diff --git a/CVE-2022/CVE-2022-214xx/CVE-2022-21445.json b/CVE-2022/CVE-2022-214xx/CVE-2022-21445.json index f1bc7d72d42..1e27326b233 100644 --- a/CVE-2022/CVE-2022-214xx/CVE-2022-21445.json +++ b/CVE-2022/CVE-2022-214xx/CVE-2022-21445.json @@ -2,8 +2,8 @@ "id": "CVE-2022-21445", "sourceIdentifier": "secalert_us@oracle.com", "published": "2022-04-19T21:15:15.907", - "lastModified": "2024-09-20T01:00:01.427", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T19:15:12.973", + "vulnStatus": "Modified", "cveTags": [], "cisaExploitAdd": "2024-09-18", "cisaActionDue": "2024-10-09", @@ -12,7 +12,7 @@ "descriptions": [ { "lang": "en", - "value": "Vulnerability in the Oracle JDeveloper product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." + "value": "Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). Note: Oracle Application Development Framework (ADF) is downloaded via Oracle JDeveloper Product. Please refer to Fusion Middleware Patch Advisor for more details. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)." }, { "lang": "es", diff --git a/CVE-2023/CVE-2023-359xx/CVE-2023-35906.json b/CVE-2023/CVE-2023-359xx/CVE-2023-35906.json index 9d0987429a3..46eb31c718b 100644 --- a/CVE-2023/CVE-2023-359xx/CVE-2023-35906.json +++ b/CVE-2023/CVE-2023-359xx/CVE-2023-35906.json @@ -2,8 +2,8 @@ "id": "CVE-2023-35906", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-09-05T01:15:07.920", - "lastModified": "2023-09-08T17:50:02.527", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T18:15:03.740", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -61,22 +61,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "psirt@us.ibm.com", "type": "Primary", "description": [ { "lang": "en", - "value": "CWE-345" + "value": "CWE-291" } ] }, { - "source": "psirt@us.ibm.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-348" + "value": "CWE-345" } ] } diff --git a/CVE-2023/CVE-2023-373xx/CVE-2023-37396.json b/CVE-2023/CVE-2023-373xx/CVE-2023-37396.json index 23226ba5ec2..aa21be80f6d 100644 --- a/CVE-2023/CVE-2023-373xx/CVE-2023-37396.json +++ b/CVE-2023/CVE-2023-373xx/CVE-2023-37396.json @@ -2,7 +2,7 @@ "id": "CVE-2023-37396", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-04-19T16:15:09.430", - "lastModified": "2024-04-19T16:19:49.043", + "lastModified": "2024-09-20T18:15:03.940", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -46,7 +46,7 @@ "description": [ { "lang": "en", - "value": "CWE-312" + "value": "CWE-327" } ] } diff --git a/CVE-2023/CVE-2023-403xx/CVE-2023-40371.json b/CVE-2023/CVE-2023-403xx/CVE-2023-40371.json index a6864d47758..95c48fd206d 100644 --- a/CVE-2023/CVE-2023-403xx/CVE-2023-40371.json +++ b/CVE-2023/CVE-2023-403xx/CVE-2023-40371.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40371", "sourceIdentifier": "psirt@us.ibm.com", "published": "2023-08-24T14:15:10.803", - "lastModified": "2023-08-30T14:54:50.237", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T19:15:13.820", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -57,22 +57,22 @@ }, "weaknesses": [ { - "source": "nvd@nist.gov", + "source": "psirt@us.ibm.com", "type": "Primary", "description": [ { "lang": "en", - "value": "NVD-CWE-noinfo" + "value": "CWE-327" } ] }, { - "source": "psirt@us.ibm.com", + "source": "nvd@nist.gov", "type": "Secondary", "description": [ { "lang": "en", - "value": "CWE-200" + "value": "NVD-CWE-noinfo" } ] } diff --git a/CVE-2023/CVE-2023-406xx/CVE-2023-40683.json b/CVE-2023/CVE-2023-406xx/CVE-2023-40683.json index f04eb174174..2832a2b2636 100644 --- a/CVE-2023/CVE-2023-406xx/CVE-2023-40683.json +++ b/CVE-2023/CVE-2023-406xx/CVE-2023-40683.json @@ -2,8 +2,8 @@ "id": "CVE-2023-40683", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-01-19T01:15:08.910", - "lastModified": "2024-01-24T21:25:27.833", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T19:15:13.993", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -66,7 +66,7 @@ "description": [ { "lang": "en", - "value": "CWE-264" + "value": "CWE-285" } ] } diff --git a/CVE-2023/CVE-2023-418xx/CVE-2023-41805.json b/CVE-2023/CVE-2023-418xx/CVE-2023-41805.json index 6b48e9e6c8f..04930b456cb 100644 --- a/CVE-2023/CVE-2023-418xx/CVE-2023-41805.json +++ b/CVE-2023/CVE-2023-418xx/CVE-2023-41805.json @@ -2,8 +2,8 @@ "id": "CVE-2023-41805", "sourceIdentifier": "audit@patchstack.com", "published": "2024-06-19T13:15:55.360", - "lastModified": "2024-06-20T12:44:01.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:07:21.190", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,14 +81,38 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:brainstormforce:starter_templates:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "3.2.6", + "matchCriteriaId": "C7332C0B-D294-4B40-80FC-4F71F484DBCD" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/astra-pro-sites/wordpress-premium-starter-templates-plugin-3-2-5-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] }, { "url": "https://patchstack.com/database/vulnerability/astra-sites/wordpress-starter-templates-plugin-3-2-5-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44148.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44148.json index 702f6208608..08667e2a487 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44148.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44148.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44148", "sourceIdentifier": "audit@patchstack.com", "published": "2024-06-19T12:15:10.200", - "lastModified": "2024-06-20T12:44:01.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:05:08.200", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:brainstormforce:astra:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.2.8", + "matchCriteriaId": "2F35C242-2632-4217-9C94-2ADFDFDF099B" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/astra-bulk-edit/wordpress-astra-bulk-edit-plugin-1-2-7-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-441xx/CVE-2023-44151.json b/CVE-2023/CVE-2023-441xx/CVE-2023-44151.json index 705b6f36ce5..bc4b4190cf2 100644 --- a/CVE-2023/CVE-2023-441xx/CVE-2023-44151.json +++ b/CVE-2023/CVE-2023-441xx/CVE-2023-44151.