera realizar\u00eda dup_userfaultfd_complete(). Para ello, implementamos una nueva funci\u00f3n, dup_userfaultfd_fail(), que realiza el mismo bucle, pero disminuyendo el recuento de referencias. Tenga en cuenta que ejecutamos mmgrab() en los mm principales y secundarios, sin embargo, userfaultfd_ctx_put() ejecutar\u00e1 mmdrop() una vez que el recuento de referencias baje a cero, por lo que evitaremos fugas de memoria correctamente aqu\u00ed." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50221.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50221.json index f59755faa3e..bde9014f707 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50221.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50221.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50221", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.600", - "lastModified": "2024-11-09T11:15:07.600", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/amd/pm: Vangogh: Fix kernel memory out of bounds write\n\nKASAN reports that the GPU metrics table allocated in\nvangogh_tables_init() is not large enough for the memset done in\nsmu_cmn_init_soft_gpu_metrics(). Condensed report follows:\n\n[ 33.861314] BUG: KASAN: slab-out-of-bounds in smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu]\n[ 33.861799] Write of size 168 at addr ffff888129f59500 by task mangoapp/1067\n...\n[ 33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Tainted: G W 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544\n[ 33.861816] Tainted: [W]=WARN\n[ 33.861818] Hardware name: Valve Galileo/Galileo, BIOS F7G0107 12/01/2023\n[ 33.861822] Call Trace:\n[ 33.861826] \n[ 33.861829] dump_stack_lvl+0x66/0x90\n[ 33.861838] print_report+0xce/0x620\n[ 33.861853] kasan_report+0xda/0x110\n[ 33.862794] kasan_check_range+0xfd/0x1a0\n[ 33.862799] __asan_memset+0x23/0x40\n[ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779]\n[ 33.867135] dev_attr_show+0x43/0xc0\n[ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0\n[ 33.867155] seq_read_iter+0x3f8/0x1140\n[ 33.867173] vfs_read+0x76c/0xc50\n[ 33.867198] ksys_read+0xfb/0x1d0\n[ 33.867214] do_syscall_64+0x90/0x160\n...\n[ 33.867353] Allocated by task 378 on cpu 7 at 22.794876s:\n[ 33.867358] kasan_save_stack+0x33/0x50\n[ 33.867364] kasan_save_track+0x17/0x60\n[ 33.867367] __kasan_kmalloc+0x87/0x90\n[ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu]\n[ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu]\n[ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu]\n[ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu]\n[ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu]\n[ 33.869608] local_pci_probe+0xda/0x180\n[ 33.869614] pci_device_probe+0x43f/0x6b0\n\nEmpirically we can confirm that the former allocates 152 bytes for the\ntable, while the latter memsets the 168 large block.\n\nRoot cause appears that when GPU metrics tables for v2_4 parts were added\nit was not considered to enlarge the table to fit.\n\nThe fix in this patch is rather \"brute force\" and perhaps later should be\ndone in a smarter way, by extracting and consolidating the part version to\nsize logic to a common helper, instead of brute forcing the largest\npossible allocation. Nevertheless, for now this works and fixes the out of\nbounds write.\n\nv2:\n * Drop impossible v3_0 case. (Mario)\n\n(cherry picked from commit 0880f58f9609f0200483a49429af0f050d281703)" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/pm: Vangogh: Se corrige la escritura fuera de los l\u00edmites en la memoria del kernel KASAN informa que la tabla de m\u00e9tricas de GPU asignada en vangogh_tables_init() no es lo suficientemente grande para el conjunto de memoria realizado en smu_cmn_init_soft_gpu_metrics(). A continuaci\u00f3n se muestra el informe condensado: [33.861314] ERROR: KASAN: slab-out-of-limits en smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu] [33.861799] Escritura de tama\u00f1o 168 en la direcci\u00f3n ffff888129f59500 por la tarea mangoapp/1067 ... [33.861808] CPU: 6 UID: 1000 PID: 1067 Comm: mangoapp Contaminado: GW 6.12.0-rc4 #356 1a56f59a8b5182eeaf67eb7cb8b13594dd23b544 [33.861816] Contaminado: [W]=WARN [ 33.861818] Nombre del hardware: Valve Galileo/Galileo, BIOS F7G0107 01/12/2023 [ 33.861822] Seguimiento de llamadas: [ 33.861826] [ 33.861829] dump_stack_lvl+0x66/0x90 [ 33.861838] print_report+0xce/0x620 [ 33.861853] kasan_report+0xda/0x110 [ 33.862794] kasan_check_range+0xfd/0x1a0 [ 33.862799] __asan_memset+0x23/0x40 [ 33.862803] smu_cmn_init_soft_gpu_metrics+0x73/0x200 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.863306] vangogh_get_gpu_metrics_v2_4+0x123/0xad0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.864257] vangogh_common_get_gpu_metrics+0xb0c/0xbc0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.865682] amdgpu_dpm_get_gpu_metrics+0xcc/0x110 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.866160] amdgpu_get_gpu_metrics+0x154/0x2d0 [amdgpu 13b1bc364ec578808f676eba412c20eaab792779] [ 33.867135] dev_attr_show+0x43/0xc0 [ 33.867147] sysfs_kf_seq_show+0x1f1/0x3b0 [ 33.867155] seq_read_iter+0x3f8/0x1140 [ 33.867173] vfs_read+0x76c/0xc50 [ 33.867198] ksys_read+0xfb/0x1d0 [ 33.867214] do_syscall_64+0x90/0x160 ... [ 33.867353] Asignado por la tarea 378 en la CPU 7 a los 22.794876 s: [ 33.867358] kasan_save_stack+0x33/0x50 [ 33.867364] kasan_save_track+0x17/0x60 [ 33.867367] __kasan_kmalloc+0x87/0x90 [ 33.867371] vangogh_init_smc_tables+0x3f9/0x840 [amdgpu] [ 33.867835] smu_sw_init+0xa32/0x1850 [amdgpu] [ 33.868299] amdgpu_device_init+0x467b/0x8d90 [amdgpu] [ 33.868733] amdgpu_driver_load_kms+0x19/0xf0 [amdgpu] [ 33.869167] amdgpu_pci_probe+0x2d6/0xcd0 [amdgpu] [ 33.869608] local_pci_probe+0xda/0x180 [ 33.869614] pci_device_probe+0x43f/0x6b0 Emp\u00edricamente podemos confirmar que el primero asigna 152 bytes para la tabla, mientras que el segundo asigna el bloque grande de 168 bytes. La causa ra\u00edz parece ser que cuando se agregaron las tablas de m\u00e9tricas de GPU para las partes v2_4, no se consider\u00f3 agrandar la tabla para que se ajuste. La soluci\u00f3n en este parche es m\u00e1s bien \"fuerza bruta\" y quiz\u00e1s m\u00e1s adelante se deber\u00eda hacer de una manera m\u00e1s inteligente, extrayendo y consolidando la l\u00f3gica de tama\u00f1o de la versi\u00f3n de la parte en un ayudante com\u00fan, en lugar de forzar la asignaci\u00f3n m\u00e1s grande posible. Sin embargo, por ahora esto funciona y corrige la escritura fuera de los l\u00edmites. v2: * Se elimina el caso imposible de v3_0. (Mario) (seleccionado de el commit 0880f58f9609f0200483a49429af0f050d281703)" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50222.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50222.json index eb2454aa5c4..dbb43b3a7b0 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50222.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50222.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50222", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.700", - "lastModified": "2024-11-09T11:15:07.700", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niov_iter: fix copy_page_from_iter_atomic() if KMAP_LOCAL_FORCE_MAP\n\ngeneric/077 on x86_32 CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP=y with highmem,\non huge=always tmpfs, issues a warning and then hangs (interruptibly):\n\nWARNING: CPU: 5 PID: 3517 at mm/highmem.c:622 kunmap_local_indexed+0x62/0xc9\nCPU: 5 UID: 0 PID: 3517 Comm: cp Not tainted 6.12.0-rc4 #2\n...\ncopy_page_from_iter_atomic+0xa6/0x5ec\ngeneric_perform_write+0xf6/0x1b4\nshmem_file_write_iter+0x54/0x67\n\nFix copy_page_from_iter_atomic() by limiting it in that case\n(include/linux/skbuff.h skb_frag_must_loop() does similar).\n\nBut going forward, perhaps CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP is too\nsurprising, has outlived its usefulness, and should just be removed?" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iov_iter: se corrige copy_page_from_iter_atomic() si KMAP_LOCAL_FORCE_MAP generic/077 en x86_32 CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP=y con highmem, en huge=always tmpfs, emite una advertencia y luego se cuelga (de manera interrumpida): ADVERTENCIA: CPU: 5 PID: 3517 en mm/highmem.c:622 kunmap_local_indexed+0x62/0xc9 CPU: 5 UID: 0 PID: 3517 Comm: cp No contaminado 6.12.0-rc4 #2 ... copy_page_from_iter_atomic+0xa6/0x5ec generic_perform_write+0xf6/0x1b4 shmem_file_write_iter+0x54/0x67 Arregla copy_page_from_iter_atomic() limit\u00e1ndolo en ese caso (include/linux/skbuff.h skb_frag_must_loop() hace algo similar). Pero, en el futuro, \u00bfquiz\u00e1s CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP sea demasiado sorprendente, haya dejado de ser \u00fatil y simplemente deba eliminarse?" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50223.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50223.json index c4a009029d6..de8277b6dfe 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50223.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50223.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50223", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.807", - "lastModified": "2024-11-09T11:15:07.807", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsched/numa: Fix the potential null pointer dereference in task_numa_work()\n\nWhen running stress-ng-vm-segv test, we found a null pointer dereference\nerror in task_numa_work(). Here is the backtrace:\n\n [323676.066985] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020\n ......\n [323676.067108] CPU: 35 PID: 2694524 Comm: stress-ng-vm-se\n ......\n [323676.067113] pstate: 23401009 (nzCv daif +PAN -UAO +TCO +DIT +SSBS BTYPE=--)\n [323676.067115] pc : vma_migratable+0x1c/0xd0\n [323676.067122] lr : task_numa_work+0x1ec/0x4e0\n [323676.067127] sp : ffff8000ada73d20\n [323676.067128] x29: ffff8000ada73d20 x28: 0000000000000000 x27: 000000003e89f010\n [323676.067130] x26: 0000000000080000 x25: ffff800081b5c0d8 x24: ffff800081b27000\n [323676.067133] x23: 0000000000010000 x22: 0000000104d18cc0 x21: ffff0009f7158000\n [323676.067135] x20: 0000000000000000 x19: 0000000000000000 x18: ffff8000ada73db8\n [323676.067138] x17: 0001400000000000 x16: ffff800080df40b0 x15: 0000000000000035\n [323676.067140] x14: ffff8000ada73cc8 x13: 1fffe0017cc72001 x12: ffff8000ada73cc8\n [323676.067142] x11: ffff80008001160c x10: ffff000be639000c x9 : ffff8000800f4ba4\n [323676.067145] x8 : ffff000810375000 x7 : ffff8000ada73974 x6 : 0000000000000001\n [323676.067147] x5 : 0068000b33e26707 x4 : 0000000000000001 x3 : ffff0009f7158000\n [323676.067149] x2 : 0000000000000041 x1 : 0000000000004400 x0 : 0000000000000000\n [323676.067152] Call trace:\n [323676.067153] vma_migratable+0x1c/0xd0\n [323676.067155] task_numa_work+0x1ec/0x4e0\n [323676.067157] task_work_run+0x78/0xd8\n [323676.067161] do_notify_resume+0x1ec/0x290\n [323676.067163] el0_svc+0x150/0x160\n [323676.067167] el0t_64_sync_handler+0xf8/0x128\n [323676.067170] el0t_64_sync+0x17c/0x180\n [323676.067173] Code: d2888001 910003fd f9000bf3 aa0003f3 (f9401000)\n [323676.067177] SMP: stopping secondary CPUs\n [323676.070184] Starting crashdump kernel...\n\nstress-ng-vm-segv in stress-ng is used to stress test the SIGSEGV error\nhandling function of the system, which tries to cause a SIGSEGV error on\nreturn from unmapping the whole address space of the child process.\n\nNormally this program will not cause kernel crashes. But before the\nmunmap system call returns to user mode, a potential task_numa_work()\nfor numa balancing could be added and executed. In this scenario, since the\nchild process has no vma after munmap, the vma_next() in task_numa_work()\nwill return a null pointer even if the vma iterator restarts from 0.\n\nRecheck the vma pointer before dereferencing it in task_numa_work()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sched/numa: Se corrige la posible desreferencia de puntero nulo en task_numa_work(). Al ejecutar la prueba stress-ng-vm-segv, encontramos un error de desreferencia de puntero nulo en task_numa_work(). Aqu\u00ed est\u00e1 el backtrace: [323676.066985] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000020 ...... [323676.067108] CPU: 35 PID: 2694524 Comm: stress-ng-vm-se ...... [323676.067113] pstate: 23401009 (nzCv daif +PAN -UAO +TCO +DIT +SSBS BTYPE=--) [323676.067115] pc : vma_migratable+0x1c/0xd0 [323676.067122] lr : task_numa_work+0x1ec/0x4e0 [323676.067127] sp : ffff8000ada73d20 [323676.067128] x29: ffff8000ada73d20 x28: 0000000000000000 x27: 000000003e89f010 [323676.067130] x26: 0000000000080000 x25: ffff800081b5c0d8 x24: ffff800081b27000 [323676.067133] x23: 0000000000010000 x22: 0000000104d18cc0 x21: ffff0009f7158000 [323676.067135] x20: 0000000000000000 x19: 0000000000000000 x18: ffff8000ada73db8 [323676.067138] x17: 0001400000000000 x16: ffff800080df40b0 x15: 0000000000000035 [323676.067140] x14: ffff8000ada73cc8 x13: 1fffe0017cc72001 x12: ffff8000ada73cc8 [323676.067142] x11: ffff80008001160c x10: ffff000be639000c x9: ffff8000800f4ba4 [323676.067145] x8: ffff000810375000 x7: ffff8000ada73974 x6: 0000000000000001 [323676.067147] x5: 0068000b33e26707 x4: 0000000000000001 x3: ffff0009f7158000 [323676.067149] x2: 0000000000000041 x1: 00000000000004400 x0 : 0000000000000000 [323676.067152] Seguimiento de llamadas: [323676.067153] vma_migratable+0x1c/0xd0 [323676.067155] task_numa_work+0x1ec/0x4e0 [323676.067157] task_work_run+0x78/0xd8 [323676.067161] do_notify_resume+0x1ec/0x290 [323676.067163] el0_svc+0x150/0x160 [323676.067167] el0t_64_sync_handler+0xf8/0x128 [323676.067170] el0t_64_sync+0x17c/0x180 [323676.067173] C\u00f3digo: d2888001 910003fd f9000bf3 aa0003f3 (f9401000) [323676.067177] SMP: deteniendo las CPU secundarias [323676.070184] Iniciando el kernel de volcado de memoria... stress-ng-vm-segv en stress-ng se utiliza para realizar pruebas de estr\u00e9s a la funci\u00f3n de manejo de errores SIGSEGV del sistema, que intenta causar un error SIGSEGV al regresar de anular la asignaci\u00f3n de todo el espacio de direcciones del proceso secundario. Normalmente, este programa no causar\u00e1 fallas del kernel. Pero antes de que la llamada al sistema munmap vuelva al modo de usuario, se podr\u00eda agregar y ejecutar una posible task_numa_work() para el equilibrio de NUMA. En este escenario, dado que el proceso secundario no tiene ning\u00fan vma despu\u00e9s de munmap, vma_next() en task_numa_work() devolver\u00e1 un puntero nulo incluso si el iterador vma se reinicia desde 0. Vuelva a verificar el puntero vma antes de desreferenciarlo en task_numa_work()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50224.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50224.json index ca0db2e2199..816784a3204 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50224.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50224.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50224", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.893", - "lastModified": "2024-11-09T11:15:07.893", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: spi-fsl-dspi: Fix crash when not using GPIO chip select\n\nAdd check for the return value of spi_get_csgpiod() to avoid passing a NULL\npointer to gpiod_direction_output(), preventing a crash when GPIO chip\nselect is not used.\n\nFix below crash:\n[ 4.251960] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000\n[ 4.260762] Mem abort info:\n[ 4.263556] ESR = 0x0000000096000004\n[ 4.267308] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 4.272624] SET = 0, FnV = 0\n[ 4.275681] EA = 0, S1PTW = 0\n[ 4.278822] FSC = 0x04: level 0 translation fault\n[ 4.283704] Data abort info:\n[ 4.286583] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000\n[ 4.292074] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 4.297130] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 4.302445] [0000000000000000] user address but active_mm is swapper\n[ 4.308805] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP\n[ 4.315072] Modules linked in:\n[ 4.318124] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc4-next-20241023-00008-ga20ec42c5fc1 #359\n[ 4.328130] Hardware name: LS1046A QDS Board (DT)\n[ 4.332832] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 4.339794] pc : gpiod_direction_output+0x34/0x5c\n[ 4.344505] lr : gpiod_direction_output+0x18/0x5c\n[ 4.349208] sp : ffff80008003b8f0\n[ 4.352517] x29: ffff80008003b8f0 x28: 0000000000000000 x27: ffffc96bcc7e9068\n[ 4.359659] x26: ffffc96bcc6e00b0 x25: ffffc96bcc598398 x24: ffff447400132810\n[ 4.366800] x23: 0000000000000000 x22: 0000000011e1a300 x21: 0000000000020002\n[ 4.373940] x20: 0000000000000000 x19: 0000000000000000 x18: ffffffffffffffff\n[ 4.381081] x17: ffff44740016e600 x16: 0000000500000003 x15: 0000000000000007\n[ 4.388221] x14: 0000000000989680 x13: 0000000000020000 x12: 000000000000001e\n[ 4.395362] x11: 0044b82fa09b5a53 x10: 0000000000000019 x9 : 0000000000000008\n[ 4.402502] x8 : 0000000000000002 x7 : 0000000000000007 x6 : 0000000000000000\n[ 4.409641] x5 : 0000000000000200 x4 : 0000000002000000 x3 : 0000000000000000\n[ 4.416781] x2 : 0000000000022202 x1 : 0000000000000000 x0 : 0000000000000000\n[ 4.423921] Call trace:\n[ 4.426362] gpiod_direction_output+0x34/0x5c (P)\n[ 4.431067] gpiod_direction_output+0x18/0x5c (L)\n[ 4.435771] dspi_setup+0x220/0x334" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: spi: spi-fsl-dspi: Se corrige el bloqueo cuando no se utiliza la selecci\u00f3n de chip GPIO. Se agrega una verificaci\u00f3n para el valor de retorno de spi_get_csgpiod() para evitar pasar un puntero NULL a gpiod_direction_output(), lo que evita un bloqueo cuando no se utiliza la selecci\u00f3n de chip GPIO. Correcci\u00f3n del siguiente fallo: [4.251960] No se puede gestionar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000000 [4.260762] Informaci\u00f3n de cancelaci\u00f3n de memoria: [4.263556] ESR = 0x0000000096000004 [4.267308] EC = 0x25: DABT (EL actual), IL = 32 bits [4.272624] SET = 0, FnV = 0 [4.275681] EA = 0, S1PTW = 0 [4.278822] FSC = 0x04: error de traducci\u00f3n de nivel 0 [4.283704] Informaci\u00f3n de cancelaci\u00f3n de datos: [4.286583] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 4.292074] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 4.297130] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 4.302445] [000000000000000] direcci\u00f3n de usuario pero active_mm es swapper [ 4.308805] Error interno: Oops: 0000000096000004 [#1] PREEMPT SMP [ 4.315072] M\u00f3dulos vinculados en: [ 4.318124] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 No contaminado 6.12.0-rc4-next-20241023-00008-ga20ec42c5fc1 #359 [ 4.328130] Nombre del hardware: Placa QDS LS1046A (DT) [ 4.332832] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 4.339794] pc : gpiod_direction_output+0x34/0x5c [ 4.344505] lr : gpiod_direction_output+0x18/0x5c [ 4.349208] sp : ffff80008003b8f0 [ 4.352517] x29: ffff80008003b8f0 x28: 0000000000000000 x27: ffffc96bcc7e9068 [ 4.359659] x26: ffffc96bcc6e00b0 x25: ffffc96bcc598398 x24: ffff447400132810 [ 4.366800] x23: 00000000000000 x22: 0000000011e1a300 x21: 0000000000020002 [ 4.373940] x20: 0000000000000000 x19: 0000000000000000 x18: 4.381081] x17: ffff44740016e600 x16: 0000000500000003 x15: 0000000000000007 [ 4.388221] x14: 0000000000989680 x13: 0000000000020000 x12: 000000000000001e [ 4.395362] x11: 0044b82fa09b5a53 x10: 0000000000000019 x9: 0000000000000008 [ 4.402502] x8: 00000000000000002 x7 : 0000000000000007 x6 : 0000000000000000 [ 4.409641] x5 : 00000000000000200 x4 : 00000000002000000 x3 : 0000000000000000 [ 4.416781] x2 : 0000000000022202 x1 : 0000000000000000 x0 : 0000000000000000 [ 4.423921] Rastreo de llamadas: [ 4.426362] direcci\u00f3n_salida_gpiod+0x34/0x5c (P) [ 4.431067] direcci\u00f3n_salida_gpiod+0x18/0x5c (L) [ 4.435771] configuraci\u00f3n_dspi+0x220/0x334" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50225.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50225.json index f327c5b094d..b9694ad6413 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50225.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50225.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50225", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:07.990", - "lastModified": "2024-11-09T11:15:07.990", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix error propagation of split bios\n\nThe purpose of btrfs_bbio_propagate_error() shall be propagating an error\nof split bio to its original btrfs_bio, and tell the error to the upper\nlayer. However, it's not working well on some cases.\n\n* Case 1. Immediate (or quick) end_bio with an error\n\nWhen btrfs sends btrfs_bio to mirrored devices, btrfs calls\nbtrfs_bio_end_io() when all the mirroring bios are completed. If that\nbtrfs_bio was split, it is from btrfs_clone_bioset and its end_io function\nis btrfs_orig_write_end_io. For this case, btrfs_bbio_propagate_error()\naccesses the orig_bbio's bio context to increase the error count.\n\nThat works well in most cases. However, if the end_io is called enough\nfast, orig_bbio's (remaining part after split) bio context may not be\nproperly set at that time. Since the bio context is set when the orig_bbio\n(the last btrfs_bio) is sent to devices, that might be too late for earlier\nsplit btrfs_bio's completion. That will result in NULL pointer\ndereference.\n\nThat bug is easily reproducible by running btrfs/146 on zoned devices [1]\nand it shows the following trace.\n\n[1] You need raid-stripe-tree feature as it create \"-d raid0 -m raid1\" FS.\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n #PF: supervisor read access in kernel mode\n #PF: error_code(0x0000) - not-present page\n PGD 0 P4D 0\n Oops: Oops: 0000 [#1] PREEMPT SMP PTI\n CPU: 1 UID: 0 PID: 13 Comm: kworker/u32:1 Not tainted 6.11.0-rc7-BTRFS-ZNS+ #474\n Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011\n Workqueue: writeback wb_workfn (flush-btrfs-5)\n RIP: 0010:btrfs_bio_end_io+0xae/0xc0 [btrfs]\n BTRFS error (device dm-0): bdev /dev/mapper/error-test errs: wr 2, rd 0, flush 0, corrupt 0, gen 0\n RSP: 0018:ffffc9000006f248 EFLAGS: 00010246\n RAX: 0000000000000000 RBX: ffff888005a7f080 RCX: ffffc9000006f1dc\n RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff888005a7f080\n RBP: ffff888011dfc540 R08: 0000000000000000 R09: 0000000000000001\n R10: ffffffff82e508e0 R11: 0000000000000005 R12: ffff88800ddfbe58\n R13: ffff888005a7f080 R14: ffff888005a7f158 R15: ffff888005a7f158\n FS: 0000000000000000(0000) GS:ffff88803ea80000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000020 CR3: 0000000002e22006 CR4: 0000000000370ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n Call Trace:\n \n ? __die_body.cold+0x19/0x26\n ? page_fault_oops+0x13e/0x2b0\n ? _printk+0x58/0x73\n ? do_user_addr_fault+0x5f/0x750\n ? exc_page_fault+0x76/0x240\n ? asm_exc_page_fault+0x22/0x30\n ? btrfs_bio_end_io+0xae/0xc0 [btrfs]\n ? btrfs_log_dev_io_error+0x7f/0x90 [btrfs]\n btrfs_orig_write_end_io+0x51/0x90 [btrfs]\n dm_submit_bio+0x5c2/0xa50 [dm_mod]\n ? find_held_lock+0x2b/0x80\n ? blk_try_enter_queue+0x90/0x1e0\n __submit_bio+0xe0/0x130\n ? ktime_get+0x10a/0x160\n ? lockdep_hardirqs_on+0x74/0x100\n submit_bio_noacct_nocheck+0x199/0x410\n btrfs_submit_bio+0x7d/0x150 [btrfs]\n btrfs_submit_chunk+0x1a1/0x6d0 [btrfs]\n ? lockdep_hardirqs_on+0x74/0x100\n ? __folio_start_writeback+0x10/0x2c0\n btrfs_submit_bbio+0x1c/0x40 [btrfs]\n submit_one_bio+0x44/0x60 [btrfs]\n submit_extent_folio+0x13f/0x330 [btrfs]\n ? btrfs_set_range_writeback+0xa3/0xd0 [btrfs]\n extent_writepage_io+0x18b/0x360 [btrfs]\n extent_write_locked_range+0x17c/0x340 [btrfs]\n ? __pfx_end_bbio_data_write+0x10/0x10 [btrfs]\n run_delalloc_cow+0x71/0xd0 [btrfs]\n btrfs_run_delalloc_range+0x176/0x500 [btrfs]\n ? find_lock_delalloc_range+0x119/0x260 [btrfs]\n writepage_delalloc+0x2ab/0x480 [btrfs]\n extent_write_cache_pages+0x236/0x7d0 [btrfs]\n btrfs_writepages+0x72/0x130 [btrfs]\n do_writepages+0xd4/0x240\n ? find_held_lock+0x2b/0x80\n ? wbc_attach_and_unlock_inode+0x12c/0x290\n ? wbc_attach_and_unlock_inode+0x12c/0x29\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: btrfs: corregir la propagaci\u00f3n de errores de bios divididas El prop\u00f3sito de btrfs_bbio_propagate_error() debe ser propagar un error de bio dividida a su btrfs_bio original y comunicar el error a la capa superior. Sin embargo, no est\u00e1 funcionando bien en algunos casos. * Caso 1. End_bio inmediato (o r\u00e1pido) con un error Cuando btrfs env\u00eda btrfs_bio a dispositivos reflejados, btrfs llama a btrfs_bio_end_io() cuando se completan todos los bios reflejados. Si ese btrfs_bio se dividi\u00f3, es de btrfs_clone_bioset y su funci\u00f3n end_io es btrfs_orig_write_end_io. Para este caso, btrfs_bbio_propagate_error() accede al contexto bio de orig_bbio para aumentar el recuento de errores. Eso funciona bien en la mayor\u00eda de los casos. Sin embargo, si se llama a end_io lo suficientemente r\u00e1pido, es posible que el contexto bio de orig_bbio (la parte restante despu\u00e9s de la divisi\u00f3n) no se configure correctamente en ese momento. Dado que el contexto bio se configura cuando se env\u00eda orig_bbio (el \u00faltimo btrfs_bio) a los dispositivos, puede que sea demasiado tarde para que se complete la divisi\u00f3n anterior de btrfs_bio. Eso dar\u00e1 como resultado la desreferencia del puntero NULL. Ese error se puede reproducir f\u00e1cilmente ejecutando btrfs/146 en dispositivos zonificados [1] y muestra el siguiente rastro. [1] Necesita la funci\u00f3n raid-stripe-tree, ya que crea el sistema de archivos \"-d raid0 -m raid1\". ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000020 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 UID: 0 PID: 13 Comm: kworker/u32:1 No contaminado 6.11.0-rc7-BTRFS-ZNS+ #474 Nombre del hardware: Bochs Bochs, BIOS Bochs 01/01/2011 Cola de trabajo: escritura diferida wb_workfn (flush-btrfs-5) RIP: 0010:btrfs_bio_end_io+0xae/0xc0 [btrfs] Error BTRFS (dispositivo dm-0): bdev /dev/mapper/error-test errores: wr 2, rd 0, vaciado 0, corrupto 0, generaci\u00f3n 0 RSP: 0018:ffffc9000006f248 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffff888005a7f080 RCX: ffffc9000006f1dc RDX: 0000000000000000 RSI: 000000000000000a RDI: ffff888005a7f080 RBP: ffff888011dfc540 R08: 0000000000000000 R09: 0000000000000001 R10: ffffffff82e508e0 R11: 0000000000000005 R12: ffff88800ddfbe58 R13: ffff888005a7f080 R14: ffff888005a7f158 R15: ffff888005a7f158 FS: 000000000000000(0000) GS:ffff88803ea80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000000000020 CR3: 0000000002e22006 CR4: 0000000000370ef0 DR0: 00000000000000000 DR1: 00000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: ? __die_body.cold+0x19/0x26 ? page_fault_oops+0x13e/0x2b0 ? _printk+0x58/0x73 ? do_user_addr_fault+0x5f/0x750 ? btrfs_log_dev_io_error+0x7f/0x90 [btrfs] btrfs_orig_write_end_io+0x51/0x90 [btrfs] dm_submit_bio+0x5c2/0xa50 [dm_mod] ? blk_try_enter_queue+0x90/0x1e0 __submit_bio+0xe0/0x130 ? ktime_get+0x10a/0x160 ? lockdep_hardirqs_on+0x74/0x100 submit_bio_noacct_nocheck+0x199/0x410 btrfs_submit_bio+0x7d/0x150 [btrfs] btrfs_submit_chunk+0x1a1/0x6d0 [btrfs]? lockdep_hardirqs_on+0x74/0x100? __folio_start_writeback+0x10/0x2c0 btrfs_submit_bbio+0x1c/0x40 [btrfs] submit_one_bio+0x44/0x60 [btrfs] submit_extent_folio+0x13f/0x330 [btrfs] ? btrfs_set_range_writeback+0xa3/0xd0 [btrfs] extend_writepage_io+0x18b/0x360 [btrfs] extend_write_locked_range+0x17c/0x340 [btrfs] ? __pfx_end_bbio_data_write+0x10/0x10 [btrfs] run_delalloc_cow+0x71/0xd0 [btrfs] btrfs_run_delalloc_range+0x176/0x500 [btrfs] ? buscar_bloqueo_desbloqueado_rango+0x119/0x260 [btrfs] escribir_p\u00e1gina_desbloqueado+0x2ab/0x480 [btrfs] extensi\u00f3n_escritura_p\u00e1ginas_cach\u00e9+0x236/0x7d0 [btrfs] btrfs_escritura_p\u00e1ginas+0x72/0x130 [btrfs] hacer_escritura_p\u00e1ginas+0xd4/0x240 ? buscar_bloqueo_retenido+0x2b/0x80 ? wbc_adjuntar_y_desbloquear_inodo+0x12c/0x290 ? wbc_adjuntar_y_desbloquear_inodo+0x12c/0x29 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50226.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50226.json index d9c6297b681..d2ff4a6cf1f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50226.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50226.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50226", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:08.117", - "lastModified": "2024-11-09T11:15:08.117", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncxl/port: Fix use-after-free, permit out-of-order decoder shutdown\n\nIn support of investigating an initialization failure report [1],\ncxl_test was updated to register mock memory-devices after the mock\nroot-port/bus device had been registered. That led to cxl_test crashing\nwith a use-after-free bug with the following signature:\n\n cxl_port_attach_region: cxl region3: cxl_host_bridge.0:port3 decoder3.0 add: mem0:decoder7.0 @ 0 next: cxl_switch_uport.0 nr_eps: 1 nr_targets: 1\n cxl_port_attach_region: cxl region3: cxl_host_bridge.0:port3 decoder3.0 add: mem4:decoder14.0 @ 1 next: cxl_switch_uport.0 nr_eps: 2 nr_targets: 1\n cxl_port_setup_targets: cxl region3: cxl_switch_uport.0:port6 target[0] = cxl_switch_dport.0 for mem0:decoder7.0 @ 0\n1) cxl_port_setup_targets: cxl region3: cxl_switch_uport.0:port6 target[1] = cxl_switch_dport.4 for mem4:decoder14.0 @ 1\n [..]\n cxld_unregister: cxl decoder14.0:\n cxl_region_decode_reset: cxl_region region3:\n mock_decoder_reset: cxl_port port3: decoder3.0 reset\n2) mock_decoder_reset: cxl_port port3: decoder3.0: out of order reset, expected decoder3.1\n cxl_endpoint_decoder_release: cxl decoder14.0:\n [..]\n cxld_unregister: cxl decoder7.0:\n3) cxl_region_decode_reset: cxl_region region3:\n Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6bc3: 0000 [#1] PREEMPT SMP PTI\n [..]\n RIP: 0010:to_cxl_port+0x8/0x60 [cxl_core]\n [..]\n Call Trace:\n \n cxl_region_decode_reset+0x69/0x190 [cxl_core]\n cxl_region_detach+0xe8/0x210 [cxl_core]\n cxl_decoder_kill_region+0x27/0x40 [cxl_core]\n cxld_unregister+0x5d/0x60 [cxl_core]\n\nAt 1) a region has been established with 2 endpoint decoders (7.0 and\n14.0). Those endpoints share a common switch-decoder in the topology\n(3.0). At teardown, 2), decoder14.0 is the first to be removed and hits\nthe \"out of order reset case\" in the switch decoder. The effect though\nis that region3 cleanup is aborted leaving it in-tact and\nreferencing decoder14.0. At 3) the second attempt to teardown region3\ntrips over the stale decoder14.0 object which has long since been\ndeleted.\n\nThe fix here is to recognize that the CXL specification places no\nmandate on in-order shutdown of switch-decoders, the driver enforces\nin-order allocation, and hardware enforces in-order commit. So, rather\nthan fail and leave objects dangling, always remove them.\n\nIn support of making cxl_region_decode_reset() always succeed,\ncxl_region_invalidate_memregion() failures are turned into warnings.\nCrashing the kernel is ok there since system integrity is at risk if\ncaches cannot be managed around physical address mutation events like\nCXL region destruction.\n\nA new device_for_each_child_reverse_from() is added to cleanup\nport->commit_end after all dependent decoders have been disabled. In\nother words if decoders are allocated 0->1->2 and disabled 1->2->0 then\nport->commit_end only decrements from 2 after 2 has been disabled, and\nit decrements all the way to zero since 1 was disabled previously." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: cxl/port: Corregir use-after-free, permitir el apagado del decodificador fuera de orden. En apoyo a la investigaci\u00f3n de un informe de falla de inicializaci\u00f3n [1], cxl_test se actualiz\u00f3 para registrar dispositivos de memoria simulados despu\u00e9s de que se hubiera registrado el dispositivo de puerto ra\u00edz/bus simulado. Esto provoc\u00f3 que cxl_test se bloqueara con un error de use-after-free con la siguiente firma: cxl_port_attach_region: cxl region3: cxl_host_bridge.0:port3 decoder3.0 add: mem0:decoder7.0 @ 0 next: cxl_switch_uport.0 nr_eps: 1 nr_targets: 1 cxl_port_attach_region: cxl region3: cxl_host_bridge.0:port3 decoder3.0 add: mem4:decoder14.0 @ 1 next: cxl_switch_uport.0 nr_eps: 2 nr_targets: 1 cxl_port_setup_targets: cxl region3: cxl_switch_uport.0:port6 target[0] = cxl_switch_dport.0 for mem0:decoder7.0 @ 0 1) cxl_port_setup_targets: cxl region3: cxl_switch_uport.0:port6 target[1] = cxl_switch_dport.4 para mem4:decoder14.0 @ 1 [..] cxld_unregister: cxl decoder14.0: cxl_region_decode_reset: cxl_region region3: mock_decoder_reset: cxl_port port3: decoder3.0 restablecer 2) mock_decoder_reset: cxl_port port3: decoder3.0: restablecimiento fuera de servicio, se esperaba decoder3.1 cxl_endpoint_decoder_release: cxl decoder14.0: [..] cxld_unregister: cxl decoder7.0: 3) cxl_region_decode_reset: cxl_region region3: Vaya: error de protecci\u00f3n general, probablemente para direcci\u00f3n no can\u00f3nica 0x6b6b6b6b6b6b6bc3: 0000 [#1] PREEMPT SMP PTI [..] RIP: 0010:to_cxl_port+0x8/0x60 [cxl_core] [..] Rastreo de llamada: cxl_region_decode_reset+0x69/0x190 [cxl_core] cxl_region_detach+0xe8/0x210 [cxl_core] cxl_decoder_kill_region+0x27/0x40 [cxl_core] cxld_unregister+0x5d/0x60 [cxl_core] En 1) se ha establecido una regi\u00f3n con 2 decodificadores de endpoint (7.0 y 14.0). Esos endpoints comparten un decodificador de conmutaci\u00f3n com\u00fan en la topolog\u00eda (3.0). En el desmontaje, 2), decoder14.0 es el primero en ser eliminado y llega al \"caso de reinicio fuera de orden\" en el decodificador de conmutaci\u00f3n. El efecto, sin embargo, es que la limpieza de la regi\u00f3n 3 se aborta dej\u00e1ndola intacta y haciendo referencia a decoder14.0. En 3), el segundo intento de desmontaje de la regi\u00f3n 3 tropieza con el objeto decoder14.0 obsoleto que ha sido eliminado hace mucho tiempo. La soluci\u00f3n aqu\u00ed es reconocer que la especificaci\u00f3n CXL no impone ning\u00fan mandato sobre el apagado en orden de los decodificadores de conmutaci\u00f3n, el controlador impone la asignaci\u00f3n en orden y el hardware impone el commit en orden. Por lo tanto, en lugar de fallar y dejar objetos colgando, siempre elim\u00ednelos. Para respaldar que cxl_region_decode_reset() siempre tenga \u00e9xito, los fallos de cxl_region_invalidate_memregion() se convierten en advertencias. All\u00ed est\u00e1 bien hacer que el n\u00facleo se bloquee, ya que la integridad del sistema est\u00e1 en riesgo si las cach\u00e9s no se pueden administrar en torno a eventos de mutaci\u00f3n de direcciones f\u00edsicas como la destrucci\u00f3n de la regi\u00f3n CXL. Se agrega un nuevo device_for_each_child_reverse_from() para limpiar port->commit_end despu\u00e9s de que se hayan deshabilitado todos los decodificadores dependientes. En otras palabras, si se asignan decodificadores 0->1->2 y se deshabilitan 1->2->0, entonces port->commit_end solo disminuye desde 2 despu\u00e9s de que se haya deshabilitado 2, y disminuye hasta cero ya que 1 se deshabilit\u00f3 previamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50227.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50227.json index b987615d5b4..68b4d93e50f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50227.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50227.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50227", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:08.383", - "lastModified": "2024-11-09T11:15:08.383", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nthunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan()\n\nKASAN reported following issue:\n\n BUG: KASAN: stack-out-of-bounds in tb_retimer_scan+0xffe/0x1550 [thunderbolt]\n Read of size 4 at addr ffff88810111fc1c by task kworker/u56:0/11\n CPU: 0 UID: 0 PID: 11 Comm: kworker/u56:0 Tainted: G U 6.11.0+ #1387\n Tainted: [U]=USER\n Workqueue: thunderbolt0 tb_handle_hotplug [thunderbolt]\n Call Trace:\n \n dump_stack_lvl+0x6c/0x90\n print_report+0xd1/0x630\n kasan_report+0xdb/0x110\n __asan_report_load4_noabort+0x14/0x20\n tb_retimer_scan+0xffe/0x1550 [thunderbolt]\n tb_scan_port+0xa6f/0x2060 [thunderbolt]\n tb_handle_hotplug+0x17b1/0x3080 [thunderbolt]\n process_one_work+0x626/0x1100\n worker_thread+0x6c8/0xfa0\n kthread+0x2c8/0x3a0\n ret_from_fork+0x3a/0x80\n ret_from_fork_asm+0x1a/0x30\n\nThis happens because the loop variable still gets incremented by one so\nmax becomes 3 instead of 2, and this makes the second loop read past the\nthe array declared on the stack.\n\nFix this by assigning to max directly in the loop body." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: thunderbolt: Se corrige la lectura fuera de los l\u00edmites de pila informada por KASAN en tb_retimer_scan() KASAN inform\u00f3 el siguiente problema: ERROR: KASAN: pila fuera de los l\u00edmites en tb_retimer_scan+0xffe/0x1550 [thunderbolt] Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88810111fc1c por la tarea kworker/u56:0/11 CPU: 0 UID: 0 PID: 11 Comm: kworker/u56:0 Tainted: GU 6.11.0+ #1387 Tainted: [U]=USER Workqueue: thunderbolt0 tb_handle_hotplug [thunderbolt] Rastreo de llamadas: dump_stack_lvl+0x6c/0x90 print_report+0xd1/0x630 kasan_report+0xdb/0x110 __asan_report_load4_noabort+0x14/0x20 tb_retimer_scan+0xffe/0x1550 [thunderbolt] tb_scan_port+0xa6f/0x2060 [thunderbolt] tb_handle_hotplug+0x17b1/0x3080 [thunderbolt] process_one_work+0x626/0x1100 worker_thread+0x6c8/0xfa0 kthread+0x2c8/0x3a0 ret_from_fork+0x3a/0x80 ret_from_fork_asm+0x1a/0x30 Esto sucede porque la variable de bucle todav\u00eda se incrementa en uno, por lo que max se convierte en 3 en lugar de 2, y esto hace que el segundo bucle lea m\u00e1s all\u00e1 de la matriz declarada en la pila. Solucione este problema asignando a max directamente en el cuerpo del bucle." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50228.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50228.json index acd2480b303..93e4981d70b 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50228.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50228.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50228", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:08.650", - "lastModified": "2024-11-09T11:15:08.650", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: shmem: fix data-race in shmem_getattr()\n\nI got the following KCSAN report during syzbot testing:\n\n==================================================================\nBUG: KCSAN: data-race in generic_fillattr / inode_set_ctime_current\n\nwrite to 0xffff888102eb3260 of 4 bytes by task 6565 on cpu 1:\n inode_set_ctime_to_ts include/linux/fs.h:1638 [inline]\n inode_set_ctime_current+0x169/0x1d0 fs/inode.c:2626\n shmem_mknod+0x117/0x180 mm/shmem.c:3443\n shmem_create+0x34/0x40 mm/shmem.c:3497\n lookup_open fs/namei.c:3578 [inline]\n open_last_lookups fs/namei.c:3647 [inline]\n path_openat+0xdbc/0x1f00 fs/namei.c:3883\n do_filp_open+0xf7/0x200 fs/namei.c:3913\n do_sys_openat2+0xab/0x120 fs/open.c:1416\n do_sys_open fs/open.c:1431 [inline]\n __do_sys_openat fs/open.c:1447 [inline]\n __se_sys_openat fs/open.c:1442 [inline]\n __x64_sys_openat+0xf3/0x120 fs/open.c:1442\n x64_sys_call+0x1025/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:258\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nread to 0xffff888102eb3260 of 4 bytes by task 3498 on cpu 0:\n inode_get_ctime_nsec include/linux/fs.h:1623 [inline]\n inode_get_ctime include/linux/fs.h:1629 [inline]\n generic_fillattr+0x1dd/0x2f0 fs/stat.c:62\n shmem_getattr+0x17b/0x200 mm/shmem.c:1157\n vfs_getattr_nosec fs/stat.c:166 [inline]\n vfs_getattr+0x19b/0x1e0 fs/stat.c:207\n vfs_statx_path fs/stat.c:251 [inline]\n vfs_statx+0x134/0x2f0 fs/stat.c:315\n vfs_fstatat+0xec/0x110 fs/stat.c:341\n __do_sys_newfstatat fs/stat.c:505 [inline]\n __se_sys_newfstatat+0x58/0x260 fs/stat.c:499\n __x64_sys_newfstatat+0x55/0x70 fs/stat.c:499\n x64_sys_call+0x141f/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:263\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nvalue changed: 0x2755ae53 -> 0x27ee44d3\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 UID: 0 PID: 3498 Comm: udevd Not tainted 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a-dirty #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024\n==================================================================\n\nWhen calling generic_fillattr(), if you don't hold read lock, data-race\nwill occur in inode member variables, which can cause unexpected\nbehavior.\n\nSince there is no special protection when shmem_getattr() calls\ngeneric_fillattr(), data-race occurs by functions such as shmem_unlink()\nor shmem_mknod(). This can cause unexpected results, so commenting it out\nis not enough.\n\nTherefore, when calling generic_fillattr() from shmem_getattr(), it is\nappropriate to protect the inode using inode_lock_shared() and\ninode_unlock_shared() to prevent data-race." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mm: shmem: correcci\u00f3n de data-race en shmem_getattr() Obtuve el siguiente informe de KCSAN durante las pruebas de syzbot: ====================================================================== ERROR: KCSAN: data-race en generic_fillattr / inode_set_ctime_current escritura en 0xffff888102eb3260 de 4 bytes por la tarea 6565 en la CPU 1: inode_set_ctime_to_ts include/linux/fs.h:1638 [en l\u00ednea] inode_set_ctime_current+0x169/0x1d0 fs/inode.c:2626 shmem_mknod+0x117/0x180 mm/shmem.c:3443 shmem_create+0x34/0x40 mm/shmem.c:3497 lookup_open fs/namei.c:3578 [en l\u00ednea] open_last_lookups fs/namei.c:3647 [en l\u00ednea] path_openat+0xdbc/0x1f00 fs/namei.c:3883 do_filp_open+0xf7/0x200 fs/namei.c:3913 do_sys_openat2+0xab/0x120 fs/open.c:1416 do_sys_open fs/open.c:1431 [en l\u00ednea] __do_sys_openat fs/open.c:1447 [en l\u00ednea] __se_sys_openat fs/open.c:1442 [en l\u00ednea] __x64_sys_openat+0xf3/0x120 fs/open.c:1442 x64_sys_call+0x1025/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:258 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e le\u00eddo hasta 0xffff888102eb3260 de 4 bytes por la tarea 3498 en la CPU 0: inode_get_ctime_nsec include/linux/fs.h:1623 [en l\u00ednea] inode_get_ctime include/linux/fs.h:1629 [en l\u00ednea] generic_fillattr+0x1dd/0x2f0 fs/stat.c:62 shmem_getattr+0x17b/0x200 mm/shmem.c:1157 vfs_getattr_nosec fs/stat.c:166 [en l\u00ednea] vfs_getattr+0x19b/0x1e0 fs/stat.c:207 vfs_statx_path fs/stat.c:251 [en l\u00ednea] vfs_statx+0x134/0x2f0 fs/stat.c:315 vfs_fstatat+0xec/0x110 fs/stat.c:341 __do_sys_newfstatat fs/stat.c:505 [en l\u00ednea] __se_sys_newfstatat+0x58/0x260 fs/stat.c:499 __x64_sys_newfstatat+0x55/0x70 fs/stat.c:499 x64_sys_call+0x141f/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:263 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0x54/0x120 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x76/0x7e valor cambiado: 0x2755ae53 -> 0x27ee44d3 Reportado por Kernel Concurrency Sanitizer en: CPU: 0 UID: 0 PID: 3498 Comm: udevd No contaminado 6.11.0-rc6-syzkaller-00326-gd1f2d51b711a-dirty #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 ======================================================================== Al llamar a generic_fillattr(), si no mantiene el bloqueo de lectura, se producir\u00e1 una ejecuci\u00f3n de datos en las variables miembro del inodo, lo que puede provocar un comportamiento inesperado. Dado que no existe una protecci\u00f3n especial cuando shmem_getattr() llama a generic_fillattr(), la ejecuci\u00f3n de datos se produce mediante funciones como shmem_unlink() o shmem_mknod(). Esto puede provocar resultados inesperados, por lo que comentarlo no es suficiente. Por lo tanto, al llamar a generic_fillattr() desde shmem_getattr(), es adecuado proteger el inodo utilizando inode_lock_shared() e inode_unlock_shared() para evitar la ejecuci\u00f3n de datos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50229.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50229.json index 9c386c1ec9d..fab01428f53 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50229.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50229.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50229", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:08.890", - "lastModified": "2024-11-09T11:15:08.890", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix potential deadlock with newly created symlinks\n\nSyzbot reported that page_symlink(), called by nilfs_symlink(), triggers\nmemory reclamation involving the filesystem layer, which can result in\ncircular lock dependencies among the reader/writer semaphore\nnilfs->ns_segctor_sem, s_writers percpu_rwsem (intwrite) and the\nfs_reclaim pseudo lock.\n\nThis is because after commit 21fc61c73c39 (\"don't put symlink bodies in\npagecache into highmem\"), the gfp flags of the page cache for symbolic\nlinks are overwritten to GFP_KERNEL via inode_nohighmem().\n\nThis is not a problem for symlinks read from the backing device, because\nthe __GFP_FS flag is dropped after inode_nohighmem() is called. However,\nwhen a new symlink is created with nilfs_symlink(), the gfp flags remain\noverwritten to GFP_KERNEL. Then, memory allocation called from\npage_symlink() etc. triggers memory reclamation including the FS layer,\nwhich may call nilfs_evict_inode() or nilfs_dirty_inode(). And these can\ncause a deadlock if they are called while nilfs->ns_segctor_sem is held:\n\nFix this issue by dropping the __GFP_FS flag from the page cache GFP flags\nof newly created symlinks in the same way that nilfs_new_inode() and\n__nilfs_read_inode() do, as a workaround until we adopt nofs allocation\nscope consistently or improve the locking constraints." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: arregla un potencial bloqueo con enlaces simb\u00f3licos reci\u00e9n creados Syzbot inform\u00f3 que page_symlink(), llamado por nilfs_symlink(), activa la recuperaci\u00f3n de memoria que involucra la capa del sistema de archivos, lo que puede resultar en dependencias de bloqueo circular entre el sem\u00e1foro de lectura/escritura nilfs->ns_segctor_sem, s_writers percpu_rwsem (intwrite) y el pseudobloqueo fs_reclaim. Esto se debe a que despu\u00e9s de el commit 21fc61c73c39 (\"no poner cuerpos de enlaces simb\u00f3licos en pagecache en highmem\"), las banderas gfp de la cach\u00e9 de p\u00e1ginas para enlaces simb\u00f3licos se sobrescriben a GFP_KERNEL a trav\u00e9s de inode_nohighmem(). Esto no es un problema para los enlaces simb\u00f3licos le\u00eddos desde el dispositivo de respaldo, porque la bandera __GFP_FS se descarta despu\u00e9s de que se llama a inode_nohighmem(). Sin embargo, cuando se crea un nuevo enlace simb\u00f3lico con nilfs_symlink(), los indicadores gfp permanecen sobrescritos en GFP_KERNEL. Luego, la asignaci\u00f3n de memoria llamada desde page_symlink(), etc., activa la recuperaci\u00f3n de memoria, incluida la capa FS, que puede llamar a nilfs_evict_inode() o nilfs_dirty_inode(). Y estos pueden causar un bloqueo si se los llama mientras se mantiene nilfs->ns_segctor_sem: solucione este problema eliminando el indicador __GFP_FS de los indicadores GFP de la cach\u00e9 de p\u00e1ginas de los enlaces simb\u00f3licos reci\u00e9n creados de la misma manera que lo hacen nilfs_new_inode() y __nilfs_read_inode(), como workaround hasta que adoptemos el alcance de asignaci\u00f3n de nofs de manera consistente o mejoremos las restricciones de bloqueo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50230.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50230.json index 8a0eff32308..a68e7fed618 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50230.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50230.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50230", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:08.973", - "lastModified": "2024-11-09T11:15:08.973", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnilfs2: fix kernel bug due to missing clearing of checked flag\n\nSyzbot reported that in directory operations after nilfs2 detects\nfilesystem corruption and degrades to read-only,\n__block_write_begin_int(), which is called to prepare block writes, may\nfail the BUG_ON check for accesses exceeding the folio/page size,\ntriggering a kernel bug.\n\nThis was found to be because the \"checked\" flag of a page/folio was not\ncleared when it was discarded by nilfs2's own routine, which causes the\nsanity check of directory entries to be skipped when the directory\npage/folio is reloaded. So, fix that.\n\nThis was necessary when the use of nilfs2's own page discard routine was\napplied to more than just metadata files." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nilfs2: se corrige un error del kernel debido a la falta de limpieza del indicador marcado Syzbot inform\u00f3 que en las operaciones de directorio despu\u00e9s de que nilfs2 detecta corrupci\u00f3n del sistema de archivos y se degrada a solo lectura, __block_write_begin_int(), que se llama para preparar escrituras en bloque, puede fallar la verificaci\u00f3n BUG_ON para accesos que excedan el tama\u00f1o de folio/p\u00e1gina, lo que desencadena un error del kernel. Se descubri\u00f3 que esto se deb\u00eda a que el indicador \"marcado\" de una p\u00e1gina/folio no se borraba cuando era descartado por la propia rutina de nilfs2, lo que hace que se omita la verificaci\u00f3n de cordura de las entradas del directorio cuando se vuelve a cargar la p\u00e1gina/folio del directorio. Entonces, arreglen eso. Esto era necesario cuando el uso de la propia rutina de descarte de p\u00e1gina de nilfs2 se aplicaba a m\u00e1s que solo archivos de metadatos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50231.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50231.json index 1376e745aca..e302ab36b0e 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50231.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50231.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50231", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.057", - "lastModified": "2024-11-09T11:15:09.057", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()\n\nmodprobe iio-test-gts and rmmod it, then the following memory leak\noccurs:\n\n\tunreferenced object 0xffffff80c810be00 (size 64):\n\t comm \"kunit_try_catch\", pid 1654, jiffies 4294913981\n\t hex dump (first 32 bytes):\n\t 02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00 ........ ...@...\n\t 80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00 ................\n\t backtrace (crc a63d875e):\n\t [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40\n\t [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0\n\t [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [<0000000071bb4b09>] 0xffffffdf052a62e0\n\t [<000000000315bc18>] 0xffffffdf052a6488\n\t [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac\n\t [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [<00000000f505065d>] kthread+0x2e8/0x374\n\t [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20\n\tunreferenced object 0xffffff80cbfe9e70 (size 16):\n\t comm \"kunit_try_catch\", pid 1658, jiffies 4294914015\n\t hex dump (first 16 bytes):\n\t 10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00 ....@...........\n\t backtrace (crc 857f0cb4):\n\t [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40\n\t [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0\n\t [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4\n\t [<0000000071bb4b09>] 0xffffffdf052a62e0\n\t [<000000007d089d45>] 0xffffffdf052a6864\n\t [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac\n\t [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec\n\t [<00000000f505065d>] kthread+0x2e8/0x374\n\t [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20\n\t......\n\nIt includes 5*5 times \"size 64\" memory leaks, which correspond to 5 times\ntest_init_iio_gain_scale() calls with gts_test_gains size 10 (10*size(int))\nand gts_test_itimes size 5. It also includes 5*1 times \"size 16\"\nmemory leak, which correspond to one time __test_init_iio_gain_scale()\ncall with gts_test_gains_gain_low size 3 (3*size(int)) and gts_test_itimes\nsize 5.\n\nThe reason is that the per_time_gains[i] is not freed which is allocated in\nthe \"gts->num_itime\" for loop in iio_gts_build_avail_scale_table()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: gts-helper: corrige fugas de memoria en iio_gts_build_avail_scale_table() modprobe iio-test-gts y rmmod, luego ocurre la siguiente fuga de memoria: objeto sin referencia 0xffffff80c810be00 (tama\u00f1o 64): comm \"kunit_try_catch\", pid 1654, jiffies 4294913981 volcado hexadecimal (primeros 32 bytes): 02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00 ........ ...@... 80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00 ................ backtrace (crc a63d875e): [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40 [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0 [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4 [<0000000071bb4b09>] 0xffffffdf052a62e0 [<000000000315bc18>] 0xffffffdf052a6488 [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000f505065d>] kthread+0x2e8/0x374 [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20 objeto sin referencia 0xffffff80cbfe9e70 (tama\u00f1o 16): comm \"kunit_try_catch\", pid 1658, jiffies 4294914015 volcado hexadecimal (primeros 16 bytes): 10 00 00 00 40 00 00 00 80 00 00 00 00 00 00 00 ....@........... backtrace (crc 857f0cb4): [<0000000028c1b3c2>] kmemleak_alloc+0x34/0x40 [<000000001d6ecc87>] __kmalloc_noprof+0x2bc/0x3c0 [<00000000393795c1>] devm_iio_init_iio_gts+0x4b4/0x16f4 [<0000000071bb4b09>] 0xffffffdf052a62e0 [<000000007d089d45>] 0xffffffdf052a6864 [<00000000f9dc55b5>] kunit_try_run_case+0x13c/0x3ac [<00000000175a3fd4>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000f505065d>] kthread+0x2e8/0x374 [<00000000bbfb0e5d>] ret_from_fork+0x10/0x20 ...... Incluye 5*5 veces p\u00e9rdidas de memoria de \"tama\u00f1o 64\", que corresponden a 5 veces llamadas a test_init_iio_gain_scale() con gts_test_gains tama\u00f1o 10 (10*size(int)) y gts_test_itimes tama\u00f1o 5. Tambi\u00e9n incluye 5*1 veces p\u00e9rdidas de memoria de \"tama\u00f1o 16\", que corresponden a una vez llamada a __test_init_iio_gain_scale() con gts_test_gains_gain_low tama\u00f1o 3 (3*size(int)) y gts_test_itimes tama\u00f1o 5. La raz\u00f3n es que no se libera per_time_gains[i], que est\u00e1 asignado en el bucle for \"gts->num_itime\" en iio_gts_build_avail_scale_table()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50232.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50232.json index 3c180947c7c..018fcd7d767 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50232.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50232.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50232", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.137", - "lastModified": "2024-11-09T11:15:09.137", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niio: adc: ad7124: fix division by zero in ad7124_set_channel_odr()\n\nIn the ad7124_write_raw() function, parameter val can potentially\nbe zero. This may lead to a division by zero when DIV_ROUND_CLOSEST()\nis called within ad7124_set_channel_odr(). The ad7124_write_raw()\nfunction is invoked through the sequence: iio_write_channel_raw() ->\niio_write_channel_attribute() -> iio_channel_write(), with no checks\nin place to ensure val is non-zero." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iio: adc: ad7124: se corrige la divisi\u00f3n por cero en ad7124_set_channel_odr() En la funci\u00f3n ad7124_write_raw(), el par\u00e1metro val puede ser potencialmente cero. Esto puede provocar una divisi\u00f3n por cero cuando se llama a DIV_ROUND_CLOSEST() dentro de ad7124_set_channel_odr(). La funci\u00f3n ad7124_write_raw() se invoca a trav\u00e9s de la secuencia: iio_write_channel_raw() -> iio_write_channel_attribute() -> iio_channel_write(), sin comprobaciones para garantizar que val no sea cero." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50233.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50233.json index a0ef130c0d3..654e6387419 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50233.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50233.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50233", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.210", - "lastModified": "2024-11-09T11:15:09.210", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: iio: frequency: ad9832: fix division by zero in ad9832_calc_freqreg()\n\nIn the ad9832_write_frequency() function, clk_get_rate() might return 0.\nThis can lead to a division by zero when calling ad9832_calc_freqreg().\nThe check if (fout > (clk_get_rate(st->mclk) / 2)) does not protect\nagainst the case when fout is 0. The ad9832_write_frequency() function\nis called from ad9832_write(), and fout is derived from a text buffer,\nwhich can contain any value." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: staging: iio: frequency: ad9832: arregla la divisi\u00f3n por cero en ad9832_calc_freqreg() En la funci\u00f3n ad9832_write_frequency(), clk_get_rate() podr\u00eda devolver 0. Esto puede provocar una divisi\u00f3n por cero al llamar a ad9832_calc_freqreg(). La comprobaci\u00f3n if (fout > (clk_get_rate(st->mclk) / 2)) no protege contra el caso en el que fout sea 0. La funci\u00f3n ad9832_write_frequency() se llama desde ad9832_write(), y fout se deriva de un b\u00fafer de texto, que puede contener cualquier valor." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50234.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50234.json index 1eedbc23e36..70cc2c3cb21 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50234.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50234.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50234", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.280", - "lastModified": "2024-11-09T11:15:09.280", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: iwlegacy: Clear stale interrupts before resuming device\n\niwl4965 fails upon resume from hibernation on my laptop. The reason\nseems to be a stale interrupt which isn't being cleared out before\ninterrupts are enabled. We end up with a race beween the resume\ntrying to bring things back up, and the restart work (queued form\nthe interrupt handler) trying to bring things down. Eventually\nthe whole thing blows up.\n\nFix the problem by clearing out any stale interrupts before\ninterrupts get enabled during resume.\n\nHere's a debug log of the indicent:\n[ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, enabled 0xaa00008b, fh 0x00000000\n[ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, enabled 0x00000000, fh 0x00000000\n[ 12.042651] iwl4965 0000:10:00.0: RF_KILL bit toggled to enable radio.\n[ 12.042653] iwl4965 0000:10:00.0: On demand firmware reload\n[ 12.042690] ieee80211 phy0: il4965_irq_tasklet End inta 0x00000000, enabled 0xaa00008b, fh 0x00000000, flags 0x00000282\n[ 12.052207] ieee80211 phy0: il4965_mac_start enter\n[ 12.052212] ieee80211 phy0: il_prep_station Add STA to driver ID 31: ff:ff:ff:ff:ff:ff\n[ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware ready\n[ 12.052324] ieee80211 phy0: il_apm_init Init card's basic functions\n[ 12.052348] ieee80211 phy0: il_apm_init L1 Enabled; Disabling L0S\n[ 12.055727] ieee80211 phy0: il4965_load_bsm Begin load bsm\n[ 12.056140] ieee80211 phy0: il4965_verify_bsm Begin verify bsm\n[ 12.058642] ieee80211 phy0: il4965_verify_bsm BSM bootstrap uCode image OK\n[ 12.058721] ieee80211 phy0: il4965_load_bsm BSM write complete, poll 1 iterations\n[ 12.058734] ieee80211 phy0: __il4965_up iwl4965 is coming up\n[ 12.058737] ieee80211 phy0: il4965_mac_start Start UP work done.\n[ 12.058757] ieee80211 phy0: __il4965_down iwl4965 is going down\n[ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Scan cancel timeout\n[ 12.058762] ieee80211 phy0: il_do_scan_abort Not performing scan to abort\n[ 12.058765] ieee80211 phy0: il_clear_ucode_stations Clearing ucode stations in driver\n[ 12.058767] ieee80211 phy0: il_clear_ucode_stations No active stations found to be cleared\n[ 12.058819] ieee80211 phy0: _il_apm_stop Stop card, put in low power state\n[ 12.058827] ieee80211 phy0: _il_apm_stop_master stop master\n[ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 frames on pre-allocated heap on clear.\n[ 12.058869] ieee80211 phy0: Hardware restart was requested\n[ 16.132299] iwl4965 0000:10:00.0: START_ALIVE timeout after 4000ms.\n[ 16.132303] ------------[ cut here ]------------\n[ 16.132304] Hardware became unavailable upon resume. This could be a software issue prior to suspend or a hardware issue.\n[ 16.132338] WARNING: CPU: 0 PID: 181 at net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132390] Modules linked in: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt backlight e1000e agpgart evdev\n[ 16.132456] CPU: 0 UID: 0 PID: 181 Comm: kworker/u8:6 Not tainted 6.11.0-cl+ #143\n[ 16.132460] Hardware name: Hewlett-Packard HP Compaq 6910p/30BE, BIOS 68MCU Ver. F.19 07/06/2010\n[ 16.132463] Workqueue: async async_run_entry_fn\n[ 16.132469] RIP: 0010:ieee80211_reconfig+0x8f/0x14b0 [mac80211]\n[ 16.132501] Code: da 02 00 0\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: iwlegacy: Borrar interrupciones obsoletas antes de reanudar el dispositivo iwl4965 falla al reanudar desde la hibernaci\u00f3n en mi computadora port\u00e1til. La raz\u00f3n parece ser una interrupci\u00f3n obsoleta que no se borra antes de que se habiliten las interrupciones. Terminamos con una ejecuci\u00f3n entre la reanudaci\u00f3n que intenta hacer que las cosas vuelvan a funcionar y el trabajo de reinicio (en cola desde el controlador de interrupciones) que intenta hacer que las cosas se detengan. Finalmente, todo explota. Solucione el problema borrando todas las interrupciones obsoletas antes de que las interrupciones se habiliten durante la reanudaci\u00f3n. Aqu\u00ed hay un registro de depuraci\u00f3n del incidente: [ 12.042589] ieee80211 phy0: il_isr ISR inta 0x00000080, habilitado 0xaa00008b, fh 0x00000000 [ 12.042625] ieee80211 phy0: il4965_irq_tasklet inta 0x00000080, habilitado 0x00000000, fh 0x00000000 [ 12.042651] iwl4965 0000:10:00.0: bit RF_KILL alternado para habilitar la radio. [ 12.042653] iwl4965 0000:10:00.0: Recarga de firmware a pedido [ 12.042690] ieee80211 phy0: il4965_irq_tasklet Fin inta 0x00000000, habilitado 0xaa00008b, fh 0x00000000, indicadores 0x00000282 [ 12.052207] ieee80211 phy0: il4965_mac_start enter [ 12.052212] ieee80211 phy0: il_prep_station Agregar STA al ID del controlador 31: ff:ff:ff:ff:ff:ff [ 12.052244] ieee80211 phy0: il4965_set_hw_ready hardware listo [ 12.052324] ieee80211 phy0: il_apm_init Funciones b\u00e1sicas de la tarjeta de inicializaci\u00f3n [ 12.052348] ieee80211 phy0: il_apm_init L1 habilitado; Deshabilitando L0S [ 12.055727] ieee80211 phy0: il4965_load_bsm Iniciar carga bsm [ 12.056140] ieee80211 phy0: il4965_verify_bsm Iniciar verificaci\u00f3n bsm [ 12.058642] ieee80211 phy0: il4965_verify_bsm Imagen uCode de arranque BSM correcta [ 12.058721] ieee80211 phy0: il4965_load_bsm Escritura BSM completa, sondeo 1 iteraci\u00f3n [ 12.058734] ieee80211 phy0: __il4965_up iwl4965 se est\u00e1 cargando [ 12.058737] ieee80211 phy0: il4965_mac_start Trabajo de inicio realizado. [ 12.058757] ieee80211 phy0: __il4965_down iwl4965 se est\u00e1 cayendo [ 12.058761] ieee80211 phy0: il_scan_cancel_timeout Tiempo de espera para cancelar el escaneo [ 12.058762] ieee80211 phy0: il_do_scan_abort No se est\u00e1 realizando el escaneo para abortar [ 12.058765] ieee80211 phy0: il_clear_ucode_stations Borrando estaciones ucode en el controlador [ 12.058767] ieee80211 phy0: il_clear_ucode_stations No se encontraron estaciones activas para borrar [ 12.058819] ieee80211 phy0: _il_apm_stop Detener la tarjeta, poner en bajo consumo estado [ 12.058827] ieee80211 phy0: _il_apm_stop_master detener master [ 12.058864] ieee80211 phy0: il4965_clear_free_frames 0 fotogramas en el mont\u00f3n preasignado al borrar. [ 12.058869] ieee80211 phy0: Se solicit\u00f3 reinicio de hardware [ 16.132299] iwl4965 0000:10:00.0: Tiempo de espera de START_ALIVE despu\u00e9s de 4000 ms. [ 16.132303] ------------[ cortar aqu\u00ed ]------------ [ 16.132304] El hardware dej\u00f3 de estar disponible al reanudar. Esto podr\u00eda ser un problema de software anterior a la suspensi\u00f3n o un problema de hardware. [ 16.132338] ADVERTENCIA: CPU: 0 PID: 181 en net/mac80211/util.c:1826 ieee80211_reconfig+0x8f/0x14b0 [mac80211] [ 16.132390] M\u00f3dulos vinculados en: ctr ccm sch_fq_codel xt_tcpudp xt_multiport xt_state iptable_filter iptable_nat nf_nat nf_conntrack nf_defrag_ipv4 ip_tables x_tables binfmt_misc joydev mousedev btusb btrtl btintel btbcm bluetooth ecdh_generic ecc iTCO_wdt i2c_dev iwl4965 iwlegacy coretemp snd_hda_codec_analog pcspkr psmouse mac80211 snd_hda_codec_generic libarc4 sdhci_pci cqhci sha256_generic sdhci libsha256 firewire_ohci snd_hda_intel snd_intel_dspcfg mmc_core snd_hda_codec snd_hwdep firewire_core led_class iosf_mbi snd_hda_core uhci_hcd lpc_ich crc_itu_t cfg80211 ehci_pci ehci_hcd snd_pcm usbcore mfd_core rfkill snd_timer snd usb_common soundcore video parport_pc parport intel_agp wmi intel_gtt retroiluminaci\u00f3n e1000e agpgart evdev [ 16.132456] ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50235.