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44151", "sourceIdentifier": "audit@patchstack.com", "published": "2024-06-19T12:15:10.437", - "lastModified": "2024-06-20T12:44:01.637", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:17:43.157", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "audit@patchstack.com", "type": "Secondary", @@ -51,10 +71,31 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:brainstormforce:pre-publish_checklist:*:*:*:*:*:wordpress:*:*", + "versionEndExcluding": "1.1.2", + "matchCriteriaId": "DF0E75FD-0984-42DE-86C7-BD06D8115DD9" + } + ] + } + ] + } + ], "references": [ { "url": "https://patchstack.com/database/vulnerability/pre-publish-checklist/wordpress-pre-publish-checklist-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve", - "source": "audit@patchstack.com" + "source": "audit@patchstack.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2023/CVE-2023-442xx/CVE-2023-44217.json b/CVE-2023/CVE-2023-442xx/CVE-2023-44217.json index 8827a9b1b42..6cc61cd735f 100644 --- a/CVE-2023/CVE-2023-442xx/CVE-2023-44217.json +++ b/CVE-2023/CVE-2023-442xx/CVE-2023-44217.json @@ -2,8 +2,8 @@ "id": "CVE-2023-44217", "sourceIdentifier": "PSIRT@sonicwall.com", "published": "2023-10-03T08:15:36.000", - "lastModified": "2023-10-04T17:49:37.297", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T19:35:02.927", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -36,6 +36,26 @@ }, "exploitabilityScore": 1.8, "impactScore": 5.9 + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 } ] }, diff --git a/CVE-2023/CVE-2023-471xx/CVE-2023-47142.json b/CVE-2023/CVE-2023-471xx/CVE-2023-47142.json index 6fca36f737a..737eb7f055a 100644 --- a/CVE-2023/CVE-2023-471xx/CVE-2023-47142.json +++ b/CVE-2023/CVE-2023-471xx/CVE-2023-47142.json @@ -2,8 +2,8 @@ "id": "CVE-2023-47142", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-02T14:15:54.013", - "lastModified": "2024-02-08T19:32:57.063", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T19:15:14.380", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -66,7 +66,7 @@ "description": [ { "lang": "en", - "value": "CWE-264" + "value": "CWE-863" } ] } diff --git a/CVE-2023/CVE-2023-474xx/CVE-2023-47480.json b/CVE-2023/CVE-2023-474xx/CVE-2023-47480.json index a0f57535a6f..c0f2e56f347 100644 --- a/CVE-2023/CVE-2023-474xx/CVE-2023-47480.json +++ b/CVE-2023/CVE-2023-474xx/CVE-2023-47480.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47480", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-20T17:15:14.673", - "lastModified": "2024-09-20T17:15:14.673", + "lastModified": "2024-09-20T19:35:03.700", "vulnStatus": "Received", "cveTags": [], "descriptions": [ @@ -11,7 +11,42 @@ "value": "An issue in Pure Data 0.54-0 and fixed in 0.54-1 allows a local attacker to escalate privileges via the set*id () function." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.4, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.5, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-252" + } + ] + } + ], "references": [ { "url": "https://github.com/pure-data/pure-data/commit/0b5e467b8728b3ed56e1a8ee5b367ce78e7e6e5d", diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47712.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47712.json index 7d403376777..b0bf912d870 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47712.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47712.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47712", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-05-14T13:56:45.143", - "lastModified": "2024-05-14T16:13:02.773", + "lastModified": "2024-09-20T19:15:14.610", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -46,7 +46,7 @@ "description": [ { "lang": "en", - "value": "CWE-282" + "value": "CWE-732" } ] } diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47716.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47716.json index 803566ab3b8..c3f427164b5 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47716.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47716.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47716", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-01T03:15:06.280", - "lastModified": "2024-03-01T14:04:26.010", + "lastModified": "2024-09-20T19:15:14.810", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -46,7 +46,7 @@ "description": [ { "lang": "en", - "value": "CWE-264" + "value": "CWE-863" } ] } diff --git a/CVE-2023/CVE-2023-477xx/CVE-2023-47742.json b/CVE-2023/CVE-2023-477xx/CVE-2023-47742.json index cc84aef32b2..500f8fe9f09 100644 --- a/CVE-2023/CVE-2023-477xx/CVE-2023-47742.json +++ b/CVE-2023/CVE-2023-477xx/CVE-2023-47742.json @@ -2,7 +2,7 @@ "id": "CVE-2023-47742", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-03-03T13:15:07.090", - "lastModified": "2024-03-04T13:58:23.447", + "lastModified": "2024-09-20T19:15:15.010", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -46,7 +46,7 @@ "description": [ { "lang": "en", - "value": "CWE-300" + "value": "CWE-295" } ] } diff --git a/CVE-2023/CVE-2023-49xx/CVE-2023-4979.json b/CVE-2023/CVE-2023-49xx/CVE-2023-4979.json index 8a5fb04c60c..00d002fff87 100644 --- a/CVE-2023/CVE-2023-49xx/CVE-2023-4979.json +++ b/CVE-2023/CVE-2023-49xx/CVE-2023-4979.json @@ -2,8 +2,8 @@ "id": "CVE-2023-4979", "sourceIdentifier": "security@huntr.dev", "published": "2023-09-15T01:15:08.460", - "lastModified": "2023-09-20T13:12:39.107", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T18:35:01.957", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -71,6 +71,16 @@ "value": "CWE-79" } ] + }, + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] } ], "configurations": [ diff --git a/CVE-2023/CVE-2023-509xx/CVE-2023-50957.json b/CVE-2023/CVE-2023-509xx/CVE-2023-50957.json index a3867c8ba3f..c23400f7d1e 100644 --- a/CVE-2023/CVE-2023-509xx/CVE-2023-50957.json +++ b/CVE-2023/CVE-2023-509xx/CVE-2023-50957.json @@ -2,8 +2,8 @@ "id": "CVE-2023-50957", "sourceIdentifier": "psirt@us.ibm.com", "published": "2024-02-10T16:15:07.857", - "lastModified": "2024-02-15T04:37:53.297", - "vulnStatus": "Analyzed", + "lastModified": "2024-09-20T19:15:15.190", + "vulnStatus": "Modified", "cveTags": [], "descriptions": [ { @@ -66,7 +66,7 @@ "description": [ { "lang": "en", - "value": "CWE-269" + "value": "CWE-312" } ] } diff --git a/CVE-2024/CVE-2024-214xx/CVE-2024-21416.json b/CVE-2024/CVE-2024-214xx/CVE-2024-21416.json index ff53994f8bd..b25d31898d8 100644 --- a/CVE-2024/CVE-2024-214xx/CVE-2024-21416.json +++ b/CVE-2024/CVE-2024-214xx/CVE-2024-21416.json @@ -2,8 +2,8 @@ "id": "CVE-2024-21416", "sourceIdentifier": "secure@microsoft.com", "published": "2024-09-10T17:15:15.677", - "lastModified": "2024-09-10T17:43:14.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:55:14.573", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -18,8 +18,28 @@ "metrics": { "cvssMetricV31": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "secure@microsoft.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "secure@microsoft.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +81,86 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_1809:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.6293", + "matchCriteriaId": "3A9450F3-BE07-4F9B-9C2B-29208AB91A9C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19044.4894", + "matchCriteriaId": "30C7FEB1-00AE-42A6-BBAA-A30081BD4A83" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_10_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.19045.4894", + "matchCriteriaId": "ACE18049-0E6D-4F64-9702-37D9B4A26A54" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_21h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22000.3197", + "matchCriteriaId": "FF161E1C-AF7E-4F75-86BA-8479D0BA8086" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_22h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22621.4169", + "matchCriteriaId": "10708C4D-4596-4089-8DDB-5479DE084F64" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.22631.4169", + "matchCriteriaId": "3F9E54F7-0561-49F6-AAD1-B78FF99BBA44" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_11_24h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.26100.1742", + "matchCriteriaId": "889E645C-92D6-422B-A89B-05D6774B7543" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2019:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.17763.6293", + "matchCriteriaId": "BD2C9E88-C858-4B3D-A8C5-251DD6B69FD6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.20348.2700", + "matchCriteriaId": "4399F533-0094-43CF-872E-FC8E4A21A904" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:microsoft:windows_server_2022_23h2:*:*:*:*:*:*:*:*", + "versionEndExcluding": "10.0.25398.1128", + "matchCriteriaId": "FCB2DB55-B6D1-4D28-802F-D300BE10E9A0" + } + ] + } + ] + } + ], "references": [ { "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21416", - "source": "secure@microsoft.com" + "source": "secure@microsoft.com", + "tags": [ + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23915.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23915.json index c8dc4d99a26..7adf914e883 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23915.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23915.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23915", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:12.580", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:07:32.673", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23915", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-239xx/CVE-2024-23916.json b/CVE-2024/CVE-2024-239xx/CVE-2024-23916.json index c74da86b67c..1a69a0faf82 100644 --- a/CVE-2024/CVE-2024-239xx/CVE-2024-23916.json +++ b/CVE-2024/CVE-2024-239xx/CVE-2024-23916.json @@ -2,8 +2,8 @@ "id": "CVE-2024-23916", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:12.790", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:07:23.750", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-23916", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31164.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31164.json index 4dd0ec3cafc..3b689c5b290 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31164.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31164.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31164", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:12.967", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:07:18.047", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31164", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31165.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31165.json index 3fe643cd9c6..c21511dade2 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31165.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31165.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31165", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.147", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:07:09.943", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31165", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31166.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31166.json index dad0a5f4ae5..d813c47548a 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31166.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31166.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31166", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.327", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:06:13.597", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31166", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31167.