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50235.json index ed6053d40af..c1302dbb366 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50235.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50235.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50235", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.367", - "lastModified": "2024-11-09T11:15:09.367", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: cfg80211: clear wdev->cqm_config pointer on free\n\nWhen we free wdev->cqm_config when unregistering, we also\nneed to clear out the pointer since the same wdev/netdev\nmay get re-registered in another network namespace, then\ndestroyed later, running this code again, which results in\na double-free." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: cfg80211: borrar el puntero wdev->cqm_config al liberar Cuando liberamos wdev->cqm_config al anular el registro, tambi\u00e9n debemos limpiar el puntero ya que el mismo wdev/netdev puede volver a registrarse en otro espacio de nombres de red y luego destruirse m\u00e1s tarde, ejecutando este c\u00f3digo nuevamente, lo que da como resultado una doble liberaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50236.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50236.json index fd22cd9f643..35c105e097f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50236.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50236.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50236", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.447", - "lastModified": "2024-11-09T11:15:09.447", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath10k: Fix memory leak in management tx\n\nIn the current logic, memory is allocated for storing the MSDU context\nduring management packet TX but this memory is not being freed during\nmanagement TX completion. Similar leaks are seen in the management TX\ncleanup logic.\n\nKmemleak reports this problem as below,\n\nunreferenced object 0xffffff80b64ed250 (size 16):\n comm \"kworker/u16:7\", pid 148, jiffies 4294687130 (age 714.199s)\n hex dump (first 16 bytes):\n 00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t......\n backtrace:\n [] __kmem_cache_alloc_node+0x1e4/0x2d8\n [] kmalloc_trace+0x48/0x110\n [] ath10k_wmi_tlv_op_gen_mgmt_tx_send+0xd4/0x1d8 [ath10k_core]\n [] ath10k_mgmt_over_wmi_tx_work+0x134/0x298 [ath10k_core]\n [] process_scheduled_works+0x1ac/0x400\n [] worker_thread+0x208/0x328\n [] kthread+0x100/0x1c0\n [] ret_from_fork+0x10/0x20\n\nFree the memory during completion and cleanup to fix the leak.\n\nProtect the mgmt_pending_tx idr_remove() operation in\nath10k_wmi_tlv_op_cleanup_mgmt_tx_send() using ar->data_lock similar to\nother instances.\n\nTested-on: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: ath10k: Se corrige una p\u00e9rdida de memoria en la transmisi\u00f3n de administraci\u00f3n. En la l\u00f3gica actual, se asigna memoria para almacenar el contexto MSDU durante la transmisi\u00f3n del paquete de administraci\u00f3n, pero esta memoria no se libera durante la finalizaci\u00f3n de la transmisi\u00f3n de administraci\u00f3n. Se observan p\u00e9rdidas similares en la l\u00f3gica de limpieza de la transmisi\u00f3n de administraci\u00f3n. Kmemleak informa este problema de la siguiente manera: objeto sin referencia 0xffffff80b64ed250 (tama\u00f1o 16): comm \"kworker/u16:7\", pid 148, jiffies 4294687130 (edad 714.199s) volcado hexadecimal (primeros 16 bytes): 00 2b d8 d8 80 ff ff ff c4 74 e9 fd 07 00 00 00 .+.......t...... backtrace: [] __kmem_cache_alloc_node+0x1e4/0x2d8 [] kmalloc_trace+0x48/0x110 [] Libere la memoria durante la finalizaci\u00f3n y la limpieza para reparar la p\u00e9rdida. Proteja la operaci\u00f3n mgmt_pending_tx idr_remove() en ath10k_wmi_tlv_op_cleanup_mgmt_tx_send() mediante ar->data_lock de forma similar a otras instancias. Probado en: WCN3990 hw1.0 SNOC WLAN.HL.2.0-01387-QCAHLSWMTPLZ-1" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50237.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50237.json index 247ae950b7c..aa5d0061de8 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50237.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50237.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50237", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.530", - "lastModified": "2024-11-09T11:15:09.530", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mac80211: do not pass a stopped vif to the driver in .get_txpower\n\nAvoid potentially crashing in the driver because of uninitialized private data" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: wifi: mac80211: no pasar un vif detenido al controlador en .get_txpower Evitar posibles fallos en el controlador debido a datos privados no inicializados" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50238.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50238.json index a40b1ce2c53..7936df88d9a 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50238.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50238.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50238", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.613", - "lastModified": "2024-11-09T11:15:09.613", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom: qmp-usbc: fix NULL-deref on runtime suspend\n\nCommit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\")\nremoved most users of the platform device driver data from the\nqcom-qmp-usb driver, but mistakenly also removed the initialisation\ndespite the data still being used in the runtime PM callbacks. This bug\nwas later reproduced when the driver was copied to create the qmp-usbc\ndriver.\n\nRestore the driver data initialisation at probe to avoid a NULL-pointer\ndereference on runtime suspend.\n\nApparently no one uses runtime PM, which currently needs to be enabled\nmanually through sysfs, with these drivers." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: qcom: qmp-usbc: fix NULL-deref on runtime suspend Commit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\") elimin\u00f3 la mayor\u00eda de los usuarios de los datos del controlador de dispositivo de la plataforma del controlador qcom-qmp-usb, pero tambi\u00e9n elimin\u00f3 por error la inicializaci\u00f3n a pesar de que los datos a\u00fan se usaban en las devoluciones de llamadas de PM en tiempo de ejecuci\u00f3n. Este error se reprodujo m\u00e1s tarde cuando se copi\u00f3 el controlador para crear el controlador qmp-usbc. Restaure la inicializaci\u00f3n de los datos del controlador en la sonda para evitar una desreferencia de puntero NULL en la suspensi\u00f3n en tiempo de ejecuci\u00f3n. Aparentemente, nadie usa PM en tiempo de ejecuci\u00f3n, que actualmente debe habilitarse manualmente a trav\u00e9s de sysfs, con estos controladores." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50239.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50239.json index df3a6abbda3..a3571654dec 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50239.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50239.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50239", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.680", - "lastModified": "2024-11-09T11:15:09.680", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend\n\nCommit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\")\nremoved most users of the platform device driver data from the\nqcom-qmp-usb driver, but mistakenly also removed the initialisation\ndespite the data still being used in the runtime PM callbacks. This bug\nwas later reproduced when the driver was copied to create the\nqmp-usb-legacy driver.\n\nRestore the driver data initialisation at probe to avoid a NULL-pointer\ndereference on runtime suspend.\n\nApparently no one uses runtime PM, which currently needs to be enabled\nmanually through sysfs, with these drivers." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: qcom: qmp-usb-legacy: fix NULL-deref on runtime suspend Commit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\") elimin\u00f3 la mayor\u00eda de los usuarios de los datos del controlador de dispositivo de la plataforma del controlador qcom-qmp-usb, pero tambi\u00e9n elimin\u00f3 por error la inicializaci\u00f3n a pesar de que los datos a\u00fan se usaban en las devoluciones de llamadas de PM en tiempo de ejecuci\u00f3n. Este error se reprodujo m\u00e1s tarde cuando se copi\u00f3 el controlador para crear el controlador qmp-usb-legacy. Restaure la inicializaci\u00f3n de los datos del controlador en la sonda para evitar una desreferencia de puntero NULL en la suspensi\u00f3n en tiempo de ejecuci\u00f3n. Aparentemente, nadie usa PM en tiempo de ejecuci\u00f3n, que actualmente debe habilitarse manualmente a trav\u00e9s de sysfs, con estos controladores." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50240.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50240.json index e36d77ba671..07750c222fc 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50240.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50240.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50240", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.753", - "lastModified": "2024-11-09T11:15:09.753", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nphy: qcom: qmp-usb: fix NULL-deref on runtime suspend\n\nCommit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\")\nremoved most users of the platform device driver data, but mistakenly\nalso removed the initialisation despite the data still being used in the\nruntime PM callbacks.\n\nRestore the driver data initialisation at probe to avoid a NULL-pointer\ndereference on runtime suspend.\n\nApparently no one uses runtime PM, which currently needs to be enabled\nmanually through sysfs, with this driver." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: phy: qcom: qmp-usb: fix NULL-deref on runtime suspend Commit 413db06c05e7 (\"phy: qcom-qmp-usb: clean up probe initialisation\") elimin\u00f3 la mayor\u00eda de los usuarios de los datos del controlador del dispositivo de la plataforma, pero tambi\u00e9n elimin\u00f3 por error la inicializaci\u00f3n a pesar de que los datos a\u00fan se utilizan en las devoluciones de llamadas de PM en tiempo de ejecuci\u00f3n. Restaure la inicializaci\u00f3n de los datos del controlador en la sonda para evitar una desreferencia de puntero NULL en la suspensi\u00f3n en tiempo de ejecuci\u00f3n. Aparentemente, nadie usa PM en tiempo de ejecuci\u00f3n, que actualmente debe habilitarse manualmente a trav\u00e9s de sysfs, con este controlador." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50241.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50241.json index 3b07629aba6..67e657f6195 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50241.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50241.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50241", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.823", - "lastModified": "2024-11-09T11:15:09.823", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSD: Initialize struct nfsd4_copy earlier\n\nEnsure the refcount and async_copies fields are initialized early.\ncleanup_async_copy() will reference these fields if an error occurs\nin nfsd4_copy(). If they are not correctly initialized, at the very\nleast, a refcount underflow occurs." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: NFSD: inicializar struct nfsd4_copy antes Aseg\u00farese de que los campos refcount y async_copies se inicialicen antes. cleanup_async_copy() har\u00e1 referencia a estos campos si se produce un error en nfsd4_copy(). Si no se inicializan correctamente, como m\u00ednimo, se produce un desbordamiento de refcount." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50242.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50242.json index 537307a9b3f..41434a7ba4f 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50242.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50242.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50242", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:09.920", - "lastModified": "2024-11-09T11:15:09.920", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Additional check in ntfs_file_release" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Comprobaci\u00f3n adicional en ntfs_file_release" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50243.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50243.json index 3b53e2f8df7..b412ef94351 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50243.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50243.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50243", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.120", - "lastModified": "2024-11-09T11:15:10.120", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix general protection fault in run_is_mapped_full\n\nFixed deleating of a non-resident attribute in ntfs_create_inode()\nrollback." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Se corrigi\u00f3 un error de protecci\u00f3n general en run_is_mapped_full. Se corrigi\u00f3 la eliminaci\u00f3n de un atributo no residente en la reversi\u00f3n de ntfs_create_inode()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50244.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50244.json index 26c37aa17fc..6d3c318e9d2 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50244.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50244.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50244", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.300", - "lastModified": "2024-11-09T11:15:10.300", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Additional check in ni_clear()\n\nChecking of NTFS_FLAGS_LOG_REPLAYING added to prevent access to\nuninitialized bitmap during replay process." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Comprobaci\u00f3n adicional en ni_clear() Se agreg\u00f3 la comprobaci\u00f3n de NTFS_FLAGS_LOG_REPLAYING para evitar el acceso a un mapa de bits no inicializado durante el proceso de reproducci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50245.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50245.json index 5fa2398ca82..b1ef9597dfc 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50245.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50245.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50245", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.470", - "lastModified": "2024-11-09T11:15:10.470", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Fix possible deadlock in mi_read\n\nMutex lock with another subclass used in ni_lock_dir()." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Se corrige un posible bloqueo en el bloqueo mutex mi_read con otra subclase utilizada en ni_lock_dir()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50246.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50246.json index e471e3b7076..d7e5a1d1c91 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50246.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50246.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50246", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.537", - "lastModified": "2024-11-09T11:15:10.537", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Add rough attr alloc_size check" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Agregar comprobaci\u00f3n aproximada del atributo alloc_size" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50247.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50247.json index 0bcb54b42b2..4980e06bb45 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50247.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50247.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50247", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.600", - "lastModified": "2024-11-09T11:15:10.600", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Check if more than chunk-size bytes are written\n\nA incorrectly formatted chunk may decompress into\nmore than LZNT_CHUNK_SIZE bytes and a index out of bounds\nwill occur in s_max_off." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fs/ntfs3: Verificar si se escriben m\u00e1s bytes que el tama\u00f1o de un fragmento. Un fragmento con un formato incorrecto puede descomprimirse en m\u00e1s de LZNT_CHUNK_SIZE bytes y se producir\u00e1 un \u00edndice fuera de los l\u00edmites en s_max_off." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50248.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50248.json index 636f3deda2e..b12d741db1c 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50248.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50248.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50248", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.670", - "lastModified": "2024-11-09T11:15:10.670", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Add bounds checking to mi_enum_attr()\n\nAdded bounds checking to make sure that every attr don't stray beyond\nvalid memory region." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ntfs3: Agregar verificaci\u00f3n de los l\u00edmites a mi_enum_attr() Se agreg\u00f3 verificaci\u00f3n de los l\u00edmites para asegurarse de que cada atributo no se desv\u00ede de una regi\u00f3n de memoria v\u00e1lida." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50249.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50249.json index 74b46acf66d..acd8fdc9a41 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50249.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50249.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50249", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.743", - "lastModified": "2024-11-09T11:15:10.743", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nACPI: CPPC: Make rmw_lock a raw_spin_lock\n\nThe following BUG was triggered:\n\n=============================\n[ BUG: Invalid wait context ]\n6.12.0-rc2-XXX #406 Not tainted\n-----------------------------\nkworker/1:1/62 is trying to lock:\nffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, at: cpc_write+0xcc/0x370\nother info that might help us debug this:\ncontext-{5:5}\n2 locks held by kworker/1:1/62:\n #0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2c/0x50\n #1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, at: sugov_update_shared+0x3c/0x280\nstack backtrace:\nCPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 Not tainted 6.12.0-rc2-g9654bd3e8806 #406\nWorkqueue: 0x0 (events)\nCall trace:\n dump_backtrace+0xa4/0x130\n show_stack+0x20/0x38\n dump_stack_lvl+0x90/0xd0\n dump_stack+0x18/0x28\n __lock_acquire+0x480/0x1ad8\n lock_acquire+0x114/0x310\n _raw_spin_lock+0x50/0x70\n cpc_write+0xcc/0x370\n cppc_set_perf+0xa0/0x3a8\n cppc_cpufreq_fast_switch+0x40/0xc0\n cpufreq_driver_fast_switch+0x4c/0x218\n sugov_update_shared+0x234/0x280\n update_load_avg+0x6ec/0x7b8\n dequeue_entities+0x108/0x830\n dequeue_task_fair+0x58/0x408\n __schedule+0x4f0/0x1070\n schedule+0x54/0x130\n worker_thread+0xc0/0x2e8\n kthread+0x130/0x148\n ret_from_fork+0x10/0x20\n\nsugov_update_shared() locks a raw_spinlock while cpc_write() locks a\nspinlock.\n\nTo have a correct wait-type order, update rmw_lock to a raw spinlock and\nensure that interrupts will be disabled on the CPU holding it.\n\n[ rjw: Changelog edits ]" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ACPI: CPPC: Convertir rmw_lock en raw_spin_lock Se activ\u00f3 el siguiente ERROR: ============================= [ ERROR: Contexto de espera no v\u00e1lido ] 6.12.0-rc2-XXX #406 No contaminado ----------------------------- kworker/1:1/62 est\u00e1 intentando bloquear: ffffff8801593030 (&cpc_ptr->rmw_lock){+.+.}-{3:3}, en: cpc_write+0xcc/0x370 otra informaci\u00f3n que podr\u00eda ayudarnos a depurar esto: context-{5:5} 2 bloqueos mantenidos por kworker/1:1/62: #0: ffffff897ef5ec98 (&rq->__lock){-.-.}-{2:2}, en: raw_spin_rq_lock_nested+0x2c/0x50 #1: ffffff880154e238 (&sg_policy->update_lock){....}-{2:2}, en: sugov_update_shared+0x3c/0x280 seguimiento de pila: CPU: 1 UID: 0 PID: 62 Comm: kworker/1:1 No contaminado 6.12.0-rc2-g9654bd3e8806 #406 Cola de trabajo: 0x0 (eventos) Seguimiento de llamadas: dump_backtrace+0xa4/0x130 show_stack+0x20/0x38 dump_stack_lvl+0x90/0xd0 dump_stack+0x18/0x28 __lock_acquire+0x480/0x1ad8 bloqueo_adquisici\u00f3n+0x114/0x310 bloqueo_giro_sin_engranaje+0x50/0x70 escritura_cpc+0xcc/0x370 rendimiento_establecimiento_cppc+0xa0/0x3a8 cambio_r\u00e1pido_de_frecuencia_de_cpuc+0x40/0xc0 cambio_r\u00e1pido_de_controlador_de_frecuencia_de_cpu+0x4c/0x218 actualizaci\u00f3n_compartida_sugov+0x234/0x280 promedio_de_carga_actualizaci\u00f3n+0x6ec/0x7b8 entidades_de_la_cola+0x108/0x830 tarea_de_la_cola_justa+0x58/0x408 __programaci\u00f3n+0x4f0/0x1070 programaci\u00f3n+0x54/0x130 subproceso_de_trabajo+0xc0/0x2e8 kthread+0x130/0x148 ret_from_fork+0x10/0x20 sugov_update_shared() bloquea un raw_spinlock mientras que cpc_write() bloquea un spinlock. Para tener un orden de espera correcto, actualice rmw_lock a un spinlock sin procesar y aseg\u00farese de que las interrupciones se desactiven en la CPU que lo contiene. [ rjw: ediciones del registro de cambios ]" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50250.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50250.json index ae569631534..f134ff32981 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50250.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50250.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50250", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.833", - "lastModified": "2024-11-09T11:15:10.833", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfsdax: dax_unshare_iter needs to copy entire blocks\n\nThe code that copies data from srcmap to iomap in dax_unshare_iter is\nvery very broken, which bfoster's recent fsx changes have exposed.\n\nIf the pos and len passed to dax_file_unshare are not aligned to an\nfsblock boundary, the iter pos and length in the _iter function will\nreflect this unalignment.\n\ndax_iomap_direct_access always returns a pointer to the start of the\nkmapped fsdax page, even if its pos argument is in the middle of that\npage. This is catastrophic for data integrity when iter->pos is not\naligned to a page, because daddr/saddr do not point to the same byte in\nthe file as iter->pos. Hence we corrupt user data by copying it to the\nwrong place.\n\nIf iter->pos + iomap_length() in the _iter function not aligned to a\npage, then we fail to copy a full block, and only partially populate the\ndestination block. This is catastrophic for data confidentiality\nbecause we expose stale pmem contents.\n\nFix both of these issues by aligning copy_pos/copy_len to a page\nboundary (remember, this is fsdax so 1 fsblock == 1 base page) so that\nwe always copy full blocks.\n\nWe're not done yet -- there's no call to invalidate_inode_pages2_range,\nso programs that have the file range mmap'd will continue accessing the\nold memory mapping after the file metadata updates have completed.\n\nBe careful with the return value -- if the unshare succeeds, we still\nneed to return the number of bytes that the iomap iter thinks we're\noperating on." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fsdax: dax_unshare_iter necesita copiar bloques enteros El c\u00f3digo que copia datos de srcmap a iomap en dax_unshare_iter est\u00e1 muy, muy roto, lo que los cambios recientes de fsx de bfoster han expuesto. Si la posici\u00f3n y la longitud pasadas a dax_file_unshare no est\u00e1n alineadas con un l\u00edmite de fsblock, la posici\u00f3n y la longitud de iter en la funci\u00f3n _iter reflejar\u00e1n esta desalineaci\u00f3n. dax_iomap_direct_access siempre devuelve un puntero al inicio de la p\u00e1gina fsdax kmapped, incluso si su argumento pos est\u00e1 en el medio de esa p\u00e1gina. Esto es catastr\u00f3fico para la integridad de los datos cuando iter->pos no est\u00e1 alineado con una p\u00e1gina, porque daddr/saddr no apuntan al mismo byte en el archivo que iter->pos. Por lo tanto, corrompemos los datos del usuario copi\u00e1ndolos en el lugar equivocado. Si iter->pos + iomap_length() en la funci\u00f3n _iter no est\u00e1 alineado con una p\u00e1gina, entonces no copiamos un bloque completo y solo rellenamos parcialmente el bloque de destino. Esto es catastr\u00f3fico para la confidencialidad de los datos porque exponemos contenidos pmem obsoletos. Solucione ambos problemas alineando copy_pos/copy_len con un l\u00edmite de p\u00e1gina (recuerde, esto es fsdax, por lo que 1 fsblock == 1 p\u00e1gina base) de modo que siempre copiemos bloques completos. A\u00fan no hemos terminado: no hay ninguna llamada a invalidate_inode_pages2_range, por lo que los programas que tienen el rango de archivos mmap seguir\u00e1n accediendo al mapeo de memoria anterior despu\u00e9s de que se hayan completado las actualizaciones de metadatos del archivo. Tenga cuidado con el valor de retorno: si la anulaci\u00f3n del uso compartido tiene \u00e9xito, a\u00fan necesitamos devolver la cantidad de bytes en los que el iter iomap cree que estamos operando." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50251.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50251.json index 18975886b73..89ae10e6cce 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50251.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50251.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50251", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.900", - "lastModified": "2024-11-09T11:15:10.900", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nft_payload: sanitize offset and length before calling skb_checksum()\n\nIf access to offset + length is larger than the skbuff length, then\nskb_checksum() triggers BUG_ON().\n\nskb_checksum() internally subtracts the length parameter while iterating\nover skbuff, BUG_ON(len) at the end of it checks that the expected\nlength to be included in the checksum calculation is fully consumed." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nft_payload: desinfecta el desplazamiento y la longitud antes de llamar a skb_checksum() Si el acceso a desplazamiento + longitud es mayor que la longitud de skbuff, entonces skb_checksum() activa BUG_ON(). skb_checksum() resta internamente el par\u00e1metro de longitud mientras itera sobre skbuff, BUG_ON(len) al final verifica que la longitud esperada que se incluir\u00e1 en el c\u00e1lculo de la suma de comprobaci\u00f3n se haya consumido por completo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50252.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50252.json index d73ba77ad2a..911f1b902d1 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50252.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50252.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50252", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:10.973", - "lastModified": "2024-11-09T11:15:10.973", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address\n\nThe device stores IPv6 addresses that are used for encapsulation in\nlinear memory that is managed by the driver.\n\nChanging the remote address of an ip6gre net device never worked\nproperly, but since cited commit the following reproducer [1] would\nresult in a warning [2] and a memory leak [3]. The problem is that the\nnew remote address is never added by the driver to its hash table (and\ntherefore the device) and the old address is never removed from it.\n\nFix by programming the new address when the configuration of the ip6gre\nnet device changes and removing the old one. If the address did not\nchange, then the above would result in increasing the reference count of\nthe address and then decreasing it.\n\n[1]\n # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos inherit ttl inherit\n # ip link set dev bla type ip6gre remote 2001:db8:3::1\n # ip link del dev bla\n # devlink dev reload pci/0000:01:00.0\n\n[2]\nWARNING: CPU: 0 PID: 1682 at drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0\nModules linked in:\nCPU: 0 UID: 0 PID: 1682 Comm: ip Not tainted 6.12.0-rc3-custom-g86b5b55bc835 #151\nHardware name: Nvidia SN5600/VMOD0013, BIOS 5.13 05/31/2023\nRIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0\n[...]\nCall Trace:\n \n mlxsw_sp_router_netdevice_event+0x55f/0x1240\n notifier_call_chain+0x5a/0xd0\n call_netdevice_notifiers_info+0x39/0x90\n unregister_netdevice_many_notify+0x63e/0x9d0\n rtnl_dellink+0x16b/0x3a0\n rtnetlink_rcv_msg+0x142/0x3f0\n netlink_rcv_skb+0x50/0x100\n netlink_unicast+0x242/0x390\n netlink_sendmsg+0x1de/0x420\n ____sys_sendmsg+0x2bd/0x320\n ___sys_sendmsg+0x9a/0xe0\n __sys_sendmsg+0x7a/0xd0\n do_syscall_64+0x9e/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\n[3]\nunreferenced object 0xffff898081f597a0 (size 32):\n comm \"ip\", pid 1626, jiffies 4294719324\n hex dump (first 32 bytes):\n 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ...............\n 21 49 61 83 80 89 ff ff 00 00 00 00 01 00 00 00 !Ia.............\n backtrace (crc fd9be911):\n [<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260\n [<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340\n [<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240\n [<00000000743e7757>] notifier_call_chain+0x5a/0xd0\n [<000000007c7b9e13>] call_netdevice_notifiers_info+0x39/0x90\n [<000000002509645d>] register_netdevice+0x5f7/0x7a0\n [<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130\n [<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120\n [<000000004df7c7cc>] rtnl_newlink+0x471/0xa20\n [<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0\n [<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100\n [<00000000908bca63>] netlink_unicast+0x242/0x390\n [<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420\n [<0000000011db153e>] ____sys_sendmsg+0x2bd/0x320\n [<000000003b6d53eb>] ___sys_sendmsg+0x9a/0xe0\n [<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: mlxsw: spectrum_ipip: Corrige la p\u00e9rdida de memoria al cambiar la direcci\u00f3n IPv6 remota El dispositivo almacena direcciones IPv6 que se utilizan para la encapsulaci\u00f3n en la memoria lineal que administra el controlador. Cambiar la direcci\u00f3n remota de un dispositivo ip6gre net nunca funcion\u00f3 correctamente, pero desde el commit citada, el siguiente reproductor [1] dar\u00eda como resultado una advertencia [2] y una p\u00e9rdida de memoria [3]. El problema es que el controlador nunca agrega la nueva direcci\u00f3n remota a su tabla hash (y, por lo tanto, al dispositivo) y la direcci\u00f3n anterior nunca se elimina de ella. Corrija programando la nueva direcci\u00f3n cuando cambie la configuraci\u00f3n del dispositivo ip6gre net y eliminando la anterior. Si la direcci\u00f3n no cambiara, lo anterior dar\u00eda como resultado un aumento en el recuento de referencia de la direcci\u00f3n y luego una disminuci\u00f3n. [1] # ip link add name bla up type ip6gre local 2001:db8:1::1 remote 2001:db8:2::1 tos heritage ttl heritage # ip link set dev bla type ip6gre remote 2001:db8:3::1 # ip link del dev bla # devlink dev reload pci/0000:01:00.0 [2] ADVERTENCIA: CPU: 0 PID: 1682 en drivers/net/ethernet/mellanox/mlxsw/spectrum.c:3002 mlxsw_sp_ipv6_addr_put+0x140/0x1d0 M\u00f3dulos vinculados: CPU: 0 UID: 0 PID: 1682 Comm: ip No contaminado 6.12.0-rc3-custom-g86b5b55bc835 #151 Nombre del hardware: Nvidia SN5600/VMOD0013, BIOS 5.13 31/05/2023 RIP: 0010:mlxsw_sp_ipv6_addr_put+0x140/0x1d0 [...] Seguimiento de llamadas: mlxsw_sp_router_netdevice_event+0x55f/0x1240 notifier_call_chain+0x5a/0xd0 call_netdevice_notifiers_info+0x39/0x90 unregister_netdevice_many_notify+0x63e/0x9d0 rtnl_dellink+0x16b/0x3a0 rtnetlink_rcv_msg+0x142/0x3f0 netlink_rcv_skb+0x50/0x100 netlink_unicast+0x242/0x390 netlink_sendmsg+0x1de/0x420 ____sys_sendmsg+0x2bd/0x320 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xd0 do_syscall_64+0x9e/0x1a0 entry_SYSCALL_64_after_hwframe+0x77/0x7f [3] objeto sin referencia 0xffff898081f597a0 (tama\u00f1o 32): comm \"ip\", pid 1626, jiffies 4294719324 volcado hexadecimal (primeros 32 bytes): 20 01 0d b8 00 02 00 00 00 00 00 00 00 00 00 01 ............... 21 49 61 83 80 89 y siguientes y siguientes 00 00 00 00 01 00 00 00 !Ia............. seguimiento inverso (crc fd9be911): [<00000000df89c55d>] __kmalloc_cache_noprof+0x1da/0x260 [<00000000ff2a1ddb>] mlxsw_sp_ipv6_addr_kvdl_index_get+0x281/0x340 [<000000009ddd445d>] mlxsw_sp_router_netdevice_event+0x47b/0x1240 [<00000000743e7757>] cadena_de_llamadas_de_notificador+0x5a/0xd0 [<000000007c7b9e13>] informaci\u00f3n_de_notificadores_de_dispositivo_de_red_de_llamada+0x39/0x90 [<000000002509645d>] registro_dispositivo_de_red+0x5f7/0x7a0 [<00000000c2e7d2a9>] ip6gre_newlink_common.isra.0+0x65/0x130 [<0000000087cd6d8d>] ip6gre_newlink+0x72/0x120 [<000000004df7c7cc>] rtnl_newlink+0x471/0xa20 [<0000000057ed632a>] rtnetlink_rcv_msg+0x142/0x3f0 [<0000000032e0d5b5>] netlink_rcv_skb+0x50/0x100 [<00000000908bca63>] netlink_unicast+0x242/0x390 [<00000000cdbe1c87>] netlink_sendmsg+0x1de/0x420 [<0000000011db153e>] ____sys_sendmsg+0x2bd/0x320 [<000000003b6d53eb>] ___sys_sendmsg+0x9a/0xe0 [<00000000cae27c62>] __sys_sendmsg+0x7a/0xd0" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50253.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50253.json index 0419e8b0523..d1b4ce33566 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50253.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50253.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50253", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.043", - "lastModified": "2024-11-09T11:15:11.043", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check the validity of nr_words in bpf_iter_bits_new()\n\nCheck the validity of nr_words in bpf_iter_bits_new(). Without this\ncheck, when multiplication overflow occurs for nr_bits (e.g., when\nnr_words = 0x0400-0001, nr_bits becomes 64), stack corruption may occur\ndue to bpf_probe_read_kernel_common(..., nr_bytes = 0x2000-0008).\n\nFix it by limiting the maximum value of nr_words to 511. The value is\nderived from the current implementation of BPF memory allocator. To\nensure compatibility if the BPF memory allocator's size limitation\nchanges in the future, use the helper bpf_mem_alloc_check_size() to\ncheck whether nr_bytes is too larger. And return -E2BIG instead of\n-ENOMEM for oversized nr_bytes." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: comprobar la validez de nr_words en bpf_iter_bits_new() Compruebe la validez de nr_words en bpf_iter_bits_new(). Sin esta comprobaci\u00f3n, cuando se produce un desbordamiento de multiplicaci\u00f3n para nr_bits (p. ej., cuando nr_words = 0x0400-0001, nr_bits se convierte en 64), puede producirse una corrupci\u00f3n de la pila debido a bpf_probe_read_kernel_common(..., nr_bytes = 0x2000-0008). Solucione el problema limitando el valor m\u00e1ximo de nr_words a 511. El valor se deriva de la implementaci\u00f3n actual del asignador de memoria BPF. Para garantizar la compatibilidad si la limitaci\u00f3n de tama\u00f1o del asignador de memoria BPF cambia en el futuro, utilice el asistente bpf_mem_alloc_check_size() para verificar si nr_bytes es demasiado grande. Y devuelva -E2BIG en lugar de -ENOMEM para nr_bytes de gran tama\u00f1o." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50254.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50254.json index 72956a14803..fab28d42437 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50254.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50254.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50254", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.113", - "lastModified": "2024-11-09T11:15:11.113", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Free dynamically allocated bits in bpf_iter_bits_destroy()\n\nbpf_iter_bits_destroy() uses \"kit->nr_bits <= 64\" to check whether the\nbits are dynamically allocated. However, the check is incorrect and may\ncause a kmemleak as shown below:\n\nunreferenced object 0xffff88812628c8c0 (size 32):\n comm \"swapper/0\", pid 1, jiffies 4294727320\n hex dump (first 32 bytes):\n\tb0 c1 55 f5 81 88 ff ff f0 f0 f0 f0 f0 f0 f0 f0 ..U...........\n\tf0 f0 f0 f0 f0 f0 f0 f0 00 00 00 00 00 00 00 00 ..............\n backtrace (crc 781e32cc):\n\t[<00000000c452b4ab>] kmemleak_alloc+0x4b/0x80\n\t[<0000000004e09f80>] __kmalloc_node_noprof+0x480/0x5c0\n\t[<00000000597124d6>] __alloc.isra.0+0x89/0xb0\n\t[<000000004ebfffcd>] alloc_bulk+0x2af/0x720\n\t[<00000000d9c10145>] prefill_mem_cache+0x7f/0xb0\n\t[<00000000ff9738ff>] bpf_mem_alloc_init+0x3e2/0x610\n\t[<000000008b616eac>] bpf_global_ma_init+0x19/0x30\n\t[<00000000fc473efc>] do_one_initcall+0xd3/0x3c0\n\t[<00000000ec81498c>] kernel_init_freeable+0x66a/0x940\n\t[<00000000b119f72f>] kernel_init+0x20/0x160\n\t[<00000000f11ac9a7>] ret_from_fork+0x3c/0x70\n\t[<0000000004671da4>] ret_from_fork_asm+0x1a/0x30\n\nThat is because nr_bits will be set as zero in bpf_iter_bits_next()\nafter all bits have been iterated.\n\nFix the issue by setting kit->bit to kit->nr_bits instead of setting\nkit->nr_bits to zero when the iteration completes in\nbpf_iter_bits_next(). In addition, use \"!nr_bits || bits >= nr_bits\" to\ncheck whether the iteration is complete and still use \"nr_bits > 64\" to\nindicate whether bits are dynamically allocated. The \"!nr_bits\" check is\nnecessary because bpf_iter_bits_new() may fail before setting\nkit->nr_bits, and this condition will stop the iteration early instead\nof accessing the zeroed or freed kit->bits.\n\nConsidering the initial value of kit->bits is -1 and the type of\nkit->nr_bits is unsigned int, change the type of kit->nr_bits to int.\nThe potential overflow problem will be handled in the following patch." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Libera bits asignados din\u00e1micamente en bpf_iter_bits_destroy() bpf_iter_bits_destroy() usa \"kit->nr_bits <= 64\" para comprobar si los bits est\u00e1n asignados din\u00e1micamente. Sin embargo, la comprobaci\u00f3n es incorrecta y puede causar una fuga de kmem como se muestra a continuaci\u00f3n: objeto sin referencia 0xffff88812628c8c0 (tama\u00f1o 32): comm \"swapper/0\", pid 1, jiffies 4294727320 volcado hexadecimal (primeros 32 bytes): b0 c1 55 f5 81 88 ff ff f0 f0 f0 f0 f0 f0 f0 f0 f0 ..U........... f0 f0 f0 f0 f0 f0 f0 f0 f0 00 00 00 00 00 00 00 00 .............. backtrace (crc 781e32cc): [<00000000c452b4ab>] kmemleak_alloc+0x4b/0x80 [<0000000004e09f80>] __kmalloc_node_noprof+0x480/0x5c0 [<00000000597124d6>] __alloc.isra.0+0x89/0xb0 [<000000004ebfffcd>] alloc_bulk+0x2af/0x720 [<00000000d9c10145>] prefill_mem_cache+0x7f/0xb0 [<00000000ff9738ff>] bpf_mem_alloc_init+0x3e2/0x610 [<000000008b616eac>] bpf_global_ma_init+0x19/0x30 [<00000000fc473efc>] Esto se debe a que nr_bits se establecer\u00e1 como cero en bpf_iter_bits_next() despu\u00e9s de que se hayan iterado todos los bits. Solucione el problema configurando kit->bit en kit->nr_bits en lugar de configurar kit->nr_bits en cero cuando la iteraci\u00f3n se complete en bpf_iter_bits_next(). Adem\u00e1s, use \"!nr_bits || bits >= nr_bits\" para verificar si la iteraci\u00f3n est\u00e1 completa y siga usando \"nr_bits > 64\" para indicar si los bits se asignan din\u00e1micamente. La verificaci\u00f3n \"!nr_bits\" es necesaria porque bpf_iter_bits_new() puede fallar antes de configurar kit->nr_bits, y esta condici\u00f3n detendr\u00e1 la iteraci\u00f3n antes de tiempo en lugar de acceder a los kit->bits liberados o puestos a cero. Teniendo en cuenta que el valor inicial de kit->bits es -1 y el tipo de kit->nr_bits es unsigned int, cambie el tipo de kit->nr_bits a int. El posible problema de desbordamiento se manejar\u00e1 en el siguiente parche." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50255.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50255.json index 44bb8baea45..4b7724c0050 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50255.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50255.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50255", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.183", - "lastModified": "2024-11-09T11:15:11.183", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nBluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs\n\nFix __hci_cmd_sync_sk() to return not NULL for unknown opcodes.\n\n__hci_cmd_sync_sk() returns NULL if a command returns a status event.\nHowever, it also returns NULL where an opcode doesn't exist in the\nhci_cc table because hci_cmd_complete_evt() assumes status = skb->data[0]\nfor unknown opcodes.\nThis leads to null-ptr-deref in cmd_sync for HCI_OP_READ_LOCAL_CODECS as\nthere is no hci_cc for HCI_OP_READ_LOCAL_CODECS, which always assumes\nstatus = skb->data[0].\n\nKASAN: null-ptr-deref in range [0x0000000000000070-0x0000000000000077]\nCPU: 1 PID: 2000 Comm: kworker/u9:5 Not tainted 6.9.0-ga6bcb805883c-dirty #10\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014\nWorkqueue: hci7 hci_power_on\nRIP: 0010:hci_read_supported_codecs+0xb9/0x870 net/bluetooth/hci_codec.c:138\nCode: 08 48 89 ef e8 b8 c1 8f fd 48 8b 75 00 e9 96 00 00 00 49 89 c6 48 ba 00 00 00 00 00 fc ff df 4c 8d 60 70 4c 89 e3 48 c1 eb 03 <0f> b6 04 13 84 c0 0f 85 82 06 00 00 41 83 3c 24 02 77 0a e8 bf 78\nRSP: 0018:ffff888120bafac8 EFLAGS: 00010212\nRAX: 0000000000000000 RBX: 000000000000000e RCX: ffff8881173f0040\nRDX: dffffc0000000000 RSI: ffffffffa58496c0 RDI: ffff88810b9ad1e4\nRBP: ffff88810b9ac000 R08: ffffffffa77882a7 R09: 1ffffffff4ef1054\nR10: dffffc0000000000 R11: fffffbfff4ef1055 R12: 0000000000000070\nR13: 0000000000000000 R14: 0000000000000000 R15: ffff88810b9ac000\nFS: 0000000000000000(0000) GS:ffff8881f6c00000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f6ddaa3439e CR3: 0000000139764003 CR4: 0000000000770ef0\nPKRU: 55555554\nCall Trace:\n \n hci_read_local_codecs_sync net/bluetooth/hci_sync.c:4546 [inline]\n hci_init_stage_sync net/bluetooth/hci_sync.c:3441 [inline]\n hci_init4_sync net/bluetooth/hci_sync.c:4706 [inline]\n hci_init_sync net/bluetooth/hci_sync.c:4742 [inline]\n hci_dev_init_sync net/bluetooth/hci_sync.c:4912 [inline]\n hci_dev_open_sync+0x19a9/0x2d30 net/bluetooth/hci_sync.c:4994\n hci_dev_do_open net/bluetooth/hci_core.c:483 [inline]\n hci_power_on+0x11e/0x560 net/bluetooth/hci_core.c:1015\n process_one_work kernel/workqueue.c:3267 [inline]\n process_scheduled_works+0x8ef/0x14f0 kernel/workqueue.c:3348\n worker_thread+0x91f/0xe50 kernel/workqueue.c:3429\n kthread+0x2cb/0x360 kernel/kthread.c:388\n ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147\n ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: hci: corregir null-ptr-deref en hci_read_supported_codecs Corregir __hci_cmd_sync_sk() para que no devuelva NULL para c\u00f3digos de operaci\u00f3n desconocidos. __hci_cmd_sync_sk() devuelve NULL si un comando devuelve un evento de estado. Sin embargo, tambi\u00e9n devuelve NULL cuando no existe un c\u00f3digo de operaci\u00f3n en la tabla hci_cc porque hci_cmd_complete_evt() asume status = skb->data[0] para c\u00f3digos de operaci\u00f3n desconocidos. Esto lleva a null-ptr-deref en cmd_sync para HCI_OP_READ_LOCAL_CODECS ya que no hay hci_cc para HCI_OP_READ_LOCAL_CODECS, que siempre asume status = skb->data[0]. KASAN: null-ptr-deref en el rango [0x0000000000000070-0x0000000000000077] CPU: 1 PID: 2000 Comm: kworker/u9:5 No contaminado 6.9.0-ga6bcb805883c-dirty #10 Nombre del hardware: PC est\u00e1ndar QEMU (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Cola de trabajo: hci7 hci_power_on RIP: 0010:hci_read_supported_codecs+0xb9/0x870 net/bluetooth/hci_codec.c:138 C\u00f3digo: 08 48 89 ef e8 b8 c1 8f fd 48 8b 75 00 e9 96 00 00 00 49 89 c6 48 ba 00 00 00 00 00 fc ff df 4c 8d 60 70 4c 89 e3 48 c1 eb 03 <0f> b6 04 13 84 c0 0f 85 82 06 00 00 41 83 3c 24 02 77 0a e8 bf 78 RSP: 0018:ffff888120bafac8 EFLAGS: 00010212 RAX: 000000000000000 RBX: 000000000000000e RCX: ffff8881173f0040 RDX: dffffc0000000000 RSI: ffffffffa58496c0 RDI: ffff88810b9ad1e4 RBP: ffff88810b9ac000 R08: ffffffffa77882a7 R09: 1ffffffff4ef1054 R10: dffffc0000000000 R11: fffffbfff4ef1055 R12: 0000000000000070 R13: 0000000000000000 R14: 0000000000000000 R15: ffff88810b9ac000 FS: 0000000000000000(0000) GS:ffff8881f6c00000(0000) knlGS:00000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f6ddaa3439e CR3: 0000000139764003 CR4: 0000000000770ef0 PKRU: 55555554 Seguimiento de llamadas: hci_read_local_codecs_sync net/bluetooth/hci_sync.c:4546 [en l\u00ednea] hci_init_stage_sync net/bluetooth/hci_sync.c:3441 [en l\u00ednea] hci_init4_sync net/bluetooth/hci_sync.c:4706 [en l\u00ednea] hci_init_sync net/bluetooth/hci_sync.c:4742 [en l\u00ednea] hci_dev_init_sync net/bluetooth/hci_sync.c:4912 [en l\u00ednea] hci_dev_open_sync+0x19a9/0x2d30 net/bluetooth/hci_sync.c:4994 hci_dev_do_open net/bluetooth/hci_core.c:483 [en l\u00ednea] hci_power_on+0x11e/0x560 net/bluetooth/hci_core.c:1015 proceso_uno_trabajo kernel/workqueue.c:3267 [en l\u00ednea] proceso_trabajos_programados+0x8ef/0x14f0 kernel/workqueue.c:3348 subproceso de trabajo+0x91f/0xe50 kernel/workqueue.c:3429 subproceso de trabajo+0x2cb/0x360 kernel/kthread.c:388 ret_de_bifurcaci\u00f3n+0x4d/0x80 arch/x86/kernel/process.c:147 ret_de_bifurcaci\u00f3n_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50256.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50256.json index b858aeb5846..8b55ab68e34 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50256.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50256.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50256", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.263", - "lastModified": "2024-11-09T11:15:11.263", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6()\n\nI got a syzbot report without a repro [1] crashing in nf_send_reset6()\n\nI think the issue is that dev->hard_header_len is zero, and we attempt\nlater to push an Ethernet header.\n\nUse LL_MAX_HEADER, as other functions in net/ipv6/netfilter/nf_reject_ipv6.c.\n\n[1]\n\nskbuff: skb_under_panic: text:ffffffff89b1d008 len:74 put:14 head:ffff88803123aa00 data:ffff88803123a9f2 tail:0x3c end:0x140 dev:syz_tun\n kernel BUG at net/core/skbuff.c:206 !\nOops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI\nCPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 Not tainted 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024\n RIP: 0010:skb_panic net/core/skbuff.c:206 [inline]\n RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216\nCode: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3\nRSP: 0018:ffffc900045269b0 EFLAGS: 00010282\nRAX: 0000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800\nRDX: 0000000000000000 RSI: 0000000000000200 RDI: 0000000000000000\nRBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc\nR10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140\nR13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c\nFS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0\nDR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\nDR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\nCall Trace:\n \n skb_push+0xe5/0x100 net/core/skbuff.c:2636\n eth_header+0x38/0x1f0 net/ethernet/eth.c:83\n dev_hard_header include/linux/netdevice.h:3208 [inline]\n nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358\n nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48\n expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [inline]\n nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288\n nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626\n nf_hook include/linux/netfilter.h:269 [inline]\n NF_HOOK include/linux/netfilter.h:312 [inline]\n br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184\n nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline]\n nf_hook_bridge_pre net/bridge/br_input.c:277 [inline]\n br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424\n __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562\n __netif_receive_skb_one_core net/core/dev.c:5666 [inline]\n __netif_receive_skb+0x12f/0x650 net/core/dev.c:5781\n netif_receive_skb_internal net/core/dev.c:5867 [inline]\n netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926\n tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550\n tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007\n tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053\n new_sync_write fs/read_write.c:590 [inline]\n vfs_write+0xa6d/0xc90 fs/read_write.c:683\n ksys_write+0x183/0x2b0 fs/read_write.c:736\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7fdbeeb7d1ff\nCode: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48\nRSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001\nRAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff\nRDX: 000000000000008e RSI: 0000000020000040 RDI: 00000000000000c8\nRBP: 00007fdbeebf12be R08: 0000000\n---truncated---" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: nf_reject_ipv6: soluciona un posible fallo en nf_send_reset6() Recib\u00ed un informe de syzbot sin una reproducci\u00f3n [1] que falla en nf_send_reset6() Creo que el problema es que dev->hard_header_len es cero, e intentamos m\u00e1s tarde enviar un encabezado Ethernet. Utilice LL_MAX_HEADER, como otras funciones en net/ipv6/netfilter/nf_reject_ipv6.c. [1] skbuff: skb_under_panic: texto:ffffffff89b1d008 longitud:74 puesta:14 cabeza:ffff88803123aa00 datos:ffff88803123a9f2 cola:0x3c fin:0x140 desarrollo:syz_tun ERROR del kernel en net/core/skbuff.c:206 ! Oops: c\u00f3digo de operaci\u00f3n no v\u00e1lido: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 7373 Comm: syz.1.568 No contaminado 6.12.0-rc2-syzkaller-00631-g6d858708d465 #0 Nombre del hardware: Google Google Compute Engine/Google Compute Engine, BIOS Google 13/09/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [en l\u00ednea] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 C\u00f3digo: 0d 8d 48 c7 c6 60 a6 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 ba 30 38 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc900045269b0 EFLAGS: 00010282 RAX: 000000000000088 RBX: dffffc0000000000 RCX: cd66dacdc5d8e800 RDX: 00000000000000000 RSI: 0000000000000200 RDI: 0000000000000000 RBP: ffff88802d39a3d0 R08: ffffffff8174afec R09: 1ffff920008a4ccc R10: dffffc0000000000 R11: fffff520008a4ccd R12: 0000000000000140 R13: ffff88803123aa00 R14: ffff88803123a9f2 R15: 000000000000003c FS: 00007fdbee5ff6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000005d322000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Seguimiento de llamadas: skb_push+0xe5/0x100 net/core/skbuff.c:2636 eth_header+0x38/0x1f0 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3208 [en l\u00ednea] nf_send_reset6+0xce6/0x1270 net/ipv6/netfilter/nf_reject_ipv6.c:358 nft_reject_inet_eval+0x3b9/0x690 net/netfilter/nft_reject_inet.c:48 expr_call_ops_eval net/netfilter/nf_tables_core.c:240 [en l\u00ednea] nft_do_chain+0x4ad/0x1da0 net/netfilter/nf_tables_core.c:288 nft_do_chain_inet+0x418/0x6b0 net/netfilter/nft_chain_filter.c:161 nf_hook_entry_hookfn incluye/linux/netfilter.h:154 [en l\u00ednea] nf_hook_slow+0xc3/0x220 net/netfilter/core.c:626 nf_hook incluye/linux/netfilter.h:269 [en l\u00ednea] NF_HOOK incluye/linux/netfilter.h:312 [en l\u00ednea] br_nf_pre_routing_ipv6+0x63e/0x770 net/bridge/br_netfilter_ipv6.c:184 nf_hook_entry_hookfn include/linux/netfilter.h:154 [en l\u00ednea] nf_hook_bridge_pre net/bridge/br_input.c:277 [en l\u00ednea] br_handle_frame+0x9fd/0x1530 net/bridge/br_input.c:424 __netif_receive_skb_core+0x13e8/0x4570 net/core/dev.c:5562 __netif_receive_skb_one_core net/core/dev.c:5666 [en l\u00ednea] __netif_receive_skb+0x12f/0x650 net/core/dev.c:5781 netif_receive_skb_internal net/core/dev.c:5867 [en l\u00ednea] netif_receive_skb+0x1e8/0x890 net/core/dev.c:5926 tun_rx_batched+0x1b7/0x8f0 drivers/net/tun.c:1550 tun_get_user+0x3056/0x47e0 drivers/net/tun.c:2007 tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2053 new_sync_write fs/read_write.c:590 [en l\u00ednea] vfs_write+0xa6d/0xc90 fs/read_write.c:683 ksys_write+0x183/0x2b0 fs/read_write.c:736 do_syscall_x64 arch/x86/entry/common.c:52 [en l\u00ednea] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fdbeeb7d1ff C\u00f3digo: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 RSP: 002b:00007fdbee5ff000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00007fdbeed36058 RCX: 00007fdbeeb7d1ff RDX: 00000000000008e RSI: 0000000020000040 RDI: 0000000000000c8 RBP: 00007fdbeebf12be R08: 0000000 ---truncado---" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50257.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50257.json index 6e565f13de3..01b39ec04db 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50257.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50257.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50257", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.340", - "lastModified": "2024-11-09T11:15:11.340", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: Fix use-after-free in get_info()\n\nip6table_nat module unload has refcnt warning for UAF. call trace is:\n\nWARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80\nModules linked in: ip6table_nat(-)\nCPU: 1 UID: 0 PID: 379 Comm: ip6tables Not tainted 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205\nHardware name: QEMU Standard PC (i440FX + PIIX, 1996),\nBIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014\nRIP: 0010:module_put+0x6f/0x80\nCall Trace:\n \n get_info+0x128/0x180\n do_ip6t_get_ctl+0x6a/0x430\n nf_getsockopt+0x46/0x80\n ipv6_getsockopt+0xb9/0x100\n rawv6_getsockopt+0x42/0x190\n do_sock_getsockopt+0xaa/0x180\n __sys_getsockopt+0x70/0xc0\n __x64_sys_getsockopt+0x20/0x30\n do_syscall_64+0xa2/0x1a0\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nConcurrent execution of module unload and get_info() trigered the warning.\nThe root cause is as follows:\n\ncpu0\t\t\t\t cpu1\nmodule_exit\n//mod->state = MODULE_STATE_GOING\n ip6table_nat_exit\n xt_unregister_template\n\tkfree(t)\n\t//removed from templ_list\n\t\t\t\t getinfo()\n\t\t\t\t\t t = xt_find_table_lock\n\t\t\t\t\t\tlist_for_each_entry(tmpl, &xt_templates[af]...)\n\t\t\t\t\t\t\tif (strcmp(tmpl->name, name))\n\t\t\t\t\t\t\t\tcontinue; //table not found\n\t\t\t\t\t\t\ttry_module_get\n\t\t\t\t\t\tlist_for_each_entry(t, &xt_net->tables[af]...)\n\t\t\t\t\t\t\treturn t; //not get refcnt\n\t\t\t\t\t module_put(t->me) //uaf\n unregister_pernet_subsys\n //remove table from xt_net list\n\nWhile xt_table module was going away and has been removed from\nxt_templates list, we couldnt get refcnt of xt_table->me. Check\nmodule in xt_net->tables list re-traversal to fix it." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netfilter: Se corrige el problema use-after-free en la descarga del m\u00f3dulo ip6table_nat get_info() que tiene una advertencia refcnt para UAF. El seguimiento de llamadas es: ADVERTENCIA: CPU: 1 PID: 379 en kernel/module/main.c:853 module_put+0x6f/0x80 M\u00f3dulos vinculados en: ip6table_nat(-) CPU: 1 UID: 0 PID: 379 Comm: ip6tables No contaminado 6.12.0-rc4-00047-gc2ee9f594da8-dirty #205 Nombre del hardware: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:module_put+0x6f/0x80 Seguimiento de llamadas: get_info+0x128/0x180 La ejecuci\u00f3n simult\u00e1nea de la descarga del m\u00f3dulo y get_info() activ\u00f3 la advertencia. La causa ra\u00edz es la siguiente: cpu0 cpu1 module_exit //mod->state = MODULE_STATE_GOING ip6table_nat_exit xt_unregister_template kfree(t) //eliminado de la lista de plantillas getinfo() t = xt_find_table_lock list_for_each_entry(tmpl, &xt_templates[af]...) if (strcmp(tmpl->name, name)) continue; //tabla no encontrada try_module_get list_for_each_entry(t, &xt_net->tables[af]...) return t; //no obtener refcnt module_put(t->me) //uaf unregister_pernet_subsys //eliminar tabla de la lista xt_net Mientras el m\u00f3dulo xt_table desaparec\u00eda y se eliminaba de la lista xt_templates, no pudimos obtener refcnt de xt_table->me. Verifique el m\u00f3dulo en el recorrido de lista xt_net->tables para solucionarlo." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50258.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50258.json index 27f62a11cf2..537e14165db 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50258.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50258.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50258", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.413", - "lastModified": "2024-11-09T11:15:11.413", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: fix crash when config small gso_max_size/gso_ipv4_max_size\n\nConfig a small gso_max_size/gso_ipv4_max_size will lead to an underflow\nin sk_dst_gso_max_size(), which may trigger a BUG_ON crash,\nbecause sk->sk_gso_max_size would be much bigger than device limits.\nCall Trace:\ntcp_write_xmit\n tso_segs = tcp_init_tso_segs(skb, mss_now);\n tcp_set_skb_tso_segs\n tcp_skb_pcount_set\n // skb->len = 524288, mss_now = 8\n // u16 tso_segs = 524288/8 = 65535 -> 0\n tso_segs = DIV_ROUND_UP(skb->len, mss_now)\n BUG_ON(!tso_segs)\nAdd check for the minimum value of gso_max_size and gso_ipv4_max_size." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: net: se corrige el fallo al configurar un gso_max_size/gso_ipv4_max_size peque\u00f1o. Configurar un gso_max_size/gso_ipv4_max_size peque\u00f1o provocar\u00e1 un desbordamiento en sk_dst_gso_max_size(), lo que puede desencadenar un fallo BUG_ON, porque sk->sk_gso_max_size ser\u00eda mucho mayor que los l\u00edmites del dispositivo. Seguimiento de llamadas: tcp_write_xmit tso_segs = tcp_init_tso_segs(skb, mss_now); tcp_set_skb_tso_segs tcp_skb_pcount_set // skb->len = 524288, mss_now = 8 // u16 tso_segs = 524288/8 = 65535 -> 0 tso_segs = DIV_ROUND_UP(skb->len, mss_now) BUG_ON(!tso_segs) Agregar verificaci\u00f3n para el valor m\u00ednimo de gso_max_size y gso_ipv4_max_size." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50259.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50259.json index 311a67c5179..36e39fe33e7 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50259.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50259.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50259", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.483", - "lastModified": "2024-11-09T11:15:11.483", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write()\n\nThis was found by a static analyzer.\nWe should not forget the trailing zero after copy_from_user()\nif we will further do some string operations, sscanf() in this\ncase. Adding a trailing zero will ensure that the function\nperforms properly." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: netdevsim: agregar un cero final para terminar la cadena en nsim_nexthop_bucket_activity_write(). Esto lo encontr\u00f3 un analizador est\u00e1tico. No debemos olvidar el cero final despu\u00e9s de copy_from_user() si vamos a realizar m\u00e1s operaciones con cadenas, sscanf() en este caso. Agregar un cero final garantizar\u00e1 que la funci\u00f3n se ejecute correctamente." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50260.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50260.json index 661ec3284ec..68b8039de69 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50260.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50260.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50260", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.550", - "lastModified": "2024-11-09T11:15:11.550", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nsock_map: fix a NULL pointer dereference in sock_map_link_update_prog()\n\nThe following race condition could trigger a NULL pointer dereference:\n\nsock_map_link_detach():\t\tsock_map_link_update_prog():\n mutex_lock(&sockmap_mutex);\n ...\n sockmap_link->map = NULL;\n mutex_unlock(&sockmap_mutex);\n \t\t\t\t mutex_lock(&sockmap_mutex);\n\t\t\t\t ...\n\t\t\t\t sock_map_prog_link_lookup(sockmap_link->map);\n\t\t\t\t mutex_unlock(&sockmap_mutex);\n \n\nFix it by adding a NULL pointer check. In this specific case, it makes\nno sense to update a link which is being released." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: sock_map: corrige una desreferencia de puntero NULL en sock_map_link_update_prog() La siguiente condici\u00f3n de ejecuci\u00f3n podr\u00eda desencadenar una desreferencia de puntero NULL: sock_map_link_detach(): sock_map_link_update_prog(): mutex_lock(&sockmap_mutex); ... sockmap_link->map = NULL; mutex_unlock(&sockmap_mutex); mutex_lock(&sockmap_mutex); ... sock_map_prog_link_lookup(sockmap_link->map); mutex_unlock(&sockmap_mutex); Solucione el problema a\u00f1adiendo una comprobaci\u00f3n de puntero NULL. En este caso espec\u00edfico, no tiene sentido actualizar un enlace que se est\u00e1 publicando." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50261.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50261.json index 05c964fabd1..71bb3a35b67 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50261.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50261.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50261", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.610", - "lastModified": "2024-11-09T11:15:11.610", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacsec: Fix use-after-free while sending the offloading packet\n\nKASAN reports the following UAF. The metadata_dst, which is used to\nstore the SCI value for macsec offload, is already freed by\nmetadata_dst_free() in macsec_free_netdev(), while driver still use it\nfor sending the packet.\n\nTo fix this issue, dst_release() is used instead to release\nmetadata_dst. So it is not freed instantly in macsec_free_netdev() if\nstill referenced by skb.\n\n BUG: KASAN: slab-use-after-free in mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n Read of size 2 at addr ffff88813e42e038 by task kworker/7:2/714\n [...]\n Workqueue: mld mld_ifc_work\n Call Trace:\n \n dump_stack_lvl+0x51/0x60\n print_report+0xc1/0x600\n kasan_report+0xab/0xe0\n mlx5e_xmit+0x1e8f/0x4190 [mlx5_core]\n dev_hard_start_xmit+0x120/0x530\n sch_direct_xmit+0x149/0x11e0\n __qdisc_run+0x3ad/0x1730\n __dev_queue_xmit+0x1196/0x2ed0\n vlan_dev_hard_start_xmit+0x32e/0x510 [8021q]\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n macsec_start_xmit+0x13e9/0x2340\n dev_hard_start_xmit+0x120/0x530\n __dev_queue_xmit+0x14a7/0x2ed0\n ip6_finish_output2+0x923/0x1a70\n ip6_finish_output+0x2d7/0x970\n ip6_output+0x1ce/0x3a0\n NF_HOOK.constprop.0+0x15f/0x190\n mld_sendpack+0x59a/0xbd0\n mld_ifc_work+0x48a/0xa80\n process_one_work+0x5aa/0xe50\n worker_thread+0x79c/0x1290\n kthread+0x28f/0x350\n ret_from_fork+0x2d/0x70\n ret_from_fork_asm+0x11/0x20\n \n\n Allocated by task 3922:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n __kasan_kmalloc+0x77/0x90\n __kmalloc_noprof+0x188/0x400\n metadata_dst_alloc+0x1f/0x4e0\n macsec_newlink+0x914/0x1410\n __rtnl_newlink+0xe08/0x15b0\n rtnl_newlink+0x5f/0x90\n rtnetlink_rcv_msg+0x667/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\n Freed by task 4011:\n kasan_save_stack+0x20/0x40\n kasan_save_track+0x10/0x30\n kasan_save_free_info+0x37/0x50\n poison_slab_object+0x10c/0x190\n __kasan_slab_free+0x11/0x30\n kfree+0xe0/0x290\n macsec_free_netdev+0x3f/0x140\n netdev_run_todo+0x450/0xc70\n rtnetlink_rcv_msg+0x66f/0xa80\n netlink_rcv_skb+0x12c/0x360\n netlink_unicast+0x551/0x770\n netlink_sendmsg+0x72d/0xbd0\n __sock_sendmsg+0xc5/0x190\n ____sys_sendmsg+0x52e/0x6a0\n ___sys_sendmsg+0xeb/0x170\n __sys_sendmsg+0xb5/0x140\n do_syscall_64+0x4c/0x100\n entry_SYSCALL_64_after_hwframe+0x4b/0x53" + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: macsec: Se corrige el use-after-free al enviar el paquete de descarga KASAN informa el siguiente UAF. El metadata_dst, que se utiliza para almacenar el valor SCI para la descarga de macsec, ya est\u00e1 liberado por metadata_dst_free() en macsec_free_netdev(), mientras que el controlador a\u00fan lo usa para enviar el paquete. Para solucionar este problema, se utiliza dst_release() en su lugar para liberar metadata_dst. Por lo tanto, no se libera instant\u00e1neamente en macsec_free_netdev() si a\u00fan se hace referencia a \u00e9l mediante skb. ERROR: KASAN: uso de losa despu\u00e9s de la liberaci\u00f3n en mlx5e_xmit+0x1e8f/0x4190 [mlx5_core] Lectura de tama\u00f1o 2 en la direcci\u00f3n ffff88813e42e038 por la tarea kworker/7:2/714 [...] Cola de trabajo: mld mld_ifc_work Seguimiento de llamadas: dump_stack_lvl+0x51/0x60 print_report+0xc1/0x600 kasan_report+0xab/0xe0 mlx5e_xmit+0x1e8f/0x4190 [mlx5_core] dev_hard_start_xmit+0x120/0x530 sch_direct_xmit+0x149/0x11e0 __qdisc_run+0x3ad/0x1730 __dev_queue_xmit+0x1196/0x2ed0 vlan_dev_hard_start_xmit+0x32e/0x510 [8021q] dev_hard_start_xmit+0x120/0x530 __dev_queue_xmit+0x14a7/0x2ed0 macsec_start_xmit+0x13e9/0x2340 dev_hard_start_xmit+0x120/0x530 __dev_queue_xmit+0x14a7/0x2ed0 ip6_finish_output2+0x923/0x1a70 ip6_finish_output+0x2d7/0x970 ip6_output+0x1ce/0x3a0 Asignado por la tarea 3922: kasan_save_stack+0x20/0x40 kasan_save_track+0x10/0x30 __kasan_kmalloc+0x77/0x90 __kmalloc_noprof+0x188/0x400 metadatos_dst_alloc+0x1f/0x4e0 macsec_newlink+0x914/0x1410 __rtnl_newlink+0xe08/0x15b0 rtnl_newlink+0x5f/0x90 rtnetlink_rcv_msg+0x667/0xa80 netlink_rcv_skb+0x12c/0x360 netlink_unicast+0x551/0x770 netlink_sendmsg+0x72d/0xbd0 __sock_sendmsg+0xc5/0x190 ____sys_sendmsg+0x52e/0x6a0 ___sys_sendmsg+0xeb/0x170 __sys_sendmsg+0xb5/0x140 do_syscall_64+0x4c/0x100 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Liberado por la tarea 4011: kasan_save_stack+0x20/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x50 poison_slab_object+0x10c/0x190 __kasan_slab_free+0x11/0x30 kfree+0xe0/0x290 macsec_free_netdev+0x3f/0x140 netdev_run_todo+0x450/0xc70 rtnetlink_rcv_msg+0x66f/0xa80 netlink_rcv_skb+0x12c/0x360 netlink_unicast+0x551/0x770 netlink_sendmsg+0x72d/0xbd0 __sock_sendmsg+0xc5/0x190 ____sys_sendmsg+0x52e/0x6a0 ___sys_sendmsg+0xeb/0x170 __sys_sendmsg+0xb5/0x140 hacer_syscall_64+0x4c/0x100 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x4b/0x53" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50262.