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31167.json index 1dfcdc7417b..7ca200fcd5c 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31167.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31167.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31167", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.507", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:05:57.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31167", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31168.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31168.json index 53f43e0e4ed..04d3606e57b 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31168.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31168.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31168", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.683", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:05:47.117", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31168", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31169.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31169.json index c4ca06d1932..aec54524b56 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31169.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31169.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31169", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:13.860", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:05:19.817", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31169", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31170.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31170.json index 21d3e5a6248..b40384e59f3 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31170.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31170.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31170", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.037", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:01:49.263", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31170", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31171.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31171.json index 9641d2af5ff..78770d76490 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31171.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31171.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31171", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.210", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:02:03.187", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31171", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31172.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31172.json index b01a98e9a5c..e04cdaa4da8 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31172.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31172.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31172", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.387", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:02:15.750", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31172", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31173.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31173.json index 2af783b6465..7d9742f0690 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31173.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31173.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31173", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.557", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:02:24.133", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31173", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31174.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31174.json index 5646ce788aa..b0d1a513ac7 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31174.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31174.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31174", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.730", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:02:32.503", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31174", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31175.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31175.json index c77b5ff9caa..4029d815fe5 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31175.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31175.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31175", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:14.927", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:02:39.177", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31175", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31176.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31176.json index 65cacda3f49..29909d8ebdb 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31176.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31176.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31176", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.100", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:02:48.160", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31176", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31177.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31177.json index 16945c24101..d144e3394df 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31177.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31177.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31177", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.283", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:02:56.717", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31177", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31178.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31178.json index 325dc1c8c7a..17cc4a4609a 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31178.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31178.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31178", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.460", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:03:04.717", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31178", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31179.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31179.json index b7c33f0e04c..7db213c6be1 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31179.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31179.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31179", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.633", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:03:12.957", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31179", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31180.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31180.json index be40940bdce..6740e9121fb 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31180.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31180.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31180", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:15.820", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:41:14.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31180", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31181.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31181.json index 75af34930fd..320a32a43da 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31181.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31181.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31181", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.000", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:41:43.753", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31181", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31182.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31182.json index d3962e7e507..d0ee95d6265 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31182.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31182.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31182", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.193", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:42:15.857", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31182", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31183.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31183.json index 4ac3fdf4c05..22508b2798d 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31183.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31183.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31183", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.377", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:42:42.723", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31183", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31184.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31184.json index 7093d65b3dd..500894777c9 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31184.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31184.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31184", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.550", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:43:02.397", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31184", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31185.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31185.json index f7986d851c2..3d93660fbd7 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31185.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31185.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31185", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.727", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:43:17.233", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31185", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31186.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31186.json index 3eea3714bab..f94daaf0494 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31186.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31186.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31186", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:16.953", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:43:37.503", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31186", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31187.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31187.json index 47f25dc74b6..fe7371a30c7 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31187.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31187.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31187", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:17.173", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:43:54.320", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31187", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31188.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31188.json index 99a1f6f8926..0f558038735 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31188.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31188.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31188", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:17.403", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:44:13.943", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31188", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31189.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31189.json index d646eebef6a..ae0ef343135 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31189.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31189.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31189", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:17.593", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:44:33.780", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31189", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31190.