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50262.json index 3433f0bc4e5..8499760246b 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50262.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50262.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50262", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-09T11:15:11.687", - "lastModified": "2024-11-09T11:15:11.687", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix out-of-bounds write in trie_get_next_key()\n\ntrie_get_next_key() allocates a node stack with size trie->max_prefixlen,\nwhile it writes (trie->max_prefixlen + 1) nodes to the stack when it has\nfull paths from the root to leaves. For example, consider a trie with\nmax_prefixlen is 8, and the nodes with key 0x00/0, 0x00/1, 0x00/2, ...\n0x00/8 inserted. Subsequent calls to trie_get_next_key with _key with\n.prefixlen = 8 make 9 nodes be written on the node stack with size 8." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: bpf: Se corrige la escritura fuera de los l\u00edmites en trie_get_next_key() trie_get_next_key() asigna una pila de nodos con tama\u00f1o trie->max_prefixlen, mientras escribe (trie->max_prefixlen + 1) nodos en la pila cuando tiene rutas completas desde la ra\u00edz hasta las hojas. Por ejemplo, considere un trie con max_prefixlen es 8, y los nodos con clave 0x00/0, 0x00/1, 0x00/2, ... 0x00/8 insertados. Las llamadas posteriores a trie_get_next_key con _key con .prefixlen = 8 hacen que se escriban 9 nodos en la pila de nodos con tama\u00f1o 8." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-502xx/CVE-2024-50263.json b/CVE-2024/CVE-2024-502xx/CVE-2024-50263.json index 76242a24373..e912aedd04e 100644 --- a/CVE-2024/CVE-2024-502xx/CVE-2024-50263.json +++ b/CVE-2024/CVE-2024-502xx/CVE-2024-50263.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50263", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-11-11T14:15:15.473", - "lastModified": "2024-11-11T14:15:15.473", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nfork: only invoke khugepaged, ksm hooks if no error\n\nThere is no reason to invoke these hooks early against an mm that is in an\nincomplete state.\n\nThe change in commit d24062914837 (\"fork: use __mt_dup() to duplicate\nmaple tree in dup_mmap()\") makes this more pertinent as we may be in a\nstate where entries in the maple tree are not yet consistent.\n\nTheir placement early in dup_mmap() only appears to have been meaningful\nfor early error checking, and since functionally it'd require a very small\nallocation to fail (in practice 'too small to fail') that'd only occur in\nthe most dire circumstances, meaning the fork would fail or be OOM'd in\nany case.\n\nSince both khugepaged and KSM tracking are there to provide optimisations\nto memory performance rather than critical functionality, it doesn't\nreally matter all that much if, under such dire memory pressure, we fail\nto register an mm with these.\n\nAs a result, we follow the example of commit d2081b2bf819 (\"mm:\nkhugepaged: make khugepaged_enter() void function\") and make ksm_fork() a\nvoid function also.\n\nWe only expose the mm to these functions once we are done with them and\nonly if no error occurred in the fork operation." + }, + { + "lang": "es", + "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: fork: solo invocar ganchos khugepaged, ksm si no hay error No hay raz\u00f3n para invocar estos ganchos de manera temprana contra un mm que est\u00e1 en un estado incompleto. El cambio en el commit d24062914837 (\"fork: usar __mt_dup() para duplicar el \u00e1rbol de maple en dup_mmap()\") hace que esto sea m\u00e1s pertinente ya que podemos estar en un estado donde las entradas en el \u00e1rbol de maple a\u00fan no son consistentes. Su ubicaci\u00f3n temprana en dup_mmap() solo parece haber sido significativa para la comprobaci\u00f3n temprana de errores, y dado que funcionalmente requerir\u00eda una asignaci\u00f3n muy peque\u00f1a para fallar (en la pr\u00e1ctica 'demasiado peque\u00f1a para fallar') eso solo ocurrir\u00eda en las circunstancias m\u00e1s extremas, lo que significa que la bifurcaci\u00f3n fallar\u00eda o quedar\u00eda OOM en cualquier caso. Dado que tanto el seguimiento de khugepaged como el de KSM est\u00e1n ah\u00ed para proporcionar optimizaciones al rendimiento de la memoria en lugar de una funcionalidad cr\u00edtica, en realidad no importa tanto si, bajo una presi\u00f3n de memoria tan extrema, no logramos registrar un mm con estos. Como resultado, seguimos el ejemplo de el commit d2081b2bf819 (\"mm: khugepaged: make khugepaged_enter() void function\") y tambi\u00e9n hacemos que ksm_fork() sea una funci\u00f3n void. Solo exponemos el mm a estas funciones una vez que terminamos con ellas y solo si no ocurri\u00f3 ning\u00fan error en la operaci\u00f3n de bifurcaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50310.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50310.json new file mode 100644 index 00000000000..72faa64847d --- /dev/null +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50310.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-50310", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:11.660", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unauthenticated remote attacker to gain access to the filesystem." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.7, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-654798.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-503xx/CVE-2024-50313.json b/CVE-2024/CVE-2024-503xx/CVE-2024-50313.json new file mode 100644 index 00000000000..153876d2c2a --- /dev/null +++ b/CVE-2024/CVE-2024-503xx/CVE-2024-50313.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-50313", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:11.910", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 6.9, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-362" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-914892.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50524.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50524.json index 9e119a6b08b..a3b7cddc8f4 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50524.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50524.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50524", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:05.667", - "lastModified": "2024-11-09T10:15:05.667", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in quyle91 Administrator Z allows Blind SQL Injection.This issue affects Administrator Z: from n/a through 2024.11.04." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en quyle91 Administrator Z permite la inyecci\u00f3n SQL ciega. Este problema afecta a Administrator Z: desde n/a hasta 2024.11.04." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50539.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50539.json index d1a44c471cc..3424158c7ca 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50539.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50539.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50539", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:06.017", - "lastModified": "2024-11-09T10:15:06.017", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Lodgix Lodgix.Com Vacation Rental Website Builder allows SQL Injection.This issue affects Lodgix.Com Vacation Rental Website Builder: from n/a through 3.9.73." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Lodgix Lodgix.Com Vacation Rental Website Builder permite la inyecci\u00f3n SQL. Este problema afecta a Lodgix.Com Vacation Rental Website Builder: desde n/a hasta 3.9.73." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50544.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50544.json index a7a39f7ca3e..807cf35b13a 100644 --- a/CVE-2024/CVE-2024-505xx/CVE-2024-50544.json +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50544.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50544", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:06.273", - "lastModified": "2024-11-09T10:15:06.273", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Micah Blu RSVP ME allows SQL Injection.This issue affects RSVP ME: from n/a through 1.9.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Micah Blu RSVP ME permite la inyecci\u00f3n SQL. Este problema afecta a RSVP ME: desde n/a hasta 1.9.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50557.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50557.json new file mode 100644 index 00000000000..84b8af3aac2 --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50557.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-50557", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:12.157", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate input in configuration fields of the iperf functionality. This could allow an unauthenticated remote attacker to execute arbitrary code on the device." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.6, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50558.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50558.json new file mode 100644 index 00000000000..45b669cc7c0 --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50558.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-50558", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:12.403", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices improperly manage access control for read-only users. This could allow an attacker to cause a temporary denial of service condition." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "NONE", + "vulnerableSystemAvailability": "LOW", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "LOW", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50559.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50559.json new file mode 100644 index 00000000000..b74a77efa2e --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50559.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-50559", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:12.653", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly validate the filenames of the certificate. This could allow an authenticated remote attacker to append arbitrary values which will lead to compromise of integrity of the system." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50560.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50560.json new file mode 100644 index 00000000000..55223efe28c --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50560.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-50560", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:12.913", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices truncates usernames longer than 15 characters when accessed via SSH or Telnet. This could allow an attacker to compromise system integrity." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "attackRequirements": "PRESENT", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 2.3, + "baseSeverity": "LOW" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 3.1, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 1.6, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-20" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50561.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50561.json new file mode 100644 index 00000000000..b7df57e309b --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50561.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-50561", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:13.260", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly sanitize the filenames before uploading. This could allow an authenticated remote attacker to compromise of integrity of the system." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "NONE", + "userInteraction": "ACTIVE", + "vulnerableSystemConfidentiality": "NONE", + "vulnerableSystemIntegrity": "LOW", + "vulnerableSystemAvailability": "NONE", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 5.1, + "baseSeverity": "MEDIUM" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 4.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 1.4 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-505xx/CVE-2024-50572.json b/CVE-2024/CVE-2024-505xx/CVE-2024-50572.json new file mode 100644 index 00000000000..79483b4d467 --- /dev/null +++ b/CVE-2024/CVE-2024-505xx/CVE-2024-50572.json @@ -0,0 +1,100 @@ +{ + "id": "CVE-2024-50572", + "sourceIdentifier": "productcert@siemens.com", + "published": "2024-11-12T13:15:13.503", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.2), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.2), SCALANCE M804PB (6GK5804-0AP00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1AA00-2AA2) (All versions < V8.2), SCALANCE M812-1 ADSL-Router (6GK5812-1BA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1AA00-2AA2) (All versions < V8.2), SCALANCE M816-1 ADSL-Router (6GK5816-1BA00-2AA2) (All versions < V8.2), SCALANCE M826-2 SHDSL-Router (6GK5826-2AB00-2AB2) (All versions < V8.2), SCALANCE M874-2 (6GK5874-2AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 (6GK5874-3AA00-2AA2) (All versions < V8.2), SCALANCE M874-3 3G-Router (CN) (6GK5874-3AA00-2FA2) (All versions < V8.2), SCALANCE M876-3 (6GK5876-3AA02-2BA2) (All versions < V8.2), SCALANCE M876-3 (ROK) (6GK5876-3AA02-2EA2) (All versions < V8.2), SCALANCE M876-4 (6GK5876-4AA10-2BA2) (All versions < V8.2), SCALANCE M876-4 (EU) (6GK5876-4AA00-2BA2) (All versions < V8.2), SCALANCE M876-4 (NAM) (6GK5876-4AA00-2DA2) (All versions < V8.2), SCALANCE MUM853-1 (A1) (6GK5853-2EA10-2AA1) (All versions < V8.2), SCALANCE MUM853-1 (B1) (6GK5853-2EA10-2BA1) (All versions < V8.2), SCALANCE MUM853-1 (EU) (6GK5853-2EA00-2DA1) (All versions < V8.2), SCALANCE MUM856-1 (A1) (6GK5856-2EA10-3AA1) (All versions < V8.2), SCALANCE MUM856-1 (B1) (6GK5856-2EA10-3BA1) (All versions < V8.2), SCALANCE MUM856-1 (CN) (6GK5856-2EA00-3FA1) (All versions < V8.2), SCALANCE MUM856-1 (EU) (6GK5856-2EA00-3DA1) (All versions < V8.2), SCALANCE MUM856-1 (RoW) (6GK5856-2EA00-3AA1) (All versions < V8.2), SCALANCE S615 EEC LAN-Router (6GK5615-0AA01-2AA2) (All versions < V8.2), SCALANCE S615 LAN-Router (6GK5615-0AA00-2AA2) (All versions < V8.2). Affected devices do not properly sanitize an input field. This could allow an authenticated remote attacker with administrative privileges to inject code or spawn a system root shell." + } + ], + "metrics": { + "cvssMetricV40": [ + { + "source": "productcert@siemens.com", + "type": "Secondary", + "cvssData": { + "version": "4.0", + "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "attackRequirements": "NONE", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "vulnerableSystemConfidentiality": "HIGH", + "vulnerableSystemIntegrity": "HIGH", + "vulnerableSystemAvailability": "HIGH", + "subsequentSystemConfidentiality": "NONE", + "subsequentSystemIntegrity": "NONE", + "subsequentSystemAvailability": "NONE", + "exploitMaturity": "NOT_DEFINED", + "confidentialityRequirements": "NOT_DEFINED", + "integrityRequirements": "NOT_DEFINED", + "availabilityRequirements": "NOT_DEFINED", + "modifiedAttackVector": "NOT_DEFINED", + "modifiedAttackComplexity": "NOT_DEFINED", + "modifiedAttackRequirements": "NOT_DEFINED", + "modifiedPrivilegesRequired": "NOT_DEFINED", + "modifiedUserInteraction": "NOT_DEFINED", + "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED", + "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", + "modifiedVulnerableSystemAvailability": "NOT_DEFINED", + "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", + "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", + "modifiedSubsequentSystemAvailability": "NOT_DEFINED", + "safety": "NOT_DEFINED", + "automatable": "NOT_DEFINED", + "recovery": "NOT_DEFINED", + "valueDensity": "NOT_DEFINED", + "vulnerabilityResponseEffort": "NOT_DEFINED", + "providerUrgency": "NOT_DEFINED", + "baseScore": 8.6, + "baseSeverity": "HIGH" + } + } + ], + "cvssMetricV31": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.2, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.2, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "productcert@siemens.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-74" + } + ] + } + ], + "references": [ + { + "url": "https://cert-portal.siemens.com/productcert/html/ssa-354112.html", + "source": "productcert@siemens.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50601.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50601.json index dfd81ee363d..d1c3819ef63 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50601.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50601.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50601", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T23:15:05.763", - "lastModified": "2024-11-11T23:15:05.763", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Persistent and reflected XSS vulnerabilities in the themeMode cookie and _h URL parameter of Axigen Mail Server up to version 10.5.28 allow attackers to execute arbitrary Javascript. Exploitation could lead to session hijacking, data leakage, and further exploitation via a multi-stage attack. Fixed in versions 10.3.3.67, 10.4.42, and 10.5.29." + }, + { + "lang": "es", + "value": "Las vulnerabilidades XSS persistentes y reflejado en la cookie themeMode y el par\u00e1metro URL _h de Axigen Mail Server hasta la versi\u00f3n 10.5.28 permiten a los atacantes ejecutar c\u00f3digo JavaScript arbitrario. Su explotaci\u00f3n podr\u00eda provocar el secuestro de sesiones, la fuga de datos y una mayor explotaci\u00f3n mediante un ataque de varias etapas. Se corrigi\u00f3 en las versiones 10.3.3.67, 10.4.42 y 10.5.29." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50636.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50636.json index 041446e3332..7c501e10964 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50636.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50636.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50636", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T23:15:05.833", - "lastModified": "2024-11-11T23:15:05.833", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "PyMOL 2.5.0 contains a vulnerability in its \"Run Script\" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution (RCE). This vulnerability arises because PyMOL treats .PYM files as Python scripts without properly validating or restricting the commands within the script, enabling attackers to run unauthorized commands in the context of the user running the application." + }, + { + "lang": "es", + "value": "PyMOL 2.5.0 contiene una vulnerabilidad en su funci\u00f3n \"Run Script\", que permite la ejecuci\u00f3n de c\u00f3digo Python arbitrario incrustado en archivos .PYM. Los atacantes pueden manipular un archivo .PYM malicioso que contenga un payload de shell inversa de Python y explotar la funci\u00f3n para lograr la ejecuci\u00f3n remota de comandos (RCE). Esta vulnerabilidad surge porque PyMOL trata los archivos .PYM como scripts de Python sin validar o restringir adecuadamente los comandos dentro del script, lo que permite a los atacantes ejecutar comandos no autorizados en el contexto del usuario que ejecuta la aplicaci\u00f3n." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-506xx/CVE-2024-50667.json b/CVE-2024/CVE-2024-506xx/CVE-2024-50667.json index 8c99e4b7dda..045a084393c 100644 --- a/CVE-2024/CVE-2024-506xx/CVE-2024-50667.json +++ b/CVE-2024/CVE-2024-506xx/CVE-2024-50667.json @@ -2,8 +2,8 @@ "id": "CVE-2024-50667", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T19:15:03.960", - "lastModified": "2024-11-11T19:15:03.960", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -16,6 +16,10 @@ { "lang": "en", "value": "The boa httpd of Trendnet TEW-820AP 1.01.B01 has a stack overflow vulnerability in /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. The reason is that the check of ipv6 address is not sufficient, which allows attackers to construct payloads for attacks." + }, + { + "lang": "es", + "value": "El boa httpd de Trendnet TEW-820AP 1.01.B01 tiene una vulnerabilidad de desbordamiento de pila en /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, /boafrm/formDnsv6. La raz\u00f3n es que la comprobaci\u00f3n de la direcci\u00f3n IPv6 no es suficiente, lo que permite a los atacantes construir payloads para los ataques." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50808.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50808.json index f4bea837ed3..b23cee50a4f 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50808.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50808.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50808", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T21:15:20.740", - "lastModified": "2024-11-08T21:15:20.740", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the \"notify\" variable in admin_notify.php." + }, + { + "lang": "es", + "value": "SeaCms 13.1 es vulnerable a la inyecci\u00f3n de c\u00f3digo en el m\u00f3dulo de notificaci\u00f3n del m\u00f3dulo de notificaci\u00f3n de mensajes de miembros en el m\u00f3dulo de usuario backend, debido al manejo inseguro de la variable \"notificar\" en admin_notify.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50809.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50809.json index 0d58fee7f17..d7e5e564aa5 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50809.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50809.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50809", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T21:15:20.870", - "lastModified": "2024-11-08T21:15:20.870", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The theme.php file in SDCMS 2.8 has a command execution vulnerability that allows for the execution of system commands" + }, + { + "lang": "es", + "value": "El archivo theme.php en SDCMS 2.8 tiene una vulnerabilidad de ejecuci\u00f3n de comandos que permite la ejecuci\u00f3n de comandos del sistema" } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50810.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50810.json index dd6917bf34d..efe09924e90 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50810.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50810.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50810", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T19:15:05.877", - "lastModified": "2024-11-08T19:15:05.877", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "hopetree izone lts c011b48 contains a Cross Site Scripting (XSS) vulnerability in the article comment function. In \\apps\\comment\\views.py, AddCommintView() does not securely filter user input and renders it directly to the frontend page through templates." + }, + { + "lang": "es", + "value": "hopetree izone lts c011b48 contiene una vulnerabilidad de tipo Cross Site Scripting (XSS) en la funci\u00f3n de comentarios de art\u00edculos. En \\apps\\comment\\views.py, AddCommintView() no filtra de forma segura la entrada del usuario y la muestra directamente en la p\u00e1gina de interfaz a trav\u00e9s de plantillas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-508xx/CVE-2024-50811.json b/CVE-2024/CVE-2024-508xx/CVE-2024-50811.json index 5b54f5bcf74..babef86e90b 100644 --- a/CVE-2024/CVE-2024-508xx/CVE-2024-50811.json +++ b/CVE-2024/CVE-2024-508xx/CVE-2024-50811.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50811", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T19:15:06.020", - "lastModified": "2024-11-08T19:15:06.020", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "hopetree izone lts c011b48 contains a server-side request forgery (SSRF) vulnerability in the active push function as \\\\apps\\\\tool\\\\apis\\\\bd_push.py does not securely filter user input through push_urls() and get_urls()." + }, + { + "lang": "es", + "value": "hopetree izone lts c011b48 contiene una vulnerabilidad de server-side request forgery (SSRF) en la funci\u00f3n push activa ya que \\\\apps\\\\tool\\\\apis\\\\bd_push.py no filtra de forma segura la entrada del usuario a trav\u00e9s de push_urls() y get_urls()." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50989.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50989.json index 3d51a865a3e..76be2c38d87 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50989.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50989.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50989", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T15:15:06.390", - "lastModified": "2024-11-11T15:15:06.390", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A SQL injection vulnerability in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System v1.0 allows an attacker to execute arbitrary SQL commands via the \"searchdata \" parameter." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n SQL en /omrs/admin/search.php en PHPGurukul Online Marriage Registration System v1.0 permite a un atacante ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro \"searchdata\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50990.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50990.json index 5f4d7c105af..6c1fb801081 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50990.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50990.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50990", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T15:15:06.470", - "lastModified": "2024-11-11T15:15:06.470", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Reflected Cross Site Scriptng (XSS) vulnerability was found in /omrs/user/search.php in PHPGurukul Online Marriage Registration System v1.0, which allows remote attackers to execute arbitrary code via the \"searchdata\" POST request parameter." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de tipo Cross Site Scriptng (XSS) reflejado en /omrs/user/search.php en PHPGurukul Online Marriage Registration System v1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de solicitud POST \"searchdata\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-509xx/CVE-2024-50991.json b/CVE-2024/CVE-2024-509xx/CVE-2024-50991.json index c682df850e1..3b281bd380e 100644 --- a/CVE-2024/CVE-2024-509xx/CVE-2024-50991.json +++ b/CVE-2024/CVE-2024-509xx/CVE-2024-50991.json @@ -2,13 +2,17 @@ "id": "CVE-2024-50991", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T15:15:06.527", - "lastModified": "2024-11-11T15:15:06.527", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Cross Site Scripting (XSS) vulnerability was found in /ums-sp/admin/registered-users.php in PHPGurukul User Management System v1.0, which allows remote attackers to execute arbitrary code via the \"fname\" POST request parameter" + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scripting (XSS) en /ums-sp/admin/registered-users.php en PHPGurukul User Management System v1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de solicitud POST \"fname\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51026.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51026.json index 90c12bcd145..77d20fe1db3 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51026.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51026.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51026", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T21:15:06.683", - "lastModified": "2024-11-11T21:15:06.683", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field." + }, + { + "lang": "es", + "value": "El sistema NetAdmin IAM (versi\u00f3n 4.0.30319) tiene una vulnerabilidad de Cross Site Scripting (XSS) en el endpoint /BalloonSave.ashx, donde es posible inyectar un payload malicioso en el campo Content=." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51054.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51054.json index 73e61b5d2e0..e17db49aa15 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51054.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51054.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51054", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T15:15:06.603", - "lastModified": "2024-11-11T15:15:06.603", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A Cross Site Scriptng (XSS) vulnerability was found in /omrs/admin/search.php in PHPGurukul Online Marriage Registration System 1.0, which allows remote attackers to execute arbitrary code via the \"searchdata\" POST request parameter." + }, + { + "lang": "es", + "value": "Se encontr\u00f3 una vulnerabilidad de Cross Site Scriptng (XSS) en /omrs/admin/search.php en PHPGurukul Online Marriage Registration System 1.0, que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s del par\u00e1metro de solicitud POST \"searchdata\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json b/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json index 8835cfde5b9..b7bb2e21cdf 100644 --- a/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json +++ b/CVE-2024/CVE-2024-510xx/CVE-2024-51055.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51055", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T19:15:06.190", - "lastModified": "2024-11-08T19:15:06.190", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An issue Hoosk v1.7.1 allows a remote attacker to execute arbitrary code via a crafted script to the config.php component." + }, + { + "lang": "es", + "value": "Un problema en Hoosk v1.7.1 permite que un atacante remoto ejecute c\u00f3digo arbitrario a trav\u00e9s de un script manipulado en el componente config.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51135.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51135.json index bc83091402f..6e33044ef94 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51135.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51135.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51135", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T19:15:04.047", - "lastModified": "2024-11-11T19:15:04.047", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An XML External Entity (XXE) vulnerability in the component DocumentBuilderFactory of powertac-server v1.9.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de entidad externa XML (XXE) en el componente DocumentBuilderFactory de powertac-server v1.9.0 permite a los atacantes acceder a informaci\u00f3n confidencial o ejecutar c\u00f3digo arbitrario mediante el suministro de una solicitud manipulada que contiene entidades XML maliciosas." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51157.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51157.json index 18d268928cc..5fc5071e78a 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51157.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51157.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51157", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T21:15:20.980", - "lastModified": "2024-11-08T21:15:20.980", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component http://erp.07fly.net:80/oa/OaSchedule/add.html." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que 07FLYCMS V1.3.9 conten\u00eda Cross-Site Request Forgery (CSRF) a trav\u00e9s del componente http://erp.07fly.net:80/oa/OaSchedule/add.html." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51186.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51186.json index 120bbeace46..fb4335392ee 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51186.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51186.json @@ -2,8 +2,8 @@ "id": "CVE-2024-51186", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:17.877", - "lastModified": "2024-11-11T20:15:17.877", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [ { "sourceIdentifier": "cve@mitre.org", @@ -16,6 +16,10 @@ { "lang": "en", "value": "D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions." + }, + { + "lang": "es", + "value": "Se descubri\u00f3 que D-Link DIR-820L 1.05b03 contiene una vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo (RCE) a trav\u00e9s del par\u00e1metro ping_addr en las funciones ping_v4 y ping_v6." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51187.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51187.json index 064f84c3b97..9e4248f3295 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51187.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51187.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51187", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:17.943", - "lastModified": "2024-11-12T02:35:01.737", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the firewallRule_Name_1.1.1.0.0 parameter on the /firewall_setting.htm page." + }, + { + "lang": "es", + "value": "Los dispositivos TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01 y TEW-652BRU 1.00b12 contienen una vulnerabilidad de Cross-site scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro firewallRule_Name_1.1.1.0.0 en la p\u00e1gina /firewall_setting.htm." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51188.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51188.json index 5226042e5a2..ccb57c01aa8 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51188.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51188.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51188", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:18.000", - "lastModified": "2024-11-12T02:35:03.130", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the vsRule_VirtualServerName_1.1.10.0.0 parameter on the /virtual_server.htm page." + }, + { + "lang": "es", + "value": "Los dispositivos TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01 y TEW-652BRU 1.00b12 contienen una vulnerabilidad de Cross-site scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro vsRule_VirtualServerName_1.1.10.0.0 en la p\u00e1gina /virtual_server.htm." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51189.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51189.json index a5914b5a85d..90dd9fc69ea 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51189.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51189.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51189", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:18.060", - "lastModified": "2024-11-12T02:35:03.970", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the macList_Name_1.1.1.0.0 parameter on the /filters.htm page." + }, + { + "lang": "es", + "value": "Los dispositivos TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01 y TEW-652BRU 1.00b12 contienen una vulnerabilidad de Cross-site scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro macList_Name_1.1.1.0.0 en la p\u00e1gina /filters.htm." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-511xx/CVE-2024-51190.json b/CVE-2024/CVE-2024-511xx/CVE-2024-51190.json index 05320a009df..0cdb8f3b5f5 100644 --- a/CVE-2024/CVE-2024-511xx/CVE-2024-51190.json +++ b/CVE-2024/CVE-2024-511xx/CVE-2024-51190.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51190", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:18.117", - "lastModified": "2024-11-12T02:35:04.850", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01, and TEW-652BRU 1.00b12 devices contain a Store Cross-site scripting (XSS) vulnerability via the ptRule_ApplicationName_1.1.6.0.0 parameter on the /special_ap.htm page." + }, + { + "lang": "es", + "value": "Los dispositivos TRENDnet TEW-651BR 2.04B1, TEW-652BRP 3.04b01 y TEW-652BRU 1.00b12 contienen una vulnerabilidad de Cross-site scripting (XSS) almacenado a trav\u00e9s del par\u00e1metro ptRule_ApplicationName_1.1.6.0.0 en la p\u00e1gina /special_ap.htm." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-512xx/CVE-2024-51211.json b/CVE-2024/CVE-2024-512xx/CVE-2024-51211.json index 139dc10e480..5cdac28e663 100644 --- a/CVE-2024/CVE-2024-512xx/CVE-2024-51211.json +++ b/CVE-2024/CVE-2024-512xx/CVE-2024-51211.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51211", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-08T19:15:06.347", - "lastModified": "2024-11-08T19:15:06.347", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.php file. The vulnerability is due to improper input validation of the $username_stn_id parameter, which can be manipulated by an attacker to inject arbitrary SQL commands." + }, + { + "lang": "es", + "value": "Existe una vulnerabilidad de inyecci\u00f3n SQL en OS4ED openSIS-Classic versi\u00f3n 9.1, espec\u00edficamente en el archivo resetuserinfo.php. La vulnerabilidad se debe a una validaci\u00f3n de entrada incorrecta del par\u00e1metro $username_stn_id, que puede ser manipulado por un atacante para inyectar comandos SQL arbitrarios." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-512xx/CVE-2024-51213.json b/CVE-2024/CVE-2024-512xx/CVE-2024-51213.json index 7c1d865f44d..6c603a5aa30 100644 --- a/CVE-2024/CVE-2024-512xx/CVE-2024-51213.json +++ b/CVE-2024/CVE-2024-512xx/CVE-2024-51213.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51213", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T23:15:05.900", - "lastModified": "2024-11-11T23:15:05.900", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross Site Scripting vulnerability in Online Shop Store v.1.0 allows a remote attacker to execute arbitrary code via the login.php component." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross Site Scripting en Online Shop Store v.1.0 permite a un atacante remoto ejecutar c\u00f3digo arbitrario a trav\u00e9s del componente login.php." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51484.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51484.json index ba9568cc3fe..f623393b4bc 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51484.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51484.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51484", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:18.170", - "lastModified": "2024-11-11T20:15:18.170", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating controllers. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Ampache es una aplicaci\u00f3n de transmisi\u00f3n de audio y video basada en la web y un administrador de archivos. La implementaci\u00f3n actual del an\u00e1lisis de tokens no logra validar correctamente los tokens CSRF al activar o desactivar los controladores. Esta vulnerabilidad permite que un atacante aproveche los ataques CSRF, lo que potencialmente le permite cambiar las caracter\u00edsticas del sitio web que solo deber\u00edan ser administradas por administradores a trav\u00e9s de solicitudes maliciosas. Este problema se ha solucionado en la versi\u00f3n 7.0.1 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51485.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51485.json index 5129ea24827..44d87b588d3 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51485.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51485.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51485", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:18.313", - "lastModified": "2024-11-11T20:15:18.313", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Ampache es una aplicaci\u00f3n de transmisi\u00f3n de audio y video basada en la web y un administrador de archivos. La implementaci\u00f3n actual del an\u00e1lisis de tokens no logra validar correctamente los tokens CSRF al activar o desactivar complementos. Esta vulnerabilidad permite que un atacante aproveche los ataques CSRF, lo que potencialmente le permite cambiar las caracter\u00edsticas del sitio web que solo deber\u00edan ser administradas por administradores a trav\u00e9s de solicitudes maliciosas. Este problema se ha solucionado en la versi\u00f3n 7.0.1 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51486.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51486.json index 9d8be7cfaf2..1cba99cd600 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51486.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51486.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51486", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:18.430", - "lastModified": "2024-11-11T20:15:18.430", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the \"Custom URL\u200a-\u200aFavicon\". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + "value": "Ampache is a web based audio/video streaming application and file manager. The vulnerability exists in the interface section of the Ampache menu, where users can change the \"Custom URL?-?Favicon\". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Ampache es una aplicaci\u00f3n de transmisi\u00f3n de audio y video basada en la web y un administrador de archivos. La vulnerabilidad existe en la secci\u00f3n de interfaz del men\u00fa de Ampache, donde los usuarios pueden cambiar la \"URL personalizada - Favicono\". Esta secci\u00f3n no est\u00e1 debidamente desinfectada, lo que permite la entrada de cadenas que pueden ejecutar JavaScript. Este problema se ha solucionado en la versi\u00f3n 7.0.1 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51487.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51487.json index 29cb1f4f79d..6fb7720b0bd 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51487.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51487.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51487", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:18.640", - "lastModified": "2024-11-11T20:15:18.640", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Ampache es una aplicaci\u00f3n de transmisi\u00f3n de audio y video basada en la web y un administrador de archivos. La implementaci\u00f3n actual del an\u00e1lisis de tokens no logra validar correctamente los tokens CSRF al activar o desactivar el cat\u00e1logo. Esta vulnerabilidad permite a un atacante aprovechar los ataques CSRF, lo que potencialmente le permite cambiar las caracter\u00edsticas del sitio web que solo deber\u00edan ser administradas por administradores a trav\u00e9s de solicitudes maliciosas. Este problema se ha solucionado en la versi\u00f3n 7.0.1 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51488.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51488.json index e72677ad9f5..9a001eeb3bc 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51488.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51488.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51488", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:18.757", - "lastModified": "2024-11-11T20:15:18.757", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Ampache es una aplicaci\u00f3n de transmisi\u00f3n de audio y video basada en la web y un administrador de archivos. La implementaci\u00f3n actual del an\u00e1lisis de tokens no valida adecuadamente los tokens CSRF cuando los usuarios eliminan mensajes. Esta vulnerabilidad podr\u00eda aprovecharse para forjar ataques CSRF, lo que permitir\u00eda a un atacante eliminar mensajes de cualquier usuario, incluidos los administradores, si interact\u00faan con una solicitud maliciosa. Este problema se ha solucionado en la versi\u00f3n 7.0.1 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51489.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51489.json index 1e618170e9a..bf97db40fe1 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51489.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51489.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51489", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:18.877", - "lastModified": "2024-11-11T20:15:18.877", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Ampache es una aplicaci\u00f3n de transmisi\u00f3n de audio y video basada en la web y un administrador de archivos. La implementaci\u00f3n actual del an\u00e1lisis de tokens no valida adecuadamente los tokens CSRF cuando los usuarios se env\u00edan mensajes entre s\u00ed. Esta vulnerabilidad podr\u00eda aprovecharse para falsificar ataques CSRF, lo que permitir\u00eda a un atacante enviar mensajes a cualquier usuario, incluidos los administradores, si interact\u00faan con una solicitud maliciosa. Este problema se ha solucionado en la versi\u00f3n 7.0.1 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-514xx/CVE-2024-51490.json b/CVE-2024/CVE-2024-514xx/CVE-2024-51490.json index 9534d7dfff6..b9aff8180f6 100644 --- a/CVE-2024/CVE-2024-514xx/CVE-2024-51490.json +++ b/CVE-2024/CVE-2024-514xx/CVE-2024-51490.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51490", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:18.987", - "lastModified": "2024-11-11T20:15:18.987", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Ampache is a web based audio/video streaming application and file manager. This vulnerability exists in the interface section of the Ampache menu, where users can change \"Custom URL - Logo\". This section is not properly sanitized, allowing for the input of strings that can execute JavaScript. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Ampache es una aplicaci\u00f3n de transmisi\u00f3n de audio y video basada en la web y un administrador de archivos. Esta vulnerabilidad existe en la secci\u00f3n de interfaz del men\u00fa de Ampache, donde los usuarios pueden cambiar la \"URL personalizada - Logotipo\". Esta secci\u00f3n no est\u00e1 debidamente desinfectada, lo que permite la entrada de cadenas que pueden ejecutar JavaScript. Este problema se ha solucionado en la versi\u00f3n 7.0.1 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51570.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51570.json index bc07ae61781..4e186ddb5eb 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51570.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51570.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51570", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:03.520", - "lastModified": "2024-11-09T09:15:03.520", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Odihost Easy Gallery allows SQL Injection.This issue affects Easy Gallery: from n/a through 1.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Odihost Easy Gallery permite la inyecci\u00f3n SQL. Este problema afecta a Easy Gallery: desde n/a hasta 1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51571.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51571.json index 919b8ce5a21..a45fefd8303 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51571.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51571.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51571", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:05.300", - "lastModified": "2024-11-11T06:15:05.300", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MasterBip MasterBip para Elementor allows DOM-Based XSS.This issue affects MasterBip para Elementor: from n/a through 1.6.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en MasterBip MasterBip para Elementor permite XSS basado en DOM. Este problema afecta a MasterBip para Elementor: desde n/a hasta 1.6.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51572.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51572.json index 53429c389db..47e176e6871 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51572.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51572.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51572", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:05.600", - "lastModified": "2024-11-11T06:15:05.600", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Peter Shaw LH QR Codes allows Stored XSS.This issue affects LH QR Codes: from n/a through 1.06." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Peter Shaw LH QR Codes permite XSS almacenado. Este problema afecta a los c\u00f3digos QR de LH: desde n/a hasta 1.06." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51573.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51573.json index 8f9deb7113a..b95ff5642d5 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51573.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51573.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51573", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:05.887", - "lastModified": "2024-11-11T06:15:05.887", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Matthew Lillistone ML Responsive Audio player with playlist Shortcode allows Stored XSS.This issue affects ML Responsive Audio player with playlist Shortcode: from n/a through 0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Matthew Lillistone ML Responsive Audio player with playlist Shortcodepermite XSS almacenado. Este problema afecta al reproductor de audio responsivo ML con c\u00f3digo abreviado de lista de reproducci\u00f3n: desde n/a hasta 0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51574.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51574.json index e32bd4c9549..17b13d60064 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51574.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51574.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51574", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:06.160", - "lastModified": "2024-11-11T06:15:06.160", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Simple Goods allows Stored XSS.This issue affects Simple Goods: from n/a through 0.1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Simple Goods permite XSS almacenado. Este problema afecta a Simple Goods: desde n/a hasta 0.1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51575.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51575.json index e08427c4b38..ad8146ee18f 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51575.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51575.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51575", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:06.463", - "lastModified": "2024-11-11T06:15:06.463", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Extender All In One For Elementor allows Stored XSS.This issue affects Extender All In One For Elementor: from n/a through 1.0.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Abdullah Extender All In One For Elementor permite XSS almacenado. Este problema afecta a Extender All In One For Elementor: desde n/a hasta 1.0.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51576.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51576.json index f21cbc5f62f..9c24fa3b535 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51576.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51576.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51576", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-10T12:15:19.290", - "lastModified": "2024-11-10T12:15:19.290", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZA AMP Img Shortcode allows Stored XSS.This issue affects AMP Img Shortcode: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WPZA AMP Img Shortcode permite XSS almacenado. Este problema afecta al c\u00f3digo corto de imagen AMP: desde n/a hasta 1.0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51577.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51577.json index 7c30e38a4da..8b481100cad 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51577.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51577.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51577", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-10T10:15:04.877", - "lastModified": "2024-11-10T10:15:04.877", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Camunda Services GmbH bpmn.Io allows Stored XSS.This issue affects bpmn.Io: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Camunda Services GmbH bpmn.Io permite XSS almacenado. Este problema afecta a bpmn.Io: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51578.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51578.json index da9c1fe8984..51dd573036f 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51578.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51578.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51578", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-10T10:15:05.270", - "lastModified": "2024-11-10T10:15:05.270", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luca Paggetti 3D Presentation allows Stored XSS.This issue affects 3D Presentation: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Luca Paggetti 3D Presentation permite XSS almacenado. Este problema afecta a 3D Presentation: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51579.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51579.json index e7493a67638..fab26da4192 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51579.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51579.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51579", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:03.903", - "lastModified": "2024-11-09T09:15:03.903", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder.Biz 5 Stars Rating Funnel allows SQL Injection.This issue affects 5 Stars Rating Funnel: from n/a through 1.4.01." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Saleswonder.Biz 5 Stars Rating Funnel permite la inyecci\u00f3n SQL. Este problema afecta al embudo de calificaci\u00f3n de 5 estrellas: desde n/a hasta 1.4.01." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51580.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51580.json index 790988ee5ef..29af91c6e11 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51580.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51580.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51580", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-10T09:15:03.310", - "lastModified": "2024-11-10T09:15:03.310", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CleverSoft Clever Addons for Elementor allows Stored XSS.This issue affects Clever Addons for Elementor: from n/a through 2.2.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CleverSoft Clever Addons for Elementor permite XSS almacenado. Este problema afecta a Clever Addons for Elementor: desde n/a hasta 2.2.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51581.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51581.json index a64c358dfdd..1c40f3e913e 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51581.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51581.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51581", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-10T09:15:03.573", - "lastModified": "2024-11-10T09:15:03.573", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Stored XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en NicheAddons Restaurant & Cafe Addon for Elementor permite XSS almacenado. Este problema afecta al complemento Restaurant & Cafe para Elementor: desde n/a hasta 1.5.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51583.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51583.json index 684ffafed01..1049c7adc69 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51583.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51583.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51583", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-10T09:15:03.793", - "lastModified": "2024-11-10T09:15:03.793", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in KentoThemes Kento Ads Rotator allows Stored XSS.This issue affects Kento Ads Rotator: from n/a through 1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en KentoThemes Kento Ads Rotator permite XSS almacenado. Este problema afecta a Kento Ads Rotator: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51584.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51584.json index 4ce5b2bd7fd..3f9eb50a07b 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51584.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51584.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51584", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-10T09:15:04.023", - "lastModified": "2024-11-10T09:15:04.023", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Anas Edreesi Marquee Elementor with Posts allows DOM-Based XSS.This issue affects Marquee Elementor with Posts: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Anas Edreesi Marquee Elementor with Posts permite XSS basado en DOM. Este problema afecta a Marquee Elementor with Posts: desde n/a hasta 1.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51585.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51585.json index 394d466c2fc..7037e428f04 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51585.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51585.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51585", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:04.480", - "lastModified": "2024-11-09T15:15:04.480", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NicheAddons Sales Page Addon \u2013 Elementor & Beaver Builder allows Stored XSS.This issue affects Sales Page Addon \u2013 Elementor & Beaver Builder: from n/a through 1.4.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en NicheAddons Sales Page Addon \u2013 Elementor & Beaver Builder permite XSS almacenado. Este problema afecta al complemento Sales Page de NicheAddons \u2013 Elementor y Beaver Builder: desde n/a hasta 1.4.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51586.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51586.json index 0aaad4d5ee9..f638e000856 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51586.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51586.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51586", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:04.697", - "lastModified": "2024-11-09T15:15:04.697", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BRAFT Elementary Addons allows Stored XSS.This issue affects Elementary Addons: from n/a through 2.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en BRAFT Elementary Addons permite XSS almacenado. Este problema afecta a Elementary Addons: desde n/a hasta 2.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51587.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51587.json index db8d4c35f8c..0e84b9ca08b 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51587.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51587.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51587", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:04.903", - "lastModified": "2024-11-09T15:15:04.903", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Softfirm Definitive Addons for Elementor allows Stored XSS.This issue affects Definitive Addons for Elementor: from n/a through 1.5.16." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Softfirm Definitive Addons for Elementor permite XSS almacenado. Este problema afecta a Definitive Addons for Elementor: desde n/a hasta 1.5.16." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51588.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51588.json index a5634830637..b58f2488c15 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51588.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51588.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51588", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:05.113", - "lastModified": "2024-11-09T15:15:05.113", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themehat Super Addons for Elementor allows DOM-Based XSS.This issue affects Super Addons for Elementor: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Themehat Super Addons para Elementor permite XSS basado en DOM. Este problema afecta a Super Addons para Elementor: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51589.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51589.json index 6554c2e2911..d4347bf3f6a 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51589.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51589.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51589", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:05.327", - "lastModified": "2024-11-09T15:15:05.327", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpcirqle Bigmart Elements allows DOM-Based XSS.This issue affects Bigmart Elements: from n/a through 1.0.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en wpcirqle Bigmart Elements permite XSS basado en DOM. Este problema afecta a Bigmart Elements: desde n/a hasta 1.0.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51590.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51590.json index 8e336c590f7..94d123d73d4 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51590.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51590.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51590", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:05.557", - "lastModified": "2024-11-09T15:15:05.557", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hoosoft Hoo Addons for Elementor allows DOM-Based XSS.This issue affects Hoo Addons for Elementor: from n/a through 1.0.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Hoosoft Hoo Addons para Elementor permite XSS basado en DOM. Este problema afecta a Hoo Addons para Elementor: desde n/a hasta 1.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51591.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51591.json index 86df512bf2d..dacff79b56b 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51591.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51591.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51591", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:05.767", - "lastModified": "2024-11-09T15:15:05.767", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpgrids Slicko allows DOM-Based XSS.This issue affects Slicko: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en wpgrids Slicko permite XSS basado en DOM. Este problema afecta a Slicko: desde n/a hasta 1.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51592.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51592.json index eddf755b726..f83f96f2792 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51592.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51592.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51592", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:05.983", - "lastModified": "2024-11-09T15:15:05.983", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in bnayawpguy Meta Store Elements allows DOM-Based XSS.This issue affects Meta Store Elements: from n/a through 1.0.9." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en bnayawpguy Meta Store Elements permite XSS basado en DOM. Este problema afecta a los elementos de Meta Store: desde n/a hasta 1.0.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51593.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51593.json index 0e06656c44e..8dcdf514086 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51593.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51593.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51593", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:06.197", - "lastModified": "2024-11-09T15:15:06.197", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Glopium Studio \u041a\u0443\u0440\u0441 \u0432\u0430\u043b\u044e\u0442 UAH allows Stored XSS.This issue affects \u041a\u0443\u0440\u0441 \u0432\u0430\u043b\u044e\u0442 UAH: from n/a through 2.0." + "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Glopium Studio ???? ????? UAH allows Stored XSS.This issue affects ???? ????? UAH: from n/a through 2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Glopium Studio ???? ????? UAH permite XSS almacenado. Este problema afecta a ???? ????? UAH: desde n/a hasta 2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51594.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51594.json index a43ad3ba48a..8ee145274a3 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51594.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51594.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51594", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:06.403", - "lastModified": "2024-11-09T15:15:06.403", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rafel Sans\u00f3 Gmap Point List allows Stored XSS.This issue affects Gmap Point List: from n/a through 1.1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Gmap Point List de Rafel Sans\u00f3 permite XSS almacenado. Este problema afecta a Gmap Point List: desde n/a hasta 1.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51595.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51595.json index 79c63957d70..45897ea7dc4 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51595.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51595.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51595", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:06.613", - "lastModified": "2024-11-09T15:15:06.613", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sksdev SKSDEV Toolkit allows Stored XSS.This issue affects SKSDEV Toolkit: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en sksdev SKSDEV Toolkit permite XSS almacenado. Este problema afecta a SKSDEV Toolkit: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51596.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51596.json index f583928dbcb..f4de2dbf265 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51596.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51596.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51596", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:06.827", - "lastModified": "2024-11-09T15:15:06.827", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nilesh Shiragave Business allows Stored XSS.This issue affects Business: from n/a through 1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Nilesh Shiragave Business permite XSS almacenado. Este problema afecta a Business: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51597.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51597.json index 9559d044582..b44a301a73a 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51597.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51597.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51597", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:07.050", - "lastModified": "2024-11-09T15:15:07.050", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in ThemeShark ThemeShark Templates & Widgets for Elementor allows Stored XSS.This issue affects ThemeShark Templates & Widgets for Elementor: from n/a through 1.1.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en ThemeShark ThemeShark Templates & Widgets for Elementor permite XSS almacenado. Este problema afecta a ThemeShark Templates & Widgets for Elementor: desde n/a hasta 1.1.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51598.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51598.json index 258981939e9..67376b80cde 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51598.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51598.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51598", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:07.277", - "lastModified": "2024-11-09T15:15:07.277", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kendysond Selar.Co Widget allows DOM-Based XSS.This issue affects Selar.Co Widget: from n/a through 1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Kendysond Selar.Co Widget permite XSS basado en DOM. Este problema afecta al widget Selar.Co: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-515xx/CVE-2024-51599.json b/CVE-2024/CVE-2024-515xx/CVE-2024-51599.json index 5a32a316758..62ad63583c7 100644 --- a/CVE-2024/CVE-2024-515xx/CVE-2024-51599.json +++ b/CVE-2024/CVE-2024-515xx/CVE-2024-51599.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51599", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:07.490", - "lastModified": "2024-11-09T15:15:07.490", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Russell Albin Simple Business Manager allows Stored XSS.This issue affects Simple Business Manager: from n/a through 4.6.7.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Russell Albin Simple Business Manager permite XSS almacenado. Este problema afecta a Simple Business Manager: desde n/a hasta 4.6.7.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51601.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51601.json index 6dba9162a75..c68286f6d2f 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51601.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51601.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51601", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:04.143", - "lastModified": "2024-11-09T09:15:04.143", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Maksym Marko Website price calculator allows SQL Injection.This issue affects Website price calculator: from n/a through 4.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Maksym Marko Website price calculator permite la inyecci\u00f3n SQL. Este problema afecta a la calculadora de precios del sitio web: desde n/a hasta 4.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51602.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51602.json index 77ef35c841d..2203cb99707 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51602.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51602.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51602", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:04.403", - "lastModified": "2024-11-09T09:15:04.403", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oleksandr Ustymenko Simple Job Manager allows SQL Injection.This issue affects Simple Job Manager: from n/a through 1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Oleksandr Ustymenko Simple Job Manager permite la inyecci\u00f3n SQL. Este problema afecta a Simple Job Manager: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51603.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51603.json index a877d373f2c..c917c197e44 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51603.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51603.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51603", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:07.710", - "lastModified": "2024-11-09T15:15:07.710", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mircea N. NMR Strava activities allows DOM-Based XSS.This issue affects NMR Strava activities: from n/a through 1.0.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Mircea N. NMR Strava activities permite XSS basado en DOM. Este problema afecta a las actividades de NMR Strava: desde n/a hasta 1.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51604.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51604.json index ea880187ef3..6ed7ed4ee29 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51604.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51604.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51604", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:07.920", - "lastModified": "2024-11-09T15:15:07.920", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Carlo Andro Mabugay Media Modal allows DOM-Based XSS.This issue affects Media Modal: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Carlo Andro Mabugay Media Modal permite XSS basado en DOM. Este problema afecta a Media Modal: desde n/a hasta 1.0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51605.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51605.json index 0866c541003..9e5c1a2083a 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51605.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51605.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51605", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:08.123", - "lastModified": "2024-11-09T15:15:08.123", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Genoo, LLC Genoo allows DOM-Based XSS.This issue affects Genoo: from n/a through 6.0.10." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Genoo, LLC Genoo permite XSS basado en DOM. Este problema afecta a Genoo: desde n/a hasta 6.0.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51606.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51606.json index fa10824fa41..2e7eb7b405e 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51606.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51606.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51606", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:08.380", - "lastModified": "2024-11-09T15:15:08.380", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Blrt Blrt WP Embed allows SQL Injection.This issue affects Blrt WP Embed: from n/a through 1.6.9." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Blrt Blrt WP Embed permite la inyecci\u00f3n SQL. Este problema afecta a Blrt WP Embed: desde n/a hasta 1.6.9." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51607.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51607.json index c3d2cd2f687..392e5dac413 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51607.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51607.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51607", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:04.723", - "lastModified": "2024-11-09T09:15:04.723", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Buddy Lindsey Golf Tracker allows SQL Injection.This issue affects Golf Tracker: from n/a through 0.7." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Buddy Lindsey Golf Tracker permite la inyecci\u00f3n SQL. Este problema afecta a Golf Tracker: desde n/a hasta 0.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51608.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51608.json index 02e18cab938..c0eed3e4cfc 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51608.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51608.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51608", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:08.593", - "lastModified": "2024-11-09T15:15:08.593", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pluginhandy AmaDiscount allows SQL Injection.This issue affects AmaDiscount: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Pluginhandy AmaDiscount permite la inyecci\u00f3n SQL. Este problema afecta a AmaDiscount: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51609.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51609.json index 1bf2e9123e0..621498db8a4 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51609.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51609.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51609", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:08.810", - "lastModified": "2024-11-09T15:15:08.810", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Elsner Technologies Pvt. Ltd. Emoji Shortcode allows Stored XSS.This issue affects Emoji Shortcode: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Elsner Technologies Pvt. Ltd. Emoji Shortcode permite XSS almacenado. Este problema afecta a Emoji Shortcode: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51610.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51610.json index cf0f58cf0ad..2d7e8e5115f 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51610.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51610.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51610", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T15:15:09.033", - "lastModified": "2024-11-09T15:15:09.033", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SEO Themes Display Terms Shortcode allows Stored XSS.This issue affects Display Terms Shortcode: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en SEO Themes Display Terms Shortcode permite XSS almacenado. Este problema afecta al c\u00f3digo corto de t\u00e9rminos de visualizaci\u00f3n: desde n/a hasta 1.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51611.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51611.json index 96986085e80..69d2a4ce796 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51611.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51611.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51611", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:14.537", - "lastModified": "2024-11-09T14:15:14.537", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Miguel Peixe WP Feature Box allows Stored XSS.This issue affects WP Feature Box: from n/a through 0.1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Miguel Peixe WP Feature Box permite XSS almacenado. Este problema afecta a WP Feature Box: desde n/a hasta 0.1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51612.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51612.json index c3a0140b84c..91dc94b6c3e 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51612.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51612.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51612", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:14.770", - "lastModified": "2024-11-09T14:15:14.770", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ken Charity Reftagger Shortcode allows Stored XSS.This issue affects Reftagger Shortcode: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Ken Charity Reftagger Shortcode permite XSS almacenado. Este problema afecta a Reftagger Shortcode: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51613.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51613.json index 13355a9d32a..38efc8f9e5b 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51613.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51613.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51613", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:14.990", - "lastModified": "2024-11-09T14:15:14.990", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andrew Connell TradeMe widgets allows Stored XSS.This issue affects TradeMe widgets: from n/a through 1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Andrew Connell TradeMe widgets permite XSS almacenado. Este problema afecta a los widgets TradeMe: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51614.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51614.json index 06520b476b8..5330a425c29 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51614.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51614.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51614", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:15.187", - "lastModified": "2024-11-09T14:15:15.187", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aajoda Aajoda Testimonials allows Stored XSS.This issue affects Aajoda Testimonials: from n/a through 2.2.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Aajoda Aajoda Testimonials permite XSS almacenado. Este problema afecta a Aajoda Testimonials: desde n/a hasta 2.2.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51616.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51616.json index 0c6ebcb8748..00acf2feda4 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51616.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51616.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51616", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:15.417", - "lastModified": "2024-11-09T14:15:15.417", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nazmul Hasan Rupok AwesomePress allows Stored XSS.This issue affects AwesomePress: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Nazmul Hasan Rupok AwesomePress permite XSS almacenado. Este problema afecta a AwesomePress: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51618.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51618.json index c22baa61f3f..0d943497c48 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51618.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51618.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51618", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:15.630", - "lastModified": "2024-11-09T14:15:15.630", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DuoGeek Custom Admin Menu allows Stored XSS.This issue affects Custom Admin Menu: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en DuoGeek Custom Admin Menu permite XSS almacenado. Este problema afecta al men\u00fa de administraci\u00f3n personalizado: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51619.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51619.json index 346ea84ce0c..5ea3b9aeb3c 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51619.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51619.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51619", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:04.983", - "lastModified": "2024-11-09T09:15:04.983", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Market360.Co Market 360 Viewer allows Blind SQL Injection.This issue affects Market 360 Viewer: from n/a through 1.01." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Market360.Co Market 360 Viewer permite la inyecci\u00f3n SQL ciega. Este problema afecta a Market 360 Viewer: desde n/a hasta 1.01." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51620.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51620.json index b862fac283e..f06149456f5 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51620.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51620.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51620", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:05.247", - "lastModified": "2024-11-09T09:15:05.247", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Porsline allows Blind SQL Injection.This issue affects Porsline: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Porsline permite la inyecci\u00f3n SQL ciega. Este problema afecta a Porsline: desde n/a hasta 1.0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51621.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51621.json index 7347ec0c493..9198ce49b0e 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51621.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51621.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51621", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:05.497", - "lastModified": "2024-11-09T09:15:05.497", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Reza Sh Download-Mirror-Counter allows SQL Injection.This issue affects Download-Mirror-Counter: from n/a through 1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Reza Sh Download-Mirror-Counter permite la inyecci\u00f3n SQL. Este problema afecta a Download-Mirror-Counter: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51622.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51622.json index d3f1a8dc050..e2c828e433f 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51622.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51622.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51622", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:15.853", - "lastModified": "2024-11-09T14:15:15.853", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Experts Team WP EASY RECIPE allows Stored XSS.This issue affects WP EASY RECIPE: from n/a through 1.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Experts Team WP EASY RECIPE permite XSS almacenado. Este problema afecta a WP EASY RECIPE: desde n/a hasta 1.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51623.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51623.json index dd0deda9cc1..714902aea8a 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51623.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51623.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51623", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:16.133", - "lastModified": "2024-11-09T14:15:16.133", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mehrdad Farahani WP EIS allows SQL Injection.This issue affects WP EIS: from n/a through 1.3.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Mehrdad Farahani WP EIS permite la inyecci\u00f3n SQL. Este problema afecta a WP EIS: desde n/a hasta 1.3.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51625.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51625.json index 1db3b0a102d..9745766ef6a 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51625.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51625.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51625", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:05.733", - "lastModified": "2024-11-09T09:15:05.733", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in EDC Team (E-Da`wah Committee) Quran Shortcode allows Blind SQL Injection.This issue affects Quran Shortcode: from n/a through 1.5." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en EDC Team (E-Da`wah Committee) Quran Shortcode permite la inyecci\u00f3n SQL ciega. Este problema afecta al c\u00f3digo corto del Cor\u00e1n: desde n/a hasta 1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51627.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51627.json index 54677a8c008..2b15f2f0e8e 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51627.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51627.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51627", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:16.373", - "lastModified": "2024-11-09T14:15:16.373", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kaedinger Audio Comparison Lite audio-comparison-lite allows Stored XSS.This issue affects Audio Comparison Lite: from n/a through 3.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Kaedinger Audio Comparison Lite audio-comparison-lite permite XSS almacenado. Este problema afecta a Audio Comparison Lite: desde n/a hasta 3.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51628.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51628.json index 1bcd55231c9..51eaabf0739 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51628.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51628.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51628", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:16.617", - "lastModified": "2024-11-09T14:15:16.617", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in EzyOnlineBookings EzyOnlineBookings Online Booking System Widget allows DOM-Based XSS.This issue affects EzyOnlineBookings Online Booking System Widget: from n/a through 1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en EzyOnlineBookings EzyOnlineBookings Online Booking System Widget permite XSS basado en DOM. Este problema afecta al widget del sistema de reservas en l\u00ednea EzyOnlineBookings: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51629.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51629.json index 8d8540f85e2..d2893fc46d7 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51629.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51629.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51629", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:16.853", - "lastModified": "2024-11-09T14:15:16.853", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in MetricThemes Header Footer Composer for Elementor allows DOM-Based XSS.This issue affects Header Footer Composer for Elementor: from n/a through 1.0.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en MetricThemes Header Footer Composer para Elementor permite XSS basado en DOM. Este problema afecta a Header Footer Composer para Elementor: desde n/a hasta 1.0.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51630.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51630.json index 3e2ef010121..ad13d15e988 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51630.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51630.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51630", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:17.087", - "lastModified": "2024-11-09T14:15:17.087", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Lars Schenk Responsive Flickr Gallery allows Stored XSS.This issue affects Responsive Flickr Gallery: from n/a through 1.3.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Lars Schenk Responsive Flickr Gallery permite XSS almacenado. Este problema afecta a la galer\u00eda de Flickr responsiva: desde n/a hasta 1.3.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51647.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51647.json index 094c8a0e6b3..8e3d411fce4 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51647.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51647.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51647", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:17.350", - "lastModified": "2024-11-09T14:15:17.350", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Cross-Site Request Forgery (CSRF) vulnerability in Chaser324 Featured Posts Scroll allows Stored XSS.This issue affects Featured Posts Scroll: from n/a through 1.25." + }, + { + "lang": "es", + "value": "La vulnerabilidad de Cross-Site Request Forgery (CSRF) en Chaser324 Featured Posts Scroll permite XSS almacenado. Este problema afecta al desplazamiento de publicaciones destacadas: desde n/a hasta 1.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51662.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51662.json index 992f59cd903..9447783638d 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51662.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51662.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51662", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:17.617", - "lastModified": "2024-11-09T14:15:17.617", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows Stored XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.6." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Black Widgets For Elementor de Modernaweb Studio permite XSS almacenado. Este problema afecta a Black Widgets For Elementor: desde n/a hasta 1.3.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51663.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51663.json index 4883cd1f0c5..a91cba4d058 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51663.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51663.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51663", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:17.847", - "lastModified": "2024-11-09T14:15:17.847", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bricksable Bricksable for Bricks Builder allows Stored XSS.This issue affects Bricksable for Bricks Builder: from n/a through 1.6.59." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Bricksable Bricksable para Bricks Builder permite XSS almacenado. Este problema afecta a Bricksable para Bricks Builder: desde n/a hasta 1.6.59." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51664.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51664.json index 6d5dd58697d..0cfda8fe976 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51664.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51664.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51664", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:18.067", - "lastModified": "2024-11-09T14:15:18.067", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.25." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Beds24 Online Booking de Mark Kinchin permite XSS almacenado. Este problema afecta a Beds24 Online Booking: desde n/a hasta 2.0.25." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51668.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51668.json index 5a8c998345c..ca0b249e417 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51668.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51668.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51668", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T14:15:18.297", - "lastModified": "2024-11-09T14:15:18.297", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Stored XSS.This issue affects MyCurator Content Curation: from n/a through 3.78." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Mark Tilly MyCurator Content Curation permite XSS almacenado. Este problema afecta a MyCurator Content Curation: desde n/a hasta 3.78." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51670.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51670.json index 5a46e6fa3ff..db24331fc40 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51670.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51670.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51670", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:05.007", - "lastModified": "2024-11-09T13:15:05.007", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin allows Stored XSS.This issue affects JS Help Desk \u2013 Best Help Desk & Support Plugin: from n/a through 2.8.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en JS Help Desk JS Help Desk \u2013 Best Help Desk & Support Plugin permite XSS almacenado. Este problema afecta a JS Help Desk \u2013 Best Help Desk & Support Plugin: desde n/a hasta 2.8.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51673.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51673.json index 8c4520f2052..a3536575151 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51673.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51673.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51673", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:05.230", - "lastModified": "2024-11-09T13:15:05.230", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes HT Politic allows DOM-Based XSS.This issue affects HT Politic: from n/a through 2.4.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en HasThemes HT Politic permite XSS basado en DOM. Este problema afecta a HT Politic: desde n/a hasta 2.4.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51674.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51674.json index 8536d20dd6b..0ef77eb7bac 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51674.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51674.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51674", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:05.450", - "lastModified": "2024-11-09T13:15:05.450", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TemplatesCoder Sastra Essential Addons for Elementor allows DOM-Based XSS.This issue affects Sastra Essential Addons for Elementor: from n/a through 1.0.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en TemplatesCoder Sastra Essential Addons for Elementor permite XSS basado en DOM. Este problema afecta a Sastra Essential Addons for Elementor: desde n/a hasta 1.0.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51675.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51675.json index 97be61d1119..3b59db3762c 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51675.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51675.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51675", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:05.683", - "lastModified": "2024-11-09T13:15:05.683", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aThemes aThemes Addons for Elementor allows DOM-Based XSS.This issue affects aThemes Addons for Elementor: from n/a through 1.0.7." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en aThemes Addons for Elementor permite XSS basado en DOM. Este problema afecta a aThemes Addons for Elementor: desde n/a hasta 1.0.7." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51676.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51676.json index 596ae05f38b..b4beb202b97 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51676.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51676.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51676", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:05.927", - "lastModified": "2024-11-09T13:15:05.927", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Delicious Delisho allows Reflected XSS.This issue affects Delisho: from n/a through 1.0.6." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en WP Delicious Delisho permite XSS reflejado. Este problema afecta a Delisho: desde n/a hasta 1.0.6." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51689.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51689.json index e245916c809..241942e5db5 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51689.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51689.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51689", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:06.187", - "lastModified": "2024-11-09T13:15:06.187", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tobias Conrad CF7 WOW Styler allows Reflected XSS.This issue affects CF7 WOW Styler: from n/a through 1.6.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Tobias Conrad CF7 WOW Styler permite XSS reflejado. Este problema afecta a CF7 WOW Styler: desde n/a hasta 1.6.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51690.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51690.json index e4b139226b2..2312ecb8e54 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51690.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51690.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51690", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:06.407", - "lastModified": "2024-11-09T13:15:06.407", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Neelam Samariya Thakor Wp Slide Categorywise allows Reflected XSS.This issue affects Wp Slide Categorywise: from n/a through 1.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Neelam Samariya Thakor Wp Slide Categorywise permite XSS reflejado. Este problema afecta a Wp Slide Categorywise: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51691.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51691.json index 00f55d03de3..fe83660a76d 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51691.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51691.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51691", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:06.640", - "lastModified": "2024-11-09T13:15:06.640", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aryan Duntley Admin Amplify allows Reflected XSS.This issue affects Admin Amplify: from n/a through 1.3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Aryan Duntley Admin Amplify permite XSS reflejado. Este problema afecta a Admin Amplify: desde n/a hasta 1.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51692.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51692.json index 27bacde76e4..63ea119d5cc 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51692.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51692.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51692", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:06.883", - "lastModified": "2024-11-09T13:15:06.883", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Askew Brook Bing Search API Integration allows Reflected XSS.This issue affects Bing Search API Integration: from n/a through 0.3.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Askew Brook Bing Search API Integration permite XSS reflejado. Este problema afecta a Bing Search API Integration: desde n/a hasta 0.3.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51693.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51693.json index 286d5a23ae7..99182200d3a 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51693.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51693.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51693", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:07.107", - "lastModified": "2024-11-09T13:15:07.107", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in laboratorio d\u2019Avanguardia Search order by product SKU for WooCommerce allows Reflected XSS.This issue affects Search order by product SKU for WooCommerce: from n/a through 0.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en laboratorio d\u2019Avanguardia Search order by product SKU for WooCommerce permite XSS reflejado. Este problema afecta a la b\u00fasqueda de pedidos por SKU de producto para WooCommerce: desde n/a hasta la versi\u00f3n 0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51694.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51694.json index 3f10b45b5f9..fb99b5e1142 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51694.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51694.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51694", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:07.343", - "lastModified": "2024-11-09T13:15:07.343", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Digfish Geotagged Media allows Reflected XSS.This issue affects Geotagged Media: from n/a through 0.3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Digfish Geotagged Media permite XSS reflejado. Este problema afecta a Geotagged Media: desde n/a hasta 0.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51695.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51695.json index f12b48a5ab7..a715653a352 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51695.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51695.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51695", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:07.563", - "lastModified": "2024-11-09T13:15:07.563", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Fabrica Fabrica Synced Pattern Instances allows Reflected XSS.This issue affects Fabrica Synced Pattern Instances: from n/a through 1.0.8." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Fabrica Fabrica Synced Pattern Instances permiten XSS reflejado. Este problema afecta a las instancias de Fabrica Synced Pattern: desde n/a hasta 1.0.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51696.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51696.json index 5968836e7d4..8eef52701af 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51696.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51696.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51696", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:07.803", - "lastModified": "2024-11-09T13:15:07.803", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benjamin Moody Content Syndication Toolkit Reader allows Reflected XSS.This issue affects Content Syndication Toolkit Reader: from n/a through 1.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Benjamin Moody Content Syndication Toolkit Reader permite XSS reflejado. Este problema afecta al lector de herramientas de sindicaci\u00f3n de contenido: desde n/a hasta 1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51697.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51697.json index 608a63fb384..cd59f3d7793 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51697.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51697.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51697", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:08.033", - "lastModified": "2024-11-09T13:15:08.033", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Doofinder allows Reflected XSS.This issue affects Doofinder: from n/a through 0.5.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Doofinder permite XSS reflejado. Este problema afecta a Doofinder: desde n/a hasta 0.5.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51698.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51698.json index b91d6552b6d..5d34ca8ccad 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51698.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51698.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51698", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:08.273", - "lastModified": "2024-11-09T13:15:08.273", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Luis Rock Master Bar allows Reflected XSS.This issue affects Master Bar: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Luis Rock Master Bar permite XSS reflejado. Este problema afecta a Master Bar: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-516xx/CVE-2024-51699.json b/CVE-2024/CVE-2024-516xx/CVE-2024-51699.json index e30cba7a9a7..c2f724d9a03 100644 --- a/CVE-2024/CVE-2024-516xx/CVE-2024-51699.json +++ b/CVE-2024/CVE-2024-516xx/CVE-2024-51699.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51699", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:08.500", - "lastModified": "2024-11-09T13:15:08.500", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Buooy Buooy Sticky Header allows Reflected XSS.This issue affects Buooy Sticky Header: from n/a through 0.5.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Buooy Buooy Sticky Header permite XSS reflejado. Este problema afecta a Buooy Sticky Header: desde n/a hasta 0.5.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51701.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51701.json index f1a734f356a..e59a6ab3b27 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51701.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51701.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51701", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:08.713", - "lastModified": "2024-11-09T13:15:08.713", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mahesh Waghmare MG Post Contributors allows Reflected XSS.This issue affects MG Post Contributors: from n/a through 1.3.." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Mahesh Waghmare MG Post Contributors permite XSS reflejado. Este problema afecta a MG Post Contributors: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51702.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51702.json index 0801d46e267..957aec090fd 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51702.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51702.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51702", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:08.940", - "lastModified": "2024-11-09T13:15:08.940", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benjamin Moody, Eric Holmes SrcSet Responsive Images for WordPress allows Reflected XSS.This issue affects SrcSet Responsive Images for WordPress: from n/a through 1.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Benjamin Moody, Eric Holmes SrcSet Responsive Images for WordPress permite XSS reflejado. Este problema afecta a SrcSet Responsive Images for WordPress: desde n/a hasta 1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51703.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51703.json index dd39109ffb8..4789690a0f9 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51703.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51703.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51703", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:09.173", - "lastModified": "2024-11-09T13:15:09.173", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Genethick WP-Basics allows Reflected XSS.This issue affects WP-Basics: from n/a through 2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Genethick WP-Basics permite XSS reflejado. Este problema afecta a WP-Basics: desde n/a hasta 2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51704.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51704.json index ca34a838618..93aa5e39c62 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51704.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51704.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51704", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:09.410", - "lastModified": "2024-11-09T13:15:09.410", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hanusek imPress allows Reflected XSS.This issue affects imPress: from n/a through 0.1.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Hanusek imPress permite XSS reflejado. Este problema afecta a imPress: desde n/a hasta 0.1.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51705.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51705.json index d716f03f3ab..28d9f8dc73b 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51705.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51705.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51705", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:09.617", - "lastModified": "2024-11-09T13:15:09.617", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in James Bruner WP MMenu Lite allows Reflected XSS.This issue affects WP MMenu Lite: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en James Bruner WP MMenu Lite permite XSS reflejado. Este problema afecta a WP MMenu Lite: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51706.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51706.json index 96c68932088..37c9dacbd63 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51706.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51706.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51706", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T13:15:09.853", - "lastModified": "2024-11-09T13:15:09.853", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Upeksha Wisidagama UW Freelancer allows Reflected XSS.This issue affects UW Freelancer: from n/a through 0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Upeksha Wisidagama UW Freelancer permite XSS reflejado. Este problema afecta a UW Freelancer: desde n/a hasta 0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51707.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51707.json index 7631517a002..598a2b1d5ff 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51707.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51707.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51707", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:17.690", - "lastModified": "2024-11-09T12:15:17.690", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webcodin WP Visual Adverts allows Reflected XSS.This issue affects WP Visual Adverts: from n/a through 2.3.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Webcodin WP Visual Adverts permite XSS reflejado. Este problema afecta a WP Visual Adverts: desde n/a hasta 2.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51708.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51708.json index d0ab37ce52b..67fb2f89702 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51708.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51708.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51708", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:17.927", - "lastModified": "2024-11-09T12:15:17.927", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Narnoo Wordpress developer Narnoo Commerce Manager allows Reflected XSS.This issue affects Narnoo Commerce Manager: from n/a through 1.6.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Narnoo Wordpress developer Narnoo Commerce Manager, permite XSS reflejado. Este problema afecta a Narnoo Commerce Manager: desde n/a hasta 1.6.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51709.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51709.json index 28e4908ae85..c30d55c2ea3 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51709.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51709.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51709", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:18.137", - "lastModified": "2024-11-09T12:15:18.137", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Dietz TeleAdmin allows Reflected XSS.This issue affects TeleAdmin: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Marian Dietz TeleAdmin permite XSS reflejado. Este problema afecta a TeleAdmin: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51710.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51710.json index 14087cbb9fd..11be6195dac 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51710.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51710.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51710", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:18.347", - "lastModified": "2024-11-09T12:15:18.347", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Minerva Infotech Responsive Data Table allows Reflected XSS.This issue affects Responsive Data Table: from n/a through 1.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Minerva Infotech Responsive Data Table permite XSS reflejado. Este problema afecta a Responsive Data Table: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51711.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51711.json index f42fd724ba0..87144333f18 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51711.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51711.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51711", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:18.553", - "lastModified": "2024-11-09T12:15:18.553", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in saragna Saragna allows Reflected XSS.This issue affects Saragna: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Saragna Saragna permite XSS reflejado. Este problema afecta a Saragna: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51712.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51712.json index cfdc3216b04..8422dfeaa34 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51712.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51712.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51712", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:18.763", - "lastModified": "2024-11-09T12:15:18.763", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visser Labs Jigoshop \u2013 Store Toolkit allows Reflected XSS.This issue affects Jigoshop \u2013 Store Toolkit: from n/a through 1.4.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Visser Labs Jigoshop \u2013 Store Toolkit permite XSS reflejado. Este problema afecta a Jigoshop \u2013 Store Toolkit: desde n/a hasta 1.4.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51713.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51713.json index a0f84dc3c76..fba3e42a688 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51713.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51713.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51713", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:18.967", - "lastModified": "2024-11-09T12:15:18.967", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in TRe Technology And Research S.R.L HQ60 Fidelity Card allows Reflected XSS.This issue affects HQ60 Fidelity Card: from n/a through 1.8." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en TRe Technology And Research S.R.L HQ60 Fidelity Card permite XSS reflejado. Este problema afecta a la tarjeta HQ60 Fidelity: desde n/a hasta 1.8." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51714.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51714.json index 9674706db43..fc77b9cb1f5 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51714.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51714.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51714", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:19.177", - "lastModified": "2024-11-09T12:15:19.177", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Syed Umair Hussain Shah User Password Reset allows Reflected XSS.This issue affects User Password Reset: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Syed Umair Hussain Shah User Password Reset permite XSS reflejado. Este problema afecta a User Password Reset: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51716.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51716.json index 56a4f8e3dbb..c2277c639e7 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51716.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51716.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51716", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:19.380", - "lastModified": "2024-11-09T12:15:19.380", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gopi.R Twitter real time search scrolling allows Reflected XSS.This issue affects Twitter real time search scrolling: from n/a through 7.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Gopi.R Twitter real time search scrolling permite XSS reflejado. Este problema afecta al desplazamiento de b\u00fasqueda en tiempo real de Twitter: desde n/a hasta 7.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51717.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51717.json index 1592c138d97..4e152da0240 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51717.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51717.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51717", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:19.590", - "lastModified": "2024-11-09T12:15:19.590", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Perception System Ajax Content Filter allows Reflected XSS.This issue affects Ajax Content Filter: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Perception System Ajax Content Filter permite XSS reflejado. Este problema afecta a Ajax Content Filter: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51718.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51718.json index 566f1356e62..272591c516e 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51718.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51718.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51718", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:19.797", - "lastModified": "2024-11-09T12:15:19.797", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Adam Dehnel Simple Modal allows Reflected XSS.This issue affects Simple Modal: from n/a through 0.3.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Simple Modal de Adam Dehnel permite XSS reflejado. Este problema afecta a Simple Modal: desde n/a hasta 0.3.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51719.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51719.json index 230a5a8ba72..9a277a14f94 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51719.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51719.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51719", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:20.000", - "lastModified": "2024-11-09T12:15:20.000", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kevin Walker, Roman Peterhans Simplistic SEO allows Reflected XSS.This issue affects Simplistic SEO: from n/a through 2.3.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Kevin Walker, Roman Peterhans Simplistic SEO permite XSS reflejado. Este problema afecta a Simplistic SEO: desde n/a hasta 2.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51747.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51747.json index 1f018cbe4b9..a1169b204bb 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51747.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51747.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51747", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:19.197", - "lastModified": "2024-11-11T20:15:19.197", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can read and delete arbitrary files from the server. File attachments, that are viewable or downloadable in Kanboard are resolved through its `path` entry in the `project_has_files` SQLite db. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, can set arbitrary file links, by abusing path traversals. Once the modified db is uploaded and the project page is accessed, a file download can be triggered and all files, readable in the context of the Kanboard application permissions, can be downloaded. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. Un administrador de Kanboard autenticado puede leer y eliminar archivos arbitrarios del servidor. Los archivos adjuntos que se pueden ver o descargar en Kanboard se resuelven a trav\u00e9s de su entrada `path` en la base de datos SQLite `project_has_files`. Por lo tanto, un atacante que puede cargar una base de datos sqlite.db modificada a trav\u00e9s de la funci\u00f3n dedicada, puede establecer enlaces de archivos arbitrarios, abusando de los path traversals. Una vez que se carga la base de datos modificada y se accede a la p\u00e1gina del proyecto, se puede activar una descarga de archivo y se pueden descargar todos los archivos, legibles en el contexto de los permisos de la aplicaci\u00f3n Kanboard. Este problema se ha solucionado en la versi\u00f3n 1.2.42 y se recomienda a todos los usuarios que actualicen. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51748.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51748.json index 595164f6cf8..c043b3b74fe 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51748.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51748.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51748", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:19.420", - "lastModified": "2024-11-11T20:15:19.420", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Kanboard is project management software that focuses on the Kanban methodology. An authenticated Kanboard admin can run arbitrary php code on the server in combination with a file write possibility. The user interface language is determined and loaded by the setting `application_language` in the `settings` table. Thus, an attacker who can upload a modified sqlite.db through the dedicated feature, has control over the filepath, which is loaded. Exploiting this vulnerability has one constraint: the attacker must be able to place a file (called translations.php) on the system. However, this is not impossible, think of anonymous FTP server or another application that allows uploading files. Once the attacker has placed its file with the actual php code as the payload, the attacker can craft a sqlite db settings, which uses path traversal to point to the directory, where the `translations.php` file is stored. Then gaining code execution after importing the crafted sqlite.db. This issue has been addressed in version 1.2.42 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Kanboard es un software de gesti\u00f3n de proyectos que se centra en la metodolog\u00eda Kanban. Un administrador de Kanboard autenticado puede ejecutar c\u00f3digo php arbitrario en el servidor en combinaci\u00f3n con la posibilidad de escritura de archivos. El idioma de la interfaz de usuario se determina y carga mediante la configuraci\u00f3n `application_language` en la tabla `settings`. Por lo tanto, un atacante que puede cargar un sqlite.db modificado a trav\u00e9s de la funci\u00f3n dedicada, tiene control sobre la ruta del archivo, que se carga. La explotaci\u00f3n de esta vulnerabilidad tiene una restricci\u00f3n: el atacante debe poder colocar un archivo (llamado traducciones.php) en el sistema. Sin embargo, esto no es imposible, piense en un servidor FTP an\u00f3nimo u otra aplicaci\u00f3n que permita cargar archivos. Una vez que el atacante ha colocado su archivo con el c\u00f3digo php real como payload, el atacante puede crear una configuraci\u00f3n de base de datos sqlite, que utiliza el path traversal para apuntar al directorio, donde se almacena el archivo `translations.php`. Luego, obtiene la ejecuci\u00f3n del c\u00f3digo despu\u00e9s de importar el sqlite.db manipulado. Este problema se ha solucionado en la versi\u00f3n 1.2.42 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51759.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51759.json index 511b304b9e6..e25badd77d5 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51759.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51759.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51759", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:20.200", - "lastModified": "2024-11-09T12:15:20.200", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Detlef Beyer SVT Simple allows Reflected XSS.This issue affects SVT Simple: from n/a through 1.0.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Detlef Beyer SVT Simple permite XSS reflejado. Este problema afecta a SVT Simple: desde n/a hasta 1.0.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51760.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51760.json index 50260d5ded0..85940d0153d 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51760.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51760.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51760", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:20.403", - "lastModified": "2024-11-09T12:15:20.403", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in RistrettoApps Dashing Memberships allows Reflected XSS.This issue affects Dashing Memberships: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en RistrettoApps Dashing Memberships permite XSS reflejado. Este problema afecta a Dashing Memberships: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51761.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51761.json index 2dcb9a72fb6..7bd75bb4ae8 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51761.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51761.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51761", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T12:15:20.603", - "lastModified": "2024-11-09T12:15:20.603", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zack Gilbert and Paul Jarvis WPHelpful allows Reflected XSS.This issue affects WPHelpful: from n/a through 1.2.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Zack Gilbert and Paul Jarvis WPHelpful permite XSS reflejado. Este problema afecta a WPHelpful: desde n/a hasta 1.2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51762.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51762.json index 997ffda0c62..2929bd74b6e 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51762.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51762.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51762", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:06.593", - "lastModified": "2024-11-09T10:15:06.593", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Nightshift Creative PropertyShift allows Reflected XSS.This issue affects PropertyShift: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Nightshift Creative PropertyShift permite XSS reflejado. Este problema afecta a PropertyShift: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51763.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51763.json index ef42ef2e2e9..5958eccb8e3 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51763.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51763.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51763", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:06.930", - "lastModified": "2024-11-09T10:15:06.930", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Biplob Adhikari Team Showcase and Slider \u2013 Team Members Builder allows Reflected XSS.This issue affects Team Showcase and Slider \u2013 Team Members Builder: from n/a through 1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Biplob Adhikari Team Showcase y Slider \u2013 Team Members Builder permite XSS reflejado. Este problema afecta a Team Showcase y Slider \u2013 Team Members Builder: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51776.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51776.json index adaf85779c4..c74d7ba7245 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51776.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51776.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51776", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:07.290", - "lastModified": "2024-11-09T10:15:07.290", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in samhotchkiss Daily Image allows Reflected XSS.This issue affects Daily Image: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en samhotchkiss Daily Image permite XSS reflejado. Este problema afecta a Daily Image: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51778.