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31190.json index 5d8f5d92319..e12a1d9edc4 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31190.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31190.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31190", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.017", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:44:53.940", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31190", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31191.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31191.json index 1f90e72c1dc..e72fa2e1bba 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31191.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31191.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31191", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.290", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:45:07.533", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31191", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31192.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31192.json index 37789bd81dc..9d91888a655 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31192.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31192.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31192", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.470", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:45:28.780", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31192", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31193.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31193.json index a386e0ae4de..c6343e6afa7 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31193.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31193.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31193", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.647", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:45:45.943", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31193", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31194.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31194.json index 04eb91821ad..912e0661230 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31194.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31194.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31194", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:18.827", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:46:09.817", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31194", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31195.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31195.json index fd2f3528e76..c73effbab72 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31195.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31195.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31195", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:19.000", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:46:35.267", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31195", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31196.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31196.json index 3359883b33c..fc5971b8c7c 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31196.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31196.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31196", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:19.190", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:46:48.183", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31196", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31197.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31197.json index 7775d048087..611f3f9e46b 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31197.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31197.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31197", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:19.367", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:47:09.157", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-Other" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31197", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-311xx/CVE-2024-31198.json b/CVE-2024/CVE-2024-311xx/CVE-2024-31198.json index ca1874efa89..8a4def05bc8 100644 --- a/CVE-2024/CVE-2024-311xx/CVE-2024-31198.json +++ b/CVE-2024/CVE-2024-311xx/CVE-2024-31198.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31198", "sourceIdentifier": "prodsec@nozominetworks.com", "published": "2024-09-18T14:15:19.550", - "lastModified": "2024-09-20T12:30:17.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:47:30.917", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + }, { "source": "prodsec@nozominetworks.com", "type": "Secondary", @@ -51,10 +81,30 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:opennetworking:libfluid_msg:0.1.0:*:*:*:*:*:*:*", + "matchCriteriaId": "41C125FF-B0BD-4CD6-8979-2B6006AB6821" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2024-31198", - "source": "prodsec@nozominetworks.com" + "source": "prodsec@nozominetworks.com", + "tags": [ + "Third Party Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31489.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31489.json index 776a0e8c6d4..1911e874ea9 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31489.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31489.