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51778.json index 653811a8743..cb5e2d80f0c 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51778.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51778.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51778", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:07.603", - "lastModified": "2024-11-09T10:15:07.603", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Starfish Reviews Satisfaction Reports from Help Scout allows Reflected XSS.This issue affects Satisfaction Reports from Help Scout: from n/a through 2.0.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Starfish Reviews Satisfaction Reports from Help Scout permite XSS reflejado. Este problema afecta a los informes de satisfacci\u00f3n de Help Scout: desde n/a hasta 2.0.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51779.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51779.json index 52d12cc2612..d05d6457493 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51779.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51779.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51779", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:08.050", - "lastModified": "2024-11-09T10:15:08.050", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stranger Studios (WordCamp Philly) Don't Break The Code allows Reflected XSS.This issue affects Don't Break The Code: from n/a through .3.1." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Stranger Studios (WordCamp Philly) Don't Break The Code permite XSS reflejado. Este problema afecta a Don't Break The Code: desde n/a hasta .3.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51780.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51780.json index 002de70c07b..c7cf59974b9 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51780.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51780.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51780", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:08.413", - "lastModified": "2024-11-09T10:15:08.413", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Michael DUMONTET eewee admin custom allows Reflected XSS.This issue affects eewee admin custom: from n/a through 1.8.2.4." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en eewee admin custom de Michael DUMONTET permite XSS reflejado. Este problema afecta a eewee admin custom: desde n/a hasta 1.8.2.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51781.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51781.json index 007f29f3164..24b830adf33 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51781.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51781.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51781", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T10:15:08.747", - "lastModified": "2024-11-09T10:15:08.747", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Loop Now Technologies, Inc. Firework Shoppable Live Video allows Reflected XSS.This issue affects Firework Shoppable Live Video: from n/a through 6.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Loop Now Technologies, Inc. Firework Shoppable Live Video permite XSS reflejado. Este problema afecta a Firework Shoppable Live Video: desde n/a hasta 6.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51782.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51782.json index feea293d1ea..0c3cded94e0 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51782.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51782.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51782", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:05.957", - "lastModified": "2024-11-09T09:15:05.957", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sanjaysolutions Loginplus allows Stored XSS.This issue affects Loginplus: from n/a through 1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Sanjaysolutions Loginplus permite XSS almacenado. Este problema afecta a Loginplus: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51783.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51783.json index aceecd15226..8e347436f9c 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51783.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51783.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51783", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:06.197", - "lastModified": "2024-11-09T09:15:06.197", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in zaus Forms: 3rd-Party Post Again allows Reflected XSS.This issue affects Forms: 3rd-Party Post Again: from n/a through 0.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en zaus Forms: 3rd-Party Post Again permite XSS reflejado. Este problema afecta a Forms: 3rd-Party Post Again: desde n/a hasta 0.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51784.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51784.json index 57986867861..c967f9ab090 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51784.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51784.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51784", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:06.433", - "lastModified": "2024-11-09T09:15:06.433", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in VietFriend team FriendStore for WooCommerce allows Reflected XSS.This issue affects FriendStore for WooCommerce: from n/a through 1.4.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en VietFriend team FriendStore for WooCommerce permite XSS reflejado. Este problema afecta a FriendStore para WooCommerce: desde n/a hasta 1.4.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51785.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51785.json index d929a05510f..5498d122fee 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51785.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51785.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51785", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:06.647", - "lastModified": "2024-11-09T09:15:06.647", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Server-Side Request Forgery (SSRF) vulnerability in I Thirteen Web Solution Responsive Filterable Portfolio allows Server Side Request Forgery.This issue affects Responsive Filterable Portfolio: from n/a through 1.0.22." + }, + { + "lang": "es", + "value": "La vulnerabilidad de server-side request forgery (SSRF) en I Thirteen Web Solution Responsive Filterable Portfolio permite server-side request forgery. Este problema afecta a Responsive Filterable Portfolio: desde n/a hasta 1.0.22." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51786.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51786.json index 328a3e6e969..be5b273af14 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51786.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51786.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51786", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:06.903", - "lastModified": "2024-11-09T09:15:06.903", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BestWebSoft Realty by BestWebSoft allows Stored XSS.This issue affects Realty by BestWebSoft: from n/a through 1.1.5." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en BestWebSoft Realty by BestWebSoft permite XSS almacenado. Este problema afecta a Realty by BestWebSoft: desde n/a hasta 1.1.5." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51787.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51787.json index b0f75793f99..07196e063b9 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51787.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51787.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51787", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-09T09:15:07.133", - "lastModified": "2024-11-09T09:15:07.133", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows Stored XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.3." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en QuomodoSoft ElementsReady Addons for Elementor permite XSS almacenado. Este problema afecta a los complementos ElementsReady para Elementor: desde n/a hasta 6.4.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51788.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51788.json index aae0e604b30..14cef083edf 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51788.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51788.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51788", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:06.760", - "lastModified": "2024-11-11T06:15:06.760", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Joshua Wolfe The Novel Design Store Directory allows Upload a Web Shell to a Web Server.This issue affects The Novel Design Store Directory: from n/a through 4.3.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en The Novel Design Store Directory de Joshua Wolfe permite cargar un shell web a un servidor web. Este problema afecta a The Novel Design Store Directory: desde n/a hasta 4.3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51789.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51789.json index 41e92bc38a7..85a3a4a6c82 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51789.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51789.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51789", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:07.130", - "lastModified": "2024-11-11T06:15:07.130", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in UjW0L Image Classify allows Upload a Web Shell to a Web Server.This issue affects Image Classify: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en UjW0L Image Classify permite cargar un shell web a un servidor web. Este problema afecta a Image Classify: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51790.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51790.json index 077904d9586..5d0e47f0f75 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51790.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51790.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51790", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:07.483", - "lastModified": "2024-11-11T06:15:07.483", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Team HB WEBSOL HB AUDIO GALLERY allows Upload a Web Shell to a Web Server.This issue affects HB AUDIO GALLERY: from n/a through 3.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Team HB WEBSOL HB AUDIO GALLERY permite cargar un Web Shell a un servidor web. Este problema afecta a HB AUDIO GALLERY: desde n/a hasta 3.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51791.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51791.json index dca096917d7..019fbde1168 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51791.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51791.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51791", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:07.787", - "lastModified": "2024-11-11T06:15:07.787", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Made I.T. Forms allows Upload a Web Shell to a Web Server.This issue affects Forms: from n/a through 2.8.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Made IT Forms permite cargar un shell web a un servidor web. Este problema afecta a Forms: desde n/a hasta 2.8.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51792.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51792.json index ff969610f1c..debd8c417fc 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51792.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51792.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51792", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:08.073", - "lastModified": "2024-11-11T06:15:08.073", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Dang Ngoc Binh Audio Record allows Upload a Web Shell to a Web Server.This issue affects Audio Record: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipo peligroso en Dang Ngoc Binh Audio Record permite cargar un Web Shell a un servidor web. Este problema afecta a Audio Record: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-517xx/CVE-2024-51793.json b/CVE-2024/CVE-2024-517xx/CVE-2024-51793.json index 3e7091fe941..3def3ed4a58 100644 --- a/CVE-2024/CVE-2024-517xx/CVE-2024-51793.json +++ b/CVE-2024/CVE-2024-517xx/CVE-2024-51793.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51793", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:08.360", - "lastModified": "2024-11-11T06:15:08.360", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Unrestricted Upload of File with Dangerous Type vulnerability in Webful Creations Computer Repair Shop allows Upload a Web Shell to a Web Server.This issue affects Computer Repair Shop: from n/a through 3.8115." + }, + { + "lang": "es", + "value": "La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Webful Creations Computer Repair Shop permite cargar un shell web a un servidor web. Este problema afecta a Computer Repair Shop: desde n/a hasta 3.8115." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51820.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51820.json index c775df74e5b..d6930045d87 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51820.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51820.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51820", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:08.660", - "lastModified": "2024-11-11T06:15:08.660", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in L Squared Support L Squared Hub WP allows SQL Injection.This issue affects L Squared Hub WP: from n/a through 1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en L Squared Support L Squared Hub WP permite la inyecci\u00f3n SQL. Este problema afecta a L Squared Hub WP: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51837.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51837.json index 519a9f7b5b0..77060991c06 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51837.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51837.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51837", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:08.950", - "lastModified": "2024-11-11T06:15:08.950", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SONS Creative Development WP Contest allows SQL Injection.This issue affects WP Contest: from n/a through 1.0.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en SONS Creative Development WP Contest permite la inyecci\u00f3n SQL. Este problema afecta a WP Contest: desde n/a hasta 1.0.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51843.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51843.json index 8370b38602b..63123b5518a 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51843.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51843.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51843", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:09.243", - "lastModified": "2024-11-11T06:15:09.243", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Olland.Biz Horsemanager allows Blind SQL Injection.This issue affects Horsemanager: from n/a through 1.3." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Olland.Biz Horsemanager permite la inyecci\u00f3n SQL ciega. Este problema afecta a Horsemanager: desde n/a hasta 1.3." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51845.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51845.json index 2374dc08aca..711445042a6 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51845.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51845.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51845", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:09.547", - "lastModified": "2024-11-11T06:15:09.547", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Richteam Share Buttons \u2013 Social Media allows Blind SQL Injection.This issue affects Share Buttons \u2013 Social Media: from n/a through 1.0.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Richteam Share Buttons \u2013 Social Media permite una inyecci\u00f3n SQL ciega. Este problema afecta a los Botones para compartir de Richteam \u2013 Redes sociales: desde n/a hasta 1.0.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-518xx/CVE-2024-51882.json b/CVE-2024/CVE-2024-518xx/CVE-2024-51882.json index 398c95b7110..081db6b47fd 100644 --- a/CVE-2024/CVE-2024-518xx/CVE-2024-51882.json +++ b/CVE-2024/CVE-2024-518xx/CVE-2024-51882.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51882", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:09.837", - "lastModified": "2024-11-11T06:15:09.837", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ehues Gboy Custom Google Map allows Blind SQL Injection.This issue affects Gboy Custom Google Map: from n/a through 1.2." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de elementos especiales utilizados en un comando SQL ('Inyecci\u00f3n SQL') en Ehues Gboy Custom Google Map permite una inyecci\u00f3n SQL ciega. Este problema afecta a Gboy Custom Google Map: desde n/a hasta 1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51992.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51992.json index e53c5037fba..4c06ff4a3fa 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51992.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51992.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51992", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:19.647", - "lastModified": "2024-11-11T20:15:19.647", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Orchid is a @laravel package that allows for rapid application development of back-office applications, admin/user panels, and dashboards. This vulnerability is a method exposure issue (CWE-749: Exposed Dangerous Method or Function) in the Orchid Platform\u2019s asynchronous modal functionality, affecting users of Orchid Platform version 8 through 14.42.x. Attackers could exploit this vulnerability to call arbitrary methods within the `Screen` class, leading to potential brute force of database tables, validation checks against user credentials, and disclosure of the server\u2019s real IP address. The issue has been patched in the latest release, version 14.43.0, released on November 6, 2024. Users should upgrade to version 14.43.0 or later to address this vulnerability. If upgrading to version 14.43.0 is not immediately possible, users can mitigate the vulnerability by implementing middleware to intercept and validate requests to asynchronous modal endpoints, allowing only approved methods and parameters." + }, + { + "lang": "es", + "value": "Orchid es un paquete de @laravel que permite el desarrollo r\u00e1pido de aplicaciones de back-office, paneles de usuario/administrador y tableros de mando. Esta vulnerabilidad es un problema de exposici\u00f3n de m\u00e9todos (CWE-749: M\u00e9todo o funci\u00f3n peligrosos expuestos) en la funcionalidad modal asincr\u00f3nica de la plataforma Orchid, que afecta a los usuarios de la versi\u00f3n 8 a la 14.42.x de la plataforma Orchid. Los atacantes podr\u00edan aprovechar esta vulnerabilidad para llamar a m\u00e9todos arbitrarios dentro de la clase `Screen`, lo que lleva a un posible ataque por fuerza bruta de las tablas de la base de datos, comprobaciones de validaci\u00f3n de las credenciales del usuario y divulgaci\u00f3n de la direcci\u00f3n IP real del servidor. El problema se ha corregido en la \u00faltima versi\u00f3n, la 14.43.0, publicada el 6 de noviembre de 2024. Los usuarios deben actualizar a la versi\u00f3n 14.43.0 o posterior para solucionar esta vulnerabilidad. Si la actualizaci\u00f3n a la versi\u00f3n 14.43.0 no es posible de inmediato, los usuarios pueden mitigar la vulnerabilidad implementando middleware para interceptar y validar las solicitudes a los endpoints modales asincr\u00f3nicos, lo que permite solo los m\u00e9todos y par\u00e1metros aprobados." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-519xx/CVE-2024-51997.json b/CVE-2024/CVE-2024-519xx/CVE-2024-51997.json index 1d2d68525b9..ed339245e55 100644 --- a/CVE-2024/CVE-2024-519xx/CVE-2024-51997.json +++ b/CVE-2024/CVE-2024-519xx/CVE-2024-51997.json @@ -2,13 +2,17 @@ "id": "CVE-2024-51997", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T19:15:06.487", - "lastModified": "2024-11-08T19:15:06.487", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Trustee is a set of tools and components for attesting confidential guests and providing secrets to them. The ART (**Attestation Results Token**) token, generated by AS, could be manipulated by MITM attacker, but the verifier (CoCo Verification Demander like KBS) could still verify it successfully. In the payload of ART token, the \u2018jwk\u2019 could be replaced by attacker with his own pub key. Then attacker can use his own corresponding private key to sign the crafted ART token. Based on current code implementation (v0.8.0), such replacement and modification can not be detected. This issue has been addressed in version 0.8.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Trustee es un conjunto de herramientas y componentes para certificar a los invitados confidenciales y proporcionarles secretos. El token ART (**Attestation Results Token**), generado por AS, podr\u00eda ser manipulado por un atacante MITM, pero el verificador (CoCo Verification Demander como KBS) a\u00fan podr\u00eda verificarlo con \u00e9xito. En el payload del token ART, el atacante podr\u00eda reemplazar el 'jwk' con su propia clave p\u00fablica. Luego, el atacante puede usar su propia clave privada correspondiente para firmar el token ART creado. Seg\u00fan la implementaci\u00f3n del c\u00f3digo actual (v0.8.0), no se puede detectar dicho reemplazo y modificaci\u00f3n. Este problema se ha solucionado en la versi\u00f3n 0.8.2 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52000.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52000.json index e42e231e945..13adc9c3493 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52000.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52000.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52000", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T23:15:03.817", - "lastModified": "2024-11-08T23:15:03.817", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Combodo iTop is a simple, web based IT Service Management tool. Affected versions are subject to a reflected Cross-site Scripting (XSS) exploit by way of editing a request's payload which can lead to malicious javascript execution. This issue has been addressed in version 3.2.0 via systematic escaping of error messages when rendering on the page. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. Las versiones afectadas est\u00e1n sujetas a una vulnerabilidad de tipo Cross-site Scripting (XSS) que se ve reflejada al editar el payload de una solicitud, lo que puede provocar la ejecuci\u00f3n de JavaScript malicioso. Este problema se ha solucionado en la versi\u00f3n 3.2.0 mediante el escape sistem\u00e1tico de mensajes de error al mostrarse en la p\u00e1gina. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52001.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52001.json index 097dbc285ce..5e62c769855 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52001.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52001.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52001", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T23:15:04.153", - "lastModified": "2024-11-08T23:15:04.153", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Combodo iTop is a simple, web based IT Service Management tool. In affected versions portal users are able to access forbidden services information. This issue has been addressed in version 3.2.0. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la web. En las versiones afectadas, los usuarios del portal pueden acceder a informaci\u00f3n de servicios prohibidos. Este problema se ha solucionado en la versi\u00f3n 3.2.0. Se recomienda a todos los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52002.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52002.json index 69752893a2b..dbc0d969d13 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52002.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52002.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52002", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T23:15:04.410", - "lastModified": "2024-11-08T23:15:04.410", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Combodo iTop is a simple, web based IT Service Management tool. Several url endpoints are subject to a Cross-Site Request Forgery (CSRF) vulnerability. Please refer to the linked GHSA for the complete list. This issue has been addressed in version 3.2.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Combodo iTop es una herramienta de gesti\u00f3n de servicios de TI sencilla y basada en la Web. Varios endpoints de URL est\u00e1n sujetos a una vulnerabilidad de Cross-Site Request Forgery (CSRF). Consulte la GHSA vinculada para obtener la lista completa. Este problema se ha solucionado en la versi\u00f3n 3.2.0 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52004.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52004.json index 602c05144ed..a45a3718595 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52004.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52004.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52004", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T23:15:04.627", - "lastModified": "2024-11-08T23:15:04.627", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "MediaCMS is an open source video and media CMS, written in Python/Django and React, featuring a REST API. MediaCMS has been prone to vulnerabilities that upon special cases can lead to remote code execution. All versions before v4.1.0 are susceptible, and users are highly recommended to upgrade.\u00a0The vulnerabilities are related with insufficient input validation while uploading media content. The condition to exploit the vulnerability is that the portal allows users to upload content. This issue has been patched in version 4.1.0. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "MediaCMS es un CMS de video y multimedia de c\u00f3digo abierto, escrito en Python/Django y React, que cuenta con una API REST. MediaCMS ha sido propenso a vulnerabilidades que, en casos especiales, pueden provocar la ejecuci\u00f3n remota de c\u00f3digo. Todas las versiones anteriores a la v4.1.0 son susceptibles y se recomienda encarecidamente a los usuarios que actualicen la versi\u00f3n. Las vulnerabilidades est\u00e1n relacionadas con una validaci\u00f3n de entrada insuficiente al cargar contenido multimedia. La condici\u00f3n para explotar la vulnerabilidad es que el portal permita a los usuarios cargar contenido. Este problema se ha corregido en la versi\u00f3n 4.1.0. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52007.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52007.json index 9f1dd9f9a15..df998b64dd0 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52007.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52007.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52007", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T23:15:04.757", - "lastModified": "2024-11-08T23:15:04.757", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. XSLT parsing performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag ( ]> could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This is related to GHSA-6cr6-ph3p-f5rf, in which its fix (#1571 & #1717) was incomplete. This issue has been addressed in release version 6.4.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "HAPI FHIR es una implementaci\u00f3n completa del est\u00e1ndar HL7 FHIR para la interoperabilidad de la atenci\u00f3n m\u00e9dica en Java. El an\u00e1lisis XSLT realizado por varios componentes es vulnerable a las inyecciones de entidades externas XML. Un archivo XML procesado con una etiqueta DTD maliciosa ( ]> podr\u00eda producir XML que contenga datos del sistema host. Esto afecta los casos de uso en los que se utiliza org.hl7.fhir.core dentro de un host donde los clientes externos pueden enviar XML. Esto est\u00e1 relacionado con GHSA-6cr6-ph3p-f5rf, en el que su correcci\u00f3n (#1571 y #1717) estaba incompleta. Este problema se ha solucionado en la versi\u00f3n de lanzamiento 6.4.0 y se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52009.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52009.json index a15d6c235bc..159df84fd75 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52009.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52009.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52009", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-08T23:15:05.030", - "lastModified": "2024-11-08T23:15:05.030", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Atlantis logs contains GitHub credentials (tokens `ghs_...`) when they are rotated. This enables an attacker able to read these logs to impersonate Atlantis application and to perform actions on GitHub. When Atlantis is used to administer a GitHub organization, this enables getting administration privileges on the organization. This was reported in #4060 and fixed in #4667 . The fix was included in Atlantis v0.30.0. All users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Atlantis es una aplicaci\u00f3n Golang autoalojada que escucha los eventos de solicitud de extracci\u00f3n de Terraform a trav\u00e9s de webhooks. Los registros de Atlantis contienen credenciales de GitHub (tokens `ghs_...`) cuando se rotan. Esto permite que un atacante pueda leer estos registros para hacerse pasar por la aplicaci\u00f3n Atlantis y realizar acciones en GitHub. Cuando se utiliza Atlantis para administrar una organizaci\u00f3n de GitHub, esto permite obtener privilegios de administraci\u00f3n en la organizaci\u00f3n. Esto se inform\u00f3 en #4060 y se corrigi\u00f3 en #4667. La correcci\u00f3n se incluy\u00f3 en Atlantis v0.30.0. Se recomienda a todos los usuarios que actualicen. No existen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-520xx/CVE-2024-52032.json b/CVE-2024/CVE-2024-520xx/CVE-2024-52032.json index 556627af4a5..2e1cdaa08dd 100644 --- a/CVE-2024/CVE-2024-520xx/CVE-2024-52032.json +++ b/CVE-2024/CVE-2024-520xx/CVE-2024-52032.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52032", "sourceIdentifier": "responsibledisclosure@mattermost.com", "published": "2024-11-09T18:15:15.203", - "lastModified": "2024-11-09T18:15:15.203", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Mattermost versions 10.0.x <= 10.0.0 and 9.11.x <= 9.11.2 fail to properly query ElasticSearch when\u00a0searching for the channel name in channel switcher\u00a0which allows an attacker to get private channels names of channels that they are not a member of,\u00a0when Elasticsearch v8 was enabled." + }, + { + "lang": "es", + "value": "Las versiones 10.0.x <= 10.0.0 y 9.11.x <= 9.11.2 de Mattermost no pueden consultar correctamente ElasticSearch cuando buscan el nombre del canal en el conmutador de canales, lo que permite que un atacante obtenga nombres de canales privados de canales de los que no es miembro, cuando Elasticsearch v8 estaba habilitado." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52286.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52286.json index e3d37548e7f..fb340682095 100644 --- a/CVE-2024/CVE-2024-522xx/CVE-2024-52286.json +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52286.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52286", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:19.867", - "lastModified": "2024-11-11T20:15:19.867", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. In affected versions the Merge functionality takes untrusted user input (file name) and uses it directly in the creation of HTML pages allowing any unauthenticated to execute JavaScript code in the context of the user. The issue stems to the code starting at `Line 24` in `src/main/resources/static/js/merge.js`. The file name is directly being input into InnerHTML with no sanitization on the file name, allowing a malicious user to be able to upload files with names containing HTML tags. As HTML tags can include JavaScript code, this can be used to execute JavaScript code in the context of the user. This is a self-injection style attack and relies on a user uploading the malicious file themselves and it impact only them, not other users. A user might be social engineered into running this to launch a phishing attack. Nevertheless, this breaks the expected security restrictions in place by the application. This issue has been addressed in version 0.32.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "Stirling-PDF es una aplicaci\u00f3n web alojada localmente que permite realizar varias operaciones en archivos PDF. En las versiones afectadas, la funci\u00f3n Merge toma la entrada de usuario no confiable (nombre de archivo) y la usa directamente en la creaci\u00f3n de p\u00e1ginas HTML, lo que permite que cualquier usuario no autenticado ejecute c\u00f3digo JavaScript en el contexto del usuario. El problema se origina en el c\u00f3digo que comienza en la `L\u00ednea 24` en `src/main/resources/static/js/merge.js`. El nombre del archivo se ingresa directamente en InnerHTML sin sanitizar el nombre del archivo, lo que permite que un usuario malintencionado pueda cargar archivos con nombres que contengan etiquetas HTML. Como las etiquetas HTML pueden incluir c\u00f3digo JavaScript, esto se puede usar para ejecutar c\u00f3digo JavaScript en el contexto del usuario. Este es un ataque de estilo de autoinyecci\u00f3n y se basa en que un usuario cargue el archivo malicioso por s\u00ed mismo y solo lo afecta a \u00e9l, no a otros usuarios. Se puede inducir a un usuario a ejecutar esto para lanzar un ataque de phishing. Sin embargo, esto rompe las restricciones de seguridad esperadas establecidas por la aplicaci\u00f3n. Este problema se ha solucionado en la versi\u00f3n 0.32.0 y se recomienda a todos los usuarios que actualicen la versi\u00f3n. No existen workarounds conocidas para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-522xx/CVE-2024-52288.json b/CVE-2024/CVE-2024-522xx/CVE-2024-52288.json index 7ab839af468..9670d03512e 100644 --- a/CVE-2024/CVE-2024-522xx/CVE-2024-52288.json +++ b/CVE-2024/CVE-2024-522xx/CVE-2024-52288.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52288", "sourceIdentifier": "security-advisories@github.com", "published": "2024-11-11T20:15:20.013", - "lastModified": "2024-11-11T20:15:20.013", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "libosdp is an implementation of IEC 60839-11-5 OSDP (Open Supervised Device Protocol) and provides a C library with support for C++, Rust and Python3. In affected versions an unexpected `REPLY_CCRYPT` or `REPLY_RMAC_I` may be introduced into an active stream when they should not be. Once RMAC_I message can be sent during a session, attacker with MITM access to the communication may intercept the original RMAC_I reply and save it. While the session continues, the attacker will record all of the replies and save them, till capturing the message to be replied (can be detected by ID, length or time based on inspection of visual activity next to the reader) Once attacker captures a session with the message to be replayed, he stops resetting the connection and waits for signal to perform the replay to of the PD to CP message (ex: by signaling remotely to the MIMT device or setting a specific timing). In order to replay, the attacker will craft a specific RMAC_I message in the proper seq of the execution, which will result in reverting the RMAC to the beginning of the session. At that phase - attacker can replay all the messages from the beginning of the session. This issue has been addressed in commit `298576d9` which is included in release version 3.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability." + }, + { + "lang": "es", + "value": "libosdp es una implementaci\u00f3n de IEC 60839-11-5 OSDP (Open Supervised Device Protocol) y proporciona una librer\u00eda C con soporte para C++, Rust y Python3. En las versiones afectadas, se puede introducir un `REPLY_CCRYPT` o `REPLY_RMAC_I` inesperado en un flujo activo cuando no deber\u00eda ser as\u00ed. Una vez que se puede enviar un mensaje RMAC_I durante una sesi\u00f3n, el atacante con acceso MITM a la comunicaci\u00f3n puede interceptar la respuesta RMAC_I original y guardarla. Mientras la sesi\u00f3n contin\u00faa, el atacante registrar\u00e1 todas las respuestas y las guardar\u00e1, hasta capturar el mensaje a ser respondido (se puede detectar por ID, longitud o tiempo en funci\u00f3n de la inspecci\u00f3n de la actividad visual junto al lector). Una vez que el atacante captura una sesi\u00f3n con el mensaje a ser reproducido, deja de restablecer la conexi\u00f3n y espera la se\u00f1al para realizar la reproducci\u00f3n del mensaje PD a CP (por ejemplo: se\u00f1alando remotamente al dispositivo MIMT o estableciendo un tiempo espec\u00edfico). Para poder reproducir, el atacante crear\u00e1 un mensaje RMAC_I espec\u00edfico en la secuencia adecuada de ejecuci\u00f3n, lo que har\u00e1 que el RMAC vuelva al principio de la sesi\u00f3n. En esa fase, el atacante puede reproducir todos los mensajes desde el principio de la sesi\u00f3n. Este problema se ha solucionado en el commit `298576d9`, que se incluye en la versi\u00f3n de lanzamiento 3.0.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52311.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52311.json index 5361937cadc..907bd29dc07 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52311.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52311.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52311", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2024-11-09T01:15:04.133", - "lastModified": "2024-11-09T02:15:17.563", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Authentication tokens issued via Cognito in data.all are not invalidated on log out, allowing for previously authenticated user to continue execution of authorized API Requests until token is expired." + }, + { + "lang": "es", + "value": "Los tokens de autenticaci\u00f3n emitidos a trav\u00e9s de Cognito en data.all no se invalidan al cerrar la sesi\u00f3n, lo que permite que el usuario previamente autenticado contin\u00fae con la ejecuci\u00f3n de solicitudes API autorizadas hasta que el token caduque." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52312.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52312.json index 0786ec2bb6e..8f879bc937e 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52312.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52312.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52312", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2024-11-09T01:15:04.753", - "lastModified": "2024-11-09T02:15:17.670", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Due to inconsistent authorization permissions, data.all may allow an external actor with an authenticated account to perform restricted operations against DataSets and Environments." + }, + { + "lang": "es", + "value": "Debido a permisos de autorizaci\u00f3n inconsistentes, data.all puede permitir que un actor externo con una cuenta autenticada realice operaciones restringidas contra conjuntos de datos y entornos." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52313.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52313.json index df02038c4d3..de2423abf33 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52313.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52313.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52313", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2024-11-09T01:15:05.363", - "lastModified": "2024-11-09T02:15:17.780", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "An authenticated data.all user is able to manipulate a getDataset query to fetch additional information regarding the parent Environment resource that the user otherwise would not able to fetch by directly querying the object via getEnvironment in data.all." + }, + { + "lang": "es", + "value": "Un usuario autenticado de data.all puede manipular una consulta getDataset para obtener informaci\u00f3n adicional sobre el recurso Environment principal que de otro modo no podr\u00eda obtener consultando directamente el objeto a trav\u00e9s de getEnvironment en data.all." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52314.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52314.json index 6427eabea73..5a1f3c7384f 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52314.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52314.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52314", "sourceIdentifier": "ff89ba41-3aa1-4d27-914a-91399e9639e5", "published": "2024-11-09T01:15:05.863", - "lastModified": "2024-11-09T02:15:17.883", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:54.483", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A data.all admin team member who has access to the customer-owned AWS Account where data.all is deployed may be able to extract user data from data.all application logs in data.all via CloudWatch log scanning for particular operations that interact with customer producer teams data." + }, + { + "lang": "es", + "value": "Un miembro del equipo de administraci\u00f3n de data.all que tenga acceso a la cuenta de AWS propiedad del cliente donde se implementa data.all puede extraer datos de usuario de los registros de la aplicaci\u00f3n data.all en data.all a trav\u00e9s del escaneo de registros de CloudWatch para operaciones particulares que interact\u00faan con los datos de los equipos productores del cliente." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52350.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52350.json index a9ec3632a8f..fd6d02597c2 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52350.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52350.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52350", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T07:15:06.293", - "lastModified": "2024-11-11T07:15:06.293", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CRM 2go allows DOM-Based XSS.This issue affects CRM 2go: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en CRM 2go permite XSS basado en DOM. Este problema afecta a CRM 2go: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52351.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52351.json index e7434e0dca5..e692a195f55 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52351.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52351.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52351", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T07:15:06.583", - "lastModified": "2024-11-11T07:15:06.583", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Boston University (IS&T) BU Slideshow allows Stored XSS.This issue affects BU Slideshow: from n/a through 2.3.10." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Boston University (IS&T) BU Slideshow permite XSS almacenado. Este problema afecta a BU Slideshow: desde n/a hasta 2.3.10." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52352.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52352.json index 60a2ad2882a..2bff32fe327 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52352.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52352.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52352", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T07:15:06.907", - "lastModified": "2024-11-11T07:15:06.907", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Andrew Milo Postcasa Shortcode allows DOM-Based XSS.This issue affects Postcasa Shortcode: from n/a through 1.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Andrew Milo Postcasa Shortcode permite XSS basado en DOM. Este problema afecta a Postcasa Shortcode: desde n/a hasta 1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52353.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52353.json index 52c474cf046..dfe3f8b8d2e 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52353.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52353.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52353", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T07:15:07.223", - "lastModified": "2024-11-11T07:15:07.223", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gabriel Serafini Christian Science Bible Lesson Subjects allows DOM-Based XSS.This issue affects Christian Science Bible Lesson Subjects: from n/a through 2.0." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Gabriel Serafini Christian Science Bible Lesson Subjects permite XSS basado en DOM. Este problema afecta a los temas de lecciones b\u00edblicas de la Ciencia Cristiana: desde n/a hasta 2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52354.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52354.json index 8084566490a..7ae6ba64a4c 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52354.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52354.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52354", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T07:15:07.500", - "lastModified": "2024-11-11T07:15:07.500", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cool Plugins Web Stories Widgets For Elementor allows Stored XSS.This issue affects Web Stories Widgets For Elementor: from n/a through 1.1." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Cool Plugins Web Stories Widgets For Elementor permite XSS almacenado. Este problema afecta a Web Stories Widgets For Elementor: desde n/a hasta 1.1." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52355.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52355.json index 4196cd99697..09508410246 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52355.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52355.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52355", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T07:15:07.790", - "lastModified": "2024-11-11T07:15:07.790", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hyumika OSM \u2013 OpenStreetMap allows Stored XSS.This issue affects OSM \u2013 OpenStreetMap: from n/a through 6.1.2." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Hyumika OSM \u2013 OpenStreetMap permite XSS almacenado. Este problema afecta a OSM \u2013 OpenStreetMap: desde n/a hasta 6.1.2." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52356.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52356.json index 3958cfd7cb0..b3de657d7d4 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52356.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52356.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52356", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:10.153", - "lastModified": "2024-11-11T06:15:10.153", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Webangon The Pack Elementor addons allows Stored XSS.This issue affects The Pack Elementor addons: from n/a through 2.1.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Webangon The Pack Elementor addons permite XSS almacenado. Este problema afecta a los complementos The Pack Elementor: desde n/a hasta 2.1.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52357.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52357.json index 09257b3c625..367810d5945 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52357.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52357.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52357", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:10.440", - "lastModified": "2024-11-11T06:15:10.440", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in LIQUID DESIGN Ltd. LIQUID BLOCKS allows Stored XSS.This issue affects LIQUID BLOCKS: from n/a through 1.2.0." + }, + { + "lang": "es", + "value": "Vulnerabilidad de neutralizaci\u00f3n inadecuada de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en LIQUID DESIGN Ltd. LIQUID BLOCKS permite XSS almacenado. Este problema afecta a LIQUID BLOCKS: desde n/a hasta 1.2.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-523xx/CVE-2024-52358.json b/CVE-2024/CVE-2024-523xx/CVE-2024-52358.json index b50faf98bcd..7c8c6503ac9 100644 --- a/CVE-2024/CVE-2024-523xx/CVE-2024-52358.json +++ b/CVE-2024/CVE-2024-523xx/CVE-2024-52358.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52358", "sourceIdentifier": "audit@patchstack.com", "published": "2024-11-11T06:15:10.737", - "lastModified": "2024-11-11T06:15:10.737", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Cyberchimps Responsive Addons for Elementor allows DOM-Based XSS.This issue affects Responsive Addons for Elementor: from n/a through 1.5.4." + }, + { + "lang": "es", + "value": "La vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web (XSS o 'Cross-site Scripting') en Cyberchimps Responsive Addons for Elementor permite XSS basado en DOM. Este problema afecta a Responsive Addons for Elementor: desde n/a hasta 1.5.4." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52530.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52530.json index 930f8d13310..119c59b8372 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52530.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52530.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52530", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:20.247", - "lastModified": "2024-11-11T20:15:20.247", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations because '\\0' characters at the end of header names are ignored, i.e., a \"Transfer-Encoding\\0: chunked\" header is treated the same as a \"Transfer-Encoding: chunked\" header." + }, + { + "lang": "es", + "value": "La librer\u00eda libsoup de GNOME anterior a 3.6.0 permite el contrabando de solicitudes HTTP en algunas configuraciones porque se ignoran los caracteres '\\0' al final de los nombres de encabezado, es decir, un encabezado \"Transfer-Encoding\\0: chunked\" se trata de la misma manera que un encabezado \"Transfer-Encoding: chunked\"." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52531.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52531.json index 7c54b5c71d6..bb0e759b4bf 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52531.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52531.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52531", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:20.313", - "lastModified": "2024-11-11T20:15:20.313", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. Input received over the network cannot trigger this." + }, + { + "lang": "es", + "value": "Las versiones anteriores a 3.6.1 libsoup de GNOME permiten un desbordamiento de b\u00fafer en aplicaciones que realizan conversiones a UTF-8 en soup_header_parse_param_list_strict. La entrada recibida a trav\u00e9s de la red no puede provocar este desbordamiento." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52532.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52532.json index 0f6463d3ba1..46e217581ea 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52532.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52532.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52532", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T20:15:20.370", - "lastModified": "2024-11-11T20:15:20.370", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "GNOME libsoup before 3.6.1 has an infinite loop, and memory consumption. during the reading of certain patterns of WebSocket data from clients." + }, + { + "lang": "es", + "value": "La versi\u00f3n libsoup de GNOME anterior a 3.6.1 tiene un bucle infinito y consumo de memoria durante la lectura de ciertos patrones de datos WebSocket de los clientes." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-525xx/CVE-2024-52533.json b/CVE-2024/CVE-2024-525xx/CVE-2024-52533.json index 67ef377eb45..aa843eaaf65 100644 --- a/CVE-2024/CVE-2024-525xx/CVE-2024-52533.json +++ b/CVE-2024/CVE-2024-525xx/CVE-2024-52533.json @@ -2,13 +2,17 @@ "id": "CVE-2024-52533", "sourceIdentifier": "cve@mitre.org", "published": "2024-11-11T23:15:05.967", - "lastModified": "2024-11-11T23:15:05.967", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\\0' character." + }, + { + "lang": "es", + "value": "gio/gsocks4aproxy.c en GNOME GLib anterior a 2.82.1 tiene un error de un byte y el consiguiente desbordamiento de b\u00fafer porque SOCKS4_CONN_MSG_LEN no es suficiente para un car\u00e1cter '\\0' final." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-87xx/CVE-2024-8756.json b/CVE-2024/CVE-2024-87xx/CVE-2024-8756.json index 6e09e7aa2f6..eac1e92dfea 100644 --- a/CVE-2024/CVE-2024-87xx/CVE-2024-8756.json +++ b/CVE-2024/CVE-2024-87xx/CVE-2024-8756.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8756", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T06:15:16.383", - "lastModified": "2024-11-09T06:15:16.383", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes it possible for unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users. Files uploaded via forms created before version 2.21.0 will remain vulnerable to exposure after upgrading. To fully patch the plugin, site administrators should download any previously uploaded files, delete previously existing files and forms, and create the forms again after upgrading to version 2.21.0." + }, + { + "lang": "es", + "value": "El complemento Quform - WordPress Form Builder para WordPress es vulnerable a la exposici\u00f3n de informaci\u00f3n confidencial en todas las versiones hasta la 2.20.0 incluida a trav\u00e9s de la funci\u00f3n \"saveUploadedFile\". Esto permite que atacantes no autenticados extraigan datos confidenciales, como informaci\u00f3n de identificaci\u00f3n personal, de los archivos cargados por los usuarios. Los archivos cargados a trav\u00e9s de formularios creados antes de la versi\u00f3n 2.21.0 seguir\u00e1n siendo vulnerables a la exposici\u00f3n despu\u00e9s de la actualizaci\u00f3n. Para aplicar un parche completo al complemento, los administradores del sitio deben descargar todos los archivos cargados previamente, eliminar los archivos y formularios existentes y volver a crear los formularios despu\u00e9s de actualizar a la versi\u00f3n 2.21.0." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8881.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8881.json index e5fda9220a2..034e74aaa02 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8881.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8881.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8881", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-11-12T02:15:18.817", - "lastModified": "2024-11-12T02:15:18.817", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A post-authentication command injection vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier could allow an authenticated, LAN-based attacker with administrator privileges to execute some operating system (OS) commands on an affected device by sending a crafted HTTP request." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de inyecci\u00f3n de comandos posterior a la autenticaci\u00f3n en el programa CGI en el firmware del conmutador Zyxel GS1900-48 versi\u00f3n V2.80(AAHN.1)C0 y anteriores podr\u00eda permitir que un atacante autenticado basado en LAN con privilegios de administrador ejecute algunos comandos del sistema operativo (OS) en un dispositivo afectado mediante el env\u00edo de una solicitud HTTP manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-88xx/CVE-2024-8882.json b/CVE-2024/CVE-2024-88xx/CVE-2024-8882.json index 7df32e3fe79..c6f3afea283 100644 --- a/CVE-2024/CVE-2024-88xx/CVE-2024-8882.json +++ b/CVE-2024/CVE-2024-88xx/CVE-2024-8882.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8882", "sourceIdentifier": "security@zyxel.com.tw", "published": "2024-11-12T02:15:19.160", - "lastModified": "2024-11-12T02:15:19.160", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Undergoing Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "A buffer overflow vulnerability in the CGI program in the Zyxel GS1900-48 switch firmware version V2.80(AAHN.1)C0 and earlier\u00a0could allow an authenticated, LAN-based attacker with administrator privileges to cause denial of service (DoS) conditions via a crafted URL." + }, + { + "lang": "es", + "value": "Una vulnerabilidad de desbordamiento de b\u00fafer en el programa CGI en el firmware del conmutador Zyxel GS1900-48 versi\u00f3n V2.80(AAHN.1)C0 y anteriores podr\u00eda permitir que un atacante autenticado basado en LAN con privilegios de administrador provoque condiciones de denegaci\u00f3n de servicio (DoS) a trav\u00e9s de una URL manipulada." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-89xx/CVE-2024-8960.json b/CVE-2024/CVE-2024-89xx/CVE-2024-8960.json index 23f0120878d..06563e74d41 100644 --- a/CVE-2024/CVE-2024-89xx/CVE-2024-8960.json +++ b/CVE-2024/CVE-2024-89xx/CVE-2024-8960.json @@ -2,13 +2,17 @@ "id": "CVE-2024-8960", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:05.740", - "lastModified": "2024-11-09T03:15:05.740", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Cowidgets \u2013 Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento Cowidgets \u2013 Elementor Addons para WordPress es vulnerable a Cross-site Scripting almacenado a trav\u00e9s de cargas de archivos SVG en todas las versiones hasta la 1.2.0 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor y superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9226.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9226.json index eddddfd5729..7d917a04687 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9226.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9226.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9226", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T04:15:05.260", - "lastModified": "2024-11-09T04:15:05.260", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento Landing Page Cat \u2013 Coming Soon Page, Maintenance Page & Squeeze Pages para WordPress es vulnerable a Cross-Site Scripting Reflejado debido al uso de add_query_arg sin el escape apropiado en la URL en todas las versiones hasta la 1.7.6 incluida. Esto hace posible que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9262.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9262.json index ed5f3add244..017f7f3fe2f 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9262.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9262.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9262", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:05.970", - "lastModified": "2024-11-09T03:15:05.970", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The User Meta \u2013 User Profile Builder and User management plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.1 via the getUser() due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to obtain user meta values from form fields. Please note that this requires a site administrator to create a form that displays potentially sensitive information like password hashes. This may also be exploited by unauthenticated users if the 'user-meta-public-profile' shortcode is used insecurely." + }, + { + "lang": "es", + "value": "El complemento User Meta \u2013 User Profile Builder y User management para WordPress es vulnerable a la referencia directa a objetos inseguros en todas las versiones hasta la 3.1 incluida a trav\u00e9s de getUser() debido a la falta de validaci\u00f3n en una clave controlada por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, obtengan valores meta de usuario de los campos de formulario. Tenga en cuenta que esto requiere que un administrador del sitio cree un formulario que muestre informaci\u00f3n potencialmente confidencial, como hashes de contrase\u00f1as. Esto tambi\u00e9n puede ser explotado por usuarios no autenticados si el c\u00f3digo corto 'user-meta-public-profile' se usa de forma insegura." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-92xx/CVE-2024-9270.json b/CVE-2024/CVE-2024-92xx/CVE-2024-9270.json index 63c09a6e4e8..7a8ab9a8a9c 100644 --- a/CVE-2024/CVE-2024-92xx/CVE-2024-9270.json +++ b/CVE-2024/CVE-2024-92xx/CVE-2024-9270.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9270", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:06.207", - "lastModified": "2024-11-09T03:15:06.207", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Lenxel Core for Lenxel(LNX) LMS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file." + }, + { + "lang": "es", + "value": "El complemento LMS Lenxel Core for Lenxel (LNX) para WordPress es vulnerable a Cross-site Scripting almacenado mediante cargas de archivos SVG en todas las versiones hasta la 1.1 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes autenticados, con acceso de nivel de autor o superior, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda al archivo SVG." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-93xx/CVE-2024-9357.json b/CVE-2024/CVE-2024-93xx/CVE-2024-9357.json index e69269d495b..f34867a32e7 100644 --- a/CVE-2024/CVE-2024-93xx/CVE-2024-9357.json +++ b/CVE-2024/CVE-2024-93xx/CVE-2024-9357.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9357", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-12T06:15:04.363", - "lastModified": "2024-11-12T06:15:04.363", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The xili-tidy-tags plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 1.12.04 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link." + }, + { + "lang": "es", + "value": "El complemento xili-tidy-tags para WordPress es vulnerable a ataques de Cross Site Scripting reflejado a trav\u00e9s del par\u00e1metro 'action' en todas las versiones hasta la 1.12.04 incluida, debido a una desinfecci\u00f3n de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutan si logran enga\u00f1ar a un usuario para que realice una acci\u00f3n, como hacer clic en un enlace." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-97xx/CVE-2024-9775.json b/CVE-2024/CVE-2024-97xx/CVE-2024-9775.json index 004615d2358..0ef179e4b4d 100644 --- a/CVE-2024/CVE-2024-97xx/CVE-2024-9775.json +++ b/CVE-2024/CVE-2024-97xx/CVE-2024-9775.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9775", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T03:15:06.423", - "lastModified": "2024-11-09T03:15:06.423", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Anih - Creative Agency WordPress Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2024 due to an incomplete blacklist, insufficient input sanitization, and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled." + }, + { + "lang": "es", + "value": "El tema Anih - Creative Agency WordPress Theme para WordPress es vulnerable a Cross-site Scripting almacenado a trav\u00e9s de la configuraci\u00f3n de administrador en todas las versiones hasta la 2024 incluida debido a una lista negra incompleta, una desinfecci\u00f3n de entrada insuficiente y un escape de salida. Esto hace posible que atacantes autenticados, con permisos de nivel de administrador y superiores, inyecten secuencias de comandos web arbitrarias en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a instalaciones de varios sitios e instalaciones en las que se ha deshabilitado unfiltered_html." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9835.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9835.json index 026a3c4eb75..e4340182c4f 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9835.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9835.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9835", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-12T06:15:04.677", - "lastModified": "2024-11-12T06:15:04.677", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The RSS Feed Widget WordPress plugin before 3.0.1 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers" + }, + { + "lang": "es", + "value": "El complemento RSS Feed Widget de WordPress anterior a la versi\u00f3n 3.0.1 no escapa al par\u00e1metro $_SERVER['REQUEST_URI'] antes de mostrarlo nuevamente en un atributo, lo que podr\u00eda generar Cross Site Scripting reflejado en navegadores web antiguos." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9836.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9836.json index 5165a34d733..3f8062b6314 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9836.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9836.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9836", "sourceIdentifier": "contact@wpscan.com", "published": "2024-11-12T06:15:04.767", - "lastModified": "2024-11-12T06:15:04.767", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:55:21.227", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The RSS Feed Widget WordPress plugin before 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks." + }, + { + "lang": "es", + "value": "El complemento RSS Feed Widget de WordPress anterior a la versi\u00f3n 3.0.0 no valida ni escapa algunos de sus atributos de c\u00f3digo corto antes de mostrarlos nuevamente en una p\u00e1gina/publicaci\u00f3n donde est\u00e1 incrustado el c\u00f3digo corto, lo que podr\u00eda permitir a los usuarios con el rol de colaborador y superior realizar ataques de Cross Site Scripting almacenado." } ], "metrics": {}, diff --git a/CVE-2024/CVE-2024-98xx/CVE-2024-9874.json b/CVE-2024/CVE-2024-98xx/CVE-2024-9874.json index f2ac95aeecc..ea50faa6451 100644 --- a/CVE-2024/CVE-2024-98xx/CVE-2024-9874.json +++ b/CVE-2024/CVE-2024-98xx/CVE-2024-9874.json @@ -2,13 +2,17 @@ "id": "CVE-2024-9874", "sourceIdentifier": "security@wordfence.com", "published": "2024-11-09T07:15:07.297", - "lastModified": "2024-11-09T07:15:07.297", - "vulnStatus": "Received", + "lastModified": "2024-11-12T13:56:24.513", + "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ { "lang": "en", "value": "The Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the \u2018orderby\u2019 parameter in all versions up to, and including, 5.4.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database." + }, + { + "lang": "es", + "value": "El complemento Poll Maker \u2013 Versus Polls, Anonymous Polls, Image Polls para WordPress es vulnerable a la inyecci\u00f3n SQL basada en tiempo a trav\u00e9s del par\u00e1metro 'orderby' en todas las versiones hasta la 5.4.6 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que los atacantes autenticados, con acceso de nivel de administrador y superior, agreguen consultas SQL adicionales a las consultas ya existentes que se pueden usar para extraer informaci\u00f3n confidencial de la base de datos." } ], "metrics": { diff --git a/README.md b/README.md index 1c922766773..0e279850a9c 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-11-12T13:00:19.883444+00:00 +2024-11-12T15:00:38.996511+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-11-12T11:15:03.840000+00:00 +2024-11-12T14:59:22.600000+00:00 ``` ### Last Data Feed Release @@ -33,21 +33,69 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -269115 +269142 ``` ### CVEs added in the last Commit -Recently added CVEs: `1` +Recently added CVEs: `27` -- [CVE-2024-9998](CVE-2024/CVE-2024-99xx/CVE-2024-9998.json) (`2024-11-12T11:15:03.840`) +- [CVE-2024-11122](CVE-2024/CVE-2024-111xx/CVE-2024-11122.json) (`2024-11-12T13:15:06.700`) +- [CVE-2024-11123](CVE-2024/CVE-2024-111xx/CVE-2024-11123.json) (`2024-11-12T13:15:06.987`) +- [CVE-2024-11124](CVE-2024/CVE-2024-111xx/CVE-2024-11124.json) (`2024-11-12T14:15:16.260`) +- [CVE-2024-29119](CVE-2024/CVE-2024-291xx/CVE-2024-29119.json) (`2024-11-12T13:15:07.263`) +- [CVE-2024-36140](CVE-2024/CVE-2024-361xx/CVE-2024-36140.json) (`2024-11-12T13:15:07.957`) +- [CVE-2024-44102](CVE-2024/CVE-2024-441xx/CVE-2024-44102.json) (`2024-11-12T13:15:08.203`) +- [CVE-2024-46888](CVE-2024/CVE-2024-468xx/CVE-2024-46888.json) (`2024-11-12T13:15:08.927`) +- [CVE-2024-46889](CVE-2024/CVE-2024-468xx/CVE-2024-46889.json) (`2024-11-12T13:15:09.200`) +- [CVE-2024-46890](CVE-2024/CVE-2024-468xx/CVE-2024-46890.json) (`2024-11-12T13:15:09.463`) +- [CVE-2024-46891](CVE-2024/CVE-2024-468xx/CVE-2024-46891.json) (`2024-11-12T13:15:09.693`) +- [CVE-2024-46892](CVE-2024/CVE-2024-468xx/CVE-2024-46892.json) (`2024-11-12T13:15:09.940`) +- [CVE-2024-46894](CVE-2024/CVE-2024-468xx/CVE-2024-46894.json) (`2024-11-12T13:15:10.193`) +- [CVE-2024-47783](CVE-2024/CVE-2024-477xx/CVE-2024-47783.json) (`2024-11-12T13:15:10.433`) +- [CVE-2024-47808](CVE-2024/CVE-2024-478xx/CVE-2024-47808.json) (`2024-11-12T13:15:10.677`) +- [CVE-2024-47940](CVE-2024/CVE-2024-479xx/CVE-2024-47940.json) (`2024-11-12T13:15:10.920`) +- [CVE-2024-47941](CVE-2024/CVE-2024-479xx/CVE-2024-47941.json) (`2024-11-12T13:15:11.167`) +- [CVE-2024-47942](CVE-2024/CVE-2024-479xx/CVE-2024-47942.json) (`2024-11-12T13:15:11.427`) +- [CVE-2024-50310](CVE-2024/CVE-2024-503xx/CVE-2024-50310.json) (`2024-11-12T13:15:11.660`) +- [CVE-2024-50313](CVE-2024/CVE-2024-503xx/CVE-2024-50313.json) (`2024-11-12T13:15:11.910`) +- [CVE-2024-50557](CVE-2024/CVE-2024-505xx/CVE-2024-50557.json) (`2024-11-12T13:15:12.157`) +- [CVE-2024-50558](CVE-2024/CVE-2024-505xx/CVE-2024-50558.json) (`2024-11-12T13:15:12.403`) +- [CVE-2024-50559](CVE-2024/CVE-2024-505xx/CVE-2024-50559.json) (`2024-11-12T13:15:12.653`) +- [CVE-2024-50560](CVE-2024/CVE-2024-505xx/CVE-2024-50560.json) (`2024-11-12T13:15:12.913`) +- [CVE-2024-50561](CVE-2024/CVE-2024-505xx/CVE-2024-50561.json) (`2024-11-12T13:15:13.260`) +- [CVE-2024-50572](CVE-2024/CVE-2024-505xx/CVE-2024-50572.json) (`2024-11-12T13:15:13.503`) ### CVEs modified in the last Commit -Recently modified CVEs: `1` +Recently modified CVEs: `424` -- [CVE-2024-10245](CVE-2024/CVE-2024-102xx/CVE-2024-10245.json) (`2024-11-12T10:15:04.003`) +- [CVE-2024-52350](CVE-2024/CVE-2024-523xx/CVE-2024-52350.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52351](CVE-2024/CVE-2024-523xx/CVE-2024-52351.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52352](CVE-2024/CVE-2024-523xx/CVE-2024-52352.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52353](CVE-2024/CVE-2024-523xx/CVE-2024-52353.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52354](CVE-2024/CVE-2024-523xx/CVE-2024-52354.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52355](CVE-2024/CVE-2024-523xx/CVE-2024-52355.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52356](CVE-2024/CVE-2024-523xx/CVE-2024-52356.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52357](CVE-2024/CVE-2024-523xx/CVE-2024-52357.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52358](CVE-2024/CVE-2024-523xx/CVE-2024-52358.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52530](CVE-2024/CVE-2024-525xx/CVE-2024-52530.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52531](CVE-2024/CVE-2024-525xx/CVE-2024-52531.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52532](CVE-2024/CVE-2024-525xx/CVE-2024-52532.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-52533](CVE-2024/CVE-2024-525xx/CVE-2024-52533.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-8756](CVE-2024/CVE-2024-87xx/CVE-2024-8756.json) (`2024-11-12T13:56:24.513`) +- [CVE-2024-8881](CVE-2024/CVE-2024-88xx/CVE-2024-8881.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-8882](CVE-2024/CVE-2024-88xx/CVE-2024-8882.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-8960](CVE-2024/CVE-2024-89xx/CVE-2024-8960.json) (`2024-11-12T13:56:24.513`) +- [CVE-2024-9226](CVE-2024/CVE-2024-92xx/CVE-2024-9226.json) (`2024-11-12T13:56:24.513`) +- [CVE-2024-9262](CVE-2024/CVE-2024-92xx/CVE-2024-9262.json) (`2024-11-12T13:56:24.513`) +- [CVE-2024-9270](CVE-2024/CVE-2024-92xx/CVE-2024-9270.json) (`2024-11-12T13:56:24.513`) +- [CVE-2024-9357](CVE-2024/CVE-2024-93xx/CVE-2024-9357.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-9775](CVE-2024/CVE-2024-97xx/CVE-2024-9775.json) (`2024-11-12T13:56:24.513`) +- [CVE-2024-9835](CVE-2024/CVE-2024-98xx/CVE-2024-9835.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-9836](CVE-2024/CVE-2024-98xx/CVE-2024-9836.json) (`2024-11-12T13:55:21.227`) +- [CVE-2024-9874](CVE-2024/CVE-2024-98xx/CVE-2024-9874.json) (`2024-11-12T13:56:24.513`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 18fa3c7628e..d71f5143d4e 100644 --- a/_state.csv +++ b/_state.csv @@ -145379,11 +145379,11 @@ CVE-2020-1036,0,0,2874076b164573c9efd1f421af714a327548905044a81ef0e8ef1552d41acb CVE-2020-10364,0,0,611ab9368b8f83e21cead790c378447607502fb33a5a29a9f13f245e88a058ce,2021-07-21T11:39:23.747000 CVE-2020-10365,0,0,d3d68b994e9bb439f53a91ee98dcef796959b6dd3c666ec37fae3d2b425582d8,2020-03-27T14:06:01.573000 CVE-2020-10366,0,0,4e2a033e67dfec1f609656013334699a8eb3fc01e5fc13ccd6a347df3aa59246,2020-04-09T13:42:55.633000 -CVE-2020-10367,0,0,99366d757934e2ffcb318b2e00eaf0dbe399e6cacd27b7afad7a728db9b6d240,2024-11-11T00:15:13.480000 -CVE-2020-10368,0,0,cb24fa279f6bc07ed167d02787a9b540b83587eff5bfcf1d5f872ca1af07b78d,2024-11-11T00:15:13.607000 -CVE-2020-10369,0,0,146d5275af3b0aa5bfb1751bac3ef184b0829729e95059ab6c1e6fb775f2e6cd,2024-11-11T00:15:13.660000 +CVE-2020-10367,0,1,d5c0b2bc94828d9e49797050d61767c78043d86cd13fcfa005f6a26e83021f21,2024-11-12T13:55:21.227000 +CVE-2020-10368,0,1,117b0e0cbcc43ebc84d32afcfebfdc395b9bc1f819866463192f66ac7706f618,2024-11-12T13:55:21.227000 +CVE-2020-10369,0,1,dd5a4007e6e83c3c090ed0d7084fc5ce4adb2588c24a3cd80a09d441ce85675a,2024-11-12T13:55:21.227000 CVE-2020-1037,0,0,37b1f612d83cc30e182161b72b7dc2b33f54db0b1459846101bbe7832ab961da,2021-07-21T11:39:23.747000 -CVE-2020-10370,0,0,6ca9d2352207dd9158e75dbbcc2780dc6b2a2eef508efe6fb4a47ba50a0144b8,2024-11-11T00:15:13.707000 +CVE-2020-10370,0,1,87a9fc1e81d9cf0f587d0be9933b7749c33d2f87fc425f3532bae1abe12eb056,2024-11-12T13:55:21.227000 CVE-2020-10372,0,0,057fe8c3886242ba4743ee0731c1b3e91bd8fbd5a9e094cfadb7ecd7f966e658,2020-03-12T18:43:14.093000 CVE-2020-10374,0,0,e0f5cf824a69e15c19ce778116ec2d478043887f56c7a9bb00a2741bd484b3e6,2020-06-25T16:15:11.720000 CVE-2020-10375,0,0,15c11a13974b4c046916cbe154b2872bf5997eee5295d16adb96c2f3f2d2a322,2021-07-21T11:39:23.747000 @@ -178528,7 +178528,7 @@ CVE-2021-35465,0,0,4b40f2b45af9ec0164fa72705921db5f1b77a62d6ff8c449d4a17854ab8ac CVE-2021-35469,0,0,a587ed95e25d1382ac367eee42f15573c5a79c9cdd594adf12a01139af795092,2021-07-19T14:06:16.277000 CVE-2021-3547,0,0,f595c8015d8baa6bd1a62ebce3408c6f420d2e86a4376e57a05473047d1168aa,2022-10-27T12:22:43.533000 CVE-2021-35472,0,0,e466d5ad2f2a80b4ba0e1bfa2a33c254e082505f4937060ee5dd54bad8c013c8,2021-08-11T15:31:21.203000 -CVE-2021-35473,0,0,5fd42e3cf7e9e3c5a1ee81f1ec902f7a21b7a4cc34ed2418e5be0953eb1036cb,2024-11-10T23:15:04.383000 +CVE-2021-35473,0,1,11258f32600bdb5626167f146df98e0d66ad0b5cdf9f467c47d430acfb1cc9c0,2024-11-12T13:55:21.227000 CVE-2021-35474,0,0,d630b5060f1559d9408d5370a1905ba3c16c56cadbdc14d4b0bbc392332371f9,2021-09-20T18:54:54.040000 CVE-2021-35475,0,0,263c975acc88e371a5a2ff65ef4308846de5257ff3719c93490216d8f0c3a54d,2021-07-01T16:02:54.013000 CVE-2021-35477,0,0,71b9e463e20f82dabd3fd53dbc939aa60018a38659174e658a66faf9b8626d08,2023-11-07T03:36:31.740000 @@ -183321,7 +183321,7 @@ CVE-2021-41731,0,0,e6e3ae708cb53c3ee174f23b1c9f4a781449f711c97fa0c8a78a607f5ef8f CVE-2021-41732,0,0,897f66499ebbed068f851fa966a737d858d6beb30b12d36d7461474c03f754d1,2024-08-04T04:15:52.463000 CVE-2021-41733,0,0,a725fec9a1a6247805745405c4a02baf8d225a69ff70ff07765035ffd0080b34,2021-11-09T19:59:21.390000 CVE-2021-41736,0,0,af26875a9ac9429f2e98dd9f2c1bc5ec136a44a22f31c345a4e9732b67f1d317,2022-03-28T20:52:06.847000 -CVE-2021-41737,0,0,a8c0c3b8ff34e44121693922ddb6ce2e354ee67077c1e8c234c638bd26908de4,2024-11-10T23:15:04.450000 +CVE-2021-41737,0,1,4441ff8a2931b31b2fdc48253354b5899414760495ca059735a1c0812c2da3b3,2024-11-12T13:55:21.227000 CVE-2021-41738,0,0,5ecef1922584bd33f22d216a7c0c4a032a1a7e6d0f93421920e97565f6d61230,2023-11-07T03:38:59.843000 CVE-2021-41739,0,0,88e08a7f86585fea82594e389c7305bb5b0e4ea5e959031890111bbec15040ea,2023-11-07T03:38:59.903000 CVE-2021-41744,0,0,27671c50c8426c0fa11c45ec2325d871ef966a0ab3e64e276e305da6188796d4,2021-10-28T19:19:48.443000 @@ -224980,6 +224980,7 @@ CVE-2023-32731,0,0,f5b20cd935470deab085f6c111e8d1950272a743476be1c8555a474bd86c5 CVE-2023-32732,0,0,18024f5bb1af130f4639e890b5bb0ff3bff0accb6ce1fd7b108d3b0ffc49d810,2023-08-02T16:43:16.320000 CVE-2023-32734,0,0,f1661076c61a5a855e53aea466d6c60c5da25ac1a542ddb53ebd1d4fbe55ac5c,2023-08-03T17:03:51.680000 CVE-2023-32735,0,0,46c9e2e385c269980b06016014f93f645437f023a043b2a218140ad0f7528e8b,2024-07-09T18:19:14.047000 +CVE-2023-32736,1,1,d8bb25771ff9569f0fd9f4069f18d6bd82d1ff9327697ff690ccbc35aa58d0c5,2024-11-12T13:55:21.227000 CVE-2023-32737,0,0,639a513d18a19466fc46aac8e036051176772ee3ce845037d06e2e12fedaad6e,2024-07-09T18:19:14.047000 CVE-2023-32738,0,0,1513637e01ba4ec82dc12e26194f5e5ba30ed452358b49aecba033927b2a5a11,2023-11-07T15:07:59.987000 CVE-2023-32739,0,0,b0b50f13029564abdf98290f22d7ba79d7ee2f715337a013c9888df672ebfa1d,2023-11-15T18:53:54.840000 @@ -230826,7 +230827,7 @@ CVE-2023-40453,0,0,130c1ba245794699f114636eda3c5cf90574ba5b46bd6a704fe406b89dec0 CVE-2023-40454,0,0,c10b12346537ef1e5c8787b1e2fe9d4cb45cf0b585647c357d5bb525587ce317,2023-11-07T04:20:15.070000 CVE-2023-40455,0,0,058abdb8c2eae30e165ec5b264dbf295ba8e09c6c3830c69886965016a5de75b,2023-10-12T02:29:35.947000 CVE-2023-40456,0,0,7169803686183a5f1d426b39f88228ec6dce3691ab53bc177c949c7a8fd9efca,2023-11-07T04:20:15.193000 -CVE-2023-40457,0,0,3ed0c0366718f77c6a06776af5f75deea62fe67f01ba95131767df09aa944960,2024-11-11T00:15:13.817000 +CVE-2023-40457,0,1,8edfd8dabc5faeea08709e6458f97126e7a4aaabc2aa16ca1e65d28feaaa5413,2024-11-12T13:55:21.227000 CVE-2023-40458,0,0,79a445a17e1f85e1f6c9345cf6a43d9301aed3a647416fbf1fc2770253362cdc,2023-12-05T01:55:09.410000 CVE-2023-40459,0,0,72958d07cda00b0c6d4ae1b61eff24e072a6de9dcd7e9245179ab8da7c7dd63d,2023-12-08T15:47:51.637000 CVE-2023-4046,0,0,74357e4a22d4d6aa6afa8fb2beea6097492a98a519070e944818d05926f858bb,2024-10-22T16:35:14.267000 @@ -234890,7 +234891,7 @@ CVE-2023-46277,0,0,be6fe4d0b7cb70dd6214423a62fcfe115996bdd636e939e24cf7a25f94904 CVE-2023-46278,0,0,283a5f4d3b1f995039a2ae4f0ff4efe94da460721819375532b8f8104a5b1ff6,2023-11-08T23:22:08.177000 CVE-2023-46279,0,0,cad5cbf92c67be5e79c0f7d5a9fbe732104c543f1cf9a464893a67bc498495cf,2023-12-19T17:40:49.427000 CVE-2023-4628,0,0,9dd80f318e00bb6d35ea5e4f6175e104ad476846cbe758532913d6d17d532560,2024-03-12T12:40:13.500000 -CVE-2023-46280,0,0,a0e3fe6ae91ee7f09021f5fdb3675442fb2d9799f06011e7ab582b571499d5b7,2024-10-08T09:15:08.837000 +CVE-2023-46280,0,1,2342bd16e52e4a1e6b8b6f03113ca2ee2e48f16d0ae45a510b9bfc780dc4d494,2024-11-12T13:15:05.960000 CVE-2023-46281,0,0,9e42d11f6e44c68ffa995cada1abff96d1cb7f7ad10f82a0b722d5cacfd60b73,2024-10-08T09:15:09.133000 CVE-2023-46282,0,0,f4d05dc2bb1859eaf46348465b22815a02beeb115bddd8ce8cb8d563024f8e04,2024-10-08T09:15:09.323000 CVE-2023-46283,0,0,be6dc8aece8c2be89e9f46d04539c09aa93d6ddf8cc93d640545f5b056809e56,2024-10-08T09:15:09.543000 @@ -236905,7 +236906,7 @@ CVE-2023-49060,0,0,0f125d0d07dbe270a6f07b57aa641d1848f31c22fb855ca4bf11b4d5b4ef2 CVE-2023-49061,0,0,dc7136ec78ed5cf0b1889d9e499076dc7861b57a74e858b10a634425002df41f,2023-11-28T19:45:33.650000 CVE-2023-49062,0,0,1d72476c88fb45368b58247aec1688b0093de275b1093249720b62193de89ed0,2023-12-04T19:46:20.953000 CVE-2023-49068,0,0,182c6949abe2a827480e4301e5ed188cb126ad03424cd6905a2140b6a730140b,2023-12-01T13:53:23.050000 -CVE-2023-49069,0,0,d362233b8da3a6077c74a42f30d3dece5a08fdd053ad1fb23fa4128a346b7f8a,2024-10-10T15:15:14.937000 +CVE-2023-49069,0,1,2af3cf1f0bb18e0323d97165a5ea9d30a5b5e8bc0ae00d03dae2483c49c53c91,2024-11-12T13:15:06.193000 CVE-2023-4907,0,0,ee7fec7a11df58ff005b9b63ad49a50bb70f5f4e575258375cd0f49a03cc2ad7,2024-01-31T17:15:17.750000 CVE-2023-49070,0,0,631766166232ba486ccd48cb00f4afe564eec8aa0b473067715b1f04d1a8cd4e,2023-12-29T18:15:39.103000 CVE-2023-49073,0,0,2a69c4407ae45adf60baf11d8aa993141dc3f78b1f8dc71c70987fff6214c4d6,2024-07-11T16:00:30.427000 @@ -242510,7 +242511,7 @@ CVE-2024-10170,0,0,43858dc94e553ea996e2f62171c2a07580bf4384f9d10283ecd355d244289 CVE-2024-10171,0,0,6def7c486839e6a93365a9531b31890798e7138f9c8ee651ff23d937de5aea60,2024-10-21T21:33:26.937000 CVE-2024-10173,0,0,a9b223ad26342bae0ecb573e6f6a805ec316d304fdef819b8c7ff56b9edef74b,2024-10-22T17:05:13.483000 CVE-2024-10176,0,0,142987a8f419783b163ba6354525e6bb8e3054620537017112986773c0d037e4,2024-10-25T12:56:07.750000 -CVE-2024-10179,0,0,0172c95eee32a8f29a3229af5a0d3a2d2ae4f59c926fbf39576fe723ae12b2cf,2024-11-12T07:15:03.377000 +CVE-2024-10179,0,1,b6f906bf2251f6ec1278434f5e59f81c6d3b24bc371546ed64bbf189a1c8b783,2024-11-12T13:55:21.227000 CVE-2024-1018,0,0,6a41753bbb9bddfdeb27e8da1aa301f604399583ccfe73ec2b7c0e024f66f45f,2024-05-17T02:35:10.733000 CVE-2024-10180,0,0,eeda8a52eb376af37ac54d80ec17aa95c78c556dda331af160350bff0915b632,2024-10-25T12:56:07.750000 CVE-2024-10181,0,0,1545b5e92aab580204c085811e002ea8b0b09666646d30a334a87ed0d4fa275c,2024-10-29T14:34:04.427000 @@ -242551,12 +242552,12 @@ CVE-2024-10233,0,0,ae75a6902cbd361dba7f0db59261b7e58fb8ced87e17031187e0bfd405b07 CVE-2024-10234,0,0,29441fe4cd8bfbe6b6cb2ad55d7c2d2c9161b1369f9e713c11aec1dfec3e0850,2024-10-30T18:50:59.883000 CVE-2024-1024,0,0,d47b3d3840cd70db883d335219cea52b6b4fa0e3fdfc3f4d41efc4b833dff6a1,2024-05-17T02:35:11.210000 CVE-2024-10241,0,0,ae512d639185a0ae3de570db96ee11e8b4269e6da724c94a52e42eddaeb0b4fe,2024-10-29T14:34:04.427000 -CVE-2024-10245,0,1,09c56ac2f5ab65e7438f225b13b7a6448074be978cbd6719e92800a57a5b5335,2024-11-12T10:15:04.003000 +CVE-2024-10245,0,1,a0531404f8e42b22ebf8edf706088f8f3bbff70573c99f5feaf6c300487731f6,2024-11-12T13:55:21.227000 CVE-2024-10250,0,0,8accb693817c35c7e4f9fa710076ead819720d8653e5052fbeeec31b3a5b47d2,2024-10-25T16:37:32.777000 CVE-2024-1026,0,0,e127bb5d00442b36eed0e6ff6513a3a42c45706876a3a5f2167365447fb898e7,2024-05-17T02:35:11.320000 -CVE-2024-10261,0,0,f7de3caa14777c134bde9728a3a9cd2add83d6035ac273a737fc1b44550f614b,2024-11-09T12:15:16.800000 +CVE-2024-10261,0,1,c0bacd51f8c13c6f93273b74702fb7ce7659bc324c7b90c6cfb500b131b8dd02,2024-11-12T13:56:24.513000 CVE-2024-10263,0,0,d8274159492686a2b3c754959bfc4509f9c9201a502006a3dee5515647626798,2024-11-08T15:59:41.633000 -CVE-2024-10265,0,0,9520acce55a80cab4d77f6895522f407ae2ddb0b24fec08ca8c5ef23b1603ab3,2024-11-10T13:15:03.657000 +CVE-2024-10265,0,1,ad4b5b30e90a17d26886c85885da0a35f71b763cdca55a0b0e1529b2cdb299ef,2024-11-12T13:55:21.227000 CVE-2024-10266,0,0,c93db2a67de792a64ad3b8f3ae10accf6f21ac600e94cc18aca994ed95268502,2024-10-29T14:34:04.427000 CVE-2024-10269,0,0,52654717b4b93a8e333771abfdcd93e402d393cb11d01db52c12e8f4aa3192bf,2024-11-08T19:01:03.880000 CVE-2024-1027,0,0,7cdd04f65f65ce162dee4b0e860b968e4c1a6b7f21d53e978519c8259363a858,2024-05-17T02:35:11.427000 @@ -242569,8 +242570,8 @@ CVE-2024-10280,0,0,80d3551a7846d386eaa7773e34e82873be79fb4129972791d3d9c2f22c644 CVE-2024-10281,0,0,96f941de80b9e6605dd27180456ff1a7884752f0502e3b6d50c69f446bf67663,2024-11-01T13:52:35.563000 CVE-2024-10282,0,0,00a985d7bfb96134d31159304cf531d6c0061ffb90897fa0ead3d7b798d22c38,2024-11-01T13:47:10.087000 CVE-2024-10283,0,0,52cb15e61a200ef7bcb75d4f7f5106c86faddcdb0e96de607271f9f7dfc5b3d7,2024-11-01T14:08:24.997000 -CVE-2024-10284,0,0,5db2a98288f5a145d15d6fdf5d5db37bc3bfa31d3f7158bdcce1f0a10166431f,2024-11-09T03:15:03.943000 -CVE-2024-10285,0,0,6f9e5d9690f9afd7e535253203497a25ae70c415965cb31c16fcdcb84a6066ad,2024-11-09T03:15:04.410000 +CVE-2024-10284,0,1,ba451d45ec30e7a0f6f214a9ef86485f07257a6ce37a5892a15ba032f80df1c7,2024-11-12T13:56:54.483000 +CVE-2024-10285,0,1,bdd74cc498994590f687666d400df58aea1de84946f64b9324e2fe1795f2f4c2,2024-11-12T13:56:54.483000 CVE-2024-10286,0,0,00d08dc008bd1989e54b5705c1beff1950aa6f43f0a4065f0f61313516d3cdf8,2024-10-24T04:08:14.833000 CVE-2024-10287,0,0,f35de541a09293478313fb52f4e207e82b325b3fc6432429ed8850f6465c2bda,2024-10-24T04:07:33.057000 CVE-2024-10288,0,0,fd731f2fa655e977394860f265053908b8d125d4076d3124439c81d187b95c3b,2024-10-24T04:07:45.110000 @@ -242580,7 +242581,7 @@ CVE-2024-10290,0,0,554c14bf86d2356052ac39788fb0ad56602d77a74cd88f42cb8fe953fecea CVE-2024-10291,0,0,8507b4447fcd8fcc7aa118a709f5691fbd662f3c7fbb1d55694140494fcc8310,2024-10-30T13:23:47.827000 CVE-2024-10292,0,0,426a6dd878f8fed452ebd6448d3edb5b732c219a4b0073be487941c8e5287eea,2024-10-30T13:40:07.353000 CVE-2024-10293,0,0,8e56039c8372aa88e5dabe6a523be86aef575434b11facd48a467e1a8dc36c3c,2024-10-30T13:37:27.067000 -CVE-2024-10294,0,0,608daaf207f44981a881907551bb906bd528027032888a96b5161acc686789ce,2024-11-09T03:15:04.647000 +CVE-2024-10294,0,1,1b99472d33f6f1fc7f70454bad88416e61c161d950e3cf9ec9b9496f776484d4,2024-11-12T13:56:54.483000 CVE-2024-10295,0,0,6652cb1ba0fbcf79be2ce93900852a2eaa83c004fb3d256848ed837ee1d41cf1,2024-11-04T23:15:03.773000 CVE-2024-10296,0,0,a167e288d770dbaf1b2cdb5a1f53629a1025f7402c7add21139cd0e6f9a1db2d,2024-10-30T15:13:18.077000 CVE-2024-10297,0,0,7059e1e2bb8cf8e51a328b566020cbc23abd446f188f444527bfee9442b2adad,2024-10-25T12:56:36.827000 @@ -242593,12 +242594,12 @@ CVE-2024-1031,0,0,6576162a78ac686f55e5931a6b8f02ff6c7312ac04792581e6d78da8a91700 CVE-2024-10310,0,0,3b0decb54117e1f6369f0c8a49822eb1c6d4be5cb40b8b5a9079fd842cd0c653,2024-11-04T13:06:20.190000 CVE-2024-10312,0,0,d10f0012149342545ee317e492eeaf284c6b634b254526457f270c7ce4937a16,2024-10-29T14:34:04.427000 CVE-2024-10313,0,0,0a692e743da8a6f5929e9a5e61a16c962249b9fbffffedea4a154098bf7390c0,2024-10-25T12:56:07.750000 -CVE-2024-10314,0,0,20b0cb09bc8cc2bf5f9ce62e7caccc420ade2ce546f6fd908a532c2d4632d7d4,2024-11-11T14:15:14.190000 -CVE-2024-10315,0,0,025c4b8541b1053d1918641d8b702b85f2b2c6a7adfb21d7ffa6a8e2e0dfc8bb,2024-11-11T20:15:17.223000 +CVE-2024-10314,0,1,4ff424a08f54d46f95f43c7d51534e0e6342cc7a5b817ec1e4e580680bb1c702,2024-11-12T13:55:21.227000 +CVE-2024-10315,0,1,4e957b80a07aed5049f4c1554ad24b5db32362cfa58b51a8613fc66932ec4b62,2024-11-12T13:55:21.227000 CVE-2024-10318,0,0,c9c0b32165e110789e705dc55263c8f26a928f9dce25281896f08d394c1b97f7,2024-11-08T19:51:49.380000 CVE-2024-10319,0,0,521a2584bb331a8cf29df932b8069e068af4d281b03c20cc06073eb127cb6582,2024-11-08T15:25:16.317000 CVE-2024-1032,0,0,06925fc416f8ceea7fb895efc2e3f765d4f064c5150968a9409448741aa1fb78,2024-05-17T02:35:11.947000 -CVE-2024-10323,0,0,1dff254603f7984a49693bc430868d53d2b615acc697fecabea3e15abfd09949,2024-11-12T07:15:03.770000 +CVE-2024-10323,0,1,05fb05b5af6eb70332696a9f115bfe34c070859ec6fbc1a30ebcb9ed7138d926,2024-11-12T13:55:21.227000 CVE-2024-10325,0,0,c6f88079ac22a9091bf71035663ec83de5617fab99af997896d6ec6bdca8a204,2024-11-08T19:01:03.880000 CVE-2024-10327,0,0,5a1546502e73211d148718e818d15cec9bc5841df26bde254740ef77c9d65b28,2024-10-25T12:56:07.750000 CVE-2024-10329,0,0,aa7a42ea4cf0e5f5abf4a60b69d94b5c2177a6fa12ec61ac3de40c80882e4efd,2024-11-08T15:59:16.407000 @@ -242614,14 +242615,14 @@ CVE-2024-10340,0,0,86c71b5cd9d3256a3a96f0206fa643848ca73015f559230bc3985df65e9e3 CVE-2024-10341,0,0,cee111fac6415e06ee00d7cd99c9382c566a15f39228a22e729de830098b01dd,2024-11-05T17:51:44.597000 CVE-2024-10342,0,0,a674c6499a8c6205c44b5186f38cedfb618a6a3a28286164189d9d013947c529,2024-11-05T17:52:00.610000 CVE-2024-10343,0,0,4101b5a530cab96c4e2ed3f7591bd8e9e62c4ce861db441511cf50880ecd2465,2024-10-25T12:56:07.750000 -CVE-2024-10344,0,0,6b367377738905d2b651cdfc4a15df75962fa7d5b2cd7e74e65faee55643165f,2024-11-11T14:15:14.453000 -CVE-2024-10345,0,0,2ad6c65a7bd3adee3eaccfec951044ecea4e01fbaafc475d9365658bbd35944b,2024-11-11T14:15:14.563000 +CVE-2024-10344,0,1,8d72050142bd52cfda406dc866a711842cc70b12971d6dbf2411282f0f803700,2024-11-12T13:55:21.227000 +CVE-2024-10345,0,1,1c4c3dff9b7af9ef5d58c5e1c42f508a1d10aa845e8fbae73ed2ffa788a852d0,2024-11-12T13:55:21.227000 CVE-2024-10348,0,0,96d66129081e4ce98aabfda8de19f87e27a10e041aba21213984895d9fd39e79,2024-10-30T13:03:48.520000 CVE-2024-10349,0,0,8d5c3da9bdcdc8f86a503a14ddc6c01f002b6d511310d252a1bc3bc26cccbea1,2024-10-30T13:14:01.303000 CVE-2024-1035,0,0,792864ab2b0f8151b262ffe209c5f075ae9ac530a32ee5bddc4609b3d7d6306a,2024-05-17T02:35:12.253000 CVE-2024-10350,0,0,1eff377645f31addadbf2a414de92964c33d8decf15f763410afce73538f2275,2024-10-30T14:29:55.480000 CVE-2024-10351,0,0,d96465bc197904e1c8467ab1c779dca90857f09f2fd46dfb7e44741dfd94bb7e,2024-11-01T16:15:23.800000 -CVE-2024-10352,0,0,3dfc943728889bd98229f238edbc29e877f11936482cfea9b544110ce1042004,2024-11-09T12:15:17.243000 +CVE-2024-10352,0,1,5ede8dcfd141c5222be083226ccdc2e9b9d9055843e6b4b1063e607877370fcd,2024-11-12T13:56:24.513000 CVE-2024-10353,0,0,e06260810ab2f8d83e8148f12eacebfdfa4f171568dc8f755f0a84d5679240e8,2024-10-30T16:21:35.113000 CVE-2024-10354,0,0,b93bbc475560ddb322fc6987c8bb9a496754455b51c6de71617d975e234845da,2024-10-30T16:32:48.453000 CVE-2024-10355,0,0,2602c2076153349e7adf5f2683fe39bdc0cb3abdcbf15a26de13daaf9ad9d066,2024-10-30T17:13:02.417000 @@ -242713,7 +242714,7 @@ CVE-2024-10467,0,0,0959022357cf258f2ec15616b199ed6d5c4a5ce20fc70e0ac2b4b4ceaa1b9 CVE-2024-10468,0,0,83bc1c79b32264405aab0075e1e410144135f8ec245c6acd9a90fb3cdcacdf08,2024-11-04T13:29:23.937000 CVE-2024-10469,0,0,c023e9dfb8e38961747979c6b3a11e6b64f49a167ced1df26b660ad57b7e9425,2024-11-05T16:51:35.450000 CVE-2024-1047,0,0,9e4259d94ff11bf1ad41662d7bc4dfa8d24742c305a04d1b6bfc3e99b49e569b,2024-02-08T14:20:23.387000 -CVE-2024-10470,0,0,8ae5d6739a65ff8c1a926ceb87450c8bfb45fbda6cb4ef647a9f2058033948ba,2024-11-09T06:15:15.967000 +CVE-2024-10470,0,1,a1e42a94b1ab92bb172948d5f556160411eda471cfe55f94496fa89ac969feb5,2024-11-12T13:56:24.513000 CVE-2024-10474,0,0,e927def1f3fd2126e99e660d96adf5a931edb32585de89bb5c57d9d2e8d1c817,2024-11-04T13:34:48.513000 CVE-2024-10477,0,0,ec5d3377a9eba885093e83f0ffc2c5214a9fc83d05d2bcf419cfa0429899b307,2024-10-29T14:34:04.427000 CVE-2024-10478,0,0,a63bf38a8bfa46322ffe79a3260a2e62e4168a517fb088dc75202387c0a46091,2024-10-29T14:34:04.427000 @@ -242731,7 +242732,7 @@ CVE-2024-10503,0,0,5901dbd83c85c212a435232844f46b142c9818a62915d94d4bf7f6af2043e CVE-2024-10505,0,0,c2e4dc18acc74e5271db8cb3e15214f9dd0d0109f9bfb244eed546322fc7a27b,2024-11-06T16:38:28.750000 CVE-2024-10506,0,0,0939772e626263a52337b63c636fa0ed508985935d55c41e4bf2e3b45cb2569c,2024-11-05T16:22:39.830000 CVE-2024-10507,0,0,f18494a65f96198598cd9275318405539a3d8636ddbe0a37967ba2288eae01ea,2024-11-05T16:23:56.073000 -CVE-2024-10508,0,0,484caf34bb5db92b0473f6eae77821d9643bed06757810ba393b98c1c9bce1b1,2024-11-09T08:15:02.920000 +CVE-2024-10508,0,1,af9f95e5d7d630b3cf33e7ae9f2d3118be1f7da09e31e6491ee65e4e58c1137c,2024-11-12T13:56:24.513000 CVE-2024-10509,0,0,a9d05e50f1563ceed5339878fa8c2329eea9e28284f4c0c86984d14b77803f94,2024-11-01T20:52:15.573000 CVE-2024-1051,0,0,301df872c002365b13eaea34d02a8084366516306d472e0b862c9b6067f5d33d,2024-04-01T01:12:59.077000 CVE-2024-1052,0,0,2826dc83bebd9032f48348a63ffd25025c2a6126abd483892ed79004a77aef0f,2024-02-15T18:49:40.180000 @@ -242740,13 +242741,13 @@ CVE-2024-10525,0,0,cfad79154f466fe96736eabfa65cac8f6409e21deb7f07d79c02c68ee3f19 CVE-2024-10526,0,0,0fa46d8ccf5c219359a0535980da66887fa2b5cd7efbd75d68b15fd2b882e15b,2024-11-08T19:01:03.880000 CVE-2024-1053,0,0,3d9e5b8218feb39348551f4e96f20fbacd04f2b39830165bb00a553a3d3c5ccf,2024-02-22T19:07:27.197000 CVE-2024-10535,0,0,14a566633b856f0bcfd07185d246772590c919ba8cb5a244786d38adaffa8830,2024-11-08T21:19:27.540000 -CVE-2024-10538,0,0,c87bbf0aeb915e3484230191c240f7b0bab8ee370e4e5fcfde4219fecca5a30b,2024-11-12T04:15:03.933000 +CVE-2024-10538,0,1,4ab251483fb21027e3e4f8d5203aec3b7b19274377f176e91d194b41d48f7f4e,2024-11-12T13:55:21.227000 CVE-2024-1054,0,0,f8e7e53b5707aaecdfe1ea6fba53413ba04bed5cdf673762252b510775f984b1,2024-02-29T13:49:29.390000 CVE-2024-10540,0,0,d72994b8ce256d6087bbd8c05a3cb9446a5f50c733a3ad70b615c2d8dd4c3c0c,2024-11-04T13:18:27.017000 CVE-2024-10543,0,0,78e6de226aa4ccb5cb5b260268ce156b234621147350989dafddd9817bf9323e,2024-11-08T21:19:02.700000 CVE-2024-10544,0,0,d84fa7aeaabdc2cfe5861efef74c5b30022ed51487865228c56366868169c4d7,2024-11-01T12:57:03.417000 CVE-2024-10546,0,0,fe7c4bb80388357d2012de9abcf9bdb2510a4d8644b958f5e63299c9a417e4c8,2024-11-01T12:57:03.417000 -CVE-2024-10547,0,0,a08f42d436f40ffbdacaae258bb13c19e13e64d00bae0920feaade10184671b6,2024-11-09T08:15:03.563000 +CVE-2024-10547,0,1,dd2ca02968fac3313f4dd9066814c9e75a14176f7b83142b042cd18e8be62972,2024-11-12T13:56:24.513000 CVE-2024-1055,0,0,ccc78f7d4bd63bcc448b5e62f7789de0e1a26ab036272b89eca521cba41a35e3,2024-02-14T18:59:33.780000 CVE-2024-10556,0,0,9e890aa0736585c2680fcc04ab1fac9d39c575c83d0f2617bdc1a9e76edbcf53,2024-11-01T20:51:35.617000 CVE-2024-10557,0,0,916270a9974bff554871e6150633c47888d2f31193bcd036f4a8e8f28cf81721,2024-11-01T20:48:56.980000 @@ -242756,9 +242757,9 @@ CVE-2024-10561,0,0,29b70870967a739c229fbeecbb009b70108489636df3647702a2fd1c0595a CVE-2024-1057,0,0,afa16fae44234143422d3d8f32f1ab0c34f389c2f0ebb0a7139bb0ca7e4b1769,2024-04-22T13:28:43.747000 CVE-2024-10573,0,0,9063cc223ea5dcb15427b5dfc605e5a082c0cb2c41a32875a4278d827b140fe0,2024-11-01T12:57:03.417000 CVE-2024-1058,0,0,6b5e9e2c8572168cf164dc3fe2cb55f99ab49ff2791e71ab226d135ab3271443,2024-02-29T13:49:29.390000 -CVE-2024-10586,0,0,4d6520bd1c85d54279217ed01b0f9632afaae4b997de3b4135c6f012b1448377,2024-11-09T03:15:04.940000 -CVE-2024-10588,0,0,34f43523478fa177a22f3a91e9410e634e0ee30af99b181178f91eb4e90c0a0d,2024-11-09T03:15:05.210000 -CVE-2024-10589,0,0,439df34c8c00a8dd47d21707d56d1cd2053ad38b3ba48b5ebc30ce5b8b7c231d,2024-11-09T08:15:03.910000 +CVE-2024-10586,0,1,f1f769b86eb6d000daef591c5f367193d87a3d50622221457cbf9ad14bf94bab,2024-11-12T13:56:54.483000 +CVE-2024-10588,0,1,c2bcaed6fe7b435f43e9c22f77453914df70e3466f4c66fa7dbe7829c2fb6e04,2024-11-12T13:56:24.513000 +CVE-2024-10589,0,1,a6d8f39b47e9cb3150ad138c8d50791b37f1119d54a24371f819b9a1d868ac19,2024-11-12T13:56:24.513000 CVE-2024-1059,0,0,76d1b9b40438f497b680a6494941e57752e942263b38e7996980a78bf67b658a,2024-02-05T20:50:26.783000 CVE-2024-10594,0,0,015abb205f2a621c92b02e8c535085d082f03901ef52c99004ce024df21aac90,2024-11-05T17:05:10.533000 CVE-2024-10595,0,0,d179e6b790ca43e523540de6b39a763d6d0e5ba29d81ee639fa2f43517880b37,2024-11-01T20:57:26.027000 @@ -242787,12 +242788,12 @@ CVE-2024-10619,0,0,a69d9e7a25ac11fb3b1ab17e7ce2294adef4cd488803cb21c60293a84d322 CVE-2024-1062,0,0,53c2a4b70765879dede7c2b012e736d65206f674e39d16fefc7ae9d1f40809b4,2024-10-10T14:22:28.617000 CVE-2024-10620,0,0,4dd83ed220196cf5b3c219f5184483daa552d936ba95729fb226d3ff120308e1,2024-11-01T12:57:03.417000 CVE-2024-10621,0,0,be1e03a4177ce290a2933b649deef1a5a206c547833b9b659dec2fc68dba2fee,2024-11-08T19:01:03.880000 -CVE-2024-10625,0,0,ac9f0284f5366764c9df01038411c49f3c63b154d35cb37a59a194bc59a8311d,2024-11-09T04:15:03.393000 -CVE-2024-10626,0,0,6d58889cc1776c251fcff5acafd40468c012021cde62e83a4f58b9ed3fa5d589,2024-11-09T04:15:03.747000 -CVE-2024-10627,0,0,8bf46ad29d7d718412718d8d0d30d4476eceff6262628bc15a906e2c63bf33fb,2024-11-09T04:15:04.053000 +CVE-2024-10625,0,1,a861353b7c6a629a6c9ef44266f89dd01b131fe5b27428b83cc2cb051db74b0e,2024-11-12T13:56:24.513000 +CVE-2024-10626,0,1,0fd3170b789cad36b0ee942eee22dc1080f7cc47b829e7b9eea0fcdf0e0c0c4a,2024-11-12T13:56:24.513000 +CVE-2024-10627,0,1,dd31dbe632ffa95c00548e45679996b70b15cd01d1f2c43a8b8a598b1f25f37f,2024-11-12T13:56:24.513000 CVE-2024-1063,0,0,74a897918202555ab7dea6b1737e329d32a036051a3381cf0244644b537611c7,2024-02-05T18:25:57.167000 CVE-2024-1064,0,0,f25346ba7587521e1585b34f9b82a63a0a8099891451ea7215e7704632eec54a,2024-02-12T18:42:14.777000 -CVE-2024-10640,0,0,a9e3d9a3ce710c425ce59b20e7e4410457c782cd914e20dac6b7d92fec114068,2024-11-09T12:15:17.460000 +CVE-2024-10640,0,1,ac7ef83b735eb08b750b4180f25c0a9a90933cf1f06dab6672ff07257389aab2,2024-11-12T13:56:24.513000 CVE-2024-10647,0,0,d9ba6608fa541fc383d43441f89db693ddba6534bf6884ce75536f94bd98d4ae,2024-11-08T21:20:50.847000 CVE-2024-1065,0,0,6b929e111558868b0121ca43ebc298de03b6cbdcab98142e875670ec0e17e759,2024-07-03T01:44:57.727000 CVE-2024-10651,0,0,27e099c503dc290e7aac94cd4c1c6b71240bd597597b5702eaef779ee4808c6c,2024-11-01T12:57:03.417000 @@ -242808,23 +242809,23 @@ CVE-2024-1066,0,0,7cd919bef6acbf4a1ab59632c47efb8ac6efc2d2c9f422a5fc3bf23611a0e2 CVE-2024-10660,0,0,f525208ea29c8266cde1476239eda59ff1f0ab9a3e7bdbee9dd171ceb2cef109,2024-11-05T17:04:45.093000 CVE-2024-10661,0,0,3a8f12267875f9e533b9d9d2b244a0cfff287128b133c964cf1107af67490bfa,2024-11-05T14:30:37.787000 CVE-2024-10662,0,0,7f193b35faecba25eb69b45c896888a79d54755e1824e8384db4944270b09c04,2024-11-05T14:30:16.847000 -CVE-2024-10667,0,0,6dfd53bb3768f7c8a89d936d6ceea2c11f1b34164ab629b2c232ae9e460c0bce,2024-11-09T05:15:07.640000 +CVE-2024-10667,0,1,8c3b4c9a2974763bbe2a826956e8c92748c65fd783dec0a85476416fcfdde1dc,2024-11-12T13:56:24.513000 CVE-2024-10668,0,0,ad6a1e988aa7f35451b56c605706e2e8d28df7ceaf4537d00be5d4d05186782b,2024-11-08T19:01:03.880000 -CVE-2024-10669,0,0,5f6353fae74a5b0f8f17e84dd883ed1579cd0691ca5865b1a673d619d1d115a6,2024-11-09T05:15:08.017000 +CVE-2024-10669,0,1,23093ef05e499c533c3a2d4bc80a20165a28e5f349ac3746239f8d0e4e64a94d,2024-11-12T13:56:24.513000 CVE-2024-1067,0,0,54f094f38a51fcd0954e79c36caca8c799a450eda4559137980b77dd6d9caf6c,2024-05-03T14:17:53.690000 -CVE-2024-10672,0,0,5dc7f93c45d6d4e279506fb5bfcc5fd8ef36f201bbff2e35f7b9065c511502d5,2024-11-12T04:15:04.170000 -CVE-2024-10673,0,0,3cdb715bbe07db86d48950cd56fe4b19058ca51df9bb51d401be4381811d59f6,2024-11-09T04:15:04.363000 -CVE-2024-10674,0,0,c1bf7848f51b55e6d4edbd69eb021ca6cdfdd0b9790f1dc514bb6bcef921fe8e,2024-11-09T04:15:04.677000 -CVE-2024-10676,0,0,27be6003aea9132d1ddf329883e91f836176d3bc1ed0dbb6ed452cf8f1edce38,2024-11-09T10:15:04.117000 +CVE-2024-10672,0,1,c864c3de395e8739605a5afd0146c9dc4a84323daf2b7dbc99539babdaa61a13,2024-11-12T13:55:21.227000 +CVE-2024-10673,0,1,721fbd2c7f4fd52d46e9315cad58bcfcec74c6705f993232b5ed88d0e5ca2848,2024-11-12T13:56:24.513000 +CVE-2024-10674,0,1,d16f584849190e67ddd9b044fe809cc53716f0604b4d903c0b675313c791d9a1,2024-11-12T13:56:24.513000 +CVE-2024-10676,0,1,c4d26028c65dae8ee24a6ae71fbafbbbdf2f434e1b4ee4c7591876108357a5b0,2024-11-12T13:56:24.513000 CVE-2024-1068,0,0,affccf40ed47a318eb2ecd8e307c56fa640a43f94e3b3e8b50a778ab4a9c998f,2024-08-26T19:35:04.287000 -CVE-2024-10683,0,0,b307d74cf474a4a488d2c7a75458fc772aa40e17b4628c00b9fc64ea4f8803fb,2024-11-09T07:15:03.523000 -CVE-2024-10685,0,0,6f5369186aa0362f5535f30037b7ede262921fa1c1f7c43124f7c21cddf13d89,2024-11-12T04:15:04.410000 +CVE-2024-10683,0,1,81b5edc9806b9d41a626cf134b47e67b5d64e10aaf06aa6e2f1151e4509d5dd6,2024-11-12T13:56:24.513000 +CVE-2024-10685,0,1,735dc2f0f480642d8ccf07f78f6e1a8d59da145d42e7702cb885b90e2b756411,2024-11-12T13:55:21.227000 CVE-2024-10687,0,0,2d74811f2fc6d3aaef423135ea18016bd4a20ce3a927ba94efb8aa3eac4c5b2f,2024-11-08T15:26:52.523000 -CVE-2024-10688,0,0,b87010fae9ede3dbc09789e0772582c4276000ac6cb27b14936b5c62cabc817d,2024-11-09T07:15:05.720000 +CVE-2024-10688,0,1,2bcb0cc2d0a39373aaf27b3a9b6b49c4606abf5541b93372733fc379535c54ca,2024-11-12T13:56:24.513000 CVE-2024-1069,0,0,9f4b19e535b82e8b50b814b402985dc45959fb8eebaa25a120ba3f787349c9c3,2024-02-06T20:11:52.587000 -CVE-2024-10693,0,0,0d972d4fb67fabef178798fca42d506d87be385cb4dc04f7a4ba35154ff77347,2024-11-09T04:15:04.943000 +CVE-2024-10693,0,1,2a11d3d5f51d0b8c3f7c9ca79b8ec09785ef4fc759c11326213a65170220169f,2024-11-12T13:56:24.513000 CVE-2024-10694,0,0,05c164a4732350edd5fee46247e775b1e69a11363b78cebc8b6784de8da1fb44,2024-11-11T21:15:06.030000 -CVE-2024-10695,0,0,6cd13c9bddf0d94f5498831e9580949ccbe1a5d5d26bf84cd09e7701e67fd54e,2024-11-12T04:15:04.610000 +CVE-2024-10695,0,1,b5551f18720c3992d4cbffe3b44039a24aa131396124cb89424c3c4f8c05f581,2024-11-12T13:55:21.227000 CVE-2024-10697,0,0,5ee797b1e2524fad720ed5d33aa07ee55b1575ecedb30200e209173b28d177f2,2024-11-04T14:18:20.337000 CVE-2024-10698,0,0,a92f2679f791986edabfcd01d7de3581b39e330ef0fdfebb28883ec3d8b768c2,2024-11-04T14:20:58.853000 CVE-2024-10699,0,0,34f3ee81b53049f9113d5634ca7220c0a13ff33a1cbb6ebcca291fb5d022be13,2024-11-05T20:15:56.417000 @@ -242877,14 +242878,14 @@ CVE-2024-10765,0,0,ff207dbaed362f27d141d8f991437f9efb859b44cbbeb5f387917f93fd11e CVE-2024-10766,0,0,e35f492b9f66f3ec904d31d42b260648e53321433ee2cae35a4e477e4ef293a0,2024-11-06T14:59:34.303000 CVE-2024-10768,0,0,594fbdf596dfab7cfec85356d137af72f3f7c97c4f287c31f07abfe79e0c4dc2,2024-11-06T15:04:45.200000 CVE-2024-1077,0,0,9052c519c4a7de5cf3516fc923116c25b788d5b36a137a2e416fb3d37403344d,2024-07-03T01:44:58.330000 -CVE-2024-10770,0,0,bc82c98aab6c34f76628bdf0b4c2cef6f28c9d4248b7fc93a792bdba4c403f55,2024-11-09T05:15:08.277000 -CVE-2024-10779,0,0,687d7cc46b0265a1cdce1d7fdc3a44b96ae032ff9cc449649e9e149f07ccd1af,2024-11-09T03:15:05.507000 +CVE-2024-10770,0,1,0f5897dd9aba481faece95da66f5bd3d6a2ccff92cbfd04ce22fd4f1ffbf1962,2024-11-12T13:56:24.513000 +CVE-2024-10779,0,1,03484221afac3766470b5ced8d3332eee24d28c027104d12405179c89d30afec,2024-11-12T13:56:24.513000 CVE-2024-1078,0,0,88568fa2f20f5ea8de25fda48576808429bbc616448df571a879f056db565620,2024-02-14T18:39:51.437000 CVE-2024-1079,0,0,0a964f4e43e1a2d85a40a4753c5354fe293facf65d0ebcc06031e68ccad95a0f,2024-02-14T19:33:09.977000 -CVE-2024-10790,0,0,2ccb7b29ffff82beb050849d08c6ac64665da76929626a26cb323ebbf8fcd002,2024-11-12T06:15:03.123000 +CVE-2024-10790,0,1,c5195852541315ac22dd1b614848e72547c3a099e7858697bb9ee4c86225d43f,2024-11-12T13:55:21.227000 CVE-2024-10791,0,0,a1ab37f8c195110cb663fc7e474028527dca661a169201c0160b30306fac4c75,2024-11-06T15:05:38.240000 CVE-2024-1080,0,0,9acdbacec5fb31283e62a6d3f1b1bde4de3af0ce021840a5a12a8cd06719b667,2024-03-13T18:16:18.563000 -CVE-2024-10801,0,0,a20d1059fc5356755e718215342e192e3eef102a47449c081dc61dab25d0b258,2024-11-09T08:15:04.260000 +CVE-2024-10801,0,1,3a88e665dce12d6cd350c00c6be6179e940c16e7a45bcfb9cfdce8ce89fd3527,2024-11-12T13:56:24.513000 CVE-2024-10805,0,0,30683214c49996b99622c593b0d2824b7195979c84652d13638c9eb82a2ea54d,2024-11-07T17:09:07.057000 CVE-2024-10806,0,0,e15ec6423ae1ad698fb4ad5b42c94e3a5d06fef4f5e8a29e70adae83dbef0510,2024-11-06T15:06:48.493000 CVE-2024-10807,0,0,783f0ac6c475ea7fcbd6f31f293edee7b9729e4af159ee9eb5bd3f13eec67953,2024-11-06T15:07:09.930000 @@ -242892,13 +242893,13 @@ CVE-2024-10808,0,0,dac986d7fa4c7c52dcde054490fe5f45d88b724de3dc68cd9eaa633ce97a4 CVE-2024-10809,0,0,ea652f7f5676144619aa1801e4ca90f6a805fad57a8917b37e98b94898936ddb,2024-11-06T15:14:48.213000 CVE-2024-1081,0,0,b9ecb327bf229081db54279065262fbdf204fadb84142fe6a647ad5480db67c8,2024-02-22T19:07:27.197000 CVE-2024-10810,0,0,24dc4cb4af16bbf52a3428afcf948782067630e0ddcd0604e4c08419e6e83436,2024-11-06T15:16:12.497000 -CVE-2024-10814,0,0,44af1a778ed4507983588c6ec64d19fcb1dbff2b0871b8ede73f85e842303d30,2024-11-09T05:15:08.533000 +CVE-2024-10814,0,1,895125174ba4aa7c23fdeb954976ebdf264a7eadd4d29cafe1df1a629d7d5976,2024-11-12T13:56:24.513000 CVE-2024-1082,0,0,1a3a3ef85a9a06621291f657b27812f6a6be683bc843b0137ba9e53485eee330,2024-10-17T15:46:44.327000 CVE-2024-10824,0,0,6eb650dcc5948040831c411456d27fae52cd783d32ad30faaf04938565b810b8,2024-11-08T19:01:03.880000 CVE-2024-10826,0,0,6aa37fdb16b5853a7b5472e25a8ac0220ff66e617581e203df39439d12ed70ca,2024-11-06T18:17:17.287000 CVE-2024-10827,0,0,6577ad366fcac00efbf959f7905ba60a1d9c696b896b68d8b10d38d71dfd5e3b,2024-11-06T18:17:17.287000 CVE-2024-1083,0,0,f65354685ac9d5e6ec0c7d89ef33fa98a96cad0e23da0316206039cbd9c94fda,2024-03-13T18:16:18.563000 -CVE-2024-10837,0,0,3839d7b67701f0472781da38593edcf1ecea3aba141955aa03c60ab7658fd081,2024-11-09T13:15:04.737000 +CVE-2024-10837,0,1,c80ee8e64cd911e3ab2efc7873524bd8e71ebc0fc7365371148c92b52a8b267a,2024-11-12T13:56:24.513000 CVE-2024-10839,0,0,959999d7d9e7ad6c83b2a659b5f94ea06306dfe2c58a8ebc0b6485e885f4cafa,2024-11-08T19:01:03.880000 CVE-2024-1084,0,0,b38be98d35d4290a3ce2408da5081c91dd802a2448815858b2cd8d2247674e10,2024-10-17T15:46:42.330000 CVE-2024-10840,0,0,3088ecb88b6f610106137e52cd92a9df0637e9f9f20cd58417274c10e35a041a,2024-11-06T22:49:12.173000 @@ -242909,8 +242910,8 @@ CVE-2024-10845,0,0,e23b6836533b6527e69274c9897179b623fe8ac43fca2950e064d79cbfdb6 CVE-2024-1085,0,0,1d186f1dd445cf86c8be70ef01a658a198ecb65ca5305ee36e96f272e65874b8,2024-02-05T20:41:40.513000 CVE-2024-1086,0,0,3e819e2fff80149e3f377751fd1fb28a52f8791d9e5d08990c549613b15214b2,2024-08-14T19:41:08.673000 CVE-2024-1087,0,0,9751a2fe52b8f14e0fc1c9d86ee656c42465ba61ef03201895b6c1868f5679fd,2024-01-31T13:15:11.030000 -CVE-2024-10871,0,0,8f2dde9e605d740712b06536bcb0901ae8f8e0dadfbe2960662d745579378b2b,2024-11-09T08:15:04.530000 -CVE-2024-10876,0,0,f99337195688cbeaa284e8d46b4012dc1b5d90a9849c26ed9a6cdb36567875db,2024-11-09T07:15:06.307000 +CVE-2024-10871,0,1,68bab79b21893b436f4ab4e6d9a6ec3633c42e31b376d40213e506317551e1bb,2024-11-12T13:56:24.513000 +CVE-2024-10876,0,1,bbf9ae62b029e2f20c90d639924bd19ca16772574bbaf6f19776b0310de3890f,2024-11-12T13:56:24.513000 CVE-2024-1088,0,0,7487e11aa2518f6cc93d89dd95a39f5c8d6e4a1b2567cf073eed09f7df78257a,2024-03-05T13:41:01.900000 CVE-2024-1089,0,0,9442709e929187c1b992d082c3eaeec9226480f80fc28198e3a73f4a684640d5,2024-02-29T13:49:29.390000 CVE-2024-1090,0,0,2d0b80c82d6d153c4e0b5412c3fcf892da86ac73a72da4cbf84bfbb064bdcb0c,2024-02-29T13:49:29.390000 @@ -242918,7 +242919,7 @@ CVE-2024-1091,0,0,54ee7e9ca708166212a73aaa10e4715176fe17b55fbce1ee0ea8f95d289d46 CVE-2024-10914,0,0,a19349a4797c04ddb77f70975a0145b559e2c17ff8d6db53557df6669e0449a1,2024-11-08T19:53:04.793000 CVE-2024-10915,0,0,b06bfc4427bf3f30a98b7ce390941759d780f67755e284354baa2af5087ffe27,2024-11-08T20:11:10.973000 CVE-2024-10916,0,0,bc544f9bd284df1d2cb2c93c5b72a85d457acf8720f73da6b50b8a164264f036,2024-11-08T20:11:37.567000 -CVE-2024-10917,0,0,4a1db47185a13ea9d7c52bcf0259524b0a578a3607c81992abae78302a93edf2,2024-11-11T17:15:04.203000 +CVE-2024-10917,0,1,1eea699579f5dcb0f1ea716ba091b6b657cbea6b54620c9aa27bd72862f79a0d,2024-11-12T13:55:21.227000 CVE-2024-10919,0,0,e8fbb923eb829e965254205b876d7ef672d5aac59877ea419609aa8d8f6bb3e9,2024-11-08T21:07:58.383000 CVE-2024-1092,0,0,4e514cbeb8cbdb0016fe4cb374f3dffe448e95b35a82b13ed7cb7be1b7fe61c2,2024-02-13T19:43:06.247000 CVE-2024-10920,0,0,2cf9a2b6fa319444c301d4d5e50d2260546d202b9ce9ceed0622f3257443827f,2024-11-06T18:17:17.287000 @@ -242932,8 +242933,8 @@ CVE-2024-10941,0,0,13c9aa5648736117eddcc05b7c7bbd41bd256da81c39332a1bd9e9e846bf4 CVE-2024-10946,0,0,53c127b5d01f3eb86df399cdeeb942bf199714aabfb134ba6a8dac66d645a2f4,2024-11-08T19:01:25.633000 CVE-2024-10947,0,0,0411e4a4d7c1a87e65d7d83c82156a4ec968e1f848bfec751aba34746b5cca7a,2024-11-08T19:01:03.880000 CVE-2024-1095,0,0,e70da3b629cae08421ac3ff6db71fb525bf872b735f906aa9168a1a3feae7dcb,2024-03-05T13:41:01.900000 -CVE-2024-10953,0,0,4cd1b9258875261834531cf76075bd46479dc7cc73ff4dff4728d4228da44f6d,2024-11-09T02:15:17.443000 -CVE-2024-10958,0,0,fcf505fa6da08ee90d219e8333a57d378a0c9b002861981bb4bac6c196dbfed9,2024-11-10T13:15:03.940000 +CVE-2024-10953,0,1,496fd56d3a163ffff52ed6786827de0c1da0afb8656a03af3cf0cf6c1de87d4a,2024-11-12T13:56:54.483000 +CVE-2024-10958,0,1,1806620eb2a491b4745fe6586d7e000d81410e80d95e8349012db8321e637b6e,2024-11-12T13:55:21.227000 CVE-2024-1096,0,0,9e6ec92aa91c226f1dce82b660bd82ecda12366a7db0465d5ab79a9947cb0a51,2024-03-21T02:51:34.720000 CVE-2024-10963,0,0,eee86a3aedc7174854dc69b5daad7ddd56acd624730edee3419c240e1ae079c9,2024-11-11T18:15:14.487000 CVE-2024-10964,0,0,59c42738567fc9804ec2d61407344d8d58a5472c34e273ef586a2c76a2aefe85,2024-11-08T19:01:03.880000 @@ -242959,57 +242960,61 @@ CVE-2024-10998,0,0,41f387fbf1645aa90b35c52ac0db0cc1b6181351deba62e7b43db2377129b CVE-2024-10999,0,0,25c169fccdcc9e88a3876005f32d4643213fc0492b1ed51816b7a93f6109fc6e,2024-11-08T19:01:03.880000 CVE-2024-1100,0,0,f004473b9cf0d9d95a81c6b2db685e986de4389d0d38ab5c3537c8bbd36c025b,2024-07-03T01:44:59.517000 CVE-2024-11000,0,0,4fb6c84b88e18aeb98d1b738e518210fb6a3e1010153945ab3cfa9fceb300001,2024-11-08T19:01:03.880000 -CVE-2024-11016,0,0,7465894c7af1d565ba268d39a530680d544c45a4359be3062d88a668f248bcab,2024-11-11T07:15:04.400000 -CVE-2024-11017,0,0,f72b8ad7548754f9615c91bcc8484923ef204ce648a38ba7dd6aae8d9fe23056,2024-11-11T07:15:04.910000 -CVE-2024-11018,0,0,84bc06d70da2a8d3d4381a8197c78a4f42f8e160be38709587a0a67216e3d45b,2024-11-11T07:15:05.210000 -CVE-2024-11019,0,0,c8352ec68076cde3a9971175007a10a5c740bcc0ac7d448dd20b91cb82e11677,2024-11-11T07:15:05.517000 +CVE-2024-11016,0,1,e06fd1e37d2bc29c8627eb88aec0c98e8edfc5d8e9aa4e4b0a05b03aac4f15bc,2024-11-12T13:55:21.227000 +CVE-2024-11017,0,1,b6f5a0fdb93950e300deb11212bccdb1604dbaaea57c853aac4276b5e817e85e,2024-11-12T13:55:21.227000 +CVE-2024-11018,0,1,f910e24d784d244818fd4780466645417572116f0165d15d5cf863939db2411e,2024-11-12T13:55:21.227000 +CVE-2024-11019,0,1,f89d8e239acf21c689103a90bda0330a82b8f8c0eafd269b988be5a36b1bf94e,2024-11-12T13:55:21.227000 CVE-2024-1102,0,0,0928bf44049eedf97e0b54e5fbfa6f0206fb5c0a5ae4e275eff0db0e3aa685dd,2024-10-16T15:15:15.150000 -CVE-2024-11020,0,0,2aac63b0be46a7cb6153ef907562bfe3c4fb09e49ebef49020f205ed3740ecad,2024-11-11T08:15:03.610000 -CVE-2024-11021,0,0,4c49697a18afd986b1675870cfbd40b7e00131792b262a9794ecb2d492713f6d,2024-11-11T08:15:04.987000 -CVE-2024-11026,0,0,dcff611dc02692ea0927ae09a065a279384099427d4514b9fc6a9bc987d8eec0,2024-11-08T22:15:14.610000 +CVE-2024-11020,0,1,d0934784925958ce42b22267494b68d4b80dfa18c46898cd01ed909504109ad3,2024-11-12T13:55:21.227000 +CVE-2024-11021,0,1,1f1b1e0ac42bf91b0cc89759732493fd6cec807d801e0bfbbf7c7144b73114bf,2024-11-12T13:55:21.227000 +CVE-2024-11026,0,1,5bad097199e56ffd1f4b7755738c2445dc243d6c7a33468e0f417dfbc0b75e4b,2024-11-12T13:56:54.483000 CVE-2024-1103,0,0,7224a9abc8ad2624b19754063e5e3f1dd278d487bc1541d6b3a3ae6b5907a9fc,2024-05-17T02:35:14.273000 CVE-2024-1104,0,0,9ee10688672006d34031cfe725e4adf4d669e817d06739b003e5be9062883e98,2024-02-22T19:07:27.197000 -CVE-2024-11046,0,0,c5f75fd3d6be6a1aa60facdd87383ba80fd341ca0a0e54d342678209d4d5bcaa,2024-11-10T03:15:03.940000 -CVE-2024-11047,0,0,984fc7e78ca205e956378f6935ea85591d8ced8cff738a43714b99cf552a64ce,2024-11-10T04:15:15.950000 -CVE-2024-11048,0,0,8a1a0ee812b3b2cc72482d3c403adca6c868c5151ad58a2f1d40939b682a380d,2024-11-10T04:15:16.220000 -CVE-2024-11049,0,0,1978b536618f7ab1d33ab032d59e221a65d6a4e301a913cb7e82d49dbd0dbb75,2024-11-10T06:15:03.390000 -CVE-2024-11050,0,0,d1ea979a798a6fad1dfe9a73616decc15ac3c49123e740f5f5db51bf9d9bc281,2024-11-10T07:15:03.450000 -CVE-2024-11051,0,0,697dc611ad858478c1ba98ead9b1f95cbe7f4821ac4bd5b784eacab40a94ee7b,2024-11-10T08:15:03.380000 -CVE-2024-11054,0,0,e9c381aaeadf77c9d1b7183ed948b8e0efb44af47725b580dad26f17bcbd8d01,2024-11-10T10:15:03.800000 -CVE-2024-11055,0,0,a5efff63e76a30be29de1b6d8133b8709ef43e7645ef6bbc215face7032b3517,2024-11-10T15:15:13.970000 -CVE-2024-11056,0,0,4a4bf302243450bab1b56f5e438a4b75a3770dd2ba6723208513ba0d1a1f0011,2024-11-10T17:15:15.697000 -CVE-2024-11057,0,0,a5800f82f061d1ad6f5682014c58d51ff756f3c210f42f4633c2f0dde988ab69,2024-11-10T18:15:16.517000 -CVE-2024-11058,0,0,45ee5c2c3e782b6e528b2a5ebd9a1df09e71040696e6c54587f55db5a31eb4ed,2024-11-10T23:15:04.570000 -CVE-2024-11059,0,0,4701f67edbe381eeaf9aee2ff329a7f7c3dee9bcc39cff6c54d2e0d0b473d86f,2024-11-11T00:15:13.957000 +CVE-2024-11046,0,1,dcd925d5c73f06f1ace376a125bb575f7b315d9652d799723b1102cf9a0002bf,2024-11-12T13:56:24.513000 +CVE-2024-11047,0,1,62c80055c1e83d51885fa95899f09b154c263aa2568536bdec0a14d6fceec41d,2024-11-12T13:56:24.513000 +CVE-2024-11048,0,1,c47c7e172d2484981aa9ce82dc4829987410f86852315bc7d515b43bf33914dc,2024-11-12T13:56:24.513000 +CVE-2024-11049,0,1,b32f7109487bc986f17f8a46eb9cc8cb1f0e96bfe0591fca882d7e5919dd9014,2024-11-12T13:56:24.513000 +CVE-2024-11050,0,1,90ab244978cef45af7f095c82b640f3cf8f2d9477d1dab1199c3f2987aed170e,2024-11-12T13:56:24.513000 +CVE-2024-11051,0,1,eb9e15965e4cd0c6f388b6eb1187188afb18b6da215e4b4c9a8311016e9cd0cc,2024-11-12T13:56:24.513000 +CVE-2024-11054,0,1,394506123e0eb139c8cd8550dbcefd136456928efd9946deb73088c629a735c3,2024-11-12T13:56:24.513000 +CVE-2024-11055,0,1,8753cb0f9e0c463951b38cd6aa776389b7f8fae7636d2e40ff9d7e2ceabb0dba,2024-11-12T13:55:21.227000 +CVE-2024-11056,0,1,260e6276db037c1b83afa3a84dcfe60a67f837ee8245c0e77eb0e6c4b686db55,2024-11-12T13:55:21.227000 +CVE-2024-11057,0,1,f4d60f6fab1190311646d9264bfdcce59d278fed16386a412e93a051a1fca225,2024-11-12T13:55:21.227000 +CVE-2024-11058,0,1,d71101d6ff89adc4dd72f5095ac1a64dea67b10c01cd7f3f72418eed1f520205,2024-11-12T13:55:21.227000 +CVE-2024-11059,0,1,de7cfb30a6274819a2f3576f81d64b58ec0837ba2b51799f2a317460e7cb2779,2024-11-12T13:55:21.227000 CVE-2024-1106,0,0,20cb4a0a045157ac9e013fd166b9513d5a44a1304cf8a8ccabd3185b4a52ab40,2024-10-27T23:35:01.747000 -CVE-2024-11060,0,0,ae6231a406a1fd5610f9cf7c5ceeb4bdd25f4c48ad30275dd841c0c6b22ad009,2024-11-11T01:15:04.233000 -CVE-2024-11061,0,0,6fa245e1ab0816939be164d71268563d1e94aa2fe2c1a714e0c865f2942b8e9d,2024-11-11T01:15:04.523000 -CVE-2024-11062,0,0,ee4bf6a7e3cf254580c3b6f836f55381060121e386a8c1751e03d7192d5725e8,2024-11-11T08:15:05.530000 -CVE-2024-11063,0,0,f85461dd32a663d5852309f964eae66bfb880b75a5900b88dcdb09d2bf7cc216,2024-11-11T08:15:06.120000 -CVE-2024-11064,0,0,173044f1af0392f52bfc676843c2ca0597de61039f4d49845c47657bd0ebdc51,2024-11-11T08:15:06.653000 -CVE-2024-11065,0,0,6cc19f2e7837a3778332a2818999229deb69d452d2631d06d1542a01b5f14569,2024-11-11T08:15:07.180000 -CVE-2024-11066,0,0,4401024f2ee49fc7054bda4de38149a419c2e21669ad66d6d4c7a1a13fbb7b78,2024-11-11T08:15:07.730000 -CVE-2024-11067,0,0,9083bf332bd380cf8afdf0b36996857eb44d20d84bddd464e7741201bbf169c5,2024-11-11T08:15:08.263000 -CVE-2024-11068,0,0,2870daa3b3e2ca018fa6082f45bf760fc57f2be6e37445170731581a3ce222a4,2024-11-11T08:15:08.850000 +CVE-2024-11060,0,1,e822ca030e591a2bbf6a05b38b24573b215857d28f4ccfd98afde869421cab71,2024-11-12T13:55:21.227000 +CVE-2024-11061,0,1,ee12d74725b75271cde8b1d917e4dbdeaf688fb1c0b14088569080190058ad0c,2024-11-12T13:55:21.227000 +CVE-2024-11062,0,1,fd55df6ee60df3ac3e659d07193cf97542af5dcd211c78f8b53360e3a9e97cc9,2024-11-12T13:55:21.227000 +CVE-2024-11063,0,1,1a3eff04d87f74bc64be56e4515d0ac1a1dad44d3ef5f9e41d9c2ff803dd28c6,2024-11-12T13:55:21.227000 +CVE-2024-11064,0,1,fbc6fc46169b65b5e9f021a6e3aa02dddacbcbeaa8df4c510741f7cfa069b0a2,2024-11-12T13:55:21.227000 +CVE-2024-11065,0,1,bfb35f980499608a9a3496379264eb51d60e25932db9b7623457d633eef9a55d,2024-11-12T13:55:21.227000 +CVE-2024-11066,0,1,a4cbe189914f12c5d2c97a6da0947cc3e10eb247702d656a1dbe04db5cfbb7fb,2024-11-12T13:55:21.227000 +CVE-2024-11067,0,1,5483dbfbd683f340236ce9255ef6a7c7f72011fb5216fc7269ab5aac0d5213a7,2024-11-12T13:55:21.227000 +CVE-2024-11068,0,1,4b051dd1e90eddfcfc88c8711edd0209408a9ba2f8b4588824fefefed2e09378,2024-11-12T13:55:21.227000 CVE-2024-1107,0,0,7fae6df9cdce298be180c2cb6d3dacceb0e976e847fc87cce19a7d73f37dfe2b,2024-09-16T19:08:27.840000 -CVE-2024-11070,0,0,50fce5ba7a18cd693ec68200f3d90b6c420fac4ca63afe9db31f65c38288bd47,2024-11-11T15:15:04.863000 -CVE-2024-11073,0,0,dd0a8d06b8ef1d16d0a0398449783fc22f09117f3cf82bb9261997c39c5da9a9,2024-11-11T17:15:04.520000 -CVE-2024-11074,0,0,3292be654074303b8aa09792e3ecb0850cc4c26bc562e2e86add74b958a092ca,2024-11-11T18:15:14.620000 -CVE-2024-11076,0,0,7df76c2fec7ddbe95ba6a8ae79e5c42ef3c68523dcd6027c51295ba7db67b000,2024-11-11T18:15:14.940000 -CVE-2024-11077,0,0,181130d814c7f61538497c5e53f441fcc9247f27113c622321e134d349587ec8,2024-11-11T19:15:03.660000 -CVE-2024-11078,0,0,8190043eda67017a5363e09bea355d4c2dfef250f70e1b21db23c961bbf97681,2024-11-11T20:15:17.400000 -CVE-2024-11079,0,0,a13f7144a33d93e55e5f2f65a8534bfe507fba4c4162e528b7ea851542470459,2024-11-12T00:15:15.543000 +CVE-2024-11070,0,1,3b497257d1d87e8089d11256275eff956cb64bd2c8e5b58c0672dafc5015efdc,2024-11-12T13:55:21.227000 +CVE-2024-11073,0,1,7b275d77346d3baae5145fae1e1bc949854bb720c1a66c386a5f1f31e520bae5,2024-11-12T13:55:21.227000 +CVE-2024-11074,0,1,b0b432f9f11178b738766f16248994f53b322af072bbf835d11e0cca21060089,2024-11-12T13:55:21.227000 +CVE-2024-11076,0,1,68aaa806834c6f72f1c370289d32181f8562b1175818d8ed99e5a507b1de4718,2024-11-12T13:55:21.227000 +CVE-2024-11077,0,1,7830786a737704d18ab799bfc0c7fcb4f9e81db66cd6fb6cafa4ccac62736f64,2024-11-12T13:55:21.227000 +CVE-2024-11078,0,1,d133c6201a7de964272170f882ab0586a90d59fac96ab8e0ce223d3687fb9309,2024-11-12T13:55:21.227000 +CVE-2024-11079,0,1,d1a710289b6254268300773c7c9b113893f43edc23893d87d06dbeefe81deb1d,2024-11-12T13:55:21.227000 CVE-2024-1108,0,0,72e8aa7ee320c630f0cd3020b574b902dcf572a1d2888f0afb29692e74e18247,2024-02-22T19:07:37.840000 CVE-2024-1109,0,0,54a246b33f975a42367e7b2f8f64c59b5c20293302ad365ae743bbdf357522c9,2024-02-10T04:13:21.610000 -CVE-2024-11096,0,0,f1f558b8d3c01d2282cdeba900f31a1361eba08bf17ce985612822dce41593a9,2024-11-12T01:15:03.607000 -CVE-2024-11097,0,0,8ec4fc7f9aa26b07595d596dfefc11ebce9490478ddadd080788274342a9b405,2024-11-12T02:15:17.817000 -CVE-2024-11099,0,0,862127343849fbae5f05942fc4dc7dc3d3fc170348df48ec03c27b86de3789a1,2024-11-12T02:15:18.123000 +CVE-2024-11096,0,1,c3ff544a53c1563b81fded1ba3057d9b03d9b4212c24283ee7f8f621c81cae5e,2024-11-12T13:55:21.227000 +CVE-2024-11097,0,1,0f425a00a4219c8aee24d98bfdb80d7664413f5722ae7291836b25044ba023ac,2024-11-12T13:55:21.227000 +CVE-2024-11099,0,1,0d75e4efa70a7f7616a150766816298dc17fa44d2c8e77459984ac245b921285,2024-11-12T13:55:21.227000 CVE-2024-1110,0,0,2a7a998b7b1ccd0c64d40f28b7bfefdfe0681031ac010f23e86b81b22a7f4df6,2024-02-10T04:13:13.260000 -CVE-2024-11100,0,0,6b3aa96249c5b90322adbdd9719faf7fab227c1a1ec8e781c98e0cb1c39dc55a,2024-11-12T04:15:04.823000 -CVE-2024-11101,0,0,73fcafea3f6f6e7581bd3593c4db07ee4acf0f063944ba8953fbaff14d71431e,2024-11-12T04:15:05.080000 -CVE-2024-11102,0,0,b30da95d99ff3a0d395e899d299b427343f69fa0e3fc777ceea26d405e50ebe0,2024-11-12T04:15:05.340000 +CVE-2024-11100,0,1,c492dc436c5e7b0bafe38365cc0f5202d40cfdc5e0c2327c30b822de79afcadd,2024-11-12T13:55:21.227000 +CVE-2024-11101,0,1,a2b85a410a212ab95b03a0a6c633679b89052f56b8c74d4fa60b641fe5c20a93,2024-11-12T13:55:21.227000 +CVE-2024-11102,0,1,460c291b099a678065bd11e1bbf8bd3fff3f3d6e3ee0d55ca5f7bdf40e5eda3d,2024-11-12T13:55:21.227000 CVE-2024-1111,0,0,f15445887f26214e7eb2759298bdfed96c32a982bdf7c3d908e39f1fc291a984,2024-05-17T02:35:14.527000 CVE-2024-1112,0,0,a074043c8f95f29514c3f59ea2279c09f17d99731ab21d34b196cbe82c1cf23d,2024-02-09T14:34:41.827000 +CVE-2024-11121,1,1,8f261648e8aa7626b51bf12e0e689982b79b03806c0768425612d8e79bdb20ae,2024-11-12T13:55:21.227000 +CVE-2024-11122,1,1,bd60c79703cf3b891ead101520e775ea03d8d0414bf7aeff344e254d9c5f222b,2024-11-12T13:55:21.227000 +CVE-2024-11123,1,1,54ab2bdc2850cfd69641ecef390de470e964ebf14f44b4579b638a94e63eb56f,2024-11-12T13:55:21.227000 +CVE-2024-11124,1,1,73fa4700ca267613075e73b1858cece6b4601482a9fbec3e00b976e592da535c,2024-11-12T14:15:16.260000 CVE-2024-1113,0,0,6955c6c679809523d129efea09ef779c898e264f7e3230a68d2b1fd615c8f410,2024-05-17T02:35:14.663000 CVE-2024-1114,0,0,4ba1cd03fbc35862ac6b2ce79da50122dd303ea22f4f4a45a352ffb5be12a8ee,2024-05-17T02:35:14.777000 CVE-2024-1115,0,0,4dae9d3d8bef65fab3d547368288cc3126446be18b7fc740123f9a96bd6241e2,2024-05-17T02:35:14.880000 @@ -245516,7 +245521,7 @@ CVE-2024-21989,0,0,b37107fd2c4d1a57e1c54ea23713cd824a129161eab1168533bf8418858bd CVE-2024-2199,0,0,59cfdd5614277a4cdfe41ed7cee8f7ffdb9b280026c3b9f68d7d87a26f4892e7,2024-08-21T13:15:04.610000 CVE-2024-21990,0,0,3f2777f17d0268e19ae7208ee53d1e5f87b95b7b3f1f72a38c6db4b42aa0ce21,2024-04-18T13:04:28.900000 CVE-2024-21993,0,0,1aeea33da01281c76910db77ddd07bc0b5d9326e4ee4935be542983c253cdefc,2024-09-10T17:39:40.353000 -CVE-2024-21994,0,0,19df282ea2b763061b978bddc4c49d00ce8f880bf932fdb367c75cdbab5d2fb7,2024-11-09T16:35:03.823000 +CVE-2024-21994,0,1,978cf917c4a483e63eff22e81479adf121c8fd6a269668f89848428ad3408230,2024-11-12T13:56:54.483000 CVE-2024-2200,0,0,d5a4c544d7b3fb05e31b9bd6329cd0f60f6524be79f4f8737689831ac183f031,2024-04-10T13:23:38.787000 CVE-2024-22002,0,0,3f46bf566ffde9830b437d34f578da579affa782f9e33834d952fd66d67c0a78,2024-07-03T01:46:58.073000 CVE-2024-22004,0,0,b52e7465a30d7c5ebe6c493dd6cc2d67cc064cc642f18d912a28d694a4c404f1,2024-04-08T18:49:25.863000 @@ -246958,7 +246963,7 @@ CVE-2024-2398,0,0,1df50a613e2f34671ada45040fb8ddc3d4f8857a9d7670bf2946d253e5c247 CVE-2024-23980,0,0,bf2b71f939973eb2601ccef55cf253f9d61b06b906f33487d035e08b35f3546f,2024-05-17T18:36:05.263000 CVE-2024-23981,0,0,6986b178e2ea3287638a3d1f9ab311d36d0d1884ba34669bf9e0c674564a83dd,2024-09-06T20:27:57.367000 CVE-2024-23982,0,0,e20dba7ecea0c7b0131ca1d7f8e3faacb630088896c2abfd0452f78392132abf,2024-02-14T18:04:45.380000 -CVE-2024-23983,0,0,62337635b3787d95d0b4e8f3d77f6b56b4d73e99439109ebbfddd587166d5b41,2024-11-11T23:15:05.217000 +CVE-2024-23983,0,1,fee3b3675e425c1767d0b2dfc9efa51faa949cd1bb08dea3ea8a9d1cdc84368a,2024-11-12T13:55:21.227000 CVE-2024-23984,0,0,d3e73193a48d5d3cf92db1c5b64a20f69007ddc7f878f4f1b9cdbda94c886b24,2024-09-16T18:03:16.707000 CVE-2024-23985,0,0,8249d0d4805632d5c5b5c3e0e9d62d8a14497ce894e5db21c14ac796aaeb2e32,2024-02-01T17:33:41.777000 CVE-2024-2399,0,0,6767e789c5e7e80586d75b3b6704c8a0508ed89afe73da734c95859ddd63a842,2024-03-15T12:53:06.423000 @@ -247726,9 +247731,9 @@ CVE-2024-25249,0,0,c8f53501756495a734a74ff7add6ed7b337966c8ca29065859babe4290aee CVE-2024-2525,0,0,0cd1ed7faad83b5a9e935ff66736a2f3ef52e3e5ca65ec7de6d2b90849c09724,2024-06-11T18:15:13.263000 CVE-2024-25250,0,0,30390a3108791fc3d353462d14426df849232b29aa14c37ad0af97fffe69a039,2024-08-27T20:35:13.350000 CVE-2024-25251,0,0,4d70de3df6118fbe7d3792c31913c0db5782c21a7d7e078c726229fd1ced9ad9,2024-08-16T18:35:06.257000 -CVE-2024-25253,0,0,3822bbd656795c7ee7440d90842dc3f0e62ed2069bc0c4b747d07d8d8a98faa3,2024-11-11T23:15:05.393000 -CVE-2024-25254,0,0,6779a43e66aa1e79b0cdc47b34794f8eddf45e963fa38d77bd9f354c253103c7,2024-11-11T23:15:05.460000 -CVE-2024-25255,0,0,a959526960c18e6f88774d77d75cd2e62db30f997d7e5372ca3b9e307dff5988,2024-11-11T23:15:05.523000 +CVE-2024-25253,0,1,203e38d78a9973d5dbfb7af68d6a7c0b966f27bc99e20e476215b8274464b2e3,2024-11-12T13:55:21.227000 +CVE-2024-25254,0,1,75baddadf2a950e768e45e3a21845924dd8061ec79f88172fc21d9dabfdad57e,2024-11-12T13:55:21.227000 +CVE-2024-25255,0,1,2ad57274319723666388ccf1bc79a31890093fb314bff7241db703f8228d1e30,2024-11-12T13:55:21.227000 CVE-2024-2526,0,0,da44cbcd46359ce613873d7604fc44e9ca075cba9a523edc17aed5804a21af9d,2024-05-17T02:38:17.223000 CVE-2024-25260,0,0,6fa7a07676f89be99cdfd9160294fea45305c2bf656b7b3f6b3836cc1f08767b,2024-08-01T13:47:38.247000 CVE-2024-25262,0,0,8f24f4c38fd90e744be4f19671fa5e63b5c263766ec9e369e10b77ef5ec75569,2024-09-04T19:35:11.910000 @@ -249578,12 +249583,12 @@ CVE-2024-2752,0,0,9ac4a8690eeceffd759ff2fb7b55e32f8cb8bb4afb752110bdafa62b8f4bb6 CVE-2024-27521,0,0,142655bf7422b3c81bdc37fb7ef4329756d07238f339af47f3bda39ff16ed820,2024-08-09T21:35:03.300000 CVE-2024-27524,0,0,08e4bd6ccc21c266f96d6111b83d7d95158b2c7ca600162e7e70631b4fc240b9,2024-11-04T20:35:04.913000 CVE-2024-27525,0,0,e06f7e0695efcbe9bfa15a3ac23251ff54875c477a75b737778895eddfe51566,2024-11-04T20:35:05.800000 -CVE-2024-27527,0,0,732bf4ef8336d7c1b3982dc385d7efff858d19cd6679a901c778daa4c192ee27,2024-11-08T22:15:15.253000 -CVE-2024-27528,0,0,ff1c6e464b1550d5f35fd34a1274fcc936bcace4233e95bc36f7a31ff21a7664,2024-11-08T22:15:15.360000 -CVE-2024-27529,0,0,656589b518b65f2332ec981616ce218bff9e33592fa871806de5e7140366b452,2024-11-08T22:15:15.440000 +CVE-2024-27527,0,1,f5026b1127d28c6f574e83d2008e38ddf99291dd8d6bdc8287a221c89fbc4228,2024-11-12T13:56:54.483000 +CVE-2024-27528,0,1,8e5e64d5896bb4f08bd65010fee44fd4bc816b91322c1d5da165f686fa4515e5,2024-11-12T13:56:54.483000 +CVE-2024-27529,0,1,ae5ac30d91d813ffb496447ac8ec9db4673e6f5f2a047bfebea87038b4ba4195,2024-11-12T13:56:54.483000 CVE-2024-2753,0,0,49ae39425f6531deb039d8727a759281a000c2c0b8058f4a13a0491f93794534,2024-08-30T22:15:06.227000 -CVE-2024-27530,0,0,90f61bd2ef62e8046356af7eded7442d2c4151b632970fbf7d7951309060bda1,2024-11-08T22:15:15.520000 -CVE-2024-27532,0,0,348dfddcb74b095d60f319c4c57edc522ebfad1207677c8009c8c91f3519316a,2024-11-08T22:15:15.603000 +CVE-2024-27530,0,1,d0e8cf9b008d00f34dc2439135c42d2b17ad385268aed8a62bc7cc21862e8d54,2024-11-12T13:56:54.483000 +CVE-2024-27532,0,1,33108dad0c7ee7bb8522025ebca4a44eac30b0fdc3bf3f3af35b25e37a41b55f,2024-11-12T13:56:54.483000 CVE-2024-27536,0,0,c377b0d21fbb5c7de68c4946896ec2f8ec67ef0d39bad02515cbb41c44d1bebd,2024-04-23T22:15:07.037000 CVE-2024-27537,0,0,3cbe9bcef09fe4fba870050d9e0c130363a525b398fa9371487301911d20249d,2024-04-23T22:15:07.087000 CVE-2024-2754,0,0,b524638ab8c26ee5de4a612af59349eaa47dac80099d3c62a685c43527d6353b,2024-05-17T02:38:28.527000 @@ -250627,7 +250632,7 @@ CVE-2024-29071,0,0,9573b1daf2437c3a5d598bb2715607359543c337565b61f9e632dcab5540e CVE-2024-29072,0,0,50e2db556663c43fd665c3ae801a5bd36f73f0e7479a230bf4ff9553f9fcd995,2024-06-10T18:15:30.110000 CVE-2024-29073,0,0,c7a1ecc52b2710f20eb4ca399da6fabfc271c86a39117df7ecabe6454fad279f,2024-09-18T18:31:42.290000 CVE-2024-29074,0,0,dae045c5f696de776b77da3987f8405651ce1bf4fa99e4d5313acc43e5165076,2024-04-02T12:50:42.233000 -CVE-2024-29075,0,0,2055a223891183fe5e40e216361734aa0a19104e560c37219f46e544770203a5,2024-11-12T06:15:03.520000 +CVE-2024-29075,0,1,5f4ceb8e1519bbaa6bc09ea81eba95b9d8df6e5520fb957f27607d429d5b6e04,2024-11-12T13:55:21.227000 CVE-2024-29078,0,0,a4fab3b35091f8fd08881f2bf49d899dc5478faeb8df15472b3560684c1a5420,2024-05-28T12:39:28.377000 CVE-2024-2908,0,0,3845fc124bc9f710736d5363f9b086190df4e2925cb4e5b4a7eb9455fd55b3c6,2024-07-03T01:53:38.703000 CVE-2024-29080,0,0,122d2248f2a74104ef56e4b4f36a007e3f0c20d936565d94fb482f471e756277,2024-07-22T13:00:53.287000 @@ -250666,6 +250671,7 @@ CVE-2024-29115,0,0,b12a9dbf612250a49df2e6948fc40b23d35ff13f6aa9d2beedd64c49a8ed8 CVE-2024-29116,0,0,d85dc6ae194d83c2dbd05b4e1cc8c25eaf9e91cd72cd7e6ae549c7eb131b7c33,2024-03-19T16:33:58.680000 CVE-2024-29117,0,0,7cbc86fd47b57aac5bdcb66853eac01c2823bf8c332ca79b8820d49cc7cba209,2024-03-19T16:33:58.680000 CVE-2024-29118,0,0,1cf920921a96fd5f0eb418dbd890604a04de50213d4066e1f2401f217f180df5,2024-03-19T16:33:58.680000 +CVE-2024-29119,1,1,738a7b7e804b6feffc33f998d5fbd83a1b05ef16b9a6d435f583f42a46ae6f6c,2024-11-12T13:55:21.227000 CVE-2024-2912,0,0,f62836a8afe15e49afc11abef746f6e05f5ae0f68099e584fae53277c8c9f769,2024-05-22T16:15:09.713000 CVE-2024-29120,0,0,78c90aabb60b47ae0f53200ae68c321a924594adaa36ca07ddfc55333a41ac19,2024-07-18T12:28:43.707000 CVE-2024-29121,0,0,6325c10b522d77de76e2af8d35d0ad7dde2dffd7703677e5c3f9cd67ab864731,2024-03-19T16:33:58.680000 @@ -251522,7 +251528,7 @@ CVE-2024-30311,0,0,9aaaf7a631f27c18ba0d6e026b9e5bc097be151497f5f87035ce25407b016 CVE-2024-30312,0,0,f08a9328fc0df8fc97205027f081abf4a30dc22420a8570eec8a2d548e77aee7,2024-06-10T18:15:30.880000 CVE-2024-30314,0,0,001958112e812873f2afe024af602bc1e18aaeafca421eccd7dc6e99cd4f7d19,2024-05-22T08:15:09.777000 CVE-2024-3032,0,0,3ff0e9ee56a036f5520ddd218b15f57f43b4ef20b5bd57e06a8e81c2e3d08ed1,2024-07-02T14:45:48.633000 -CVE-2024-30321,0,0,7f3ad8f15ea25c028515e92f7e64b7c61690659d20b0d6499853c9a9a530a6f4,2024-09-10T10:15:09.340000 +CVE-2024-30321,0,1,77e82c6b15f80502cfe967b03a0cf5e1edff68cc4e25f0455ce9c65c8c4bfbce,2024-11-12T13:15:07.503000 CVE-2024-30322,0,0,f4e26e42e44429b86d19dca1655fc9b0e6d4cf366473cd59d34a3fd4371a1053,2024-04-03T17:24:18.150000 CVE-2024-30323,0,0,d6d47200d4c92fd98c85bfb81a96ff4ecd5c84bf8181d1e9578fd9917f267b5b,2024-04-03T17:24:18.150000 CVE-2024-30324,0,0,2ba1ad1289d8b66663b4964e19479732233e6bad3226f2e9625162b9429d0e05,2024-04-03T17:24:18.150000 @@ -253984,7 +253990,7 @@ CVE-2024-33694,0,0,26d440cb75dcd86544ffadb69d95d3097f1e6a23ac05fe9a05fb2494be46d CVE-2024-33695,0,0,496bc8a3b6cc06e0f2cb2ff5ef3180780eefdd07d63e68d063cf97ba79dd8598,2024-04-26T15:32:22.523000 CVE-2024-33696,0,0,8adc0db7b8cce33b994e835fa3f282e25f1f4ef5644a2aed7cd50d800fe731e7,2024-04-26T15:32:22.523000 CVE-2024-33697,0,0,4a571113caa6ccf495d29be30608c42f9dddf9084d1562bed260e698c04aae88,2024-04-26T15:32:22.523000 -CVE-2024-33698,0,0,757107609bb2e6f896c0b7f0b6fa39b8f34d961ef227f03387260ef6a53fe2d1,2024-10-08T09:15:10.463000 +CVE-2024-33698,0,1,80f9728a007b76bec9e55fcababf9ce2d8cb5c11944f565f0d36feef068c4511,2024-11-12T13:15:07.653000 CVE-2024-33699,0,0,81b1f37e6f990294e3d0e58469f3ce075096d2792432fa2b41bba58241b973e9,2024-11-08T17:09:29.790000 CVE-2024-33700,0,0,800096d409fd3a2a3a42bcca491373284624d5b7e93ac5ccde5cb0263c58657d,2024-11-08T17:06:16.147000 CVE-2024-3371,0,0,d2e6ea20ce5eb692a4e48c27aedae40a56c8f7db204eed4d633cbd78a04f68c4,2024-04-26T15:15:49.357000 @@ -254203,8 +254209,8 @@ CVE-2024-34010,0,0,7772431fddbfa4456518c6f3c79bfb5e61dd9e04f9a0c45164641cb3c48c8 CVE-2024-34011,0,0,1cdf95201b7c3fac8642eb93e0c0ec77c02ae32f22e51c68db8a6f76ced93031,2024-04-30T13:11:16.690000 CVE-2024-34012,0,0,5230526342507ce0f85dd47c2323d42603a1fbec4e476f393dfaf1722db209eb,2024-08-07T15:33:46.150000 CVE-2024-34013,0,0,31f555436f56628c9b80feda54af6c121f0002b6c021c0928728c76ed328d68f,2024-07-19T13:01:44.567000 -CVE-2024-34014,0,0,530943669013f82e8fb90843fc38790c89f82476cd985fa1ead56ab9891121c0,2024-11-11T22:15:13.773000 -CVE-2024-34015,0,0,eeedaa29e55a398e61de4630fba8facd792ffc23d5d1ad1c7593ea40b1cfc01a,2024-11-11T22:15:13.860000 +CVE-2024-34014,0,1,19c5264c523207a9d1612333579b4bd9958d1edf33e7a29ece8ee000c8e7d9d7,2024-11-12T13:55:21.227000 +CVE-2024-34015,0,1,35df50e6184bdbd395cc459e0d389536c51d42126dba9273f088c696d33a0fa1,2024-11-12T13:55:21.227000 CVE-2024-34016,0,0,0c2a3147a84e04c06db0d6af075b8e16276b7cf9e5f22acd81f74dbeca1a1c49,2024-09-20T12:31:20.110000 CVE-2024-34017,0,0,379da20aff6514952cc55653119ad0cbc16efa57414348c26e21b9e45ed9a8a1,2024-09-12T17:16:09.890000 CVE-2024-34018,0,0,85758f76e2c70fa3c1ddd863e0fd37888b91679fea3b3a22992906144958936b,2024-09-12T17:17:20.873000 @@ -255196,18 +255202,18 @@ CVE-2024-35401,0,0,e20c7deeda0300f83b1078cc4b3716ac7ed24c4deff40921468ca6f87181f CVE-2024-35403,0,0,4d9a98843a184aa3f7fed28ea2e26cfcf04b1cff379a69b2f7e72017e9a927ab,2024-07-03T02:01:44.377000 CVE-2024-35409,0,0,c1e09f17fc040d1a54c6ca919b4e6df91e3a03195ff96673036c48a4d8f8f539,2024-08-20T15:35:15.637000 CVE-2024-3541,0,0,14abae851d976e531eb89e36d00e68f1b4222a58cf78e09467f8f13cc823ff73,2024-05-17T02:40:00.373000 -CVE-2024-35410,0,0,2d0a934b0235a1f89677a4f5155805e0c1e18ee7351b5701da1521c6e04b64a3,2024-11-08T22:15:15.737000 -CVE-2024-35418,0,0,c8a5eb9b964e76327aa405ed15784973626e14338aae5add66be4152b33a5c0f,2024-11-08T22:15:15.823000 -CVE-2024-35419,0,0,3274e8b3116995f064c260f33d8e7f050cd8c81700d28f140f28d1e9b8fde66f,2024-11-08T22:15:15.913000 +CVE-2024-35410,0,1,9934f2e6e366ff34bdd808724edcc20da9d4ffa302f6042b1ef31ec5c87c8f5b,2024-11-12T13:56:54.483000 +CVE-2024-35418,0,1,127590939381ac9ea1bca215e8e87a187a90e6c39b1f8c2664dbc969ec02cf66,2024-11-12T13:56:54.483000 +CVE-2024-35419,0,1,79d5a4b5dcbe4e8eaf7fd55e488336beca6605ee161decf1cb87124f4bef4457,2024-11-12T13:56:54.483000 CVE-2024-3542,0,0,5a8537177eac38ffc4c0459430c529ffd4234d4390bfe331be843583f4e31e36,2024-06-26T18:15:15.750000 -CVE-2024-35420,0,0,027fb4bc3cfc47f3aa5affa2fc92717f80d65be94fede0e74b372c8000944e23,2024-11-08T22:15:16.010000 -CVE-2024-35421,0,0,565959e9f63c0d4e5248cf5516993bd34bf57bdb62e81943f267cca53f96d15c,2024-11-08T22:15:16.090000 -CVE-2024-35422,0,0,62c8997bf3b25aa37d8c5d5c702eb3c905dc311920ba444ca52acb0074f3cfed,2024-11-08T22:15:16.180000 -CVE-2024-35423,0,0,039694659dcd16669a07a6f393886294d023f3f2a8936652589c7730676c0847,2024-11-08T22:15:16.257000 -CVE-2024-35424,0,0,6f98e23554362a8731aa6446e197eed68c741dfc45af0f69700af1742c3117f2,2024-11-08T22:15:16.343000 -CVE-2024-35425,0,0,94c1d24d7580fd4a15a45027bd388458b19bf90bf3fc489fb959aa9e40e8053f,2024-11-08T22:15:16.430000 -CVE-2024-35426,0,0,6e376abcc3a4805daa2eea6734ad49bbdaaf1be1093b8c8c136f4419cd3c4abb,2024-11-08T23:15:03.580000 -CVE-2024-35427,0,0,6db4337c3ebccf3868cbc1b1a0af9b148b581cc8045ac0a761ba9c9946b36e8f,2024-11-08T23:15:03.680000 +CVE-2024-35420,0,1,4c667b45d6476240fa11c340168a28995c519352d0d8af72f70403dfb921e277,2024-11-12T13:56:54.483000 +CVE-2024-35421,0,1,7e87ac3f5410e04e9abb36fdd338b79031b328859540810f63e4d493d6c0601b,2024-11-12T13:56:54.483000 +CVE-2024-35422,0,1,b9bfa2f034cc28aa329b7303c5d5535b358012d05cdc610f1af9887acfa0b93f,2024-11-12T13:56:54.483000 +CVE-2024-35423,0,1,56d92ec2919d56dd22b81ac5eb15ec06a5e03b6a369cacba48d7c74f18cc2073,2024-11-12T13:56:54.483000 +CVE-2024-35424,0,1,91778ea6f9a3fcaeb3f6c435f71721bc1c0da0f9c9d9dc57ba2d684a2b349e95,2024-11-12T13:56:54.483000 +CVE-2024-35425,0,1,a926bcbe623ec40ccd614a0f3b859bfcf6214b6f1ee8799ccb7c0f737e258ad2,2024-11-12T13:56:54.483000 +CVE-2024-35426,0,1,56983239ea77e47170ba9ea9cd0da0ca626f318406f7400ccb4105a247802954,2024-11-12T13:56:54.483000 +CVE-2024-35427,0,1,b2e4830751ded3811da38047fd71578b327b0b289951171b7ec7e633c1aa5d27,2024-11-12T13:56:54.483000 CVE-2024-35428,0,0,3c09284a2d1421b49e443adf71c33cb44461617fe2c22ed9a85a4142b030cc7e,2024-07-18T16:52:56.760000 CVE-2024-35429,0,0,330b233a9d961e5ab60bb84ab073545ccf41085088e749b133fee4692c3b4424,2024-08-01T13:52:40.290000 CVE-2024-3543,0,0,14aebe52440b6c29accdfa7acf400fe951e7d7441b56210ed47a5a2c1e52128f,2024-05-02T18:00:37.360000 @@ -255455,7 +255461,7 @@ CVE-2024-35779,0,0,706445338be7aae5f251c8b956a0c3bf0868336274fe9963a1a9e43c59067 CVE-2024-35780,0,0,685b106b3d65ae1869c2c1c35a0354f69b2eb70c614d38b4e2c684c295e7d786,2024-06-20T12:44:01.637000 CVE-2024-35781,0,0,aa3ec547f8f8f306fe8ea0fb55240637cbf26b27603624da2638b54b69436759,2024-06-24T19:15:58.517000 CVE-2024-35782,0,0,dbc038df298fe5384dd87379cd2931409975f0d218f64474d4c9dcc1abcf8e97,2024-06-05T19:50:20.463000 -CVE-2024-35783,0,0,a821ae65f3934f85f11eead938e9cdce5096c9b4889b6ccd7b78234559d922b9,2024-10-08T09:15:10.740000 +CVE-2024-35783,0,1,d79ab68d42244f130ba11443da6d22068dae4bdc2cf757ffecee969e6f6215aa,2024-11-12T13:15:07.830000 CVE-2024-35784,0,0,5d7a60327e3aea236c6954addcecd342bc4303bf9f4ddbf6fdcb56f7d7e890e7,2024-05-17T18:35:35.070000 CVE-2024-35785,0,0,215198d3fe49082f5135d6e547d9efd784a139fec730129e983f97c5bc887ba2,2024-11-05T10:16:36.367000 CVE-2024-35786,0,0,e8af1ef6ccd4fa218271a6a20ff9f509feb225a9368ed4f0a4c142495813a3de,2024-05-17T18:35:35.070000 @@ -255752,7 +255758,7 @@ CVE-2024-36056,0,0,1ad654e1db1ea66b26b566d0bde36516eb16d5510c8338c17ed9148cd915f CVE-2024-36059,0,0,1bfcf57b05ec1b5718039a8c5e3ecbe365e021b33c057bee57a114304a3b8db6,2024-07-09T16:22:38.580000 CVE-2024-3606,0,0,d0a3a8d7c3b8995b719f693dd3907a6cc0220e7bd0b5d59f68093556b8c3a6af,2024-05-02T18:00:37.360000 CVE-2024-36060,0,0,0aa7d62145c5618b7f76bb2535f9fc77a196990e59fda038d7a6d0a4665703fe,2024-11-01T12:57:03.417000 -CVE-2024-36061,0,0,ac0cea50366983cc9fe5a6ee092d3ffe1c327fd993430816a07164391ebb0f92,2024-11-11T20:15:17.673000 +CVE-2024-36061,0,1,10b600ea9e81162f2fdf5c7ce1bb9189f75ce1544ec86abdd84a86301daf6307,2024-11-12T13:55:21.227000 CVE-2024-36062,0,0,b3531d0a2dc0e87d59ab63f084c9edf17440e45c41fc2b9fc6cd7ee0d3d225ea,2024-11-08T19:01:03.880000 CVE-2024-36063,0,0,137e9651a11a86729a19db077a10e17c476e8bdc06700335b2e00d6c3dad3c82,2024-11-08T19:01:03.880000 CVE-2024-36064,0,0,783529a7ed67c566f9b5978c94a6c15f086f6661d090c8cd3e70b94f4926834f,2024-11-08T19:01:03.880000 @@ -255810,6 +255816,7 @@ CVE-2024-36136,0,0,5d95909c13f0d8392324a7365478397dba5326ae554d2812281ea77aabac6 CVE-2024-36137,0,0,9438d2b71ef73887d75e6f454e33b7f397670092254d4a5da60582748cb22f74,2024-09-09T13:03:38.303000 CVE-2024-36138,0,0,e6354c672dea5a9efe6496da7c00037de66d6aa6e785f55fccdeccb25bc2c9b3,2024-09-09T18:35:09.367000 CVE-2024-3614,0,0,7d52e3588cbb3715dc858d110e11a928859b665db7d4d54abdbcae84467ecd9e,2024-05-17T02:40:01.707000 +CVE-2024-36140,1,1,339aa114c9b4ee85084777ff864435ce00ae50f8bdcd2f9c6e4c47ffb9909a55,2024-11-12T13:55:21.227000 CVE-2024-36141,0,0,18db6c112ccc0d71f5b13b30aecab0a5f2370100cf994f0af07b87507f970796,2024-06-14T20:02:18.553000 CVE-2024-36142,0,0,6ae7dd3b3d84d3e60ab36df1a1df499d7a9063449a2d0a679757a0e6ad8f4e57,2024-06-14T20:00:46.803000 CVE-2024-36143,0,0,b9ffa4a4b0c08b2c09cabc08087789a8d9178358a74a11dff2dc25f2bba0c28f,2024-06-14T19:58:25.220000 @@ -255922,7 +255929,7 @@ CVE-2024-36244,0,0,72ec9199c50b58fba1710bd51385a13f86b624ab2159e939e6a1444afbe8d CVE-2024-36246,0,0,d22d56b3ac190fbff4b5b820bf9253b2e2f7fd0137ac45e12945d45896804b68,2024-08-15T17:35:07.080000 CVE-2024-36247,0,0,16c6efe40503daf1080fcbf6d9a009e1a3c1386098439c6bda19cf80a4941086,2024-09-23T14:16:11.290000 CVE-2024-3625,0,0,fb0a948a4b5da0bdab04bf1595a286af67dd68466c0feac9aee7f6c3556ca9e2,2024-04-26T12:58:17.720000 -CVE-2024-36250,0,0,1e030a3cf8b1b2c74ec3a215d324304b560ae2c0e456b12f17e992ab89516f1d,2024-11-09T18:15:14.747000 +CVE-2024-36250,0,1,f1ff69f14ede471d045ecea4e07eb768c64aa81715b0797b12e949899e7345f9,2024-11-12T13:56:24.513000 CVE-2024-36252,0,0,4edf18ae557d8c3498076af1a69a7b853e545554a27b9b0b40bcb780d22c50d6,2024-07-03T02:02:59.060000 CVE-2024-36255,0,0,a469b4be0a60fb4a2e32368cbd9ff1f41eb30d9e30ebf5e64783accfe9b2d73a,2024-05-28T12:39:28.377000 CVE-2024-36257,0,0,de59e82b2cc868e7dbd975a3494539da4e2b96eaf9e15fff111a5d725848914c,2024-07-05T17:06:28.517000 @@ -257848,7 +257855,7 @@ CVE-2024-38818,0,0,622849f8ff4dfc75febef96b69e498222845497635b94ea6c1bb47520700e CVE-2024-3882,0,0,8cf286ca42c3a62eccb821d9ac0678dabad594eee248c127390ddaf169987d46,2024-05-17T02:40:10.457000 CVE-2024-38820,0,0,50758758d32f5bb9d0664ab5254e279459d398846823826c47d2a8b01a7200dc,2024-11-05T21:35:09.393000 CVE-2024-38821,0,0,bb251b2231aa5ec8776de9aee89d7b4c729d7a41bc68ac186fa12d01aa093b81,2024-10-28T13:58:09.230000 -CVE-2024-38826,0,0,d8027d70723870c02461cc79e9f7e14ca39833be1e964ada158bd1de26def718,2024-11-11T06:15:04.963000 +CVE-2024-38826,0,1,d2dc3bc0b0f77945ea4b1900d4b45fc9041d9a4783cdeb176eb488aedabdfbeb,2024-11-12T13:55:21.227000 CVE-2024-3883,0,0,e6bda202b9fd54c10f25f29dd8ae0cebb83b1538aee636944c2fd66bf4045fff,2024-05-02T13:27:25.103000 CVE-2024-3885,0,0,9b28a2ee85edfe77753e71858fb1438bd68a9b6ee299843f3a5752cca4753d01,2024-05-02T18:00:37.360000 CVE-2024-38856,0,0,cf2c30abb1c3c3e6b03acfa253b7bd98efa464ab76b49fddc2034ce3ce8a3be1,2024-08-28T16:15:58.043000 @@ -258104,7 +258111,7 @@ CVE-2024-39350,0,0,933f5cf4e1e8654d4184b998e6e3d84f4d423cc036a81e5a6851a5092c592 CVE-2024-39351,0,0,9b4d39161319839f1a0a214dc211a28fd92f2da777165762a051c899eb88a499,2024-06-28T10:27:00.920000 CVE-2024-39352,0,0,2125967ac59376c4e2a4b0fc39ded99823f5fb5459f0421dba32eed656bdf603,2024-06-28T10:27:00.920000 CVE-2024-39353,0,0,2167a4e696755ebb97fec80f167f71100aa107b125d2865a5fb1a76c1e17f7f4,2024-07-05T17:06:55.800000 -CVE-2024-39354,0,0,ac4cba2e9b2f9a7bb5a41c73d418a899262fb67653b644aacbe92122e1a17dcd,2024-11-11T15:15:05.243000 +CVE-2024-39354,0,1,9a28ef530387e111c461944af4e0d300591f7f1f655a1f7d86a6dd34c432f8df,2024-11-12T13:55:21.227000 CVE-2024-3936,0,0,eb020bb37778f80e494a260dbac71fcd852240dc2c6ce10d95e3bece33882ba5,2024-05-02T18:00:37.360000 CVE-2024-39361,0,0,8673bcaced52217297c8c7fce708f73bcd943cb4e490aea668f5945b814898d2,2024-07-05T17:07:34.827000 CVE-2024-39362,0,0,a4e72d457ad79497d234146ef4f9a3e9f07fed3f9039766cdc9d7026e27b2016,2024-07-02T20:15:06.353000 @@ -258336,7 +258343,7 @@ CVE-2024-39598,0,0,7470f47887cb5c1b68f5de254806da714a54b198dfff3cc99fe82ab56ad8b CVE-2024-39599,0,0,71c6e22ff50e3a1f14090d5ce5359c041b1ab088b8ff29fe36a33f35ff802136,2024-07-09T18:19:14.047000 CVE-2024-39600,0,0,3f218b3b2797556a97f50f1b3db443b951be2a33b8f95e3d04ecb200803e8aaa,2024-07-09T18:19:14.047000 CVE-2024-39601,0,0,7691c6b30f5986c79e8398298f8afaed5e766d08eb3fdbaa17ee23cfa6227202,2024-07-24T12:55:13.223000 -CVE-2024-39605,0,0,5b1db35f7a08172fb31ee495b92881a0a3f3b881f7c91c9fed02766c3e34fe75,2024-11-11T15:15:05.527000 +CVE-2024-39605,0,1,a5d8e60b596ac98c4205247c388074418dc90b00520b572619e13063948297f8,2024-11-12T13:55:21.227000 CVE-2024-39607,0,0,82ab1f90403a4f0d3b9e21e2a488cd41b34ece370e96146e9e8729444d740066,2024-08-01T15:35:17.240000 CVE-2024-3961,0,0,7859b6a2f8e5a01656e72fd209a53f5adaf23f278f08a55d207894f918e1fda9,2024-07-17T13:32:37.647000 CVE-2024-39612,0,0,029b5e043f8fa9387c1e935fd25a69e218f8fd7196fe19845233dbfcda84d17e,2024-09-04T16:38:56.383000 @@ -259747,13 +259754,13 @@ CVE-2024-41989,0,0,e902f47b7607adc4839df00802ec4b9f801f5195050e557f24fe6e1b06bac CVE-2024-4199,0,0,fcf36265d6a610d83a178901804339aadd89406ac8a1349d6da6f71c3e13bfe9,2024-05-15T16:40:19.330000 CVE-2024-41990,0,0,a9d3bfe1152ea007eb5df4a4d15c3972fabe2ab7cf6c4dc84957655472913a10,2024-08-07T20:49:50.480000 CVE-2024-41991,0,0,c38f7b679bd3e48c46db9fd1c6390ab9383b0c22d8669d807f374055f46ee42b,2024-08-07T20:48:22.403000 -CVE-2024-41992,0,0,75e1f591ab9455730a7d403ff7394289848c4456f97665c54cd1f7290216eb30,2024-11-11T01:15:04.813000 +CVE-2024-41992,0,1,85601128659507913ce454ce38b9646a27756e1b2f8094d380ad8f669bc24e6d,2024-11-12T13:55:21.227000 CVE-2024-41995,0,0,79638f0d10c16b237f07db3242d98d294e87bf4205be8c6d9c3c7b90790704bd,2024-08-06T16:30:24.547000 CVE-2024-41996,0,0,29b8c50df43b1c66bff4b5734acbca34adccc097a107dedf36398e589357d13d,2024-08-26T16:35:11.247000 CVE-2024-41997,0,0,84a3f0ea395077fa02b4a334ab8509ff391bef43bdcea38ddd875b5794f83bfd,2024-10-16T20:35:12.430000 CVE-2024-41999,0,0,a370380ae5e595c1d409f5d8d8f92b14e0e23ae9708051ce0a7058f9d91625a3,2024-09-30T17:35:09.340000 CVE-2024-4200,0,0,4cd240b08c44457e11ab7d0e46f05e7d4edddbc268bf54e61982ff7b6b50f3a4,2024-05-15T18:35:11.453000 -CVE-2024-42000,0,0,4a3ce22eee97605fe7eeb8ef35be0eb9234fa71bc6fc6cd3858e24922f5db37e,2024-11-09T18:15:14.993000 +CVE-2024-42000,0,1,2a6ef489e8022f0e5c1eba30d0b9bf961a756a0bdcd143f6001b190791ee9e4b,2024-11-12T13:56:24.513000 CVE-2024-42001,0,0,fcbbb9fe256b159250061e78a0e74ebb6632e1ed1a0fdada8381ebf9439eb017,2024-08-20T16:37:05.447000 CVE-2024-42005,0,0,6e7acd676fdd0820d0ef383abbd9c31b747692d4d747e9756762f959c9b515e9,2024-10-23T18:22:48.937000 CVE-2024-42006,0,0,cac16dcebbdfd7db60164c8c9c083b31913f86e474f6e93c1530c3119039cdca,2024-08-21T13:26:54.577000 @@ -260079,7 +260086,7 @@ CVE-2024-42369,0,0,2db0203d9e1c9ed86d7e5fe91c7527c5d07f66504aa58aae16d195697c2be CVE-2024-4237,0,0,c38818d0c288b1eec57a9be9e655b05254cb3f3487787a1ecd91e69d9c20b38c,2024-05-17T02:40:19.580000 CVE-2024-42370,0,0,62e839a91edcd64bb21dabf32c60522dd52dc9540883662a6d8c03c0ecbecadd,2024-08-12T13:41:36.517000 CVE-2024-42371,0,0,f8671ba77e17492262f6b6323bd0f75755bc55999a70f1247a3b42a51bbd5e7a,2024-09-10T12:09:50.377000 -CVE-2024-42372,0,0,18e0d3ce3d87a3e533e1b9d5734d500fae86f144567f3f13d20e34f3d17e1571,2024-11-12T01:15:03.940000 +CVE-2024-42372,0,1,df21219adb434b71a1a76b283c437f74d1588d2b923678cbf4b3a64c8b34fc76,2024-11-12T13:55:21.227000 CVE-2024-42373,0,0,0a911f8c7b65a5ac6f64a8e43f34010f8e931ac83329dff9f7884c56f10ce33a,2024-09-12T13:26:37.753000 CVE-2024-42374,0,0,f269e9c4776cdc5b8dc54432285004e2049939b4c19e5a365ffb07a0c87786a3,2024-09-16T16:25:54.430000 CVE-2024-42375,0,0,f88914f78c046f57acc08161978ed742ad9df5262df6fb06ce5cd75ac24c71ad,2024-09-12T13:46:39.527000 @@ -260772,19 +260779,19 @@ CVE-2024-43423,0,0,8fb21f51e563dd938c763581007e890cf5873a7efc6a39a36e929ea32ce34 CVE-2024-43424,0,0,6d9ffac7d6eb9e50db381baa418d84f2f5d9932ec78b86526bf799eb43b3b4f3,2024-11-05T19:39:33.873000 CVE-2024-43425,0,0,938233c36f296352d9985e1fd2ce4b16f2764e2564dfb74da585a571295076c0,2024-11-08T19:01:03.880000 CVE-2024-43426,0,0,2e98ed8cd0fe3bbd03bc31edcafe875e17ec3c3fbf69dc03657573f422300921,2024-11-08T19:01:03.880000 -CVE-2024-43427,0,0,581bee939c9e34fe119a8c608c0d866cf5e94ff0a94c54cceddda25eceda6b73,2024-11-11T13:15:03.530000 +CVE-2024-43427,0,1,a5d852a8b64e359c0a57c10c70e5a97e7ab016b1afc2797c542331cf12322b00,2024-11-12T13:55:21.227000 CVE-2024-43428,0,0,b5ed04eb9991b8a533d52401aafbeac39cc5aa45a83db20224d68df7b23b336a,2024-11-08T19:01:03.880000 -CVE-2024-43429,0,0,d3c44340c3bd6ae311e6f014dd25b6ccb57223b7de2b908763ecbeaacac4942f,2024-11-11T13:15:03.880000 -CVE-2024-43430,0,0,cb9411ba76a50e8ba09950d9b570a9c5198d9d39254a440a1515f1ef49079492,2024-11-11T13:15:04.053000 +CVE-2024-43429,0,1,d5111a217563ee616d3370639b319524d6cbcf7a4714cd852bf9ababc3df3c3b,2024-11-12T13:55:21.227000 +CVE-2024-43430,0,1,3ee504d2aa3176b6c9511347f3e621fbca9e34dbbde41443cbaee60af93e7f8f,2024-11-12T13:55:21.227000 CVE-2024-43431,0,0,b9005a05e5507a46df12a8ffbb839f8f4313b143d14ebe18ef1c5cef640c905e,2024-11-08T19:01:03.880000 -CVE-2024-43432,0,0,e70dfa1ead67b49c5774974a49a0d388fe5aae9064243fff3ff9679c2dc80e67,2024-11-11T13:15:04.233000 -CVE-2024-43433,0,0,074b7b449f98213f5e417d5bdf6e5c01493abde20d62136d3d64c93894d45cef,2024-11-11T13:15:04.410000 +CVE-2024-43432,0,1,0a05c068d1ce2e45ed5fcd4b281ef6595c8977244a3d1a2dc6a1666cd8b6d07f,2024-11-12T13:55:21.227000 +CVE-2024-43433,0,1,2d2a30ff36b3c88c162701c07f2a5ecb38843e48c1b9efb92db3cc0912d8a651,2024-11-12T13:55:21.227000 CVE-2024-43434,0,0,8ffb2c6afb4ed4c9c792f8915838fc9f8b7d930620a4823c5b60db456a6beae1,2024-11-08T19:01:03.880000 -CVE-2024-43435,0,0,3d7507433dbdaf669ffe2bd3e815b4ba28fd1460314f079d452f0d8ad41c3607,2024-11-11T13:15:04.580000 +CVE-2024-43435,0,1,19653ca1abb3a601151e091c688a75ae2db23c267cf96ef3552a2772ed224465,2024-11-12T13:55:21.227000 CVE-2024-43436,0,0,d5a3a1ab85fb023046251b174592264fb917cdc48f222f2755feafd455c0e61d,2024-11-08T19:01:03.880000 -CVE-2024-43437,0,0,b7778e9263c7714a5b663e3d51f77430d9db4e33c3b07a19b5fd3b6dcc35bcd2,2024-11-11T13:15:04.757000 +CVE-2024-43437,0,1,8f10e345b4160b4fc9f94a3f2509a5bb9474e33f9fe79e6cf5ab43a1a18d8b98,2024-11-12T13:55:21.227000 CVE-2024-43438,0,0,875baee488d8f8241783e175bd68620af647e40659767e34acd9ef245d347a44,2024-11-08T19:01:03.880000 -CVE-2024-43439,0,0,98d27726edd8fc4449adb6ef17e5e1c0bafdc7c29d0e247e34fd56c99ecfb84e,2024-11-11T16:15:14.770000 +CVE-2024-43439,0,1,3b234428653f62cdd8bc0933f432f7d98549e9de81afbba7ba7327dd40e3d7b2,2024-11-12T13:55:21.227000 CVE-2024-4344,0,0,0e21345ffbddb43f0000901c1c1f7a4c33b525c68a381cd32a35ab8e755aa5fd,2024-06-03T14:46:24.250000 CVE-2024-43440,0,0,3deee55ee11303962828a1a1b49c99d7d9284f6df5f48904a5eb9b6fe3a55147,2024-11-08T19:01:03.880000 CVE-2024-43442,0,0,5431c5e587ae45a37d19d37e97d6aeb67638f78f0db0677df8b847e3725ec6a3,2024-08-26T16:35:12.860000 @@ -261315,6 +261322,7 @@ CVE-2024-44099,0,0,4225e962ab30bccafe3791f0d606bbec04f80a361f6ed22909e224c17cd46 CVE-2024-4410,0,0,ca43b98286a78ab63b5139b50b93fc074ee9aec4c16e78097aa3514c43622322,2024-07-29T14:12:08.783000 CVE-2024-44100,0,0,55add0e1d3c482299f51180f43855e3b3b24a13213cd2d9c6f34e5bde5fa49b1,2024-10-28T13:50:50.743000 CVE-2024-44101,0,0,6af26fd7e19a3aecc2b2537b325ce3c6972f55a947c0d533d9844805f59dfcd6,2024-10-28T13:59:28.003000 +CVE-2024-44102,1,1,da59303e8d1a6d35f2619e7cfcdc4865e6d81938d21f57617bb56e49e4e49709,2024-11-12T13:55:21.227000 CVE-2024-44103,0,0,709653e0e681c50169d2a31a1ca4fa07ba0b9e103bee0789c715365497e0794a,2024-09-18T17:18:39.040000 CVE-2024-44104,0,0,929a3e88a508b197778cb9d698752e7d95d2a1fd6ba54e089d4187ada17accb8,2024-09-18T17:33:06.413000 CVE-2024-44105,0,0,6ace8c54c3fc6c9b1684fd8d42f178f1cce19bf6d08f58b02fdc3857633db641,2024-09-18T17:48:11.193000 @@ -261530,7 +261538,7 @@ CVE-2024-4454,0,0,ef12942a51bdcd592bf2170096c1c09a451df07ea3cdb4fb15fcced864f88f CVE-2024-44540,0,0,4abad310f91dcba57b664a0055c040b07c16796e1c5dc9c0c69652281e33825a,2024-09-26T13:32:55.343000 CVE-2024-44541,0,0,3a1e561d6510cb46fc3025d4e567327c4a8fc313204436661e66190b9e443f5d,2024-09-12T12:35:54.013000 CVE-2024-44542,0,0,ae61c0f5fd9542e820a853b434527731c00f8fe17ea27a1b37dfc0ba3c44f2e0,2024-09-20T12:30:17.483000 -CVE-2024-44546,0,0,0af2aa7b2120b505f3c140655b2db68460cbfa198862b06e0b34bf0b1819f8e2,2024-11-11T21:15:06.360000 +CVE-2024-44546,0,1,ef894c50d1b82d502d187f7d11467601cd1ac9e07c2228137e86cc3a48080955,2024-11-12T13:55:21.227000 CVE-2024-44549,0,0,95d002d4c0f2cba16cd184ab62e810c42d47abc2b51570dfaaedb60ad257bca3,2024-08-27T14:28:55.157000 CVE-2024-4455,0,0,266cd4e6dd8917294ad9c9f8fba8b2f0acb52688c86d3ca408cceaa482353b44,2024-05-24T13:03:05.093000 CVE-2024-44550,0,0,9f267ccbfa739b7dd965bc2964320acade2cb81782d1bf956b8f3a920e81fa22,2024-08-27T14:29:02.370000 @@ -261599,7 +261607,7 @@ CVE-2024-4475,0,0,b199ea7732b827fa53d53ebb43badb03a8dff248a786cc8d7d2459800e62c0 CVE-2024-44760,0,0,0d252ff08482783aaee88c027910c09101e7f32f15f52b69e5e2b4482012606e,2024-08-30T15:55:41.137000 CVE-2024-44761,0,0,2cb43df04a70791b0f0fb8982142da3403b663e9582e8c16ce12d7edd85714da,2024-08-30T16:00:30.557000 CVE-2024-44762,0,0,a4d9c40079155e25bc23610bf9eb4b9c915e9b457539684228b809ce3110b930,2024-10-18T12:53:04.627000 -CVE-2024-44765,0,0,188183cc106f4fbc7f5f3314f8ea941fd49275ee7d9ef0cc80e225745686937a,2024-11-12T00:15:15.777000 +CVE-2024-44765,0,1,f49b0ddc47e501e666f4838593930e2064ad96de66f6bc89ed89c1395c14c839,2024-11-12T13:56:54.483000 CVE-2024-4477,0,0,b275cf91a81ef0e33ced77c1c5ba5e17245e6b33fc991fd87901e463b723d83e,2024-07-12T16:12:03.717000 CVE-2024-44775,0,0,205ee8ae27d9197291c9317d68e5db327a872699c5adb78e1d5b21baab0f0fd4,2024-10-16T19:35:10.167000 CVE-2024-44776,0,0,553f0ea6859d4ff6b6f354ecc1fde63fb20d3cedbc33d036b9304dfd1b315c86,2024-09-03T18:33:26.287000 @@ -261817,8 +261825,8 @@ CVE-2024-45076,0,0,5fb321e82c08a6c58252337bee6e5fcb4b13786a863fe8ca643f04e713d05 CVE-2024-4508,0,0,26388c420646a8ddc4ee2de628a691e0fa51808e2f848ae0f9b7aad58ccb1298,2024-05-17T02:40:26.220000 CVE-2024-45085,0,0,a565381ecb911dfe05cdd12fd3e31f62bfcf9bb3dc78353a9c71e368d734c50b,2024-11-08T15:13:11.307000 CVE-2024-45086,0,0,4c6cc09258471d9b9c2c13bdbf534b3ba8ab7fabaf8d588e8672331873d00305,2024-11-06T23:04:04.673000 -CVE-2024-45087,0,0,152369d213d5407f1f19a95c9023918c9885f6b7a286e9060e5c257e2daf65ae,2024-11-11T17:15:04.957000 -CVE-2024-45088,0,0,28d5423312a30e303de32e5181824717e79d3a2b658a487e2a9032669d6148fa,2024-11-11T16:15:14.950000 +CVE-2024-45087,0,1,1294b81c38a555967b5b16c6d9f63f22d8154d8af8826cc5f5b6134645a87f69,2024-11-12T13:55:21.227000 +CVE-2024-45088,0,1,da13ef252293f10322facb48d792fb9355326cf4a00f9e2448097d3a90577756,2024-11-12T13:55:21.227000 CVE-2024-4509,0,0,996942a0a2c59f4d53067a2868fbad35944719504585e3998bbd4d788c545588,2024-06-04T19:20:40.347000 CVE-2024-45096,0,0,d4f642a1e6bb8f30a3a63abc6de33d2a734d4a63841c63adbbf0861fc10b1ff8,2024-09-06T12:34:17.957000 CVE-2024-45097,0,0,66f33176e0c07f5466116654bcd7c2847267016c1af22914a830c235e4290102,2024-09-06T12:51:59.750000 @@ -262280,7 +262288,7 @@ CVE-2024-45823,0,0,69c87ecc16422910e33b859f46eb5ec7fd2de42f8535f15441d6fdd097693 CVE-2024-45824,0,0,10e16d904d2154d7119c6df05a22810044cd3b50093fd71dfd8bbe566411a270,2024-09-12T18:14:03.913000 CVE-2024-45825,0,0,772075ec5deeaf7c7029f931ec15621230c7b2330dcd87b5ccf7ab7721cf06f6,2024-10-02T14:43:08.720000 CVE-2024-45826,0,0,09e161f625f954ed804a43ac07521f29edea4489bb062a3b0321529236e21762,2024-10-02T14:35:38.017000 -CVE-2024-45827,0,0,1792eebe6d622347bc31245be4b629860ccd543e3eaddd02d731e7f5fecc4466,2024-11-12T06:15:03.820000 +CVE-2024-45827,0,1,c4689c00102ce1ca9471e1f9a6fc9b7e9733731c7395c6ab75742a226b740aca,2024-11-12T13:55:21.227000 CVE-2024-45829,0,0,5a50c2ccafc0459af20b4b18eda721dd7b1e71f587c5cdc73dd4360d8d24a56b,2024-11-05T19:38:57.827000 CVE-2024-4583,0,0,80422ff6020fca1720c5a88e28ab76aaa9a918b3afa6700e13782e64857c6739,2024-06-04T19:20:42.857000 CVE-2024-45833,0,0,d66bcdb35ef05ab6c240a22f01c308be4dcef309fd562be6507d54a47e85401a,2024-09-23T13:43:42.073000 @@ -262565,7 +262573,7 @@ CVE-2024-46609,0,0,867378c24ca26a245e4713a4ba27c2af9d0d9faadf75c6778954203857675 CVE-2024-4661,0,0,c3df946503e9b828d76c6d82332cda3e4be930bda3f80537afbf8f2ae2d7bc25,2024-10-31T18:21:43.683000 CVE-2024-46610,0,0,dfd11b66ad880194d4e8759fea756317b6075d327e3519259cd11f18ae0f4b82,2024-09-30T16:30:50.833000 CVE-2024-46612,0,0,a589f709811c7445ac7df28a3a7782b0e1ab03ae28a72339e484d8d02cc7d048,2024-09-26T13:32:02.803000 -CVE-2024-46613,0,0,7c4fd82c17c4219c5e51d9748b014d9a85b72da0644a4217195f5db5d431168a,2024-11-10T21:15:14.790000 +CVE-2024-46613,0,1,7a5ba393c74ba93ae59ac1a71306ee81029bd9ebcbd046dc584d8c4028bc8f8f,2024-11-12T13:55:21.227000 CVE-2024-4662,0,0,42d3ec88d759fc9bf88fc92972e0c9891830916b90a0cdbb0331ad5486f420dd,2024-05-24T01:15:30.977000 CVE-2024-46626,0,0,b2dbe1e3c2ee97096cbfddcd538250ce5664f2528c19dd2dc51892ffc471844d,2024-10-04T13:50:43.727000 CVE-2024-46627,0,0,4cc8890cea4e8322a4c476b42c8fefe2b4b66b62a78446cc66eb2d1a373670f4,2024-09-30T12:46:20.237000 @@ -262812,7 +262820,13 @@ CVE-2024-46872,0,0,782a6347112bd8d3e8131c6f94bbde936c76c99b3c4577466eff75a75fa70 CVE-2024-4688,0,0,52289ed8c0286442cd44c00a18386eec964a66f3ff263d13f6b3a47ad78257b2,2024-06-20T20:15:19.617000 CVE-2024-46886,0,0,a928062ae00bc94e4a7abf511f66b23a1126250ea4d99006bdee4b18a22b92db,2024-10-10T12:56:30.817000 CVE-2024-46887,0,0,b7a0812e4d4a8d09f6eb4da630d645c25b0d554f80d4c4a4c7b07d79f22299bd,2024-10-10T12:56:30.817000 +CVE-2024-46888,1,1,118adcbecc3a22835a285a6c166c4bedc644275fd6692c0b3b890f2737ef0847,2024-11-12T13:55:21.227000 +CVE-2024-46889,1,1,3c62f07a743a2b39b09de968f4f3db8c262650ccbfbc60333dd3911073d37c8c,2024-11-12T13:55:21.227000 CVE-2024-4689,0,0,a13cc88d2e9b12d452cf9b42ce57cc1735d851f3f551a07c40e7bb0f2ee113b8,2024-05-14T16:11:39.510000 +CVE-2024-46890,1,1,f116e6ca8bed2d160f28a0600ac376bc3ac8885dcc3e94a602d7ead798ac1d0f,2024-11-12T13:55:21.227000 +CVE-2024-46891,1,1,9cac069058205dd82ff44ed2dd06e2bff4fa66fb0657a9486f288db15ef01cc9,2024-11-12T13:55:21.227000 +CVE-2024-46892,1,1,832998be000f46348b602428fda150245906b189ed2422479a67b8966ab7d9bd,2024-11-12T13:55:21.227000 +CVE-2024-46894,1,1,01a388837d3fe799245e5dd216fbcf6180e56977895ef3bb0567721ae1547770,2024-11-12T13:55:21.227000 CVE-2024-46897,0,0,2e86e25932c3365c9fccf8620fea0f0e322915cee2108f33175688332c9426e1,2024-10-22T14:09:46.913000 CVE-2024-46898,0,0,1121a0227e884e663de945d1f5ee0881d2211aaf4fceffe823ea2d2dc74e4f9c,2024-10-17T17:52:00.700000 CVE-2024-4690,0,0,8a659fbde289577b9d47a4e0b198b3a10d973db6b9b3690d157fcfdd9eceabd6,2024-10-21T15:51:10.467000 @@ -262834,23 +262848,23 @@ CVE-2024-46946,0,0,5adf6fed09d7522a85c453ac4c470cad5917d88736dbb3b605636f5befca4 CVE-2024-46947,0,0,b59f7f41af30aded4ad65024485f8c1125aef585b68596d5293e6a508028cc3d,2024-11-08T19:35:17.037000 CVE-2024-46948,0,0,5eb36279b3db7d39a170e75a824e340b32845061d149091503a0443c63f28aee,2024-11-08T19:01:03.880000 CVE-2024-4695,0,0,aa253f1bdce79ef626aa7622c4e367006f6b60359a6a2b0af989b23a6e81f980,2024-05-21T12:37:59.687000 -CVE-2024-46951,0,0,a590b01ff00d122edc7c393e0584316e387ead1929e30efa702d9cb162273c03,2024-11-10T21:15:14.880000 -CVE-2024-46952,0,0,5f2dc698a479b665e428264deb2f9db19101378c167512b02bcee2c3c78ffee6,2024-11-10T22:15:12.677000 -CVE-2024-46953,0,0,8557b9e76013152e714b226e7e735df7649283224db642674cd03550fb1a1b30,2024-11-10T22:15:12.750000 -CVE-2024-46954,0,0,dc68b212deeeb32d7a421086c96d55276cc6f53c37328ba6af62e50d0a203762,2024-11-10T22:15:12.813000 -CVE-2024-46955,0,0,ac8a85c2e73cac4c869ffe409551bba2c98eaf63aa7490425f5f246a60304330,2024-11-10T22:15:12.887000 -CVE-2024-46956,0,0,28c7298f28e4abf86c547c7b3d03f69bd8116aff63a926f5f2f42ca6cfba5183,2024-11-10T22:15:12.943000 +CVE-2024-46951,0,1,f7856a5dde7937a47da4c48bb63b279f0e9e01244c8373bc9a31b359d037a44d,2024-11-12T13:55:21.227000 +CVE-2024-46952,0,1,85d50c97437fea65cc1151115a97820312883ddfd70f6ca7b643c8ac38b503ee,2024-11-12T13:55:21.227000 +CVE-2024-46953,0,1,71ad7cf837c73b0dfabae1ff0b361a18613eb03fffe5758938e28582f6cbdca2,2024-11-12T13:55:21.227000 +CVE-2024-46954,0,1,b3b00bcbbff3d63d8397974f1b0bf40209c369e9b725dcf5b355cafb51e6bd9d,2024-11-12T13:55:21.227000 +CVE-2024-46955,0,1,b6a31120fcfb9f044c1f71394c8ace5986db0bf3dbf67db1e1e44230460fd384,2024-11-12T13:55:21.227000 +CVE-2024-46956,0,1,60f19518a0b8606474b10d47490d2efd8ca6c2bc275be981da1ce0be913f6317,2024-11-12T13:55:21.227000 CVE-2024-46957,0,0,1a1f161c8d8bab3db62f1fa9272e11eb4217a378f1fb9334b95d7f852bd44900,2024-09-26T16:15:08.883000 CVE-2024-46958,0,0,a066074c8ea90ca6497e29c818dbf400ff90cc8827530871d9d45fb4a3abe93e,2024-09-20T22:41:38.223000 CVE-2024-46959,0,0,49609311db8eb2484a5bda279fc39cc9dccd98f1d151343e94689d8818c061d9,2024-09-20T14:35:13.063000 CVE-2024-4696,0,0,b8ce6d89da084f88972905e9878372f109e48889eae7d9f95b30ecbbc63816ed,2024-06-17T12:43:31.090000 CVE-2024-46960,0,0,34c9db930ef4e9e6f8b9462edd0bebd8143074b581b4cd4eaf2ae451689fb83c,2024-11-08T19:01:03.880000 CVE-2024-46961,0,0,6281dfd23f05aedb5a57016518bf840f9c3236bd7244aca077f0eeaa5baad6cb,2024-11-08T19:01:03.880000 -CVE-2024-46962,0,0,699e9832c4f5085d60fa615701babb34b6ee37f956ecaefe53f68aabf3821dba,2024-11-11T21:15:06.437000 -CVE-2024-46963,0,0,8a455d84ba423d84ebd7ae416c6b3257c3c88e7ee88de9e2a033bbd8df54c61f,2024-11-11T21:15:06.493000 -CVE-2024-46964,0,0,4562cd5cb3219c462d845507d071d544a1fc5398f514eef73947ac33162fd6ee,2024-11-11T21:15:06.560000 -CVE-2024-46965,0,0,b1fed9b30e2da539a3588ca6bce27b0ada48b333b441ddada52258a3843ded7e,2024-11-11T20:15:17.740000 -CVE-2024-46966,0,0,811ef517cb3c37bce19b3b92ed511f2be2f9a8eda5292ad25b25c5c6c3f261a9,2024-11-11T21:15:06.620000 +CVE-2024-46962,0,1,637de171a5b40b79cbb8590c2ce32c09013419daa85f0b7bef99eabd22687d14,2024-11-12T13:55:21.227000 +CVE-2024-46963,0,1,5fe829bc723789e066747c7b68245dc7e574cb4bc952825ddcf20908f9e75ecd,2024-11-12T13:55:21.227000 +CVE-2024-46964,0,1,e3b54ffb507fe28c48b85f071d29709e5af6de061bd72799affc2e7ef7067271,2024-11-12T13:55:21.227000 +CVE-2024-46965,0,1,939d1e34dd2480d5958b1a0271f08f2a59c4b43e7302e3bfd92a53764523ae42,2024-11-12T13:55:21.227000 +CVE-2024-46966,0,1,6f24fe34b355e10161d935069410718588e08e5cce53d01a4ba358192181b973,2024-11-12T13:55:21.227000 CVE-2024-4697,0,0,3bc62a9bb9952d026af8ecd13a98f81fa60290945109a2f6023ef384956822fe,2024-06-04T16:57:41.053000 CVE-2024-46970,0,0,6ef16041ee18068670ae3579af5d9c59d6c6488d479945d9220353b5e1ab4205,2024-09-20T13:23:29.700000 CVE-2024-46976,0,0,02f78d527d01c9aa774dc796f1ceed3fea7faea62af60e78d26c9cc8325cba03,2024-09-23T18:27:05.920000 @@ -262970,7 +262984,7 @@ CVE-2024-47128,0,0,9295fbc3793df82ded419a2f8b919ed963c41a092d03655dc6cce57546463 CVE-2024-47129,0,0,452da217b1f5cf309ec7a2dae7685dda69961ff67f6a0249b7b454ce55330724,2024-10-17T18:15:06.930000 CVE-2024-4713,0,0,a3c96b0a67396332ccb3b3b7da032ec990741228737b0623d292fd0ff6dd150b,2024-06-04T19:20:46.913000 CVE-2024-47130,0,0,9e52b34ecc84aeecf5485cad45360e89ca586e91e062db722158986b68611fc1,2024-10-17T18:15:07.130000 -CVE-2024-47131,0,0,b7d86bc37f6484b22dc46b16cac855a431a43a3256492170a627187049dc2ec3,2024-11-11T15:15:06.153000 +CVE-2024-47131,0,1,aad32778ebe370f990ce9d95c37c46e0e7dce30078c011ec3ff9e6c9c8cf4413,2024-11-12T13:55:21.227000 CVE-2024-47134,0,0,c469be51a68158c099c563ecb132d768058c9b0b7de566d173182963980dd322,2024-10-16T13:50:32.607000 CVE-2024-47135,0,0,59ae1232976c8e51aae73aa97b8d4fb50a4b33eb7aa7372298dfcd77c19c0bd9,2024-10-15T18:21:04.813000 CVE-2024-47136,0,0,b3835ea7cec22b9e908913d2c98cbfff753b1b672a4d126777b942724ad7f9c9,2024-10-15T18:20:40.387000 @@ -263255,15 +263269,15 @@ CVE-2024-47565,0,0,1f4de7ea43d4059fde3978664bf9271defcef7d2ededc73cf25a3c2fbdf29 CVE-2024-4757,0,0,8697ca9e70d5ba37736a0a67620900f7a3da7cbcb97e29086de20de73cd3bfef,2024-07-03T02:08:02.463000 CVE-2024-47575,0,0,3cf8bcedc769b7028fe6e8dbdea49ae873e037612d2dd7820ba5eca10d70f99d,2024-11-08T21:16:28.987000 CVE-2024-4758,0,0,725af37997323245576176c0490558b45926193602683436c3054da734872332,2024-07-03T02:08:02.707000 -CVE-2024-47586,0,0,74166dbd59e66d63aa463956de5ccb0ef788b3516c6b4b537f8dcea2f939a805,2024-11-12T01:15:04.190000 -CVE-2024-47587,0,0,531bea82fa3cdaaae1a20d5ffbc367e575fb35ec9fad61a5579201e1cb1f0903,2024-11-12T01:15:04.470000 -CVE-2024-47588,0,0,b3f5e7a2afbbfb644098d49d6ec7b95be403bb423b0efe9a5bc331137e66624f,2024-11-12T01:15:04.700000 +CVE-2024-47586,0,1,a044dc5eec295c16634c6ec1ed8ed37aaf4022404407624cb4c7b862b4acccab,2024-11-12T13:55:21.227000 +CVE-2024-47587,0,1,64bdf3be3a24eaa7bebc30d4d4b2d02c284025d4c095744ca605067612dd6888,2024-11-12T13:55:21.227000 +CVE-2024-47588,0,1,784219c1ff1f8b9473f80c254cc66a71926e8c3d6e40be5aaefe6b62ee08ca20,2024-11-12T13:55:21.227000 CVE-2024-4759,0,0,88e594c7c898a4e82a1a8532a1f049d1a9fe25baf60278988c21dabe64f2896b,2024-07-03T02:08:02.923000 -CVE-2024-47590,0,0,9163e40cc516475c4b3db5cbbafb6b7710f49258fff08c47148397b3d3b3c00e,2024-11-12T01:15:04.933000 -CVE-2024-47592,0,0,a7c88ed5a3422a483779c897d7999e1bed8e54cfeecb959bce1f6d593b1300cd,2024-11-12T01:15:05.210000 -CVE-2024-47593,0,0,4eab83ac0588570c037e35af21dca1779eea75d83da83b8f6055a36c464c12dc,2024-11-12T01:15:05.480000 +CVE-2024-47590,0,1,c753d8c8fff8996c1d065cd36652a978ed4f5524609cd99b50669bc05bf4ecb8,2024-11-12T13:55:21.227000 +CVE-2024-47592,0,1,d50f90a32b1d664dd933a768f3eed2f3a853946f4a68bc9410b951adb6fc8f95,2024-11-12T13:55:21.227000 +CVE-2024-47593,0,1,d85f49463ae6a5e30f4d2582d964129d98bb5b6668bb2b9ab15d62b3931e60c7,2024-11-12T13:55:21.227000 CVE-2024-47594,0,0,1ae534f7a3c1c97ead2076790a49a30a6aebae2067756e88afe36b9237831ffa,2024-10-10T12:57:21.987000 -CVE-2024-47595,0,0,167f5aecd14a937f3b82e43bc1d47ef84c35d8321cdd421e97b0e279c13d5472,2024-11-12T01:15:05.677000 +CVE-2024-47595,0,1,ba21651773888aa8d2743ba8a0a71f7f213256467724b419ffc59a50270127b5,2024-11-12T13:55:21.227000 CVE-2024-4760,0,0,b4849d754e19ff5b62ce1dfa55ef4652903c511172eef769e0d0e48dc2803d03,2024-05-16T15:44:44.683000 CVE-2024-47604,0,0,b0efef5184edb4bd92f957620365342f5c009f62a58e0b01524e6418b748fe0c,2024-10-04T13:51:25.567000 CVE-2024-47608,0,0,6780a5cb01bdd639af89827da283834e6f19c572d8e127e2ec22fed13c61e1be,2024-10-07T18:51:05.650000 @@ -263444,12 +263458,13 @@ CVE-2024-4778,0,0,e3020a287fa6ceae8ff9c78434f10af4d17cf4058dd5bf80208c921b6bc68b CVE-2024-47780,0,0,ff94d6824af803f8c7126d802f9a510e2f7e61826db064781dbb229b5b3ef329,2024-10-10T12:56:30.817000 CVE-2024-47781,0,0,942905ddf0e252a3fb77e10ba3da26f7a3985ae743d3e1737c070a7332d5f79d,2024-10-10T12:57:21.987000 CVE-2024-47782,0,0,378aebd3accf9c3d67ee33eb38516895e49edcc53cea98d4b8c2ea1a1799fb1e,2024-10-10T12:57:21.987000 +CVE-2024-47783,1,1,6eed9b3fe82006d43473d1b9683880b3603486d4920f638d13a38eac8273e0ff,2024-11-12T13:55:21.227000 CVE-2024-47789,0,0,5cca8aa9572eb6cd0c059882137f083cb8544427e147bc3f1f0eab6346cef001,2024-10-14T11:15:11.797000 CVE-2024-4779,0,0,7a9d6158e8d260b03b3581dd37b23bd10d59ba6243714ad236ba79968e8d9b16,2024-05-24T01:15:30.977000 CVE-2024-47790,0,0,d4701041e3b7826b48d6d13bc4c86004b58b4b8b272120def31051056a8f0260,2024-10-14T11:15:11.930000 CVE-2024-47793,0,0,9908766d9802c80c9f07e38bc1dd6d38dc8823614346066184a43b3d9b28a705,2024-10-21T21:25:36.697000 CVE-2024-47797,0,0,33c4997ae4057f3ee3a7a27f532a8c67312598a72be5d687fb49b6e9959476d3,2024-11-06T15:24:53.210000 -CVE-2024-47799,0,0,50344d6cf97b47a9773a8432ad185b2bb2030b619deedf74734db3ede7b0e928,2024-11-12T06:15:04.097000 +CVE-2024-47799,0,1,de5bae16ec2678599ddf765fb89319547d13abf6f56de5efb31661988db58076,2024-11-12T13:55:21.227000 CVE-2024-4780,0,0,4aec24b958d50bff73d14c7bd2f67b2a9793d4893d5ddbdba18f0fb02ea18cc9,2024-07-16T13:43:58.773000 CVE-2024-47801,0,0,e103685798e8b2dbc73e6876d080a93ca119ff0fe2d3b72153089026c306290a,2024-11-05T19:34:53.927000 CVE-2024-47803,0,0,c5fc789c0abab09fdf5d93ade8e681a0cefd26750cb76c66db7bdbaf646effcb,2024-10-04T13:50:43.727000 @@ -263457,6 +263472,7 @@ CVE-2024-47804,0,0,b396c78511f759659afac343048b57f2d8797b9724cc7a1ccef3ee3198778 CVE-2024-47805,0,0,cbdd25fce45aa799e9910f10ad3a10b0c588c33ed8f87431100693f0e37d8bb1,2024-10-04T13:50:43.727000 CVE-2024-47806,0,0,7da0bb8e7fc9c3b1d389ccbc624a09ba22b5eddfdda079b80b993589f773a85c,2024-10-04T13:50:43.727000 CVE-2024-47807,0,0,6f73fcbd170bbcb4214e07d010ddde34567b580923105f0e5418ba9615969635,2024-10-04T13:50:43.727000 +CVE-2024-47808,1,1,fd4fbc984d364873085d48d37d2028376f331a69960d57eed922fa6b1526947c,2024-11-12T13:55:21.227000 CVE-2024-4781,0,0,75b4bbbeaedf32c6df964ae89a5896455d04ecbdf24f849877528cd42d17cfaf,2024-08-19T13:00:23.117000 CVE-2024-47812,0,0,397cf931cad747f9187f7df48c5f8098bd69901273af0ea8d48fb67c933d46b4,2024-10-10T12:51:56.987000 CVE-2024-47813,0,0,48a41eb36e488d083cd1f60a29be681cee836eceff483fa252745c12924671c8,2024-10-10T12:51:56.987000 @@ -263532,6 +263548,9 @@ CVE-2024-4792,0,0,d367db616eff60413675ec0cb96dcf5072899c5126e3ab7b85dd0b323d2aa0 CVE-2024-4793,0,0,d7ea24a63b045e67640f8521c21cc9fd0113236775183a92ddafb3253726675a,2024-06-04T19:20:49.390000 CVE-2024-47939,0,0,fb0122088811efc1ccf3ce2b970c428eb00ae94db66e7aa25ff544122afe9a3d,2024-11-01T12:57:03.417000 CVE-2024-4794,0,0,ae0da7f20a3f797e26793f17108eae7df40bf3f3b44a06ce135aa4fe4b35db7e,2024-06-04T19:20:49.487000 +CVE-2024-47940,1,1,1158482f16b002b31e249659ae2cc5d6c1525c0c3960366e05587c7dc14f748c,2024-11-12T13:55:21.227000 +CVE-2024-47941,1,1,2be744b301fde0fba1a240050c3d9245391d6352af7cc5bdeb6ffc6455359c17,2024-11-12T13:55:21.227000 +CVE-2024-47942,1,1,00e10171a05daca3a57ee1df3f927e105190a4a46041adf33b57a28142f4bc42,2024-11-12T13:55:21.227000 CVE-2024-47943,0,0,d4d5358ab48548c04867b54233602bd267d194af91388df45333461289a48f25,2024-10-15T12:57:46.880000 CVE-2024-47944,0,0,8c2dcd259cac2bc345d70afe119d0b88c60fe63597fe98a2528a606f007cae1c,2024-10-15T16:35:09.410000 CVE-2024-47945,0,0,55dd1a9d68ac241f4312e57ed6d79883a9185bbba2d8714aa4e48fddc29f70d5,2024-10-21T19:41:10.407000 @@ -263605,7 +263624,7 @@ CVE-2024-4806,0,0,f8a0e203429c4f99450a15aa6a4b26ee8c7effa68e79948138bc0eccf2af8e CVE-2024-48061,0,0,3afb2ef6eba7f21135f7c2c854e268a2fe30714157a06ae965803eb7d12a5161,2024-11-06T20:35:30.633000 CVE-2024-48063,0,0,7dad3075f35e3bd4e2e591484ba350f38d4e17902517b9e5e6279458bc0b207a,2024-11-01T13:15:12.020000 CVE-2024-4807,0,0,e5ccc41d46958232939be978f4766518ab72a806619364a653b00c23b63fbc68,2024-06-04T19:20:50.770000 -CVE-2024-48073,0,0,efa77621523d7c7d0e4c51948d47e269dd998458fcd7a8caeae79542c735b185,2024-11-08T22:15:20.787000 +CVE-2024-48073,0,1,410986e3bac5b99d20c35e908ba9e14361ecff8b8737388dcc22bfd8d08857aa,2024-11-12T13:56:54.483000 CVE-2024-48074,0,0,ad38eed7680db70af45f593399c08c1cb64e93854bc7fa5dd06ea3c6cdff4594,2024-11-08T22:15:20.877000 CVE-2024-4808,0,0,9e98599f6886b9041c106d3216212c5c382436edfce35f9a1807d5234e020eab,2024-05-17T02:40:38.870000 CVE-2024-4809,0,0,27fb5be7556d421437500c3c993a8fe2f6b8b07eb589d66da5852c85ddbdadf0,2024-06-04T19:20:50.867000 @@ -263699,7 +263718,7 @@ CVE-2024-48291,0,0,3c4533b920a9f2edb3f01b1757898b30516db1528ffb114ee1df5dcc33808 CVE-2024-48307,0,0,935ee3e0328307bbb03111416c4595c4eff3ac408a08578a24f622dddb9d0c64,2024-11-01T12:57:03.417000 CVE-2024-48311,0,0,354d288e073d9064d21602cf2204c79fdbedf6cf54999e8a50b7d788e057c63f,2024-11-01T12:57:03.417000 CVE-2024-48312,0,0,ed565171c6e4291e871155bd5278a308c07670573cfb5e604423e67b93f19726,2024-11-06T18:17:17.287000 -CVE-2024-48322,0,0,a0ea9e677fe06281214afef4609306c63be7c1594ce0154636ee6f6738f018b3,2024-11-11T20:15:17.807000 +CVE-2024-48322,0,1,5c481f296f210b18b3f4dfb94df32fe4d600b1dbbb14b3cbc5f00244d235d6c2,2024-11-12T13:55:21.227000 CVE-2024-48325,0,0,e332aafd0b1c5c187131f74a886273143993554010ab80fd42869ff8b361baa6,2024-11-08T19:01:25.633000 CVE-2024-48336,0,0,fc603531e511f454d9e88137c47d1879fc0b1949207c95b33f03f4156054a935,2024-11-04T20:35:10.193000 CVE-2024-48342,0,0,cab27a7526b8debabab042631051135b3c12f9f8dc84e657f2f251a3750f9436,2024-11-04T07:15:11.437000 @@ -263873,8 +263892,8 @@ CVE-2024-48825,0,0,ad369d1cf502489a8c86407b4cab4059378b0524ef59b99c231bc11027e4f CVE-2024-48826,0,0,75c9450df85723c7e5fe507735f7be7d84001c192ccab935bbc0ccf65a95117e,2024-10-29T19:35:27.303000 CVE-2024-48827,0,0,b8784c14c4c0a2af4d656264bee611472f424ecc32bdba68ae4a9cb4ecb6178a,2024-10-15T12:58:51.050000 CVE-2024-4883,0,0,66fd0c7113b75e4613bf51e6b10a097cc5dcf57aa3f97b3df0e5c31c4210be62,2024-09-06T22:46:17.103000 -CVE-2024-48837,0,0,a7c5a3f54b8f98a05652278f775b4709e0ad4f49162da1b7832346db5938cce9,2024-11-12T04:15:05.613000 -CVE-2024-48838,0,0,2e4d6a908fa948b2d9a0a38af5e8b8d90a29fbd3a3ee13c65314faf9545b506e,2024-11-12T04:15:05.833000 +CVE-2024-48837,0,1,f5488c45b5b240917695042772d5a51760ce591b49d83868db6d3f484decff9e,2024-11-12T13:55:21.227000 +CVE-2024-48838,0,1,2e9787182617613ac5c5c71a35da89da4e0da1fca7b29929c3f69c43fe9528d6,2024-11-12T13:55:21.227000 CVE-2024-4884,0,0,a2dcec8e16e916f3e6bf44fbf27e64f395ae27ac96c65779b6d04fbf5173b4c4,2024-09-06T22:45:59.233000 CVE-2024-4885,0,0,2608f2aa7fb5189467bda7bb610d4e03f1b43256b775a84e60ba9a3b8ac9b260,2024-09-06T22:44:27.840000 CVE-2024-4886,0,0,d27ca09c7d3a0108a7cfa4692eb479eab6127452085468fbf17d7a45144cc1ee,2024-06-11T17:14:56.323000 @@ -263912,7 +263931,7 @@ CVE-2024-48933,0,0,eab55cc4133fd12eb852707496206c0c064cf1bfef188e95346821cf2dadf CVE-2024-48936,0,0,202c3a156bee1b2512b5fe2822e4aae4f593d6287e38823043400d9ff6e54ff7,2024-10-30T21:35:10.387000 CVE-2024-48937,0,0,53216fc8a6fbe5febb4c086d6958028e95a58513bdf6caced98eaac34038db0e,2024-10-17T19:48:11.163000 CVE-2024-48938,0,0,42546c0230f7c9740d6f2b303141b0c584cd79f3d515c30c7b8554d560fc1ee9,2024-10-17T19:49:56.327000 -CVE-2024-48939,0,0,278ccbc68387482c6abfcb1fcf3b306955b2b499e87b5dda095e31089962d6d9,2024-11-11T01:15:04.890000 +CVE-2024-48939,0,1,49c30ac3ed6a74a719d8c797de297e3971f9929c1211ae188996fe057081a241,2024-11-12T13:55:21.227000 CVE-2024-4894,0,0,1906244d072f236ffca4e7ab82222b86cb7f201e42e01d4517f3ab933ca907f5,2024-05-15T16:40:19.330000 CVE-2024-48941,0,0,96d5eae18aed5942dcf07fb408430a3860f6be4f858a12cc1546cac40f719d2f,2024-10-11T21:36:46.327000 CVE-2024-48942,0,0,8e0a2bf9dd24a5a385f196f7b0656ab299e53cb741eb92aa617f57ef48ee5dff,2024-10-11T21:36:47.090000 @@ -264118,9 +264137,9 @@ CVE-2024-4939,0,0,02ebdbdecbb04fb797cb0e62af7790a7212959b717e5fa68d9d371341b4150 CVE-2024-49390,0,0,bf8e2af7ccbb4b660c65e9bd08fe703dbfad2824c259f85985bd9875cc0e074f,2024-10-18T20:11:32.270000 CVE-2024-49391,0,0,7f95620910cf80d65ac312e14b00de0efd9f4bd72d46b29596e3846aec7b2c93,2024-10-18T20:10:38.790000 CVE-2024-49392,0,0,56ddd6b8f3dc25b477998ea94d765b7032f9ba1bc48f4ba6c67a16ed201e6e0b,2024-10-18T20:10:05.850000 -CVE-2024-49393,0,0,3c31d8e5fadf355e61e8da08c43bfe222d4f61665839f5d7e5e73293fe502a2f,2024-11-12T02:15:18.443000 -CVE-2024-49394,0,0,7fea685c60205a36cffee3f30b4718eec16eb666941b1a3f401b1e03ca97356c,2024-11-12T03:15:03.677000 -CVE-2024-49395,0,0,28ffa8f19ba437680a3e428b154a06b30accd90b593b455ae410f0b11ee1411f,2024-11-12T03:15:03.910000 +CVE-2024-49393,0,1,83b33f94bc0a890ae8015a4ed5dce4d277f670e0c99dffed665baadb9eb37c6d,2024-11-12T13:55:21.227000 +CVE-2024-49394,0,1,031d1d6e7ca3ed47247df4f54ef799c27cf191a70ddccb1f4dafcfb74483fbca,2024-11-12T13:55:21.227000 +CVE-2024-49395,0,1,605a480cfa5ba2b643a3c74f1826c9664120d88b37c574cbbccc2ec762f781ab,2024-11-12T13:55:21.227000 CVE-2024-49396,0,0,dbaa3d388154985d86e8594d731b97904294f985dcd6b939c9b3040fa96316c2,2024-10-18T12:52:33.507000 CVE-2024-49397,0,0,958762caa5006a67fc74324331d920e22a8fe3617537f208fec92361877cfad4,2024-10-18T12:52:33.507000 CVE-2024-49398,0,0,1964f2918f2b62a12a26449777ec3d512771c9e0a90e6a92142f1221cf2a6f15,2024-10-18T12:52:33.507000 @@ -264150,10 +264169,10 @@ CVE-2024-49501,0,0,b68f4d3131dd45c8240c685b13eebbf7042a3a95ee975ccc7d0b4e65e2269 CVE-2024-49522,0,0,b49aefd5a73ccd26563c8b91d3f2d98c089948509c56be654cf3171337fc2496,2024-11-08T18:06:01.930000 CVE-2024-49523,0,0,f80724f56253226f78ea56271ee80d62b3ba148e1878999be1900b25d2719668,2024-11-08T19:01:03.880000 CVE-2024-49524,0,0,e7793eab2fff9b59c976da4b69592a395e034319e6c39d07f8b75673444fce47,2024-11-08T19:01:03.880000 -CVE-2024-49557,0,0,56f3483a3917e3ecc72e8ce2077feecbf2a1e0613c979ac8e15c3a71b7829b3a,2024-11-12T04:15:06.040000 -CVE-2024-49558,0,0,7e044f04407ec1af45f3db259c756d98e2c313865d25dcbfd0ed3557f8b91fdd,2024-11-12T04:15:06.243000 +CVE-2024-49557,0,1,2a5d766ad2ace9ca4473e381728b5667e6cadd8340da6faf7936ed125bc7364d,2024-11-12T13:55:21.227000 +CVE-2024-49558,0,1,47432e1f54f695adb17b8dc00f9577022f45f8f0ba5da018a951249b00715362,2024-11-12T13:55:21.227000 CVE-2024-4956,0,0,319b39cd7f80ef1a8cfcc633b91e7d5f141facd950994947b42a7565c106a7a4,2024-05-17T18:36:31.297000 -CVE-2024-49560,0,0,2e0a689994dc855bc709e1e3e9c09afebf988bb56ef9e577f2262273e88b89e3,2024-11-12T04:15:06.443000 +CVE-2024-49560,0,1,ab312f3dd70e163a5c72b63be519379ba38d0c543c55c0ea8821e33d6ab68e6b,2024-11-12T13:55:21.227000 CVE-2024-4957,0,0,e3bb8e47c8dfba146bed7647eff25fc6cc8427bb0bd54429262b4324d627abed,2024-07-03T02:08:22.473000 CVE-2024-49579,0,0,4674118b21cb39ebeef2b4743f0ed75dcd0002fe01b9b902589f8dc4995b5f10,2024-10-18T12:52:33.507000 CVE-2024-4958,0,0,15591ba73d7708bbd560fadc0281274b5c7c2c12545797826fbf6e13e1222639,2024-06-03T14:46:24.250000 @@ -264549,8 +264568,8 @@ CVE-2024-50097,0,0,1e19c3b9c1e2e37e95df9d9009f79edaf0220dd0d6934058e29be2c025356 CVE-2024-50098,0,0,cf431c67b59033618fb36a658b582ea62152d8b19728778d1421d727c45b83a7,2024-11-06T18:17:17.287000 CVE-2024-50099,0,0,906337b2a070500172e6dc4c08f3da4632025da5e255074bab057bfa7a726529,2024-11-08T16:15:46.590000 CVE-2024-5010,0,0,3c850c266940942fbe09adbb4c98bc7afc61c3edf80ecba9d04f15eeefca6109,2024-09-06T22:42:39.017000 -CVE-2024-50100,0,0,5654c0f6f18aa5f41d3b7518bf7fef3b01b08f13cbb7c525d5501ca1ceae4571,2024-11-08T16:15:46.740000 -CVE-2024-50101,0,0,2f2b16a128c18e2575b05358b34fb81bcc8de19eed1cc050ccae26a3d646a064,2024-11-06T18:17:17.287000 +CVE-2024-50100,0,1,ea83177858e02e925341fb5f4effc0f0f81a22c62489feb4fcf01044f5024b83,2024-11-12T14:57:44.877000 +CVE-2024-50101,0,1,177592c2bddeab02a0a775beadc6528f45c3b5091ee703b99ad5c00ed6933235,2024-11-12T14:59:22.600000 CVE-2024-50102,0,0,8fd44c4a8d660d019b8c0f66cb6904e5a1c8e3a17fcea236b7b7019c992ceb8c,2024-11-06T18:17:17.287000 CVE-2024-50103,0,0,f7388d1b8248faac199af938c5b063ca25ea4a29439f14300925ad8fea65924b,2024-11-08T16:15:46.900000 CVE-2024-50104,0,0,0a03fa8616f24786fc437645bd296ca0d38abe7ace79a2ca8ba72fe2582f7777,2024-11-06T18:17:17.287000 @@ -264671,67 +264690,69 @@ CVE-2024-50209,0,0,8a8805a93a7ad4720dce18e0fc6a19c9829749a589bcab3a3e272b745ce15 CVE-2024-5021,0,0,38505cbaa011793e28d7950a2ea2daf96aac6ed3db846bcaf517334c4dc7fa50,2024-06-20T12:44:01.637000 CVE-2024-50210,0,0,39887cb7f7dc73362120106f57cbc0747a59b3d51e3a41b9091d50f5c44af891,2024-11-08T19:01:03.880000 CVE-2024-50211,0,0,789a6df7d2c02bd672dc452fcbc42c98aa068123f2fd8cc57a38a73d58fa13ac,2024-11-08T19:01:03.880000 -CVE-2024-50212,0,0,8077d1171418ca9bc9860647456940aeb5c16059ffd13b0fd8715b7d60c11459,2024-11-09T11:15:04.940000 -CVE-2024-50213,0,0,a32bab53a71793c08dddb8f7f865e54824fbfa96901995c3b6fe811063e0e84d,2024-11-09T11:15:06.650000 -CVE-2024-50214,0,0,8b8c33745112fd2676515d8eae5fa19e36aab72b9a92708d4eed07cf18d02ae8,2024-11-09T11:15:06.777000 -CVE-2024-50215,0,0,51deedf9e51b9010196feb8434c74c41c571fa0dfa190b3bcc95c654d401acfa,2024-11-09T11:15:06.893000 -CVE-2024-50216,0,0,dd18627c652b541fcc71e8055f8b9b54a97ee1c452f87671395ddb6c7c0effe5,2024-11-09T11:15:06.987000 -CVE-2024-50217,0,0,f1f9a2585721ca44599dff7237e3c4e7abb72e154ac4bfb5a6e8176e15581aa4,2024-11-09T11:15:07.103000 -CVE-2024-50218,0,0,a1e0ddbb039c77513f3d3ef127e35268d6a74599810a96ae07cfefd1c53ddc78,2024-11-09T11:15:07.213000 +CVE-2024-50212,0,1,befc3c4f2399c98b74eaa8ec2965db6d6768d3d3be42bd748e5e2378cdaa8f99,2024-11-12T13:56:24.513000 +CVE-2024-50213,0,1,d33d90fd727ceb9d16c37902e1e5fe600fd111a566094370997f5f993729d7b4,2024-11-12T13:56:24.513000 +CVE-2024-50214,0,1,391525e2ae02cd626770e9e9b5e15b489b0738fc2200bc5d666e6b974f62828a,2024-11-12T13:56:24.513000 +CVE-2024-50215,0,1,72a1c2fd96cf3f8adb7fbbb7c51f0eee2b5c97f2080d1f11fe81591870ade062,2024-11-12T13:56:24.513000 +CVE-2024-50216,0,1,173c858fca904c6b8ae3808e39fe7eb2abffc64106c67c7401645a47033740f6,2024-11-12T13:56:24.513000 +CVE-2024-50217,0,1,c9c7be9cefdd1c2145964f4ba7cfd9cabc4c80c3fe813bca02cba94822e3809c,2024-11-12T13:56:24.513000 +CVE-2024-50218,0,1,0fb6d6d645b3a2c6757f1c38779b956e24c411c7561ebff1cb364f4755c7ba07,2024-11-12T13:56:24.513000 CVE-2024-50219,0,0,57ca6b6c0667d0c6ff47560f6866cfa36318c7798583ecd36bd30e6bd0856676,2024-11-11T14:15:15.210000 CVE-2024-5022,0,0,b83f09821687b900e7e3c962c3fdf76320d3bf46277a4004f5c59e7ba07e152d,2024-10-28T21:35:22.210000 -CVE-2024-50220,0,0,3378fdb1fc18a5a841a545e889b5ac91573032b494633fa4e5ccfb9c04f87e68,2024-11-09T11:15:07.487000 -CVE-2024-50221,0,0,6b968bc1e5c76dac654c3003b7e391fdfa86fc18c244cdd09f5cb172c0577127,2024-11-09T11:15:07.600000 -CVE-2024-50222,0,0,4af868e3b94779bb868e11631b27a5e2635974de163fee1d4c95f8dbd6460ef6,2024-11-09T11:15:07.700000 -CVE-2024-50223,0,0,5c85f3afc4741b7eaf9669048aa4b33f46cfa947143c99a6d00df2e0eaec0285,2024-11-09T11:15:07.807000 -CVE-2024-50224,0,0,813cae4da8216fd8e00c8a03218dbe83b5863378706477601975cb8e03ae17eb,2024-11-09T11:15:07.893000 -CVE-2024-50225,0,0,c82e16ac542a9af8c5e044f89e8f77a5a7afb38021a48ad600b7a5a0850e1e58,2024-11-09T11:15:07.990000 -CVE-2024-50226,0,0,ce6d1c13b3fafb5708c88b7c697b5ae368d9adbf1627b886256cec133a3b324e,2024-11-09T11:15:08.117000 -CVE-2024-50227,0,0,490b02f25fed55ec4e384f954960b8334385b22f7454547e4fb9211ca7521b82,2024-11-09T11:15:08.383000 -CVE-2024-50228,0,0,f6ccbb60be51c0481743111e8d58adb17b37650ba7b3969d3547b1e2977000da,2024-11-09T11:15:08.650000 -CVE-2024-50229,0,0,2aca73c691f60076ce4df5eef25d96247951e9dbc0435c48b9fc1f48d9e63582,2024-11-09T11:15:08.890000 +CVE-2024-50220,0,1,9248275c722aa0ee65ec48818ac68fc6b5c034875ac5f558813310c90770c3df,2024-11-12T13:56:24.513000 +CVE-2024-50221,0,1,837e9820d0025e10ffcd16610192fedab6af280e37bb9cd33e43608ed8c3dbab,2024-11-12T13:56:24.513000 +CVE-2024-50222,0,1,18444961597048efbe9032c498fce3b0ccecdbf3ea349a4544d05ffd766fc988,2024-11-12T13:56:24.513000 +CVE-2024-50223,0,1,d7c23bd418b73e793d58a8fa1645f31ade315b6e12b709ada82aee71dfb8c638,2024-11-12T13:56:24.513000 +CVE-2024-50224,0,1,b008f6eead631d70880601fca933fbafaa007488f7472d3af61fc3b0b4372aa4,2024-11-12T13:56:24.513000 +CVE-2024-50225,0,1,89689733e35e6cd9419b99b6283eb57db849db664095fe32d4eaaa80b9e3a50f,2024-11-12T13:56:24.513000 +CVE-2024-50226,0,1,be195cf2d1abd4f6518b8f9b3b6bf20fb019f7ae97e337fc3094684ec872e950,2024-11-12T13:56:24.513000 +CVE-2024-50227,0,1,e2fc3026a4796dbe3840fabfbecbb504baddef9a999e27e03ee6f1f65a228b58,2024-11-12T13:56:24.513000 +CVE-2024-50228,0,1,75c865d39ef34a7936468d605a87fd1159c5b7985759f49af3b29aee9f74a920,2024-11-12T13:56:24.513000 +CVE-2024-50229,0,1,db48f639566488febe491ced1540227dbb50fbe4a3feec114195f408129d7944,2024-11-12T13:56:24.513000 CVE-2024-5023,0,0,63ebd4218020d01998ceddb622d35154b9496df68f9db12eb6b4711fe09e7d24,2024-05-17T18:36:31.297000 -CVE-2024-50230,0,0,b1030d37cdd6dd94d5dde8c89212704508451083b02860d01223b7d985e1a76c,2024-11-09T11:15:08.973000 -CVE-2024-50231,0,0,9ff4d0e8dae8de4efa29491884b222a2506e0382b2168d130562a0793a909150,2024-11-09T11:15:09.057000 -CVE-2024-50232,0,0,5412ad8e1520f7405d750b3c73c7d1b18aa7b03fe116351cf5c60ba6c18f3756,2024-11-09T11:15:09.137000 -CVE-2024-50233,0,0,4d6018cd600e899f71a94a1c3da045a0c8393611729bc5550bf7a411e40f0422,2024-11-09T11:15:09.210000 -CVE-2024-50234,0,0,bdceae74d3e2375dc925505ef947e489cfa4c4d0d150b5c1bf7896bffd356609,2024-11-09T11:15:09.280000 -CVE-2024-50235,0,0,c81a7333c5a504d7631902dad859f9fef2fb88ba8e3b25e151e5cf3525984ff2,2024-11-09T11:15:09.367000 -CVE-2024-50236,0,0,d9e357738cd5ea32ab595ecc1ea6cb0b23f08a385fa3429aedb09038a975ad67,2024-11-09T11:15:09.447000 -CVE-2024-50237,0,0,35b3d189d649a32933f01edb35a2bfe5df5c7fa19e24977af5b7275b5ef8ce28,2024-11-09T11:15:09.530000 -CVE-2024-50238,0,0,05e1cf7974d5cb452aa83b22071a35e0221a77e7768b05885fa922f79a4e5936,2024-11-09T11:15:09.613000 -CVE-2024-50239,0,0,ddae09347815c4f530d00390e1fab021f407b0adb0200a8a1b192f48228963af,2024-11-09T11:15:09.680000 +CVE-2024-50230,0,1,9c8d5f2dc667ea42cb62609eecc6f7be10b1185979e05368a860fbfb20f0331c,2024-11-12T13:56:24.513000 +CVE-2024-50231,0,1,7a8f610ecec005cadb84f4a16992695834c99230d17326baff53f1fe7ec9eaf3,2024-11-12T13:56:24.513000 +CVE-2024-50232,0,1,a72223ccf10520dcf3c840efe5804d622695c92bebf1442a6d5ba17a0e2b469a,2024-11-12T13:56:24.513000 +CVE-2024-50233,0,1,f85277268d32f4634ddf9805a0dfeee732b76ca10c3f343cc982942a9f050b6e,2024-11-12T13:56:24.513000 +CVE-2024-50234,0,1,58e899dd4ebed7824409f9f6dced51234f5d2daf27d86dbae12afa430b8c7dc0,2024-11-12T13:56:24.513000 +CVE-2024-50235,0,1,d262b0f1318289b84cf3d4dfb7127e25346f53bc323fa3b5befc7e6e0d59ff6c,2024-11-12T13:56:24.513000 +CVE-2024-50236,0,1,7352035a14d78c01622a750806b9a10ecbd80f9f5d7dd4c54d0b496023c976a1,2024-11-12T13:56:24.513000 +CVE-2024-50237,0,1,153554820f4f1f6877db56eb08bf1ff52c5580c63136198cf80fa5593b6b43d8,2024-11-12T13:56:24.513000 +CVE-2024-50238,0,1,21164d1932c9aa271a33a6621964cad7de0c843345a5007873ea26ed595a6df8,2024-11-12T13:56:24.513000 +CVE-2024-50239,0,1,ae9533a10286a9391938836e3faebe0216113e3227b3f19609bb2d2ea3609aeb,2024-11-12T13:56:24.513000 CVE-2024-5024,0,0,9dd3417f324a3df55f488e05c68d1854a15dd73bd49fdda06475c54e037a76e5,2024-09-04T14:33:57.200000 -CVE-2024-50240,0,0,8def74ba3546996afe2e98416087b83dfde794c17094c1a1edb94c0ee9929488,2024-11-09T11:15:09.753000 -CVE-2024-50241,0,0,9b313ad9cd2221c353daa6fdc312f5394d26c653771cfc2df1c133307cf9d5bc,2024-11-09T11:15:09.823000 -CVE-2024-50242,0,0,defa5cdfc14d7d3c38f22d4481681b52752452739d8a0842fc4c3aed56d22535,2024-11-09T11:15:09.920000 -CVE-2024-50243,0,0,5b0a31a05f6390cefad0d512aaf61e3897d7f4a7b04ccf34e7e5671e92c0e1a4,2024-11-09T11:15:10.120000 -CVE-2024-50244,0,0,9a6f131e67ada4b3e4f166c85072709bbf85d08d8623bf1ef6c5f94ea4a31762,2024-11-09T11:15:10.300000 -CVE-2024-50245,0,0,d689f37b2b7084d66bab419ba63fb22eefad70765e1aa3584c78be85513cb273,2024-11-09T11:15:10.470000 -CVE-2024-50246,0,0,bca25d9b05a6530e04bde0aa15f4a1e650b69576838e244a1c38449d9dc30657,2024-11-09T11:15:10.537000 -CVE-2024-50247,0,0,3ff9592197d0a69e4a721dfc0ca7c06c1c1a3d224075e1a1610ec4ba42a85283,2024-11-09T11:15:10.600000 -CVE-2024-50248,0,0,8d68f6871ec9a896816708387e921b695440b483dc015561a17c7d9a4dd55803,2024-11-09T11:15:10.670000 -CVE-2024-50249,0,0,2787e19040b86ef61a17292c4727a9cd1a7320a53c7e8783f3202d62e7b99e26,2024-11-09T11:15:10.743000 +CVE-2024-50240,0,1,2f077ad4fd5ccdf3b5ba2ce44e85364d2e13615cffc06674304da8dd186b1324,2024-11-12T13:56:24.513000 +CVE-2024-50241,0,1,a5bf76cb61364c8fcd93873dc49a757de39dd690c5891f004aa15d752ba3c201,2024-11-12T13:56:24.513000 +CVE-2024-50242,0,1,bdafe50a7ca91d1a9ac9fdfd320305af1da5c21b6c2e9faf44e9b3ca97eb393e,2024-11-12T13:56:24.513000 +CVE-2024-50243,0,1,ffe29014db78edfbbe5a9cd3ae22e3f07e52f16b2a387bd8803443925a985f5e,2024-11-12T13:56:24.513000 +CVE-2024-50244,0,1,4b0c17572dce723bd348c4e88bfa6d365c65ddc82e849218dc553de0732e2ba6,2024-11-12T13:56:24.513000 +CVE-2024-50245,0,1,54362644fc56d6b02bbdc2579258c8fabfcf0e5c1dbc290479a2a87423964ec5,2024-11-12T13:56:24.513000 +CVE-2024-50246,0,1,c6d2ae2a6030f6786d3cf9dd0f3cc823500b5dd2b71bfe454efb20441f5e2591,2024-11-12T13:56:24.513000 +CVE-2024-50247,0,1,85b169d2dc6a15291ba96d491cf58ac7fe11896248b2228eaea29a2428618f6b,2024-11-12T13:56:24.513000 +CVE-2024-50248,0,1,3e55857ff4a613601bb11fb36a21ebd35f5998e091f5297863be6a975cad5346,2024-11-12T13:56:24.513000 +CVE-2024-50249,0,1,43e91f42e3c76d4efde81544554f8bdfdead0751feca270ea2651623161f25bf,2024-11-12T13:56:24.513000 CVE-2024-5025,0,0,5975a4de967bb092ff1a32c8663c734972c139617eb709a92a7c0cc78b284359,2024-05-22T12:46:53.887000 -CVE-2024-50250,0,0,5b5f0987e77a7545be56b88f55d490c77533b850be58230756bc92ff0855ad5f,2024-11-09T11:15:10.833000 -CVE-2024-50251,0,0,213e4710b796ac6849b81a53d98178d07bfa8b0434fd5e9b5b6d53cd62fadd27,2024-11-09T11:15:10.900000 -CVE-2024-50252,0,0,40979785dd8717fd660eb563cd6f37e3f35694df67b7482afe142afa151c8607,2024-11-09T11:15:10.973000 -CVE-2024-50253,0,0,d8ece0020a8de28080908d909d19d960079ac0f17ba3de47d875329fb6fe5283,2024-11-09T11:15:11.043000 -CVE-2024-50254,0,0,b5a36fa5df5dd8ead6f85b2f703292a91ec905dfe967afd72215f703937817d1,2024-11-09T11:15:11.113000 -CVE-2024-50255,0,0,1379b52d61bac3c3046f1f6031c0303258f75780099f49b1a9e5c6c3c2f6d39f,2024-11-09T11:15:11.183000 -CVE-2024-50256,0,0,b36d838eed10003c0b6e62b6c345d6885dca60af9da07a56a7d206a74d78ac7c,2024-11-09T11:15:11.263000 -CVE-2024-50257,0,0,3eb4f2f83c793a3549f90ed4e5a7a7914935fc5d93a1d2c81d74e2f2b0c1839a,2024-11-09T11:15:11.340000 -CVE-2024-50258,0,0,fbc285d5405aba24b340ad8d9628bcce9f3ff786152928bd3a053e82d6481224,2024-11-09T11:15:11.413000 -CVE-2024-50259,0,0,9505f119d634507830457a8481da367105cd2d69e5a787778823d77383895c6e,2024-11-09T11:15:11.483000 -CVE-2024-50260,0,0,fc4cef5cf9d349d410ca1c97d5743d6a1870d568c5b285bfc5df24088371adb6,2024-11-09T11:15:11.550000 -CVE-2024-50261,0,0,c7b0c5cb53afcfabb0ce1805397f6b93d637df35741bb2601e07e11bb4679803,2024-11-09T11:15:11.610000 -CVE-2024-50262,0,0,3571cc23e83cb0fd0612ed425e1b46385cde83393258e2fe4bbbc81ff1ef3dba,2024-11-09T11:15:11.687000 -CVE-2024-50263,0,0,748014e2b774d64f4e051bec86180e6c3664073e1b19a8534d7635fa9f3b703c,2024-11-11T14:15:15.473000 +CVE-2024-50250,0,1,d8fcdb40bef1001ea2a411536bde4271adef2199df08d096c0a9ec3ef47def51,2024-11-12T13:56:24.513000 +CVE-2024-50251,0,1,62b5e2b214fdab150b4f3867fe89f5bac1b73fe03f9ee76cb9676f0fbb0a9279,2024-11-12T13:56:24.513000 +CVE-2024-50252,0,1,4b1d39889f62157a184e6bdf7eb53cda020d226d56e12ff5c70f55edc79ab4a2,2024-11-12T13:56:24.513000 +CVE-2024-50253,0,1,1b2eec23a19d66100687b6ffb1a7cd6c4e42c433503fa74f71430e8927743bf7,2024-11-12T13:56:24.513000 +CVE-2024-50254,0,1,fe9bd35f3da78b0f44083d8329cad73ac1c6f090285dea0a576a303cd96184fb,2024-11-12T13:56:24.513000 +CVE-2024-50255,0,1,ecb1652001c89ea12392206e26b9fcb1eaa915d0fe70f3c842b29178db03dbef,2024-11-12T13:56:24.513000 +CVE-2024-50256,0,1,2ddf616ad9092258f20a24903320119bde3e581655fd231ee23497c20dc13851,2024-11-12T13:56:24.513000 +CVE-2024-50257,0,1,77f545a47dc82457cd59427a8f5e0fe433c31f26034f5e3881da6497ef21225b,2024-11-12T13:56:24.513000 +CVE-2024-50258,0,1,8cfc1328995434fde0f6380d22d70f3ce5e7a8d3057eabd376d6ba5d354ee0d9,2024-11-12T13:56:24.513000 +CVE-2024-50259,0,1,f925a4db4dcd122437f9a6e8927ab90813121431650d14e88a53671417de5170,2024-11-12T13:56:24.513000 +CVE-2024-50260,0,1,dbf8ad3f71dbbd736869ee4a6db138fff2678aaab0ea300663c7b98293894853,2024-11-12T13:56:24.513000 +CVE-2024-50261,0,1,b4e106f44d4a2eb815d0dd8f540fce25308f032b907e878b88914bfdb4dcb64c,2024-11-12T13:56:24.513000 +CVE-2024-50262,0,1,7a7f52a4ecfb838a90895bdb7de5974a897853cb994760b548442b80ee554dd4,2024-11-12T13:56:24.513000 +CVE-2024-50263,0,1,2e071cb68f4a0777e46edaa767663e26ff7c76ecb6dc8a74b30d3bdec9f4ef8b,2024-11-12T13:55:21.227000 CVE-2024-5028,0,0,6e4747168a055d3478d0389157f1378a0e5efd7245fc9814fa65e0cf7f805db7,2024-08-01T13:59:38.360000 CVE-2024-50307,0,0,6d2dcfccb50c0c30fd7d9bda3b36490982da8110db31d087befc4509a1d360cd,2024-10-28T13:58:09.230000 CVE-2024-5031,0,0,5b0fce1eabb88a37a871d927606cb4ca5166c3808ddca60f777848c692bab12e,2024-05-22T12:46:53.887000 +CVE-2024-50310,1,1,8ca1d30e05e8d14940210b5289df4fe889b7bcbf7d81126e5203abf9701afd02,2024-11-12T13:55:21.227000 CVE-2024-50311,0,0,a911784e609d4ab74e0290e5d915dbb7b1471b8d97b5435937a13bc8c9811bb6,2024-10-30T18:39:40.617000 CVE-2024-50312,0,0,8b68d956a110cf88efd2db7bdd6fdd3dc5b02186497d9ae2cbca0852915a398f,2024-10-30T18:35:56.753000 +CVE-2024-50313,1,1,1f9bfdd78a62f9b5771008b0c7fd93e4e221029be8c4ff06400d9d0c1dd48acc,2024-11-12T13:55:21.227000 CVE-2024-50315,0,0,4cc2faf3d8c489bc195ea9b1b71e3db71fb7f18259f91c4f6bf82e911f7ad06a,2024-11-06T18:15:06.173000 CVE-2024-5032,0,0,e2dd01f18d9397a3c892e6f9436384b2c9baea7d6f6081290ca836f05f0fc527,2024-08-01T13:59:38.540000 CVE-2024-5033,0,0,34cd1f889798bbfeb338d8d711a920994993596df17d9daf9b428477bffed7c1,2024-08-01T13:59:38.730000 @@ -264872,7 +264893,7 @@ CVE-2024-50511,0,0,d2405bceb5490caa25d48c9eaccd1b135c0f31fb2801d8eda1baf830c34ba CVE-2024-50512,0,0,d3eb5beba15659e24233a17e23ff12b2ae18a8a0e2a2662e84998527ef3378d4,2024-11-01T12:57:03.417000 CVE-2024-5052,0,0,1db4612270fc4085b1cc808dfe93eaa2dc99045707c3296716068fcb2c40c936,2024-05-17T18:35:35.070000 CVE-2024-50523,0,0,9dc64520b14d8d5fcbb0c8efcb510b29b3e2269a6933f1788aab4d5518713a80,2024-11-06T15:46:32.907000 -CVE-2024-50524,0,0,6ddb8ac78cfa11967a6b677fce8296741e6efb7d62be8cff715c422df140b4a4,2024-11-09T10:15:05.667000 +CVE-2024-50524,0,1,852b101a8ae079b1795221124ba9296d78d61951435c1ea2f3870e7b5b7f6bd2,2024-11-12T13:56:24.513000 CVE-2024-50525,0,0,e457a4e5f2a29e6ea2dab28cfa0e8d818a3a9d2aa36a168e705f164fa4d6dd20,2024-11-06T15:42:52.993000 CVE-2024-50526,0,0,a38a0e990ccb8f0f5df4c3fd67cc6acb2ad0edab97bd70b44583c49c064fc336,2024-11-06T17:07:02.417000 CVE-2024-50527,0,0,6eb8801b6392b9232c5e9383943c0eafecf0046409f67ab436e320236953f3aa,2024-11-06T17:06:23.250000 @@ -264881,12 +264902,18 @@ CVE-2024-50529,0,0,575f9a44d1152b0df164fc3f7b58f5425e3a00c3302d62a94d397aedcef79 CVE-2024-5053,0,0,85ba036ea0ce8a641df5f4bb0e9116ce37b7603e5543e179441180f635dd17ca,2024-10-04T16:02:22.037000 CVE-2024-50530,0,0,379afb3cd5bb6212bb350d557f04d1566104563b1c4ae420a09ed615234ec789,2024-11-06T17:02:05.543000 CVE-2024-50531,0,0,6a1304599f087ca8d0e7c0cd6930e198fee602ac0bb303da7eb267c873904896,2024-11-06T16:34:13.990000 -CVE-2024-50539,0,0,08d6e1360afaf76175d1ecf9950b3aaa80607e600af655a0ee22a774bfa551f8,2024-11-09T10:15:06.017000 -CVE-2024-50544,0,0,336d97750650c1d6cec3e05e98715c2c8c6ed2c5e82354e4843f0e549a14b76f,2024-11-09T10:15:06.273000 +CVE-2024-50539,0,1,f6a8443f6456cd2978b7cf3e4eab7a6716ac164c4ac14ac0a517e8986e261054,2024-11-12T13:56:24.513000 +CVE-2024-50544,0,1,20c0b4747279e80deddd7c87d7d299968ec62427305dde75692b84db338d4074,2024-11-12T13:56:24.513000 CVE-2024-5055,0,0,346404cc585681a2fe5319ad3cd387f2171e7718710adaf135152ad352635ebd,2024-05-17T18:35:35.070000 CVE-2024-50550,0,0,0d2291a684da454f82b0b3876a679625fedb67aa405d9eb4df12eeb34adbbab4,2024-10-29T14:34:04.427000 +CVE-2024-50557,1,1,0d03533db80b2800d4de8951161905b408815adcd0ddb81fb357288db781c1ff,2024-11-12T13:55:21.227000 +CVE-2024-50558,1,1,3387a291dc53c089b4734d4ee41cfbc005368b54a0e39a6145fcc55af91d3552,2024-11-12T13:55:21.227000 +CVE-2024-50559,1,1,94a3a0c7dde71b2a1cba4ad8bb65fc7693988825dbf6b319035a272cc396ca28,2024-11-12T13:55:21.227000 CVE-2024-5056,0,0,b09a6a74de5b053675f9afc4f104e067ee8a59f791091ecbf85080c4327f1e74,2024-08-23T16:04:14.643000 +CVE-2024-50560,1,1,b843bca7b6a40f916c397549b2e42d27f2eb824dea7bfae926fed916903cd3e6,2024-11-12T13:55:21.227000 +CVE-2024-50561,1,1,b588bd675e5176b44b60f7eef24038c74103e95b71ac19ebc75b4b604b17a0e9,2024-11-12T13:55:21.227000 CVE-2024-5057,0,0,6ac23c507e757b24b72de98245da87576f9a2b62e0f8d57278541740a6070ccf,2024-09-20T19:31:39.437000 +CVE-2024-50572,1,1,ad5a819397cf2d6fbf086e60f7062c28027416de63387718e6910136cb5bfb09,2024-11-12T13:55:21.227000 CVE-2024-50573,0,0,6166bba949b905ceb4319678694597e7477dff6436071dabfbd162d318e60f8a,2024-10-29T17:12:14.760000 CVE-2024-50574,0,0,b4c85ee17cab7a2dc3355aa11a3a7bb2af1a1df68c9041971813110ae5b2fe8a,2024-10-29T17:16:11.277000 CVE-2024-50575,0,0,fc32d20f0e12c8f088f3b45de0e6be389ad7ff627245b3eedb03a983727ced9c,2024-10-29T17:18:26.957000 @@ -264908,7 +264935,7 @@ CVE-2024-50592,0,0,1ea6423960cc50e93195b2cf1d9f7905b125a77bfd5004aeb42759deb6410 CVE-2024-50593,0,0,2990c55af886ff8c2c12dbcca8abdce067826f7d03b201038626b94cf51f8774,2024-11-08T19:01:03.880000 CVE-2024-50599,0,0,3c6f0c29bfc51c064c63c37a765c151941367295dbdeff70ad17448c4c631795,2024-11-08T19:01:03.880000 CVE-2024-5060,0,0,70a4b23a22f78db2884c1ce0fa906b767ee25d155e7de23427bff751940319e4,2024-05-24T13:03:05.093000 -CVE-2024-50601,0,0,25615c335aec72439bc642df0ba921a5f5fe397dc6c11b4dc75d7bb647cd9fd0,2024-11-11T23:15:05.763000 +CVE-2024-50601,0,1,85a0cc68e7d6301a74918b2d497fb47d678814d8250642c0442610e62be3405c,2024-11-12T13:55:21.227000 CVE-2024-50602,0,0,45e9269102f2b541d78d641e3b6d4f0d7b12a8e026b5814df3e38d2c0c706172,2024-10-30T18:35:16.237000 CVE-2024-5061,0,0,acb15fde0f7701ee7d55862ecbc276a299a2eba41aa60a0bce397763155cd902,2024-09-03T15:11:56.787000 CVE-2024-50610,0,0,2336f18018549d31226ad5c4df53b32342f6a9adf12b0e16f4241999fbebe853,2024-10-30T19:35:30.033000 @@ -264923,12 +264950,12 @@ CVE-2024-50623,0,0,71c6fad96d3194eba7d5d7edd081f9ad30cc6decd08744ac71e97f086f12f CVE-2024-50624,0,0,2f6d7cbc06ddd09de063e5bd0feef072f438fbd478c20a099bcf6256ed039f90,2024-10-30T21:35:12.223000 CVE-2024-5063,0,0,3ea00cb3f53084b2393e5a818811e5957f116b348338ce87a59f64292b187a9f,2024-06-04T19:20:57.760000 CVE-2024-50634,0,0,1259534018b84fc966c6bbf71883176c6258839dafca0d12474268de67eb80a9,2024-11-08T19:01:03.880000 -CVE-2024-50636,0,0,0ade0dea604da8447f47847dfb20b4ef4ecbce093e12be8e7df0e1bf680276fb,2024-11-11T23:15:05.833000 +CVE-2024-50636,0,1,2fc9138fa183119876b777928207f426f13352402fa782392dc2b828754f0184,2024-11-12T13:55:21.227000 CVE-2024-50637,0,0,7cb3fd4c2566fc1d1593156e77d24b90af6dfd042618185e839399543b673bed,2024-11-07T14:15:16.780000 CVE-2024-5064,0,0,d857d2e0ee5316e135c4045ce3a7ab1579933a9b029d66480995681ffcc21c71,2024-06-04T19:20:57.870000 CVE-2024-5065,0,0,0430cc7c42876b1507fe619bbbc6ece1ba2c878f57a5564022a1efa295cd852d,2024-06-04T19:20:57.977000 CVE-2024-5066,0,0,afaa043e18b083dd4b11b301517b086f80728c1a74393b687f88875df4970445,2024-05-20T13:00:34.807000 -CVE-2024-50667,0,0,f16bce4b99de2012361be95597333f0df22914c2f4ea8499b3a1ae67b63cdaf3,2024-11-11T19:15:03.960000 +CVE-2024-50667,0,1,e1e6fd05dc47d8d0018e6051a77007d9f2a6e89a4ed76dd1a7ea5db0cdc3d1be,2024-11-12T13:55:21.227000 CVE-2024-5067,0,0,7a5f09523c1a14d6651905f1f8853395c32eebb526caa99a81fddc9a443e16ea,2024-09-05T17:29:32.287000 CVE-2024-5069,0,0,9472ccb93cc67e368452ccbd7690fcdac2e9c6bf3a0a4c1febdda7b23dc05b96,2024-06-04T19:20:58.080000 CVE-2024-5071,0,0,1e84a840bf7fe6d05a333c61daff03721e2399762594abd260e8b415b74d49eb,2024-10-28T21:35:22.430000 @@ -264943,11 +264970,11 @@ CVE-2024-5079,0,0,03cab751fae6538cdd3ee0f9a467090b1b9dca8ded972c9a24812d90a2b62a CVE-2024-5080,0,0,88ae00b43e12b64ab9ecc2d4c4ea1fe4d89b86d4c131aa05e4a989c5a4e3b207,2024-08-01T13:59:40.707000 CVE-2024-50801,0,0,b02fd2a4d914f47ebf18861bef14a429b26208dd8058232ee786f89bcea879c0,2024-11-04T19:35:13.810000 CVE-2024-50802,0,0,8492f5be24f5ad2918f47970062e4bc2c1c3f432ad972af1d330cb18adac5b2e,2024-11-04T19:35:14.907000 -CVE-2024-50808,0,0,bca6365476b31fe93d3b7d0cf72ff732cb0e615c3beef7014f024b64c30cd3dc,2024-11-08T21:15:20.740000 -CVE-2024-50809,0,0,b798465da32fcc10423bf74f9350c79601a3da9771abb78642e2d5cc72417c27,2024-11-08T21:15:20.870000 +CVE-2024-50808,0,1,1a667410201903fdc8230c48df98057d6516bd370b3a4500e5037005f86c9f20,2024-11-12T13:56:54.483000 +CVE-2024-50809,0,1,0543ed682b74f6a15eb703e6e2e2cbff22bee156f875bd21c519fc7274b9287c,2024-11-12T13:56:54.483000 CVE-2024-5081,0,0,0bebffdc717b25462ccb5a198cb29076c0fa0475011c795b0df7ab25d1acf197,2024-08-05T15:35:16.180000 -CVE-2024-50810,0,0,4097d54fcd17dd77650989ee96adbbeec9177f32fb93f3c8eb7e4af625d8db30,2024-11-08T19:15:05.877000 -CVE-2024-50811,0,0,f3dd553fef10c2fdbb4ff1230411b63978ded35f0f4c01d4113ea057fc05f4c6,2024-11-08T19:15:06.020000 +CVE-2024-50810,0,1,7da23b2ab88a2657cb76543548549613aa1f561df30582c648f7520bf514f0d4,2024-11-12T13:56:54.483000 +CVE-2024-50811,0,1,d8ef1ac40dcb898d28bb949cb8cb9a8ce73f83d8e224524d33d6a2ba92df335a,2024-11-12T13:56:54.483000 CVE-2024-5084,0,0,79705ce3d53f6e7c72da00fccc935c6da44be9bf4354c31cd8528afb5e0a643e,2024-05-24T01:15:30.977000 CVE-2024-5085,0,0,6942e3068671e85a9578eddbb7240c8706dd53cd6ec5670c5d4ddd91c950a30a,2024-05-24T01:15:30.977000 CVE-2024-5086,0,0,cace1182cf9be3136b0c613ecdabc086a9a0b40661f04ebd6e230acc3565cbb0,2024-05-29T13:02:09.280000 @@ -264964,10 +264991,10 @@ CVE-2024-5096,0,0,5ed717834c38883681c6d180e391a0fccee5714f6ff3215bd896b6366e61be CVE-2024-50966,0,0,17999db3c119b65097d64bae028974d0e6d4cf5d6910c7a7a211536c5ff5b48a,2024-11-08T19:01:03.880000 CVE-2024-5097,0,0,f8c17c92eeab06c631c7e3bccbcd56a5be798bb0ae3554a5ecf4b2a49f948336,2024-06-04T19:20:58.787000 CVE-2024-5098,0,0,51bb68a404444dbad57c4444d3880f6dd34c8b10fc09ab7783a9da02fb8f5608,2024-06-04T19:20:58.887000 -CVE-2024-50989,0,0,b7b037d4ea18e4ab0782d6b5739aaa1678509669543bbcca89a841cb6cfe5d6b,2024-11-11T15:15:06.390000 +CVE-2024-50989,0,1,e4c0fe2b8431c4258cd2ecc4a0f559aa989b45362bfebaa4c143315581a69ae6,2024-11-12T13:55:21.227000 CVE-2024-5099,0,0,c449033239abbf7fd2bba4f64694ff77374623f364f0fa141d0a92a151a3ab2c,2024-06-04T19:20:58.993000 -CVE-2024-50990,0,0,d72b47b0d100cf0bec6f871d0b64d333b4b2e5d21921176e63d7bf8762045b40,2024-11-11T15:15:06.470000 -CVE-2024-50991,0,0,5ab18e3aa042024ffe81fbaac1fc8220161b429f14696eb3fbd33a5696989af8,2024-11-11T15:15:06.527000 +CVE-2024-50990,0,1,3e42f63cb4cce2bde832528585cd9a59c20bb79b20e8a372aa48cab82b38c511,2024-11-12T13:55:21.227000 +CVE-2024-50991,0,1,d7b9dadf9ffde3571101ab4cd85a569d9cef8837174cd0bebf677a2bed448c13,2024-11-12T13:55:21.227000 CVE-2024-50993,0,0,a9de4dd48dde3ac3fa9f8b5743f41b5b56dac32227b8c8bf2e6472e6c2af5c67,2024-11-05T17:35:19.567000 CVE-2024-50994,0,0,a5cc8cf1e738761f065a4f27d82e61f2db641d34c682578fe3c2a1afe6ece327,2024-11-05T17:35:20.363000 CVE-2024-50995,0,0,60f0d71d86c3ab99e9e53c92c51f008106e52e339b3ed722bcfbc442b7e04dd9,2024-11-05T17:35:21.167000 @@ -265003,15 +265030,15 @@ CVE-2024-51021,0,0,b06ad1dc7caa63f0b78f2a692ebfbc7dc3db4861942e25ad61d65ea6408ad CVE-2024-51022,0,0,9c971f391f021663a674f6ebedab01c215349ea525c288aa5349243311884419,2024-11-05T16:35:35 CVE-2024-51023,0,0,b12f806c39027dd585f6605b170e48144a3513f557c323acb9850f669a22caef,2024-11-05T21:35:11.923000 CVE-2024-51024,0,0,2602616b46cde149e40ad1ec2305c8463ebfa9f137264738865d2534ea931b9c,2024-11-05T20:35:25.253000 -CVE-2024-51026,0,0,b4a18cb304cdcd98893c390c948e2bd74a14013e8cf53f27bf028896222d12d1,2024-11-11T21:15:06.683000 +CVE-2024-51026,0,1,a53b987681fad958b0e0dfc0b8c2f642e8987d295f398a795d1e53509e193c12,2024-11-12T13:55:21.227000 CVE-2024-5103,0,0,aef0baf1fd7c527670ecf099c59b541b0a60e91a3e6b8de1c582546f74d7df46,2024-06-04T19:20:59.297000 CVE-2024-51030,0,0,8864f5f848b4bd116cf6c117fc9413494345870c652480a21b492e7685b9b04b,2024-11-08T19:01:03.880000 CVE-2024-51031,0,0,1e5ab5cf9c7a25d9afff4cfa33f3918bc3dcf7d5460284d217623f0076ca881a,2024-11-08T19:01:03.880000 CVE-2024-51032,0,0,ec7a3f58b1b13bff81847fdcad7b6dc259b873fcbfe047be514b3d445ebe4aca,2024-11-08T19:01:03.880000 CVE-2024-5104,0,0,8d4ff1d965ca43b16b77c8055dc82631e6e8123b480d913038100bbc16c5fc14,2024-06-04T19:20:59.397000 CVE-2024-5105,0,0,c1afcbdfab9cbf8b7401c36e665ea5449fdb0423f5baf719d1747abc02484d12,2024-06-04T19:20:59.500000 -CVE-2024-51054,0,0,4bafe735c22771b0cde1212205a2157050cf5c031bfc62d7ce3dba23d4e0d25e,2024-11-11T15:15:06.603000 -CVE-2024-51055,0,0,053fa0edaa4b935312f10d8abb53700d4933be42c7e135561c5e89740c1394ed,2024-11-08T19:15:06.190000 +CVE-2024-51054,0,1,679f1ab11a6bd17f8826d1e56c02f08fe3c1b163f6815abb310103211e2f5032,2024-11-12T13:55:21.227000 +CVE-2024-51055,0,1,bc6e923abc09fb516723039d0c80e2e1c973506d67c4fd7e8b98b13ae600002a,2024-11-12T13:56:54.483000 CVE-2024-5106,0,0,0c609f41f655027086ae34a799c5dba7518161802bc29d490607b24bb6cca58b,2024-05-20T13:00:04.957000 CVE-2024-51060,0,0,402a659a58502cf6652d1569d08a8e1bb7141b9ef84b5e613167d10864e0cd4d,2024-11-01T17:35:08.443000 CVE-2024-51063,0,0,9e69a8a911d8071b54e4574d5d702b1952770d32179ac558a313a9f533d2704b,2024-11-01T17:35:09.657000 @@ -265031,27 +265058,27 @@ CVE-2024-5112,0,0,689c76c95598a2f86ee6cadbc1c25854cf35ada5e2d2725de4638c44d7f737 CVE-2024-51127,0,0,5cbf021500110127b38f6de54e9823061ea68366b333afb20ed57e2e95d1d646,2024-11-06T19:25:14.607000 CVE-2024-5113,0,0,d52da1935c57c4016d19b1f0658aa6603ac8563b2af10cf87d5ce42568a3ed96,2024-06-04T19:21:00.113000 CVE-2024-51132,0,0,741849111477a3dea70a3f4f159f318bcb11e986e2637afecf8a608cf70fdf87,2024-11-06T20:35:34.173000 -CVE-2024-51135,0,0,7cb22672e5dbd89b4e6af08151da9b08631652ec3fbbfbd46f9e6f7bea4925d7,2024-11-11T19:15:04.047000 +CVE-2024-51135,0,1,aebbe945d05ea335f860f10cf11e685c81af5045a7f037fa95d2a93ccbf5d4c7,2024-11-12T13:55:21.227000 CVE-2024-51136,0,0,b7028b746c76b0b8db7064a5c94d8b9b8b4865b267652b712081099f88f87998,2024-11-06T19:31:15.230000 CVE-2024-5114,0,0,51655375bf74d88d0b44bf3106775b49d83b04b179d3446b4a92ffe727b17b66,2024-06-04T19:21:00.217000 CVE-2024-5115,0,0,566281473e2daa2487dd251e202869dc3059aeec07f7c63daa38b65c3bae3de7,2024-06-04T19:21:00.323000 CVE-2024-51152,0,0,61a76bcbf6bd75d4afc028e09aa200a0b1945b75db18b8f83b3142e2484dc5e3,2024-11-08T19:01:03.880000 -CVE-2024-51157,0,0,7c80e4eed37db0adb486c62407abe6cbecdae7e0bd33adcd7c146c3fc432204a,2024-11-08T21:15:20.980000 +CVE-2024-51157,0,1,15c268449f10cd3f5e2b0f898333f8df5f6a7a275257a0f4491ba5cb90f1b17e,2024-11-12T13:56:54.483000 CVE-2024-5116,0,0,8edab88198021b2d3b9901d621d1dabac4b2933945eb225d0257a88c98ac3f15,2024-06-04T19:21:00.430000 CVE-2024-5117,0,0,8f71e5dda3348556d6b06143dcd47b79229dad0468d30aa7c38f8c5c1ecb8524,2024-06-04T19:21:00.547000 CVE-2024-5118,0,0,ede24973ef1505b96fcd3c614d177bf90baaafde820cda4461fa6280b3c2b455,2024-05-20T13:00:04.957000 CVE-2024-51180,0,0,291417569b0494624857cced13999289421aea811a146f5e21654eb2df5dd0c1,2024-11-04T13:37:15.737000 CVE-2024-51181,0,0,113da0b9d3296c95d5bef97b0c59442bc79ba9bb3dbb2c1b2baabdd141b84fe6,2024-11-04T13:39:48.413000 -CVE-2024-51186,0,0,22a75f61af82d678a63881ed8d10c9a178a3d1960679c0862a84efb7646799de,2024-11-11T20:15:17.877000 -CVE-2024-51187,0,0,9a67b518d46fc31c32122fcf0319d9e61d53f2fcbf131b56c5ef25bec66f02cf,2024-11-12T02:35:01.737000 -CVE-2024-51188,0,0,e9828a68650152023528e4dc610f345553404c627f4bc9af2269add405326e09,2024-11-12T02:35:03.130000 -CVE-2024-51189,0,0,0985908fe21f877ee5a26b68a6d4d809aa91aeeeabf391da7d290005b784e475,2024-11-12T02:35:03.970000 +CVE-2024-51186,0,1,ecbd09b77ae77cdfbdab2ab6628b77e4371c5a546df67d7dbfc3646e5b2ec142,2024-11-12T13:55:21.227000 +CVE-2024-51187,0,1,985002ca904865da616607b236f148770176f709bfa535fdb33cee1be9676e5a,2024-11-12T13:55:21.227000 +CVE-2024-51188,0,1,13986d2935d4cbbb06b61af21788a3b856d3586938aa3348b0a9519fa9c62c69,2024-11-12T13:55:21.227000 +CVE-2024-51189,0,1,35e25bc3ffc29f26f90767c986f34840e3ceb43dde83583aa3e60434ef9d49e5,2024-11-12T13:55:21.227000 CVE-2024-5119,0,0,6bb53ca9f8946448e1a7958af9df5b73fe1f36069f7b2aedbfc033eb827d83be,2024-06-04T19:21:00.657000 -CVE-2024-51190,0,0,71991edd215e4e7a0815690b5b6d30cfbb98e6643908b58dad5c190e2a244486,2024-11-12T02:35:04.850000 +CVE-2024-51190,0,1,02493ace343d801c2c96f83a09a920c8f88e12adfc58225d3b0b4f5c18c7e600,2024-11-12T13:55:21.227000 CVE-2024-5120,0,0,512e5b032e12a79292f06756f99bf223a47a4b934de5206e20b5529b01ef61b6,2024-06-04T19:21:00.760000 CVE-2024-5121,0,0,98477bc3a7c67683bd43da705ad15db6f590ce85a12aaf89110d94461e6c3bdb,2024-06-04T19:21:00.860000 -CVE-2024-51211,0,0,9f7216f2f8d2a000da238cb20861cfda4ea040b75cc4ecdd6f811f2bee27be17,2024-11-08T19:15:06.347000 -CVE-2024-51213,0,0,a2dd45dd78a543da33259713e72fe69b4f547b616ddaa87debf61b5669001042,2024-11-11T23:15:05.900000 +CVE-2024-51211,0,1,581556a1bd92632bbd04cf9aebe233d1f5e96f417c538ff40e3ed80078a79ca9,2024-11-12T13:56:54.483000 +CVE-2024-51213,0,1,e80d55ec078755f28e4f2823f010f3744ad69702e08407d1517faeef4f279468,2024-11-12T13:55:21.227000 CVE-2024-5122,0,0,b102c5894de9c993bdf361c85aa63dd17cb454ea5ed33d3ad3120a6c50356b5e,2024-06-04T19:21:00.963000 CVE-2024-5123,0,0,c6ee92320f25e8ca50da0e044240269e2ddcb04724d5d630d165dc261fdc83ba,2024-06-04T19:21:01.063000 CVE-2024-5124,0,0,ddf4d98394e08878019bd952c44f2cfd27f047274d82fb0e14f997780f16638c,2024-11-04T11:15:06.937000 @@ -265131,14 +265158,14 @@ CVE-2024-5148,0,0,bd5836562cd7c4456364427f29f33cc1c67447ccbfc1a9320a1023f854c7eb CVE-2024-51481,0,0,79865ece5695e59d21a71c5242cb6b84c6582b835d3ed06315b12ef5cbe5ff4e,2024-11-01T12:57:03.417000 CVE-2024-51482,0,0,bfd63cd113518065a1bebad51613f86054f6e228acaf54013add2bd0a434c523,2024-11-05T14:15:14.840000 CVE-2024-51483,0,0,f70c42f235544d305181618bf39f85a2958b60e254bcd1640771f1e1cba85c88,2024-11-01T20:24:53.730000 -CVE-2024-51484,0,0,71873d7db7e01fb6cb9a7a25cc44b547c589d8cb9f28feeab78ff62ab4c0896a,2024-11-11T20:15:18.170000 -CVE-2024-51485,0,0,4b9038b15ec3c3fd6502ebb682d85a8d893bad1298a1b2c6b5f0f51fb12a87af,2024-11-11T20:15:18.313000 -CVE-2024-51486,0,0,e1999d3ec467fe4c829cd9ff311bf0a143b46492bf637e8605cc0dc541f598f0,2024-11-11T20:15:18.430000 -CVE-2024-51487,0,0,052f30a78b3bf9bb2df867938ee72cca464f6d9e5fd37c3d3e60c5e578f7b37e,2024-11-11T20:15:18.640000 -CVE-2024-51488,0,0,1f2b3c34b5a8d76d4b3e8cf994ba8ef608056367d7a462d46bc8f63321cdb0d9,2024-11-11T20:15:18.757000 -CVE-2024-51489,0,0,a30995f3170dd1474efbb6b6381f530c77abae5e352dce48f6c6a75ff98de5cb,2024-11-11T20:15:18.877000 +CVE-2024-51484,0,1,702c9eef66989d49f443105697529c0366c78728d1841138606db38ce216d817,2024-11-12T13:55:21.227000 +CVE-2024-51485,0,1,31fff43947b857d031a4fdbb88a07c40af7e2b11b292e3abc7f2012e09de9d36,2024-11-12T13:55:21.227000 +CVE-2024-51486,0,1,cfb832dac4d0cbf401700dcb55c0c7132e9df371a60e5f7ffc5aa427e996f6c8,2024-11-12T13:55:21.227000 +CVE-2024-51487,0,1,9d095d095278ad4a0dff54fce8de4e672ea8d9b24e1c51cb430743545d0db5d0,2024-11-12T13:55:21.227000 +CVE-2024-51488,0,1,ddbc9992d74d320bfbf1c9bd238e20d40adcec2b3d076a6778151cca6b5c7323,2024-11-12T13:55:21.227000 +CVE-2024-51489,0,1,0cefbe4dbcaaa0866187eb099ea8321597437d0d4248404acf8187700f80279a,2024-11-12T13:55:21.227000 CVE-2024-5149,0,0,35aba13432990695b4ab26ada33d31578be519ff456b8edf807a15027d0b18f5,2024-06-06T14:15:01.960000 -CVE-2024-51490,0,0,a24e57d3b6c5ced93a3ed78a648d89b5e6bf7f69faff3e7b8785b3e5525b5c12,2024-11-11T20:15:18.987000 +CVE-2024-51490,0,1,e5bdf7d95e72c9b23f7eecc13cbbb80b5cece600f0fbe7e15102dd77e088e5e6,2024-11-12T13:55:21.227000 CVE-2024-51492,0,0,0a58c7013d2cd1abea36461b62b0843b3a8fe747b96ce2f6ac388e3c542b0b6c,2024-11-01T21:15:15.080000 CVE-2024-51493,0,0,905ca061a7e2249944cb0aec37c9054b75e237343bc05a733cf47492ea8f9f1d,2024-11-06T18:17:17.287000 CVE-2024-51498,0,0,a215c64a461c357224f24d4e16a3f3f3214ac081278e197bc9556945ad303f5e,2024-11-05T16:04:26.053000 @@ -265187,85 +265214,85 @@ CVE-2024-51561,0,0,d71b2d828707663b98815777acaed98461639611e766153c60c99f137da7e CVE-2024-51567,0,0,9629c1871377d5b3a8fc7e24f37cf5fff8c7d9ecc5af9890fa03e865aa78aead,2024-11-08T21:14:28.807000 CVE-2024-51568,0,0,ef96c64ab696ce1dd0f4d9f421838b3895b55219506da5bc264e22e1b5e0e5b2,2024-11-01T12:57:03.417000 CVE-2024-5157,0,0,24d31b037c5fbef35f77d9be746cd537f78e6f1e98b9c21955d97a62fe59949f,2024-07-03T02:08:34.407000 -CVE-2024-51570,0,0,039ecc17621b1db181f9096c9a875f2b9973a9cc57be3840bb82f92f55e97e7f,2024-11-09T09:15:03.520000 -CVE-2024-51571,0,0,41ccf63bb3b0b3ddf40df5ff7e749b0672a24b626f857f242cc3e93f7f95ef9f,2024-11-11T06:15:05.300000 -CVE-2024-51572,0,0,20d90174e9a21d4c7fd8cef4b7489770d63354f30c48858de7680a0a50fe7826,2024-11-11T06:15:05.600000 -CVE-2024-51573,0,0,3defddb0e63ca1f86a8b578de590d6422421a8d3d1f258aabca98ccf4fe59dfc,2024-11-11T06:15:05.887000 -CVE-2024-51574,0,0,eed528b85a0bf8e25eff7180b1de31b7d3cdf4bc0e064fcaaa40937d1f34d6f0,2024-11-11T06:15:06.160000 -CVE-2024-51575,0,0,b281eb604aca1e345115ea23964bcd40269ca142b394d819eda8265d20a8b8b2,2024-11-11T06:15:06.463000 -CVE-2024-51576,0,0,a401de41abd8574bb548a71c8fd11720ef3b4ee5f5fd82fc244607328ff684a3,2024-11-10T12:15:19.290000 -CVE-2024-51577,0,0,d0ec203417f086b0461ea98ce73b532fa7574e308c18cd79bf8790574f0a3173,2024-11-10T10:15:04.877000 -CVE-2024-51578,0,0,c1360c7172cbee5cc357cca65f2404f3c3f06119fe32e88a6590c342673fc1db,2024-11-10T10:15:05.270000 -CVE-2024-51579,0,0,a681396d9384ce7f62ae294a5abe6a50486fb6c3c0f1c9412b7e98748fe5f97d,2024-11-09T09:15:03.903000 +CVE-2024-51570,0,1,c32b58de950118e1e049594e92f53929812b854ff223f3930e4209ac944b600a,2024-11-12T13:56:24.513000 +CVE-2024-51571,0,1,3fd77a33a50e24f063546fc706f0cc6af0599e1b1745ad0ad52f8eaeb4035ce4,2024-11-12T13:55:21.227000 +CVE-2024-51572,0,1,e36a0d79fd5466e04d56f9d05b85ac8bdbef478a0fdb70e313323a42a460bbc9,2024-11-12T13:55:21.227000 +CVE-2024-51573,0,1,c432194fc3380fbd38edd3d2a88d8599c5647c8bdc05f1fc683b484e2b3b5f45,2024-11-12T13:55:21.227000 +CVE-2024-51574,0,1,9c654cc0482b25776b4f75ca34d186eb76f7e060745b35b5856806eeebb16d24,2024-11-12T13:55:21.227000 +CVE-2024-51575,0,1,254f25158e3aabddeb5476e398058610db2121dc5bcdddbb7824411226a2ee06,2024-11-12T13:55:21.227000 +CVE-2024-51576,0,1,49e1f9dd0373539f7b95614840fb33163156d2af984ac21162548fd9ce230f24,2024-11-12T13:55:21.227000 +CVE-2024-51577,0,1,27478846db3291cf5df4d743022cd029160e1c2262ce8972a66d697c0fc9efe6,2024-11-12T13:56:24.513000 +CVE-2024-51578,0,1,e4c0bd743bc0948822fb1c77e5f2361d4f6e3e814050867c1549548fe955e80f,2024-11-12T13:56:24.513000 +CVE-2024-51579,0,1,8ae8cfa212f9001fc90242d533effbb068d26cffd78a0f0bc338ea4caf58bc15,2024-11-12T13:56:24.513000 CVE-2024-5158,0,0,b58e7eaee1d1dd9c5e85390b8596c36aa736d240ceb0715ad1a8e256309daea1,2024-09-15T19:35:04.757000 -CVE-2024-51580,0,0,b38187efd383cd0888a3d8d847d5f2da0b00d604b3552caf82283695ea73edf1,2024-11-10T09:15:03.310000 -CVE-2024-51581,0,0,11999a08f0b5721713a3c58bb05a4a9035287999564930b937d80332d76ebee9,2024-11-10T09:15:03.573000 +CVE-2024-51580,0,1,e2a32c41257caec3031326bafdc3550ec3e06f2bb007bc587302a53944b829ec,2024-11-12T13:56:24.513000 +CVE-2024-51581,0,1,a5e4593a055514b3e859c7a86f50e9a2ed71a180696f8050c3810f639f2ebcbb,2024-11-12T13:56:24.513000 CVE-2024-51582,0,0,9c6a2abc6ff39ea954384c7b38779cdbe6d44511f3a75194c8ab9223c55c709b,2024-11-06T15:47:13.077000 -CVE-2024-51583,0,0,1f06eff87d966a1366cf3589d3fa5bf78660168897a8587a2b5bd33ab2d044a3,2024-11-10T09:15:03.793000 -CVE-2024-51584,0,0,b2dec9205ebe8f37f36f0d050911d2b8320c1f45438a77d2e933bbcd2365839d,2024-11-10T09:15:04.023000 -CVE-2024-51585,0,0,578da6d299d3db497adff9832294f12aa0147a27234f59f4b6b3ee3b9f23e492,2024-11-09T15:15:04.480000 -CVE-2024-51586,0,0,f6492618139ba3ebc27db38c3c4f0940a20a67b854b176959f69b7bc3ac513c3,2024-11-09T15:15:04.697000 -CVE-2024-51587,0,0,10fc71b006c11151c72ed52a3995f11a001d40df57658d9cd056025cb7b05079,2024-11-09T15:15:04.903000 -CVE-2024-51588,0,0,678247e724f4809eecc108e29695c0339fbbb18d71054fd6727d49bc637d2182,2024-11-09T15:15:05.113000 -CVE-2024-51589,0,0,44ce7cd26e7018ce637e0701614fb70f8a8a5903cb2eda4cd918801b1f179e40,2024-11-09T15:15:05.327000 +CVE-2024-51583,0,1,c77d595da3f05eb3dcd27ab59c74c06830416a1e11cfedf13223d1c1e952987e,2024-11-12T13:56:24.513000 +CVE-2024-51584,0,1,298ca816ee40f0cddf11db4cd81fe9334a204f71585feb600bab8dc026120fa9,2024-11-12T13:56:24.513000 +CVE-2024-51585,0,1,f8f0159c16016c8277cf65597d8f99b43d67be3e4576e769b2c2d94060d5ff5c,2024-11-12T13:56:24.513000 +CVE-2024-51586,0,1,a8972424c5984945ec92c9d745b8e4e19d8648e53cf9bf4412423a5729e18a26,2024-11-12T13:56:24.513000 +CVE-2024-51587,0,1,e9f51090d9fa9675336bc7bbe1c57c65ee721fe84e77e75530bdeca2bbd3390e,2024-11-12T13:56:24.513000 +CVE-2024-51588,0,1,86887bb25af63d8afae760e3bff597b6e65d20856876b111e550c616afd70db1,2024-11-12T13:56:24.513000 +CVE-2024-51589,0,1,4352c7b10d513c73c468cf162405842f1aca94517899c3343788aa1230c49906,2024-11-12T13:56:24.513000 CVE-2024-5159,0,0,6487690749e64572084b0b1ffb84b7950e8b682c3129ca3d21d0dbc204e9ec91,2024-10-25T19:35:15.010000 -CVE-2024-51590,0,0,fc948662d4e481d1de07045982eda92a48b3b0b80ee957883b4eb8c9fc1ad9e0,2024-11-09T15:15:05.557000 -CVE-2024-51591,0,0,27054c20c1c0f5c84f3f94ef28bee053d3ab2c17d8cb82e2c7c29adf513afe06,2024-11-09T15:15:05.767000 -CVE-2024-51592,0,0,45a7301a581146ba59ebfaf99039ebd8980cdc536c37be656ea1847a286d12fa,2024-11-09T15:15:05.983000 -CVE-2024-51593,0,0,85e5f206221ed7f704863e15f6709a1565a870420342709117f88ab6fc1e40e4,2024-11-09T15:15:06.197000 -CVE-2024-51594,0,0,24a0d92ca5bc7bd959edad70405f6087cd9c1582c09206083333ca68dbebaa05,2024-11-09T15:15:06.403000 -CVE-2024-51595,0,0,3ff940ad14a2248ecbe170948513b9712e88cbe332410f0ca91779a1009acfb3,2024-11-09T15:15:06.613000 -CVE-2024-51596,0,0,0ab8ff62b238b001bab57237cce6b32ecf7045eb6683d0c9d108d64be0c02b69,2024-11-09T15:15:06.827000 -CVE-2024-51597,0,0,848a95182a8a319de317e9e9daac7d0d8fce4a13419b3debc9573320c52023c0,2024-11-09T15:15:07.050000 -CVE-2024-51598,0,0,800616abc33b39ae3d9a38985882a519f78f4561d6ccc31895aaeed0f1b8732d,2024-11-09T15:15:07.277000 -CVE-2024-51599,0,0,dee22097889b5e0efa0ea098eee453ad120dcbe6bf122c51836856f557245ca9,2024-11-09T15:15:07.490000 +CVE-2024-51590,0,1,2b2dd3629e58a1a0a584c789ff16e47b54d755aa79cd57fc09a49fbe103244b5,2024-11-12T13:56:24.513000 +CVE-2024-51591,0,1,6d2975a097891da87bbd5c82248101e38c5dac59ad3f3a768163709cd8b12c7d,2024-11-12T13:56:24.513000 +CVE-2024-51592,0,1,d7967d1b981bf412d08b0a25269c7d321b022b9cea0f3a4b67df42b6afa94a25,2024-11-12T13:56:24.513000 +CVE-2024-51593,0,1,0b8922825fb0b901603d2f67d3b43c5b8e0349818c9523e9ebd1542dcf2e04bf,2024-11-12T13:56:24.513000 +CVE-2024-51594,0,1,6349168b6c38502c80c5202765ac4a54912ffa4126b37a3166a4be8b98199c58,2024-11-12T13:56:24.513000 +CVE-2024-51595,0,1,86c632a830d98810cba6685fef0932835324b783d480bd1e19dc70d238e88d12,2024-11-12T13:56:24.513000 +CVE-2024-51596,0,1,68d56f326e86c174368dc8e5c4f277c0b65894f0149206735201856a3bb51840,2024-11-12T13:56:24.513000 +CVE-2024-51597,0,1,506ea8c3ccd37fd10cf92a9da4f6b30af469b7e869d78e2a86278b8ad4eb302c,2024-11-12T13:56:24.513000 +CVE-2024-51598,0,1,ab45aa537bf288c8af2bb6366c2e9a74b71582c9d0d27efbfe545b94537181da,2024-11-12T13:56:24.513000 +CVE-2024-51599,0,1,5cd988e2787a53cdc2d1a464fab74b9367513165a89a10c905f4537cb27134dd,2024-11-12T13:56:24.513000 CVE-2024-5160,0,0,761bdadb9ac3f89d156978519ca326c5704c62592c7f03e703ecc7e802a865d7,2024-07-03T02:08:36.807000 -CVE-2024-51601,0,0,f8b0bc7018ab4fb0f5b29df67ee6a52450a85971ea8523f8447f639564764ed8,2024-11-09T09:15:04.143000 -CVE-2024-51602,0,0,65910ca8054ba2d0ef40813e9d218a919298c86ebf4463cb39fe4d811225069d,2024-11-09T09:15:04.403000 -CVE-2024-51603,0,0,848a7601d333ecc49c48d5a6b7b76ce9566e9842a3091f0bd95d45232dc3df7c,2024-11-09T15:15:07.710000 -CVE-2024-51604,0,0,21792055ac7a8b9857613739e4c2f7fe13e0154db28d92ff8e2f05b82a58318b,2024-11-09T15:15:07.920000 -CVE-2024-51605,0,0,e471658e3e86618026e47ac4375301896d81166cdcede85f97f25e1b86675b58,2024-11-09T15:15:08.123000 -CVE-2024-51606,0,0,70c40f4783ad953fd8107406a7c902ea9f56e8117226ccfe26837cbe45c9abc0,2024-11-09T15:15:08.380000 -CVE-2024-51607,0,0,28fe43e9d11499b5739098fd9475a33578baad8f3faf8e60106ba9d94e101c47,2024-11-09T09:15:04.723000 -CVE-2024-51608,0,0,373faddc01b78f489de9f76766643fba9d517773085cb5be407cdde60696427d,2024-11-09T15:15:08.593000 -CVE-2024-51609,0,0,35dd93e139bf62bc6841da00e43434d0a648edfe8bd52252550c0df8fc4f1c54,2024-11-09T15:15:08.810000 +CVE-2024-51601,0,1,1c0dbdb8639065f7f5ea5f6062d0125a4c4ce4b0c601912e96fe5db543ebfd2a,2024-11-12T13:56:24.513000 +CVE-2024-51602,0,1,822f9c86566535e8535c86995cf3af8d3cfe52baf5520ff85e767e1c3e7259ea,2024-11-12T13:56:24.513000 +CVE-2024-51603,0,1,8b39030ffd0cb3459341d14dd644b429e38d44c25946f2093686635047f23972,2024-11-12T13:56:24.513000 +CVE-2024-51604,0,1,d6aae3a059c834fc01b3c5ecd18a671e61f67a1403ae9009e32e762b5707c5b2,2024-11-12T13:56:24.513000 +CVE-2024-51605,0,1,3181370e86e19cb15e2ba0b512a12ea9b3036b112f432239f6f810bbb742dc02,2024-11-12T13:56:24.513000 +CVE-2024-51606,0,1,61d903570c41f8ecc789fdc77801e89c3d78ab8cca550fba71efce5b622081e6,2024-11-12T13:56:24.513000 +CVE-2024-51607,0,1,6430a32ad0ccdbe2b5e85b260802defe649419f41be04507feb4e50aaec51a17,2024-11-12T13:56:24.513000 +CVE-2024-51608,0,1,46c5636e6f48f84a8b05b616194b0dcea297c89a55c4ba43c6768a441aed0281,2024-11-12T13:56:24.513000 +CVE-2024-51609,0,1,bdacddd36d4478311d0e370dd66653041590222d52917f624a76f218c050dde8,2024-11-12T13:56:24.513000 CVE-2024-5161,0,0,f120c7db938e25c7983d6c400da502880d5ffbc93ab4e5e05351c3fca8fbd038,2024-07-24T17:54:42.387000 -CVE-2024-51610,0,0,7144253946be3bd23393bf9cd0fb3625a164293599b264168b9d09f358628371,2024-11-09T15:15:09.033000 -CVE-2024-51611,0,0,a1c7b55632766f999c50ceb474bf5f93e764cbd367cb56a7927e094170189144,2024-11-09T14:15:14.537000 -CVE-2024-51612,0,0,d8d2e5a1952fe97366d1c883146d86d637e6ae1be4513530a155b064f5a4e97a,2024-11-09T14:15:14.770000 -CVE-2024-51613,0,0,48814c5d9d29b48337bf1136921b5b454eeba534aa2d124ee032c8ef2d29bc5b,2024-11-09T14:15:14.990000 -CVE-2024-51614,0,0,66b5ee90c0b302197539773507e7f0338f93673fb5307ab2361bdf419f940792,2024-11-09T14:15:15.187000 -CVE-2024-51616,0,0,653099b3f9d615e96ef521899bb7255853291da598e979248b6eb7d01eb685bb,2024-11-09T14:15:15.417000 -CVE-2024-51618,0,0,d976054d82d5bb3ea7ea0958fb4ecf5aa799039b69fa23f94f32ba3245df268b,2024-11-09T14:15:15.630000 -CVE-2024-51619,0,0,7b9adbce50334715f82819683106fe3ca0247002f17902275c59943d46b23204,2024-11-09T09:15:04.983000 +CVE-2024-51610,0,1,0c5999073d5ab9119b43a93ca30f63ab8745f39e68c0616117ee986d0b9671e4,2024-11-12T13:56:24.513000 +CVE-2024-51611,0,1,df71ebdad6b83784c059a213dbfeff0cd4ad4cfa07621a54c78ae28de90b182c,2024-11-12T13:56:24.513000 +CVE-2024-51612,0,1,68d292e6c4edc9ad2cb6a4f4df85c4beb58f5e75eb303880d4a399c88b63d1b7,2024-11-12T13:56:24.513000 +CVE-2024-51613,0,1,e5e09d28c859e2362905d8484d126a9fa39bc52028d1cd16464bb2210975b217,2024-11-12T13:56:24.513000 +CVE-2024-51614,0,1,63cdeacb54d19dcfb54e02c8657a90ad9ae3a114b299bd21c1e05a1c274f1760,2024-11-12T13:56:24.513000 +CVE-2024-51616,0,1,cf636cc1f193b36cff5e148daead26866a401c0d74193e3062126d3d950e7af4,2024-11-12T13:56:24.513000 +CVE-2024-51618,0,1,a14f9a40a8de2c9a06120521248f457bd75487776ac5e30c5360bbecd2f15681,2024-11-12T13:56:24.513000 +CVE-2024-51619,0,1,9daf6f1e73b14b529f51029c6377343fdb7ce142e1c16778232f8faed4174718,2024-11-12T13:56:24.513000 CVE-2024-5162,0,0,b916c521cfe3c1fb21956086b784f2a8541eeb514496e084206ecc726f921efe,2024-07-24T17:53:33.277000 -CVE-2024-51620,0,0,7d0acc8ee40b0da77b9bec95101bf225073669c749a76a9d899e37667b64ff78,2024-11-09T09:15:05.247000 -CVE-2024-51621,0,0,59ea035e973ab580040b393bdf2cc624eec820b33cf6034f0d0943109bf96201,2024-11-09T09:15:05.497000 -CVE-2024-51622,0,0,1eada15ab74d6261ce50edc6dcbfbbc53df4041acde919713e1b3c1c4c9cfa9b,2024-11-09T14:15:15.853000 -CVE-2024-51623,0,0,36aebd755c038291ef97f2f2dedb04a62422773ef73ec688924e7594d7d8d6e7,2024-11-09T14:15:16.133000 -CVE-2024-51625,0,0,8f6ea3e64ef4e03be272a1ab231fad97165aa74a282a4b2739c0a669e23c823d,2024-11-09T09:15:05.733000 +CVE-2024-51620,0,1,bfd69e25a9e77ddd401d4a1b1999124e3c4c84f4fd212f13fc0e2b6020e1b0ad,2024-11-12T13:56:24.513000 +CVE-2024-51621,0,1,f77cd707e2f21edd13b25bcd0677bd3dea84c4a5f32044d4dfa4bf07c1f93080,2024-11-12T13:56:24.513000 +CVE-2024-51622,0,1,abf9f576a9e2a4294b85ddeadc483f9df973b3acddb40c468c9e56963ee28c20,2024-11-12T13:56:24.513000 +CVE-2024-51623,0,1,85c4aacf63ef4d6d28ee705d04a090e0eb59b6ed29fc0cb08726ddfd4f1c426e,2024-11-12T13:56:24.513000 +CVE-2024-51625,0,1,f4e7f4c713858eefce7560adcb091ba71e60e879c554602c7bb2e06ba68798b1,2024-11-12T13:56:24.513000 CVE-2024-51626,0,0,1464c1c98efb870dcd3b5a35eb6a7feff3782c73b32d47b788148d4cc3703554,2024-11-06T22:10:20.517000 -CVE-2024-51627,0,0,3987fc7e4b19f279249f81a7a5f92b4edd1a83e7e27f219ba58783bbc955f955,2024-11-09T14:15:16.373000 -CVE-2024-51628,0,0,9683a1b51e2141c5aaea7f5761bcf5dc62b4f3a87a9f899c4d886daf8202a64f,2024-11-09T14:15:16.617000 -CVE-2024-51629,0,0,f7dfaa256319ab8c464cbdac1af7606f7a9e1e9ed1f1c4211e59d3588749a149,2024-11-09T14:15:16.853000 +CVE-2024-51627,0,1,21942255847ede6f299a58d60b0cc92425258e5aa2e2eef1513644a14c810aa1,2024-11-12T13:56:24.513000 +CVE-2024-51628,0,1,0416d155e9e763312d6db76fc9fc0ccb947d4e7a8811fb80b47bd412ba9c26dd,2024-11-12T13:56:24.513000 +CVE-2024-51629,0,1,8fd6cffa4a071b783d75e372e4377b945ace761a35b1aa56e5b22b5ec2829df1,2024-11-12T13:56:24.513000 CVE-2024-5163,0,0,1f45f157a740def8c3f1c2e097025198bc2166983108f63600058e7c57408d30,2024-08-21T06:15:07.277000 -CVE-2024-51630,0,0,fc67eb80447636da8d65b0e2386d7d6d62133ea4a85bea96b3f40f61f9d84b9b,2024-11-09T14:15:17.087000 -CVE-2024-51647,0,0,6cee56c73700c88b2e5e771d2e4006f6b88cbe6ef680926f4cf2d1a45e661d28,2024-11-09T14:15:17.350000 +CVE-2024-51630,0,1,22adffaa9039d1fe9e03a4e48d178f89d1bd36af85559e36a535a227a69b456d,2024-11-12T13:56:24.513000 +CVE-2024-51647,0,1,0c6d8f9a804912e43c7869d3b717f4cbcd6166cf1be9c7b6f9ef329e8fce46cc,2024-11-12T13:56:24.513000 CVE-2024-5165,0,0,2b7469c3d25cc1e03e7fcca1607bc78daf489d82c018a0fbc4f3b815c328cf85,2024-05-24T01:15:30.977000 CVE-2024-5166,0,0,5c544eab21844e01fabd3874ed7776a55145987bd3a510311ad16f12f33bd2bc,2024-05-22T18:59:20.240000 CVE-2024-51661,0,0,7f81708d1fd43600536029afc897b01b4855aee3d2fe39c5692b8132139274de,2024-11-08T15:02:08.660000 -CVE-2024-51662,0,0,225d29dd5640c7c45c1e26d4498f88ea1e5653b3e37bd0ad4bb7ee0e586c445c,2024-11-09T14:15:17.617000 -CVE-2024-51663,0,0,e065d28cbd78e5d78380c9b6924808f93eead066733fc551ee2f95335b54ca02,2024-11-09T14:15:17.847000 -CVE-2024-51664,0,0,fd4da8775bbcd91f9ae362b4499b35e9d20c4835f76cb62ca1138161e341e89a,2024-11-09T14:15:18.067000 +CVE-2024-51662,0,1,f5359332d7a9d4e37aab99663d0e73af1a60912d65021c3415523622490d6f78,2024-11-12T13:56:24.513000 +CVE-2024-51663,0,1,ddfbfefbc7a60682ba4fd5adc3f91d6c6ef86922dae3505b62e59555b1a68629,2024-11-12T13:56:24.513000 +CVE-2024-51664,0,1,f57811c0abc589cff3297f759189abd0529924ea2c107b407c1d4b0c093360b5,2024-11-12T13:56:24.513000 CVE-2024-51665,0,0,836ecda2a38ee75dca042d09339ec8247ed79262a6a8d01bd25035a2e84a5ce0,2024-11-06T22:07:10.707000 -CVE-2024-51668,0,0,45893e8ee84b50abf282ca7d929600355d535d1e7526c2e5bb9fec883bd0859a,2024-11-09T14:15:18.297000 +CVE-2024-51668,0,1,48200efc7fac31c23a0a8e5fafa9bdb1f1a59950a3bf4f32ad9a9c87a472f1b5,2024-11-12T13:56:24.513000 CVE-2024-5167,0,0,a26d674346a63d8730649864e3fcc22e33fb8b5877ed990bcd49874aef8d8c48,2024-08-01T13:59:41.660000 -CVE-2024-51670,0,0,b19e521288dd022fe50273909f6653592a16ca8567641be8ee6fdb5e7121e770,2024-11-09T13:15:05.007000 +CVE-2024-51670,0,1,6b1c3ded81e899ea83f78c72687b003b0add9ee5b9d5d075c91040d8d36272c7,2024-11-12T13:56:24.513000 CVE-2024-51672,0,0,14a5ef0a87d874231b0f786642aa34aa9f0064d5c86f2b9992f4fe90d62559ab,2024-11-06T22:08:22.747000 -CVE-2024-51673,0,0,b94093fc96f19a118bd1c1dc2b0b7d8b44f195b9d68e7545de95134408948336,2024-11-09T13:15:05.230000 -CVE-2024-51674,0,0,293a8b97cc6ca1872e02037fb85f982a489a3d079d796603861223dd6f457ab1,2024-11-09T13:15:05.450000 -CVE-2024-51675,0,0,e723fdf261b084ca50aa87431a61db2993a12441ad55fce02442a070690ca250,2024-11-09T13:15:05.683000 -CVE-2024-51676,0,0,2972f05834e68f749c184700880499939a46d588904a5070d0cc6d018cd24023,2024-11-09T13:15:05.927000 +CVE-2024-51673,0,1,d34bce6a7d43c01ace9bdee2ccc10759fe0c1d8a6fc2a33e6ae5bd38a291ee03,2024-11-12T13:56:24.513000 +CVE-2024-51674,0,1,82fa9eccb17564915494c98b05516dacc01351f00ed5d96df7b44f2aa0556e72,2024-11-12T13:56:24.513000 +CVE-2024-51675,0,1,8a4bacc24cff024145f3f2bcaf3202f909b690eb8b24ec3863ccfd5d108562ed,2024-11-12T13:56:24.513000 +CVE-2024-51676,0,1,ece0a16779fe3a19431027941663a0cdb1298b76465f9e748c1eef77d20b83f9,2024-11-12T13:56:24.513000 CVE-2024-51677,0,0,8b0f7a3853108bd14021b832cd2914a4bbd49dc774029c03bf84670c6d192320,2024-11-06T22:10:31.677000 CVE-2024-51678,0,0,ce4086679232add4ebc40be30bdc12f20f02b66e38c181d2556e9473603941fd,2024-11-06T22:10:45.103000 CVE-2024-5168,0,0,cbe1b6c96aef7b506dd526cf00951c936dfc5233fd9563b4af0bf7fdab7a5899,2024-05-24T01:15:30.977000 @@ -265274,38 +265301,38 @@ CVE-2024-51681,0,0,6987ab81beb2df0eaa9da220f2d791ed5d8df3f0e18bd37d9a9b390a4eaf5 CVE-2024-51682,0,0,aaba0581a3d811571ae104155388a45dd47ae531ed284c6ab0022efdb152fbe5,2024-11-06T22:12:02.353000 CVE-2024-51683,0,0,f59d50717ee7305489d521abf4c5c1ef491e4436568b0e3c6dd145e0ad77427b,2024-11-06T22:12:19.803000 CVE-2024-51685,0,0,3ec6f589ce8427b20bd90f3e3168669c47fda17fa0f474f038e9a6e94e0e60b9,2024-11-06T19:34:31.590000 -CVE-2024-51689,0,0,4b02db191a01a74ea86a20ac2c12d173860ae323c11060fa4a313fcb0453e005,2024-11-09T13:15:06.187000 +CVE-2024-51689,0,1,ab2f405c7815c7db8e61d12d5b0c31d4e0752b7068e1e475bf3338853f840d9d,2024-11-12T13:56:24.513000 CVE-2024-5169,0,0,882a6aa1fee4c71f4df51ce353ec6b27431ae776e2b2b23b3c5ba8c59ca21797,2024-08-02T15:00:10.200000 -CVE-2024-51690,0,0,a1107b226e64bd8a908e28eb408c5982aace0252b481e97fd57be8894f1c30b3,2024-11-09T13:15:06.407000 -CVE-2024-51691,0,0,c67cdc2a1abf2c7c4c1d4ff938df5febaf90fa6c1949d81699057299ad6f4285,2024-11-09T13:15:06.640000 -CVE-2024-51692,0,0,a880e41212d7b5b763eee1de97a818edc7a8a29179032edbdf2a42a3114c3fc3,2024-11-09T13:15:06.883000 -CVE-2024-51693,0,0,01e90e0e11252f65a521f9a56f79f2f323f24dad6966ca78613a4279984a854d,2024-11-09T13:15:07.107000 -CVE-2024-51694,0,0,58a390e719eac00c6f2787f5b67aff47ecebdfc6251e88d15164c55f83ff2d52,2024-11-09T13:15:07.343000 -CVE-2024-51695,0,0,b0a09db47190280a5dc7f1c5e286bed66536118f7e4451e0712c3c5fee574e7b,2024-11-09T13:15:07.563000 -CVE-2024-51696,0,0,92afedba171f3d4ddf64acb30522d5031fa65f3b67af374beeeae463bdd58421,2024-11-09T13:15:07.803000 -CVE-2024-51697,0,0,9a339e1dc9a4848222f6f3c6fd2ca6085d4d93bf386bd07c519c33e06d03cb9c,2024-11-09T13:15:08.033000 -CVE-2024-51698,0,0,534d63ca17301e528996b2d0ff4607777e9379646bac1df9bbd4206cce01cc42,2024-11-09T13:15:08.273000 -CVE-2024-51699,0,0,f1589a26184c0455635d6264964baec6d9fd1ad1f758c7701da30f834eea9a37,2024-11-09T13:15:08.500000 +CVE-2024-51690,0,1,7e5eae0ff5cca9f377bf464de65b2d968392e357bd55f7a073753a3ee3d229f4,2024-11-12T13:56:24.513000 +CVE-2024-51691,0,1,73e6d824a16ca2782aa18803ed40c7a2a2ad8c22f8cfd7d2ae458a7c863acfc0,2024-11-12T13:56:24.513000 +CVE-2024-51692,0,1,47142521750fc5f4c80a2ebac833b7c85cd8456885e91d2e5bacd3c692628f26,2024-11-12T13:56:24.513000 +CVE-2024-51693,0,1,c07fcc774ae6d0e57484ab2e3681c3f6c40033af3041dc057a94b27a5e935d75,2024-11-12T13:56:24.513000 +CVE-2024-51694,0,1,405ba0cb4039940fba3e9cc7dbe1f19206ec5a92959ada9868178d7ee01c2666,2024-11-12T13:56:24.513000 +CVE-2024-51695,0,1,03c9f54b09d56f452f87f9074532b6db757e822db9f539fcd37d6cb3d848c51e,2024-11-12T13:56:24.513000 +CVE-2024-51696,0,1,99feb95f48ce54a04d7be9d4647c1c6609e4f842e1c0408a55ed0fd453c83350,2024-11-12T13:56:24.513000 +CVE-2024-51697,0,1,3523ef8d826117bd1ef77395e3670abefcbeee0e3d278458ef60961056f152e4,2024-11-12T13:56:24.513000 +CVE-2024-51698,0,1,eea11ed9477fdd5218efa57f0ad2bd0031aa264b1925f49532450e5f091a4ca2,2024-11-12T13:56:24.513000 +CVE-2024-51699,0,1,2d2d226f52ac90c3fa30972780fa9b96b80b51538ca9b15d46e74b821c52288d,2024-11-12T13:56:24.513000 CVE-2024-5170,0,0,0357b8fbab1b76f01ca0dd625bf87ec8b80f7fd2d35927c69b68200ba07a11a4,2024-09-27T18:23:43.833000 -CVE-2024-51701,0,0,9903779181d3ee22d28c36badb8c727977596ad7caac2b315b723982fa61e725,2024-11-09T13:15:08.713000 -CVE-2024-51702,0,0,fd0ec083eac61a5afa0c154f404694818eb529a317ba50c6f6c36f9ded067a2c,2024-11-09T13:15:08.940000 -CVE-2024-51703,0,0,e5ccbcdc94e42b283eeeec72c694f620a16b7a7d570b633a95e0c93014ed80d8,2024-11-09T13:15:09.173000 -CVE-2024-51704,0,0,a25d6e4498cf769bf1566fe966d1b5015fca03630bc854be0e89f88d1f280a89,2024-11-09T13:15:09.410000 -CVE-2024-51705,0,0,f71f41e5339efd5f196e87b48dac24788bf2b41543f86cbb336e4509ee07004d,2024-11-09T13:15:09.617000 -CVE-2024-51706,0,0,813245e45ad3eea40151ece807c41aa51abb8072e263faf398baa248fa181b40,2024-11-09T13:15:09.853000 -CVE-2024-51707,0,0,653f48822186a64063468afd41d498eebdde5e1d2b8592a130c66947f4a92df7,2024-11-09T12:15:17.690000 -CVE-2024-51708,0,0,a7e8a22091fee396d12d24a7e749dabf3bd134ce26fe9f343f076641c7efbae0,2024-11-09T12:15:17.927000 -CVE-2024-51709,0,0,1f69180db7eba60804bb79547de0f2a15b9310b317034b0ad4b978de84b58adf,2024-11-09T12:15:18.137000 +CVE-2024-51701,0,1,a586c11793c47bd17e207fab7c67c7f2260940d62d944e91b4e9e097d808ea7e,2024-11-12T13:56:24.513000 +CVE-2024-51702,0,1,82ae209d2756295e5bea67525c41b31407d6ceae0da0dddafd38107d0139f983,2024-11-12T13:56:24.513000 +CVE-2024-51703,0,1,c6b1145b54c4e92b7f05c62235c5c4aa72981840a664d70b0257efb79547d791,2024-11-12T13:56:24.513000 +CVE-2024-51704,0,1,01648d5556ecfa261367de2758d23be56c91dc29712af306d43da9b9153a9c7d,2024-11-12T13:56:24.513000 +CVE-2024-51705,0,1,29543c44afbfcf598a216d62a52f59ad9e5b0df556463bcdeb894c3b0ddd4581,2024-11-12T13:56:24.513000 +CVE-2024-51706,0,1,cea585faa0d53f3f169c3047aa9884215b01c5b80225d91a2aa02d33fda0f501,2024-11-12T13:56:24.513000 +CVE-2024-51707,0,1,9fb9157ee7d77ab97c05b3130fec7d80b6875bc3a58fe9db0212bfb5caa23339,2024-11-12T13:56:24.513000 +CVE-2024-51708,0,1,49696148fbe3773822145a4775c82910ee1f300f0b84f471768a3d8b9394d448,2024-11-12T13:56:24.513000 +CVE-2024-51709,0,1,ec790ee466bdc716f10d562f0e219bddd7045fea97307ba233e05a4d07d1444f,2024-11-12T13:56:24.513000 CVE-2024-5171,0,0,dd574bf92e93c62d270c5e3b0cb384556e01dba1d43a5b9db2a02845fa564cb4,2024-07-23T18:09:56.753000 -CVE-2024-51710,0,0,220fbd3a528c2f19f231ce759e770ab137210f7dac5492b6f005a3fdee38f8fc,2024-11-09T12:15:18.347000 -CVE-2024-51711,0,0,915726a9568184d9abdb5d0b92953dd48d47aaa655a4869fa852283752ca87b2,2024-11-09T12:15:18.553000 -CVE-2024-51712,0,0,a80f52a7eae350133502d6f08945a55b810de8f7f507e39d5ad73d1bf36a6e24,2024-11-09T12:15:18.763000 -CVE-2024-51713,0,0,1cecb4cac8ca7d8a219204b75de29f844bead52141bf8ba2ac7819ac6ef90b4d,2024-11-09T12:15:18.967000 -CVE-2024-51714,0,0,7d4c6ef288b72d0192681b9eb1162922c1d5432c8127699df1200de9fd459d9f,2024-11-09T12:15:19.177000 -CVE-2024-51716,0,0,7e35e8484646b5056cc16d89d501e03529e22ce523c866367012a5f99a8e4bcd,2024-11-09T12:15:19.380000 -CVE-2024-51717,0,0,eb3e9e920809e461fd3f578e6c59f47b96b8f3fa024d68a5bf5d9d2f7790c272,2024-11-09T12:15:19.590000 -CVE-2024-51718,0,0,ee1fbb4ca4fefe2cc34f12d3a47e678291fb8dd4def6ee58c68ce17307ef96df,2024-11-09T12:15:19.797000 -CVE-2024-51719,0,0,ee07ccdb5af63a1703f92f6e8fc87d746aaa1b8abfa642c7f65d118fce1fa1a3,2024-11-09T12:15:20 +CVE-2024-51710,0,1,70931eab0d5b7a21719ff2b6d555599d0ce4726240f4e7296e212acd929260fe,2024-11-12T13:56:24.513000 +CVE-2024-51711,0,1,01f590c4e397c81c30d97e92bcdaef91a5682a52934e80ef247786a90f50633a,2024-11-12T13:56:24.513000 +CVE-2024-51712,0,1,e558b7c3b31e3fcad2ab19cc90b9a732f09ecdc9f9078218a00b275c5807cb52,2024-11-12T13:56:24.513000 +CVE-2024-51713,0,1,624c6a153892492e7eed7078062f5868671ea49bdb1ed6937bb39ab3f7a4e6e3,2024-11-12T13:56:24.513000 +CVE-2024-51714,0,1,660617ab66d52c525eec86941dd5e09f48bb227807f79886233efd581781f3e9,2024-11-12T13:56:24.513000 +CVE-2024-51716,0,1,54f23a045bbb3ca5c6a112d92fdf88e12f5dac28e05af31c540ec5f29b0c9e82,2024-11-12T13:56:24.513000 +CVE-2024-51717,0,1,0528e0c7d07059ca5fe41ea6d661ea92cc786d699804e48039ef2d1479e3a43a,2024-11-12T13:56:24.513000 +CVE-2024-51718,0,1,9aa3261b8e536504ad8ba3c429c49299ec7c49e625e7595a30d4e4107362d460,2024-11-12T13:56:24.513000 +CVE-2024-51719,0,1,7154cc207b4cfbe8cd3be353a6dbfab77953efea32b8e79fce767fd25daf7885,2024-11-12T13:56:24.513000 CVE-2024-5172,0,0,b469524ff2309ced9aec08b056578c23e8b8b5248adb8fcea2b38cb214c81275,2024-07-05T14:05:48.213000 CVE-2024-5173,0,0,e808cbd0ff507575dfa32503bcc3a2123c9461298f1a4a4ef8cd294367da6464,2024-06-26T12:44:29.693000 CVE-2024-51734,0,0,1cd13d8635d39c437cbb33b350735ec8f4fced2309825670ef2275f584df030b,2024-11-05T20:35:26.167000 @@ -265316,8 +265343,8 @@ CVE-2024-51740,0,0,74dcd62c794431349724c21a2a10e6fc9dfce3314bc46b9aad9df5d89f4c0 CVE-2024-51744,0,0,df641a1b86566e97bb7074f2d337c50f51346569211bd554409b057e4c4da639,2024-11-05T16:04:26.053000 CVE-2024-51745,0,0,37db28606ad10f651e6f62f94e51def5fb50b1cfae8314bc96328b8b65ad324b,2024-11-06T18:17:17.287000 CVE-2024-51746,0,0,3cd98a267aedbbeeb4ad193a68e5bacd0a1a46a62f6ccca5880e9520a47fbe14,2024-11-06T18:17:17.287000 -CVE-2024-51747,0,0,246559e734502f9806fde4ea12a15a6e7d8fd9d4645d3c1271c41a4bf9221ee8,2024-11-11T20:15:19.197000 -CVE-2024-51748,0,0,2b320563afce5194bd563878475673dc5db5794c93861560d1285bc31bef4f9b,2024-11-11T20:15:19.420000 +CVE-2024-51747,0,1,25d6bd0ff3f85d39d80ee11112a05e1ad8216b6c2fd2794d35d1e9542fc2ceb9,2024-11-12T13:55:21.227000 +CVE-2024-51748,0,1,9b7477705169f4bb30c6616f4b3aeff3f2e76cd4ce9e40c06c7b918e82c19551,2024-11-12T13:55:21.227000 CVE-2024-51751,0,0,5e82f37cf3dfc23b4c489447a3752cbf986237e64e94f63b0a07a70b000b7b12,2024-11-08T19:01:25.633000 CVE-2024-51752,0,0,e4bd7dfff09e294fe713d9b76aba7fd50689256bee0d75d076093e0fe4805888,2024-11-06T18:17:17.287000 CVE-2024-51753,0,0,bf33e866ff4adcdc8169c4272817d8f4f57258218421ea7cafddbf38a1c6e30a,2024-11-06T18:17:17.287000 @@ -265326,45 +265353,45 @@ CVE-2024-51755,0,0,8da46be2050120e871a46966a709a4a6c341c8b76decbe7d2852b8155e882 CVE-2024-51756,0,0,7e7db3439c4e45c36bf53dc70dbe779b982ce3f3056b8757e470dab737dd37ba,2024-11-06T18:17:17.287000 CVE-2024-51757,0,0,4a6a6f5d284f7e398e40f49b0f871e08dca74b70a20c565e444a807f2ff3adcf,2024-11-08T19:01:25.633000 CVE-2024-51758,0,0,f380eb8d34567367d647061664429271d9307b0015af8f1ccfbeb527fa9b8011,2024-11-08T19:01:03.880000 -CVE-2024-51759,0,0,98bdf5795d7a0eadca8c3afd625aff6f9233ca8dad759d07aa9aeecda3e9a6f0,2024-11-09T12:15:20.200000 +CVE-2024-51759,0,1,d7e3fffb9bbe00d7828c69c49042db425ba3a8f69d85eea947e9f519295183f0,2024-11-12T13:56:24.513000 CVE-2024-5176,0,0,095b03ddd1cdcd739bbe8693b41d7d6e416f60f9815e0be55e0b3850508434d9,2024-06-05T15:15:12.620000 -CVE-2024-51760,0,0,b8e9214872eebcd60586af94fe883c7493376439ef5fe1e8b433c29e59855952,2024-11-09T12:15:20.403000 -CVE-2024-51761,0,0,6b6fdae550e73c7050138825e6043c31fb6c4c070dd2a6d7c4c7cd4f029d2afe,2024-11-09T12:15:20.603000 -CVE-2024-51762,0,0,ca079a1d49593526d88752ec0ce9c376b73175b8636f57cd56a98ed1c41ac65f,2024-11-09T10:15:06.593000 -CVE-2024-51763,0,0,445f6974f545868d7470c2814a22283c917440732d4fef8fbde8ccbf6e0070a3,2024-11-09T10:15:06.930000 +CVE-2024-51760,0,1,ed9651aa9154a248687433de274acd9501a7b311268ff1812cf9f76a64d59a2e,2024-11-12T13:56:24.513000 +CVE-2024-51761,0,1,7fba3491ed17cbb0fcacf7e06dec1801a39b2cbb0c39394d461b327fba0f0b35,2024-11-12T13:56:24.513000 +CVE-2024-51762,0,1,d2974582ab4193d4fadecd27c7279e3cb5c2f47e26174ca4e5af6a95c50b9465,2024-11-12T13:56:24.513000 +CVE-2024-51763,0,1,1ab0b26c017f9714f7e7328b764552b7d7949949df835662c6f45441aac0b931,2024-11-12T13:56:24.513000 CVE-2024-5177,0,0,4596ccdb96b84f0f6003dc91187b58acc558e0743564be9aa6ad28db4e46749c,2024-05-24T01:15:30.977000 CVE-2024-51774,0,0,669a599ada079f107ff827e67143f083d374e9861d23daa36ef167763e62d529,2024-11-06T17:35:41.767000 -CVE-2024-51776,0,0,e72cd926ea2f56fd83d1cb9bce310f9788f9e4d4f45a52135cde5d78e08affdc,2024-11-09T10:15:07.290000 -CVE-2024-51778,0,0,108f04c0070d5ecd02ec27be9b652d3bc982732a94b7833583d3bc29324f554a,2024-11-09T10:15:07.603000 -CVE-2024-51779,0,0,5cd4f5ce7c22efbdeb91bfadca0317ed6020c8f7e19a18dac39e367fed9e1354,2024-11-09T10:15:08.050000 +CVE-2024-51776,0,1,5ca2c4eb522419754c0be1183c799032dcc5ffdbcb2b4aea116b020281ac6eec,2024-11-12T13:56:24.513000 +CVE-2024-51778,0,1,cc75b3182d817e23b6259e8bea41efa67ff795e094696a3ef400f4547e1ce14a,2024-11-12T13:56:24.513000 +CVE-2024-51779,0,1,e37c2de45258d18f70482a094dc803ef3315d01cda8dc84fd6b14bd193ca1f62,2024-11-12T13:56:24.513000 CVE-2024-5178,0,0,bd0c2f144426314e1167d96790d03a45b87cc8b4eeec82d66437d8c03cef924c,2024-07-11T22:15:02.467000 -CVE-2024-51780,0,0,7bdc14c0c41669f4c6cbb30fc39bf83a21d0d308fda34c2a55b95c52a1135861,2024-11-09T10:15:08.413000 -CVE-2024-51781,0,0,be73448f44cb0274a19814a6c69f7dfffbbc31b0d52be388bba844cd0280bff3,2024-11-09T10:15:08.747000 -CVE-2024-51782,0,0,805117420bf110a296f8fd081ee3aa0aa2120049b3b2a6021cc1f1723c840f76,2024-11-09T09:15:05.957000 -CVE-2024-51783,0,0,103a90c778aca1a2e216a89c816cbeb7863dc9d3cfe180474965f5d0869279b1,2024-11-09T09:15:06.197000 -CVE-2024-51784,0,0,7aa64ce206753d31a72fc90e88d3fdaf79faaa63fb5fbf0db7f004a9c8d65a93,2024-11-09T09:15:06.433000 -CVE-2024-51785,0,0,662526c0576f391b30458bfb35a6f73c500de5c3ca4181662c9f60655c3abc4a,2024-11-09T09:15:06.647000 -CVE-2024-51786,0,0,c8c231843ca097429e2240c89b37bd7321c861a0358df50f0830851b988e027b,2024-11-09T09:15:06.903000 -CVE-2024-51787,0,0,61f4c49129eae5dbb717fc49549e9a3e0e2149851d5b56ce5575c491d7f74243,2024-11-09T09:15:07.133000 -CVE-2024-51788,0,0,f789db6dd731ec81a60a04477c53b1c2efcf4a2a3cabe1f99227c0aaa73700db,2024-11-11T06:15:06.760000 -CVE-2024-51789,0,0,749d3c90873021152aeb307c1564a1b0ee4725bc9e6263cc021457aee74863f6,2024-11-11T06:15:07.130000 +CVE-2024-51780,0,1,c74a716a41bced56420da16021b14b767618b61de3bb5add3ad89e68171d5ed1,2024-11-12T13:56:24.513000 +CVE-2024-51781,0,1,15a1dae332b2d9e6fb6efa144f29af1d39ceee1bb9fc6523cb643c18ee04a7cf,2024-11-12T13:56:24.513000 +CVE-2024-51782,0,1,aa47abb5fa077405fdecd59e0bf50925aad220bba7367c18c4e0d1d437b2a38f,2024-11-12T13:56:24.513000 +CVE-2024-51783,0,1,e6ae16a07bc3904392bdb24e4cb940377f5c77deaa7d94a979e9e4ec14684259,2024-11-12T13:56:24.513000 +CVE-2024-51784,0,1,2839f6cf77d7f4194a95013323464592ccc20ae56b85b0e04eb5db0ed931d2bb,2024-11-12T13:56:24.513000 +CVE-2024-51785,0,1,08c453c29ca3f09875619fcc196f639eebabf1bcf0974a0511b8032551bf546f,2024-11-12T13:56:24.513000 +CVE-2024-51786,0,1,520a9d7594878cbc5ce52cafc3fcae8311ccf6122d4864b67519a763396d822b,2024-11-12T13:56:24.513000 +CVE-2024-51787,0,1,bab9e4a4fad0f916c45e1911f8476389f1bc62ec3dd9b0ab15962d91798a7078,2024-11-12T13:56:24.513000 +CVE-2024-51788,0,1,01e43f568e06d8e14e8e43f4ad2d756451c1e53633b73ee4e69d2382cb7397fb,2024-11-12T13:55:21.227000 +CVE-2024-51789,0,1,6f331079d91f672217ecc5c30a59ef2bb68a30e28acb36a8078b21af37775d04,2024-11-12T13:55:21.227000 CVE-2024-5179,0,0,ea665152b8c9953ad6e84eb904f7eac78af7e075a45f2a4da51451b13f6b9cb3,2024-10-09T16:57:08.317000 -CVE-2024-51790,0,0,1fb2da026cbbe6cd75ef25fdbcc16b3c17c991ce75150b47ddac6c20234d72bd,2024-11-11T06:15:07.483000 -CVE-2024-51791,0,0,5d7d941d22d8e336aaf0cfe73f385a367ca6f4ac9bc090314fdb30dfb8cb2832,2024-11-11T06:15:07.787000 -CVE-2024-51792,0,0,60b83c73f83b39845b85769f87dc4bfdbc693b8698d2a5925d9b4235910a495a,2024-11-11T06:15:08.073000 -CVE-2024-51793,0,0,cb51d6335dcca254873981f72be2128415b19fa3041a4e58821c7c5d730b2de1,2024-11-11T06:15:08.360000 +CVE-2024-51790,0,1,fba98a5a0db28c31280349a90cdb7b7024352d9f0714027ac377d0f6cd5519cc,2024-11-12T13:55:21.227000 +CVE-2024-51791,0,1,23e57cba494263540d9476be8dbc91c39074a345469e3f762d8046c45490e08d,2024-11-12T13:55:21.227000 +CVE-2024-51792,0,1,fc1eeb5584728befc235c6239684e31ab35d3a01996711d288287f5d00f4e79e,2024-11-12T13:55:21.227000 +CVE-2024-51793,0,1,a33e947eee1155b56fcce35072f8ba98ed10ed03d59e2ba4375497d315b7d991,2024-11-12T13:55:21.227000 CVE-2024-5181,0,0,bbf6825e1d5f360a1a58b67dff2bf4d85afbf0a93fef4d4bb8dfd7975bcf0e60,2024-06-26T12:44:29.693000 CVE-2024-5182,0,0,58b8232fd0b5e70f15eeeb5297ff44723ef92c555fd120d8b123a01ca786d63b,2024-08-27T17:30:21.127000 -CVE-2024-51820,0,0,50929fc8e5daec4d2772e90cae08c97c632365abd35ec7f85c8039f090a366a9,2024-11-11T06:15:08.660000 -CVE-2024-51837,0,0,12a0c371e84220aa2676857016f4b77aaf949c78e7e5c38cbd61a27208efb919,2024-11-11T06:15:08.950000 +CVE-2024-51820,0,1,e0565ea45509b179cbbf7d8bc10d86ac29b20a5974ea39e22274cbbf6efe2431,2024-11-12T13:55:21.227000 +CVE-2024-51837,0,1,d1d1427b6d691dbc75b94eb25f7fc05dd2fd50de2a89774dcf097252dcddb3e1,2024-11-12T13:55:21.227000 CVE-2024-5184,0,0,913e376e9213bf80a4ef6a0008bd230beba5d0e3fbd42416956e3dc16ba16e7b,2024-06-18T17:06:20.257000 -CVE-2024-51843,0,0,14364596433a0f04d5505007d9a992bf3b825505925257e3fe0899390af39352,2024-11-11T06:15:09.243000 -CVE-2024-51845,0,0,f7fb6e0d1495701358cad5d0f49f428717ff737ff653f0a847c78cb59b4ddae3,2024-11-11T06:15:09.547000 +CVE-2024-51843,0,1,6f4210db4ae69f330684f6bf1d87e6d390e139b21fb3bff0e6c4ca708b800b7b,2024-11-12T13:55:21.227000 +CVE-2024-51845,0,1,dbd1c3b4a35b8f99deb6b733f1f6a0d823e2de27d76d535b93cb645196883f7d,2024-11-12T13:55:21.227000 CVE-2024-5185,0,0,0c09010aee9423412314c9f1cbba57fc2fd9ee19c760646e6502f5738cacb7fd,2024-08-30T19:15:16.340000 CVE-2024-5186,0,0,7baed0c201f742c44896dec767d6237c8df7ae961ab3d7ec09eb8b65736716f7,2024-09-24T14:04:47.170000 CVE-2024-5187,0,0,88fb29ce759c452b913d57a873a63220e31c82d475ca2c84fa3b804bf9736023,2024-10-23T13:36:11.643000 CVE-2024-5188,0,0,b2a939863f7779e6dba1e0e2aecd4047c60710495b7cac734003aec732566505,2024-06-11T17:41:17.087000 -CVE-2024-51882,0,0,ddebd31fa75b18eaf622a7f6454d45f7aead749ca3c7febfce3b2a4a229a61a5,2024-11-11T06:15:09.837000 +CVE-2024-51882,0,1,e290c05368a0bd7b18c7c49e7b6a5a874f7303a05115f4a00bb15e20d5a6314a,2024-11-12T13:55:21.227000 CVE-2024-5189,0,0,87ea6bb70c0f4e8e0e95d6725175819a83c6ff33cc484fc5f525db9ad5e385e9,2024-06-13T18:36:45.417000 CVE-2024-5190,0,0,d58b9fdaecdb1abec20ccf7764e52a460a4959870ee8917a6c4a9f4c686657e6,2024-05-22T03:15:08.273000 CVE-2024-5191,0,0,855a566258b8b88a588ebc49e507f9db3fa3e450b83819e0fe6599e7fdad210b,2024-06-24T19:25:23.943000 @@ -265379,18 +265406,18 @@ CVE-2024-51988,0,0,9398d8a80c5a41180002e2b13788d4e0785beca5d303a4ad1646b56530ae4 CVE-2024-51989,0,0,a66d3df688b16ca6972a5503652a5945de21b13a7ef47f9e2408cd742c91aa40,2024-11-08T19:01:03.880000 CVE-2024-5199,0,0,8fdec235790e80ab25bf344b6e4e20c94c0a12c0bede9440d8c94965619f66eb,2024-10-28T21:35:23.237000 CVE-2024-51990,0,0,5a0b7a0ddc0e56bea6e775544df250647bd9e6d489e037eeef6da34742509908,2024-11-08T19:01:25.633000 -CVE-2024-51992,0,0,7f8147b31098292c03603fe9ee6fa658a1972acf24fddbd174295697bceece28,2024-11-11T20:15:19.647000 +CVE-2024-51992,0,1,6af48747827be50f1e3a16e8e861da6495a81992702d7833ebe1335a57ab1cfc,2024-11-12T13:55:21.227000 CVE-2024-51993,0,0,0b180a03099571fff8a13158fe72d7871f053352d43d872590f8f53c841ecca8,2024-11-08T19:01:03.880000 CVE-2024-51994,0,0,9ecdd0862ec4cb4e8cbc599710fe336df5bb3c681162050e709512d4ec211c97,2024-11-08T19:01:03.880000 CVE-2024-51995,0,0,7484e6b15af945f697a88a8c3b9d2c315fe6e0004cde6e533470a014d3f9ae3d,2024-11-08T19:01:03.880000 -CVE-2024-51997,0,0,7cf5368bfec022cce74ef881b4e0c95e2999a47e878015cc19dd558066ff14a1,2024-11-08T19:15:06.487000 +CVE-2024-51997,0,1,ab86aff6fa43516eaff213e4584d906496b3f2e2f19bf6f0c2c9236a622fbe69,2024-11-12T13:56:54.483000 CVE-2024-51998,0,0,19a2e1052c10533bdc1ed034b91b5ec816f585536da2e947441dab97cd0af7ac,2024-11-08T19:01:03.880000 -CVE-2024-52000,0,0,73346b794618f0a1a41668e657d1e0b7d12d1a0550181f99589129f17d62e362,2024-11-08T23:15:03.817000 -CVE-2024-52001,0,0,b4f00ce14612bc9f8c67b3efbabcd5930dbece71ce890a80846023115bfcc5fd,2024-11-08T23:15:04.153000 -CVE-2024-52002,0,0,af610cdeec63c2eab026ac731d555b7f2e632a5ad925e5af5222a9e2fc01bd6e,2024-11-08T23:15:04.410000 -CVE-2024-52004,0,0,cda7bdd0c7053528436526e0da817c10d7e6af192f07823de4d6867cac000c2d,2024-11-08T23:15:04.627000 -CVE-2024-52007,0,0,558684c27d15319c50b5e15589845bf68997788625835337a2a9a90b00337341,2024-11-08T23:15:04.757000 -CVE-2024-52009,0,0,d9ff4e43168f72e2b7b99a8124dfd6827e82914c022b4175d78287967eaad806,2024-11-08T23:15:05.030000 +CVE-2024-52000,0,1,53607fd920c5e6c0c523f59cb394de5d5c634c469499e12c0f4cb198af2d27c3,2024-11-12T13:56:54.483000 +CVE-2024-52001,0,1,ee27726a1c73b7b7f6e5760fe3ce79bb84c8b16431699361ef4c426b16c2de6e,2024-11-12T13:56:54.483000 +CVE-2024-52002,0,1,c00913d7259c42a7cc8354350f7a82513ce9d83d7bd5962c00b4cf14c2a1047a,2024-11-12T13:56:54.483000 +CVE-2024-52004,0,1,5fa07d0a35480bd23f86ea684f2a0f66c5e4b9b2bf1fbc1961b6e8f9dcc625fa,2024-11-12T13:56:54.483000 +CVE-2024-52007,0,1,9b9844f37c4a4c3cef932fa358d8594e2305c52695217b7622048372b9ab612f,2024-11-12T13:56:54.483000 +CVE-2024-52009,0,1,8bbf25e6f645e131b823aafb60173e6af960fce613c6d8dadc55e928f3ee2540,2024-11-12T13:56:54.483000 CVE-2024-5201,0,0,64f0da97aed099b7390504c61b2a584cf361827a66e92ad103d8b3995d82fd05,2024-05-24T01:15:30.977000 CVE-2024-52013,0,0,dc6fa1208648c6e0d094b332c10d38b0f7c8c8c6d93ae518d64f679a86a6ec4c,2024-11-05T16:35:36.337000 CVE-2024-52014,0,0,545c92489d8cb508f0bdcb65d9f6b19ac8bf6a61dd5add79060ed642cb14b442,2024-11-05T16:35:37.113000 @@ -265411,7 +265438,7 @@ CVE-2024-52028,0,0,4d053166f6459b35dbc5abb28e4fc3b18b596ce5d1996232d90ecaad96322 CVE-2024-52029,0,0,45a0bf857ef5def84cf99a7ced23782d689f019eff53b1ace413b47c193dc284,2024-11-05T16:35:57.397000 CVE-2024-5203,0,0,e867d44b31fa735ecaef1844aba382841138e742c9b7e957e6089969316cab00,2024-09-13T11:15:10.197000 CVE-2024-52030,0,0,dbd783f66b9834ef61aedd9eab2874c798fdd9f590b76fb0f940976162a98a15,2024-11-05T16:35:58.320000 -CVE-2024-52032,0,0,8f6686422ff6c15d5d8174385c663fb356859b0009e1d6e990398e58bcfd7a2f,2024-11-09T18:15:15.203000 +CVE-2024-52032,0,1,6b65d090166c2e680411be7c97febaa4916648a3bf79bfc6a7587651c62b78e2,2024-11-12T13:56:24.513000 CVE-2024-5204,0,0,87eb5b753d379a1bd1ef79b260f2b73c84b7ff9a4b79082cf351323e04c98a6d,2024-05-29T13:02:09.280000 CVE-2024-52043,0,0,f628a95ee6f27b518880b39a2d7b1dea019d91185e307729da648217b18fdef9,2024-11-08T20:39:36.233000 CVE-2024-5205,0,0,4921ed356d4f56252ffbf3c608cb3301846a77ee8cc9c08ec7f0a543467e385d,2024-05-24T13:03:11.993000 @@ -265438,28 +265465,28 @@ CVE-2024-5225,0,0,908db7200208aad82f301f521b9dc90a90551560079e967278f95345fdc583 CVE-2024-5226,0,0,343bea1ef6104d1a60d532c3087e707033a7d2cea2eb006f3e8cf7d609df1199,2024-08-08T13:04:18.753000 CVE-2024-5227,0,0,782d407fd59442ae1cd49577c63d7b8236dddc237a48b5fa6a3df2e3ceec540d,2024-05-24T01:15:30.977000 CVE-2024-5228,0,0,d7fb18ef663e7fbb963ee04e575f2bc258b900955c0912600676521519fad837,2024-05-24T01:15:30.977000 -CVE-2024-52286,0,0,2a5f546e948d1ccba1723cfcc1b1a2d25e6fdcd5642820394e49b58f57d94595,2024-11-11T20:15:19.867000 -CVE-2024-52288,0,0,b8d6870050b16638fccab9cead56058b5a34cf6591df4dcaff6448417279ab8c,2024-11-11T20:15:20.013000 +CVE-2024-52286,0,1,a006a0be971b0e96964504e5809b0d7c6410ed1592b8c4976d82ae2953104dc3,2024-11-12T13:55:21.227000 +CVE-2024-52288,0,1,8f949332b60260488906ff1b8c70f9a1209d9b10278c3c334faa6ae7259272ba,2024-11-12T13:55:21.227000 CVE-2024-5229,0,0,787c92e076dbd9dca682f832ee22f0e31b439c91ed2d6b58a8c544f86d4189c3,2024-07-03T02:08:42.827000 CVE-2024-5230,0,0,f45c8274ba28e0dc58bed98870ed092580a9c18662584e7c3debbd7f7cd359f4,2024-06-04T19:21:02.540000 CVE-2024-5231,0,0,255bed42ab2a064a39e6f8c88880296d2f7a7d154f3db6dc7f4df2fa244d299f,2024-06-04T19:21:02.640000 -CVE-2024-52311,0,0,05dc1909f745ccd4650795209c869d5f18dc376723884de6b5389689759703dd,2024-11-09T02:15:17.563000 -CVE-2024-52312,0,0,8db07cce6ed13ce06e6d4220bcffcdc8cd4c0d5c4ef015f0a74d591fd14c1f7d,2024-11-09T02:15:17.670000 -CVE-2024-52313,0,0,a78caa8fdf271fe35a7aa560992d3bdfa8420cc2a6fb5cf6396663bbddf45aec,2024-11-09T02:15:17.780000 -CVE-2024-52314,0,0,d96e8bd452822ba85e89ad3b7e6241f2096cbcd36721106d82760bc6c8f8b068,2024-11-09T02:15:17.883000 +CVE-2024-52311,0,1,440cc6f6193f2a4b57d7c7c4a4f4b3f01242ca6df6bc89770050e09d3b499acf,2024-11-12T13:56:54.483000 +CVE-2024-52312,0,1,e095caa38b1d55aa1661d9e6b591e2f5164609c3e5c2884b5f60aa22d851bdcc,2024-11-12T13:56:54.483000 +CVE-2024-52313,0,1,d6c72d2fda8c652aceb546ca4dc43f0485da383ec6c61ed73ed8a61cc3116669,2024-11-12T13:56:54.483000 +CVE-2024-52314,0,1,1573621277321f9a5e33b224990557625938794cd01d39551dd04996aff05f9d,2024-11-12T13:56:54.483000 CVE-2024-5232,0,0,8d68905f3b69b3dadb32694d2c73f30dc32ad3c794d56bacf5b1c8bfed3d3bb6,2024-06-04T19:21:02.890000 CVE-2024-5233,0,0,d230ff373762a089849cb791769c151d4d1eb1a364270894bffa0dbac945e679,2024-06-04T19:21:02.993000 CVE-2024-5234,0,0,14a09ab7485c5dff6a0e2d37ff7f584b26da4a8cf075e00d5ab541632ac32bbb,2024-06-04T19:21:03.100000 CVE-2024-5235,0,0,98bbbe6acfd408ea35eab71055bef5859edfdf3c3c90f82fa44b5b2f0c597f28,2024-06-04T19:21:03.207000 -CVE-2024-52350,0,0,b1a9847e39d8b6bad9956bc978664b7f1d9f26efb721ee2fd1d29ca9f456224a,2024-11-11T07:15:06.293000 -CVE-2024-52351,0,0,8b7440e51d76b6a6e3db8edd41d646f56472df2df316cfa7f263581553106079,2024-11-11T07:15:06.583000 -CVE-2024-52352,0,0,ae11f439ee59fd361beed6fb8c37d042ed2bb07923f0c7f9a97ed227d2d09410,2024-11-11T07:15:06.907000 -CVE-2024-52353,0,0,35c8faefb66ea97c9758ead937372e7b7fda8bc858c187127c3214512e995223,2024-11-11T07:15:07.223000 -CVE-2024-52354,0,0,f36017b491bdb9f444c8cb8c774543c454bc279243e6ecbf6d57f052d88d708c,2024-11-11T07:15:07.500000 -CVE-2024-52355,0,0,1ead65e1d79b86e687339a1717ce8829747806135620cfe7850e9da57c237f01,2024-11-11T07:15:07.790000 -CVE-2024-52356,0,0,0553acbf2e8e39a312cff7320beec0b9bcbfe62f41a3f3b85802b78b1abedebd,2024-11-11T06:15:10.153000 -CVE-2024-52357,0,0,e8fdb161598d26c1fc31a1b648593dd8160fca2dcc96e2a7336c53a573f39fc4,2024-11-11T06:15:10.440000 -CVE-2024-52358,0,0,4e891ee49c0a084a921d2e6a3c04a1bbfa51eca5c1025b9c9f9183cd5dd21da2,2024-11-11T06:15:10.737000 +CVE-2024-52350,0,1,692358ac026b1dcbfe6e09ab2593ec3b4f32e9a916cf64b8732ac22b9832c48f,2024-11-12T13:55:21.227000 +CVE-2024-52351,0,1,a3e325cd315c5fea0f5f837fd6ee002cc35206ad757df5ede60f907fde9affb3,2024-11-12T13:55:21.227000 +CVE-2024-52352,0,1,d000632140f71e44e942a3dbc2ddd9260fa470cb96bef8ac5f8ba3eea1f0382e,2024-11-12T13:55:21.227000 +CVE-2024-52353,0,1,8f6fdbf8162ece41a08a7cc2a2dc9e5249ac6195297b0e830ced0d3f4bc5c84a,2024-11-12T13:55:21.227000 +CVE-2024-52354,0,1,bd5ed3d68271f155fc3112a493679226950394a406d6f8e4021a12bfa7a3c4fe,2024-11-12T13:55:21.227000 +CVE-2024-52355,0,1,ab138c81f8a6c2d78d8bf3737e35a8422aee1976da0dc3f8a86c63b65d3787dd,2024-11-12T13:55:21.227000 +CVE-2024-52356,0,1,6f52c6a317f3e6d9b4fea003476d72ca3813f755516b2759515eed910b7d7fc2,2024-11-12T13:55:21.227000 +CVE-2024-52357,0,1,0b87f00ebcffd7ab9b093f3ccd343158c40fba6d8989757f4c8a16b72f945025,2024-11-12T13:55:21.227000 +CVE-2024-52358,0,1,98865d3b54e5cf46f7348181649ffde2326b16ddca1830d7a36a631093f0fb1c,2024-11-12T13:55:21.227000 CVE-2024-5236,0,0,3a876190aab882c0110e09fef49a5c72516897cda47bddba2de12251cfa9a5e8,2024-05-24T01:15:30.977000 CVE-2024-5237,0,0,8803efe45da93d97b55082adbd1bb29281c1282514c20ec3608a648081cd56be,2024-06-04T19:21:03.317000 CVE-2024-5238,0,0,a03a95be1868c6bee6318b11858946fc155e156e4fa75ea27b59162de04fd53f,2024-06-04T19:21:03.413000 @@ -265478,10 +265505,10 @@ CVE-2024-5250,0,0,b4b370273f1fe30d94b715ad219dda570a7dcb84192abd50c3cb746299bdbb CVE-2024-5251,0,0,7d84d2df7bf6674f7d634954defb2f38b0363c19ae19f78012df0aa633abf27a,2024-07-19T15:25:30.980000 CVE-2024-5252,0,0,1b28d536afc88eae5088fe06ff49428bbad5ffcb2aa7139fe40c4c06d2601422,2024-07-19T15:29:35.447000 CVE-2024-5253,0,0,73f9562f224a9a11b8b8279a7bf00d920003fa046cb7c88a3a55caf281adabe4,2024-07-19T15:30:34.717000 -CVE-2024-52530,0,0,3eaa32ccf56907047fdf4b4deac8010886f5cea3e0799d98db773dc18889ead4,2024-11-11T20:15:20.247000 -CVE-2024-52531,0,0,e1da16d13ad377fa18c4d7acff83ec981e6fd45e16e236f3d3149c47740c9f9c,2024-11-11T20:15:20.313000 -CVE-2024-52532,0,0,92541ad4eaa4a5badb32130e01157e806e2d95ba7daec0d82fbf422a69aebf7a,2024-11-11T20:15:20.370000 -CVE-2024-52533,0,0,234a4746689dc23fe52ffcba81b202c439e7f5c45ade0a89e45d4f95cb4fed7b,2024-11-11T23:15:05.967000 +CVE-2024-52530,0,1,33b7429eb7eb3be95001923a1f89646e5a1cfe585e3ad31147ffb8fafc52d42f,2024-11-12T13:55:21.227000 +CVE-2024-52531,0,1,8cb0e01e69eb879d3a531e10dfc8fc193c666536142557a776eb4bc19dd211cb,2024-11-12T13:55:21.227000 +CVE-2024-52532,0,1,ceac3c72c1c60bdab26132bf0ee3396fe51ade03b31a6af19ddc21f1a4f3dd27,2024-11-12T13:55:21.227000 +CVE-2024-52533,0,1,ac3444958d7fbb391e5c3db526759af5d841fda8bb8dfd9399d7e6fb36c7138c,2024-11-12T13:55:21.227000 CVE-2024-5254,0,0,78882d871be0a19bc95888168cf12372f503de77ac359f287536c8f062c38532,2024-07-19T15:32:05.560000 CVE-2024-5255,0,0,a9d47c22e8985fc8d8b40f4bef3272595484bdbc8485e44830cb58ee997ab90f,2024-07-19T15:32:18.850000 CVE-2024-5256,0,0,c0c79be075ef53b66bd4c726b840e366d70c6f0c56013178c0440e2e2bf91c1e,2024-09-24T18:41:40.007000 @@ -268367,7 +268394,7 @@ CVE-2024-8751,0,0,dd4f77422f5dc981129a2e765da3e243ee86648b85be15172cd0c4e6601f99 CVE-2024-8752,0,0,be5f97c0edf8e6ac8b5e8514ff7047e0f4fcd958517cc5377fbff739f62f1969,2024-09-20T22:42:20.367000 CVE-2024-8754,0,0,f8a4ca9a3c8c6c9af2a693c6565fade1a53b2c08d2db63ea33e154699f832b1a,2024-09-14T15:40:20.583000 CVE-2024-8755,0,0,6df715314b1336790c7d97e006488029fc046357f7768aca9e76af35c90a4cf5,2024-10-15T12:58:51.050000 -CVE-2024-8756,0,0,7eba945c5b0a9fff6ec6c7267f6609c2d66f441915311f6e645d8c9e72cd6193,2024-11-09T06:15:16.383000 +CVE-2024-8756,0,1,267dc6d9d323b3ee60c214fb8c857bab77801af706c2ead75de38cc80f69f89e,2024-11-12T13:56:24.513000 CVE-2024-8757,0,0,ac7b458a171f940d51c6f598fa3e7660be88f90768b34e80d2717be5212da2e2,2024-10-15T12:57:46.880000 CVE-2024-8758,0,0,fea72da3ec447aa80df355b080e42aa6b936f28594d975635bc512eef8e85985,2024-10-07T21:35:03.193000 CVE-2024-8760,0,0,9ea2fbe1bce76fe8b787c65fe635c22c7a5af9164ae399ebf90a4b05706537bf,2024-10-15T12:57:46.880000 @@ -268426,8 +268453,8 @@ CVE-2024-8876,0,0,adf401fb4b8b2c24f06ac7d28fd2360497bd835317abc655be39e3ccb04a97 CVE-2024-8877,0,0,072c8e486444961bae4945079e8c7eda87a37fe8ff462296a0eff944cb3f1801,2024-09-30T15:31:14.690000 CVE-2024-8878,0,0,d355a1999baf0c8606d16796b1d3b0e1dca83258ab14464d5a94be439e5488d1,2024-09-30T15:21:31.693000 CVE-2024-8880,0,0,4890b5d8ccfd73a7de9d70be358a6aa9c5c8f4db772389c703fb4d83ffb621f1,2024-09-20T16:41:38.030000 -CVE-2024-8881,0,0,a371256a58d17c17394cba7918c298faaaaee6a96184fa8de20679192d62bc55,2024-11-12T02:15:18.817000 -CVE-2024-8882,0,0,be431b4423ff2d70cf26e46385260b0eb175cd5f5983ec8e810ab0acd510d2de,2024-11-12T02:15:19.160000 +CVE-2024-8881,0,1,c22369bc914ccfd9b06d3d7aabe82fa87d6a964b490b973066b8f984f84c1211,2024-11-12T13:55:21.227000 +CVE-2024-8882,0,1,051a5ecdd86f1f8fd6245ca5836a7db78c55add42a1ae8d71eea96d1ba0a1cb1,2024-11-12T13:55:21.227000 CVE-2024-8883,0,0,ef867150b75a006b88b657706b5ccab0ed5de191cb19aa041336ee55b15eac37,2024-11-05T04:15:03.467000 CVE-2024-8884,0,0,bbe657acd3b81809e4c38d289d4690d33ce15843f154a38b409847ce2483e4ec,2024-10-10T12:56:30.817000 CVE-2024-8885,0,0,3d17cd6b07f76e6b7b78ee39290572c27afe08953d025655a317633960052841,2024-10-04T13:50:43.727000 @@ -268483,7 +268510,7 @@ CVE-2024-8951,0,0,888c97aa442d5e8c89ae77387b914cd3981839dfe932748e6b429d09cccb70 CVE-2024-8956,0,0,1cb756cbfed7cce32103cd61ea4e7225af7cf46acb1dafb383d10ad8a9c01dda,2024-11-05T02:00:01.697000 CVE-2024-8957,0,0,0308f2f5a0567b3e01401fcc5a35dd0d4903c31a6d3992c47cfe16c6bc21eadc,2024-11-05T02:00:01.697000 CVE-2024-8959,0,0,0dc3502ed244ae66bafd80efba15dddd0bb76667e6d8b2d3ee7e3d6fc71e6baf,2024-10-25T12:56:07.750000 -CVE-2024-8960,0,0,7dd9f855d3f822fb8cd17cdc45f80b5736bcdff0d02d94ea876d6281bfdca8b4,2024-11-09T03:15:05.740000 +CVE-2024-8960,0,1,cb9c3666b1d5630b31aed515dc84bc6b9317ac9454d917c6e7a599d8d75d0609,2024-11-12T13:56:24.513000 CVE-2024-8963,0,0,67fe8ea90f3163df4929d6782956d377bcadef461d17352cf475deabaa8fd4ad,2024-09-20T16:32:02.563000 CVE-2024-8964,0,0,c8fc4fc0d8f6e4149ea3cd0239ed4708c78c8d6f77eb0df4938d6649d94bf7d7,2024-10-10T12:56:30.817000 CVE-2024-8965,0,0,fcd9a7faf9aba17ebbc93d83d1389f5891b9c0797caaf85615a1a91da1ce5a78,2024-10-04T19:04:03.157000 @@ -268653,7 +268680,7 @@ CVE-2024-9221,0,0,feb1b16d88be55b92259cd20b799cece7abb9935cf5adfed4d1f38e82a4356 CVE-2024-9222,0,0,aa75daaaa6f167f771e02be32b7ac6d9115eba757cf38ea3ae7fe336f82931ef,2024-10-08T15:34:13.250000 CVE-2024-9224,0,0,1efb870d30ff5afb9078703fdeff1bc29463ebfa0c91ad435c25d902219ffec9,2024-10-07T19:19:38.157000 CVE-2024-9225,0,0,d9b0065994459fe38d594a136ae9cff90cf19d12b5b0208b359cee9d6c2409ea,2024-10-07T20:24:41.420000 -CVE-2024-9226,0,0,c0d9510a87d52143192a7ef8c75f704d799c9bd5b35b02c7f28b68450510c4c2,2024-11-09T04:15:05.260000 +CVE-2024-9226,0,1,3017dba656895d061d1d7c16c330fb343b4119f2b662f95a0b71ccddd04254e6,2024-11-12T13:56:24.513000 CVE-2024-9228,0,0,cb0dad29f14eeb8fed9baf1de8b4ba619c5e35c4fffb0932ef40f0c6748e195d,2024-10-07T19:01:04.960000 CVE-2024-9231,0,0,1a98d4e564cd1445dff204dbfca514c3336df15b7e3a4c13356dccfc41c8c7ca,2024-10-30T18:56:03.380000 CVE-2024-9232,0,0,a07f526496bb68b184ee001c7d6cd9744d3cb563b91260e8d60bd9b70cac4bda,2024-10-15T12:58:51.050000 @@ -268663,7 +268690,7 @@ CVE-2024-9237,0,0,fb69e6f6fcfba2cfafb660a24001833586540d01b0ed897e2ee22df678729e CVE-2024-9240,0,0,64e490409dd599c74da5a2492515b43ccd4793b118bdb242162550231e348320,2024-10-18T12:53:04.627000 CVE-2024-9241,0,0,6c5cc70c23164aeead7a2ffa985d7e69869a7cd0428a8503a9e9f624c0c87b24,2024-10-07T18:51:20.950000 CVE-2024-9242,0,0,2931ce38d642cfa320383051a5a41609f3e037ff0fe51760f16b233825fad051,2024-10-08T16:26:06.147000 -CVE-2024-9262,0,0,b48d008e95d8676c733808dbf219035f2d45174072f949042d4476df84b2b53b,2024-11-09T03:15:05.970000 +CVE-2024-9262,0,1,0faf581ebb856c33af20ae813ef5903cd96d0da73e2d232fe550d71402d04408,2024-11-12T13:56:24.513000 CVE-2024-9263,0,0,ee4f7b487368511acdd8209efd3b16cc7ea9463265fe8e2495be906cd811a62e,2024-10-18T12:53:04.627000 CVE-2024-9264,0,0,453599246838d2f15e3e7a7864ab2c75c071b729888f2b98b95994ed621e8268,2024-11-01T18:14:31.377000 CVE-2024-9265,0,0,370ae511e2a3bdf95824ac5c42b3e844c54d5bb7a6631dfac66939ebcd808076,2024-10-07T18:48:15.380000 @@ -268671,7 +268698,7 @@ CVE-2024-9266,0,0,9897e7bd01e8f0fea686bbe0969277eb0e59373ffc16090ed1770b5ca71252 CVE-2024-9267,0,0,e1783d6d7b8ba5585243c45fe350fa65068fd1659c19369f548dec592743f878,2024-10-04T13:51:25.567000 CVE-2024-9268,0,0,7e7771d589d5219f5f8e1d4b856d8a4ecc833e195b34661fddc76da01954ef5a,2024-09-27T17:15:14.497000 CVE-2024-9269,0,0,89e3d14dbb396872dee171ef3aa7d49f480ae977e81c830f9aba067690d7384e,2024-10-04T13:51:25.567000 -CVE-2024-9270,0,0,93cee90ac985e7c35b04e8305f87dc1ad6e08374217dc3ff83c035a46eef130b,2024-11-09T03:15:06.207000 +CVE-2024-9270,0,1,85daebf0a534c2e07ef9b04eb2e04b99daea3b856e74fe9c9c9148aa1e9f8e19,2024-11-12T13:56:24.513000 CVE-2024-9271,0,0,66e01cc911285d725adb63f03395bcee28ec66abccf0b01c43138b6af47fb79f,2024-10-08T16:17:29.110000 CVE-2024-9272,0,0,a24b66874e7208e8487d25208cbebeb411ca8d85bf3090e22e1f2bb545069376,2024-10-04T13:51:25.567000 CVE-2024-9273,0,0,d541667891e816199f828382e531f52a986321fd7f85b5856a4bc94c161620a8,2024-09-27T17:15:14.550000 @@ -268736,7 +268763,7 @@ CVE-2024-9351,0,0,33d034faa3e6b0aeb71bafa0ae8b2ea418555ae0b07eef9d890e7c43507fa4 CVE-2024-9352,0,0,788f5bf16f633f8f02e340b198528b062bcda6aeec70a897601eaf656cd6ab6a,2024-10-18T12:52:33.507000 CVE-2024-9353,0,0,64ddffc3239a0d67e3b79e48af9889b2f8d89027aa9c53de3cc5595dbd6f2fd7,2024-10-08T18:50:51.357000 CVE-2024-9355,0,0,302621984b6116aa148a6d267ab2864d150a3fcf399bab5a42fa5db73f8156da,2024-11-05T08:15:04.413000 -CVE-2024-9357,0,0,9c1006351ab528d4b944399ea7a322d266d3415406363b65579a74e23e57c5c5,2024-11-12T06:15:04.363000 +CVE-2024-9357,0,1,ecac5cca1d13ae41e27c64ccd21707ad2b9f6cb13725a3072faecffbc49d78e9,2024-11-12T13:55:21.227000 CVE-2024-9358,0,0,ad1311c8435fb7ce092ff9c8b7c1abe83209465bc92e72b7b733a8ea9fa4bf3c,2024-10-04T13:51:25.567000 CVE-2024-9359,0,0,c3e20cb7feaf9e2d5c48c39f4d484e16226f28d5df197104e70b6a5f0b84dc00,2024-10-04T18:54:12.417000 CVE-2024-9360,0,0,9328fb4e6135929e3835e5c835fd869b8491fb46bae32eb4c5f02c6fc86a7446,2024-10-04T18:53:58.020000 @@ -268948,7 +268975,7 @@ CVE-2024-9707,0,0,cde0816a76e7682ea9f7dc3a69f12238a4d95599cfec418d205198361a6879 CVE-2024-9708,0,0,08bc1437568decedc8d133fc5b87f480913bc1f7eb502b0ca93b4d7f941cdca2,2024-11-01T12:57:03.417000 CVE-2024-9756,0,0,8173cad728731052b89b4b59f3b4da8665b01e9fe6a8b575d907d967b2da6473,2024-10-15T12:57:46.880000 CVE-2024-9772,0,0,0d1b30d428fb6796ba367d377c6619e6bf9b25cc03796237a99e8a8d275b84f3,2024-10-28T13:58:09.230000 -CVE-2024-9775,0,0,d75c1ef22917b4e34ea6a89f8dca900e05e2ff705fb39813883039fa4b522c47,2024-11-09T03:15:06.423000 +CVE-2024-9775,0,1,e3916d71ec9dd0d5246614a59a1cb4484a6342794b8a5103a7b8b237fed4d20b,2024-11-12T13:56:24.513000 CVE-2024-9776,0,0,82a616b68a2c5818c813f35d61772c622935aa1b119f178b9eaa21355bac63d9,2024-10-15T12:57:46.880000 CVE-2024-9778,0,0,0fe7ee5860b89dbc53027fbdd06b191ad5c5e349a3553ba6bc5769975646dd12,2024-10-15T12:57:46.880000 CVE-2024-9780,0,0,82a65b59c0bb0f4aa37b7bc9835ace6b2d8eb95b730adf88705db9589433fda5,2024-10-17T14:18:18.433000 @@ -268995,8 +269022,8 @@ CVE-2024-9825,0,0,43f77069eab20c6659796a5ca73cb04eb18b719fa0ad0721704c789de71379 CVE-2024-9826,0,0,c03e2e0710a5712915ae2341fa5030e5bd74d5917743f7fdf85c043b115b921d,2024-11-01T16:17:10.620000 CVE-2024-9827,0,0,c5e7676b9d011eef0934f8d1e51cd92697f77495088547784042162cb4944824,2024-11-01T16:17:07.187000 CVE-2024-9829,0,0,ea980a1e481fc86407edeb6f0040d6f4a6ff2d17edcbe8d18dd95381292ad49b,2024-10-25T16:30:44.520000 -CVE-2024-9835,0,0,a63bed4d4c89484940b13c57036d323a5a3772694a190e1d2db16be039429be7,2024-11-12T06:15:04.677000 -CVE-2024-9836,0,0,696486a47e083ffedcfef75b12597d726c74a71392e43421d5c81caa28f6972c,2024-11-12T06:15:04.767000 +CVE-2024-9835,0,1,c228c557dc8af1c5106b06720891713942e228f3bfa98f5b97dd84e152830fc6,2024-11-12T13:55:21.227000 +CVE-2024-9836,0,1,6ea8c6b91c647e267072b00a3957d5519f7f69791a842d0ae5172659fb697220,2024-11-12T13:55:21.227000 CVE-2024-9837,0,0,bb8fbc31e530027dfddbaf6dae2f5d1b4333d91b7cafcea32a3d82a1ea54dea9,2024-10-15T12:57:46.880000 CVE-2024-9841,0,0,ebdd51eec8479d80c9266cdceb915506aec1278560e194f65ea2f5d20595b81b,2024-11-08T19:01:03.880000 CVE-2024-9846,0,0,173656afdffd3fc8df737b5cdb277d7e27d47fc010c3df17216e30b52661a1bb,2024-11-06T14:58:04.160000 @@ -269016,7 +269043,7 @@ CVE-2024-9867,0,0,e67b1f8bf4d2b38a2b9f15fec521fb884d23cbbf85b48f78911bb6397a2ae3 CVE-2024-9868,0,0,b2463439f3611d00d054cbd441340ef04f6dbee60e35877cb3af971fb7fd3668,2024-11-04T13:44:51.370000 CVE-2024-9869,0,0,2195387ef9aab560e210893ad1e9f3295c5808c9d50c0ada4fa1d17778d3d1ae,2024-10-11T15:15:06.500000 CVE-2024-9873,0,0,54e1b937a83aa8c512a9ce3ab381594073150b73716fb01cf60c5f6e4db0c415,2024-10-16T16:38:14.557000 -CVE-2024-9874,0,0,1460054aa35e3d4a7778af581a0d866be7bfa1ccfa7695a2f95ec342e86ad536,2024-11-09T07:15:07.297000 +CVE-2024-9874,0,1,f2eeefaff6dc1bf48f3ae121c662c9abde2013a6363dc8cd7ad5cb2521077502,2024-11-12T13:56:24.513000 CVE-2024-9878,0,0,34a522bfd6522a898b0c35e6aaad7d9eea3a547bd3dbf1793fc567099f36e907,2024-11-08T15:25:45.930000 CVE-2024-9883,0,0,3d8bffa6f00f1635d66365d71fac3209d831583acb3bbea648179300cb3b5f9b,2024-11-06T17:32:17.477000 CVE-2024-9884,0,0,757f98f3275a3bf4e9b1e819bb018e139225ae1ebee044e7c027a7c44897e089,2024-11-01T12:57:03.417000 @@ -269113,4 +269140,4 @@ CVE-2024-9990,0,0,6535e43f058bfb50050d26d851e120f9cfe62488cf6b3933d7c62cfdab49fc CVE-2024-9991,0,0,adb978eaa002da8be608de3b4e550af4ed1a2d2f51d6542eb9fa168b402820e2,2024-10-28T13:58:09.230000 CVE-2024-9996,0,0,d5e7827ad5391d78a31addd2ca4c41dc6e5d45abf975a0bf7cf45c9296bda120,2024-11-01T16:27:30.387000 CVE-2024-9997,0,0,a8e0d075074a0193393843d7836722691de5269a9c302917e51ae6ca5570db59,2024-11-01T16:27:34.960000 -CVE-2024-9998,1,1,0419a3dad23ae850906f2650ca4d40b180999b4a5d360bcc1b838f8893ae2af5,2024-11-12T11:15:03.840000 +CVE-2024-9998,0,0,0419a3dad23ae850906f2650ca4d40b180999b4a5d360bcc1b838f8893ae2af5,2024-11-12T11:15:03.840000