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31489", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-09-10T15:15:15.787", - "lastModified": "2024-09-10T15:50:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:41:19.447", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.2, + "impactScore": 5.9 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -51,10 +71,65 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:linux:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.12", + "matchCriteriaId": "33ADA078-EB03-4E65-B6EF-0922CBC56AB2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.12", + "matchCriteriaId": "8D4523FC-18B6-45A0-9A8D-385B3F33F226" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.12", + "matchCriteriaId": "292245BC-0B63-42B0-B1B0-E73B0556CF3A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.3", + "matchCriteriaId": "95771ED1-D54C-4E3B-B72E-51D75851BFAB" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.5", + "matchCriteriaId": "2244A437-D579-4065-8FB0-37476ED7AC3C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:7.2.0:*:*:*:*:linux:*:*", + "matchCriteriaId": "88271718-0DD4-4717-B403-1B44E2E56C91" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-282", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-314xx/CVE-2024-31490.json b/CVE-2024/CVE-2024-314xx/CVE-2024-31490.json index d169127c10f..72223f05f1a 100644 --- a/CVE-2024/CVE-2024-314xx/CVE-2024-31490.json +++ b/CVE-2024/CVE-2024-314xx/CVE-2024-31490.json @@ -2,8 +2,8 @@ "id": "CVE-2024-31490", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-09-10T15:15:15.983", - "lastModified": "2024-09-10T15:50:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:48:42.507", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "psirt@fortinet.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@fortinet.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +81,44 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.2.2", + "versionEndExcluding": "4.2.7", + "matchCriteriaId": "7EED8247-7F5B-4279-B3CA-08A35DE8C907" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.4.0", + "versionEndExcluding": "4.4.5", + "matchCriteriaId": "2C77A903-42B3-41D3-BDC6-E138679B5400" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortisandbox:3.1.5:*:*:*:*:*:*:*", + "matchCriteriaId": "B3B00B3E-608B-46C9-9527-1DFB66624EEF" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.com/psirt/FG-IR-24-051", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-335xx/CVE-2024-33508.json b/CVE-2024/CVE-2024-335xx/CVE-2024-33508.json index 53b3eb0403d..9bb6cbf36bb 100644 --- a/CVE-2024/CVE-2024-335xx/CVE-2024-33508.json +++ b/CVE-2024/CVE-2024-335xx/CVE-2024-33508.json @@ -2,8 +2,8 @@ "id": "CVE-2024-33508", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-09-10T15:15:16.187", - "lastModified": "2024-09-10T15:50:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:48:06.197", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.3, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.4 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -51,10 +71,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.0.0", + "versionEndExcluding": "7.0.13", + "matchCriteriaId": "806EBE90-88D2-44AC-B7F5-1C0598E08A67" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient_enterprise_management_server:*:*:*:*:*:*:*:*", + "versionStartIncluding": "7.2.0", + "versionEndExcluding": "7.2.5", + "matchCriteriaId": "1978E3A0-128F-4982-87C0-9AD4FB67F9B9" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-123", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-352xx/CVE-2024-35282.json b/CVE-2024/CVE-2024-352xx/CVE-2024-35282.json index 6a1777d18e9..bfe5898e4be 100644 --- a/CVE-2024/CVE-2024-352xx/CVE-2024-35282.json +++ b/CVE-2024/CVE-2024-352xx/CVE-2024-35282.json @@ -2,8 +2,8 @@ "id": "CVE-2024-35282", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-09-10T15:15:16.397", - "lastModified": "2024-09-10T15:50:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:44:17.557", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "PHYSICAL", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.9, + "impactScore": 3.6 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "psirt@fortinet.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-312" + } + ] + }, + { + "source": "psirt@fortinet.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +81,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:iphone_os:*:*", + "versionStartIncluding": "6.0.0", + "versionEndIncluding": "7.2.5", + "matchCriteriaId": "E4C7743A-14D7-4DB0-A1CF-520D8A3E582B" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-24-139", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-365xx/CVE-2024-36511.json b/CVE-2024/CVE-2024-365xx/CVE-2024-36511.json index 1782c3ec8d3..bc1c4dfacef 100644 --- a/CVE-2024/CVE-2024-365xx/CVE-2024-36511.json +++ b/CVE-2024/CVE-2024-365xx/CVE-2024-36511.json @@ -2,8 +2,8 @@ "id": "CVE-2024-36511", "sourceIdentifier": "psirt@fortinet.com", "published": "2024-09-10T15:15:16.610", - "lastModified": "2024-09-10T15:50:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:43:25.023", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 3.7, + "baseSeverity": "LOW" + }, + "exploitabilityScore": 2.2, + "impactScore": 1.4 + }, { "source": "psirt@fortinet.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "psirt@fortinet.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "psirt@fortinet.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,10 +81,32 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:fortinet:fortiadc:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.0.0", + "versionEndExcluding": "7.4.5", + "matchCriteriaId": "A8E03AC9-E6B8-4DA9-B742-E1946A00A64C" + } + ] + } + ] + } + ], "references": [ { "url": "https://fortiguard.fortinet.com/psirt/FG-IR-22-256", - "source": "psirt@fortinet.com" + "source": "psirt@fortinet.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json b/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json index 0aeecd379a3..56469aa2797 100644 --- a/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json +++ b/CVE-2024/CVE-2024-417xx/CVE-2024-41721.json @@ -2,7 +2,7 @@ "id": "CVE-2024-41721", "sourceIdentifier": "secteam@freebsd.org", "published": "2024-09-20T08:15:11.323", - "lastModified": "2024-09-20T12:30:17.483", + "lastModified": "2024-09-20T18:35:04.067", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [ @@ -15,7 +15,30 @@ "value": "Una validaci\u00f3n de los l\u00edmites insuficiente en el c\u00f3digo USB podr\u00eda provocar una lectura fuera de los l\u00edmites en el mont\u00f3n, lo que potencialmente podr\u00eda generar una escritura arbitraria y la ejecuci\u00f3n remota de c\u00f3digo." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, "weaknesses": [ { "source": "secteam@freebsd.org", diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42346.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42346.json new file mode 100644 index 00000000000..35a098a4019 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42346.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42346", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-09-20T19:15:15.547", + "lastModified": "2024-09-20T19:15:15.547", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. The editor visualization, /visualizations endpoint, can be used to store HTML tags and trigger javascript execution upon edit operation. All supported branches of Galaxy (and more back to release_20.05) were amended with the supplied patches. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "LOW", + "availabilityImpact": "LOW", + "baseScore": 7.6, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 4.7 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-x6w7-3gwf-qr9r", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-423xx/CVE-2024-42351.json b/CVE-2024/CVE-2024-423xx/CVE-2024-42351.json new file mode 100644 index 00000000000..918363d17f7 --- /dev/null +++ b/CVE-2024/CVE-2024-423xx/CVE-2024-42351.json @@ -0,0 +1,68 @@ +{ + "id": "CVE-2024-42351", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-09-20T19:15:15.857", + "lastModified": "2024-09-20T19:15:15.857", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Galaxy is a free, open-source system for analyzing data, authoring workflows, training and education, publishing tools, managing infrastructure, and more. An attacker can potentially replace the contents of public datasets resulting in data loss or tampering. All supported branches of Galaxy (and more back to release_21.05) were amended with the below patch. Users are advised to upgrade. There are no known workarounds for this vulnerability." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security-advisories@github.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 6.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "security-advisories@github.com", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-200" + } + ] + } + ], + "references": [ + { + "url": "https://depot.galaxyproject.org/patch/GX-2024-0001/022da344a02bafd604402ac8e253e0014f6e2e08.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://depot.galaxyproject.org/patch/GX-2024-0001/15060a6cb222f2fcfc687d0f0260f1eb1b9c757b.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://depot.galaxyproject.org/patch/GX-2024-0001/235f1d8b400708556732b9dda788c919ebf3bb80.patch", + "source": "security-advisories@github.com" + }, + { + "url": "https://github.com/galaxyproject/galaxy/security/advisories/GHSA-5639-cmph-9j4v", + "source": "security-advisories@github.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-424xx/CVE-2024-42423.json b/CVE-2024/CVE-2024-424xx/CVE-2024-42423.json index 201813a52c5..0c30cdddcae 100644 --- a/CVE-2024/CVE-2024-424xx/CVE-2024-42423.json +++ b/CVE-2024/CVE-2024-424xx/CVE-2024-42423.json @@ -2,8 +2,8 @@ "id": "CVE-2024-42423", "sourceIdentifier": "security_alert@emc.com", "published": "2024-09-10T15:15:17.013", - "lastModified": "2024-09-10T15:50:47.237", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:42:20.417", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "NONE", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + }, { "source": "security_alert@emc.com", "type": "Secondary", @@ -51,10 +71,69 @@ ] } ], + "configurations": [ + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*", + "matchCriteriaId": "55FBE111-682B-44FD-ADE0-D200F8C75EBA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:dell:thinos:2402:*:*:*:*:*:*:*", + "matchCriteriaId": "ECA47B8D-21C0-4AF5-B975-DE6DA9D73FC1" + } + ] + } + ] + }, + { + "operator": "AND", + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:citrix:workspace:23.9.0.24.4:*:*:*:*:*:*:*", + "matchCriteriaId": "55FBE111-682B-44FD-ADE0-D200F8C75EBA" + } + ] + }, + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:o:dell:thinos:2311:*:*:*:*:*:*:*", + "matchCriteriaId": "978B5780-26F5-46C8-BA60-66214E06AFFA" + } + ] + } + ] + } + ], "references": [ { "url": "https://www.dell.com/support/kbdoc/en-us/000225289/dsa-2024-229-security-update-for-dell-thinos-vulnerabilities", - "source": "security_alert@emc.com" + "source": "security_alert@emc.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-426xx/CVE-2024-42697.json b/CVE-2024/CVE-2024-426xx/CVE-2024-42697.json new file mode 100644 index 00000000000..edb0354c308 --- /dev/null +++ b/CVE-2024/CVE-2024-426xx/CVE-2024-42697.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-42697", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-09-20T18:15:04.390", + "lastModified": "2024-09-20T18:35:04.363", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Cross Site Scripting vulnerability in Leotheme Leo Product Search Module v.2.1.6 and earlier allows a remote attacker to execute arbitrary code via the q parameter of the product search function." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-79" + } + ] + } + ], + "references": [ + { + "url": "https://github.com/JustDinooo/CVEs/blob/main/CVE-2024-42697/poc.txt", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-452xx/CVE-2024-45229.json b/CVE-2024/CVE-2024-452xx/CVE-2024-45229.json new file mode 100644 index 00000000000..0a7ffbcb438 --- /dev/null +++ b/CVE-2024/CVE-2024-452xx/CVE-2024-45229.json @@ -0,0 +1,56 @@ +{ + "id": "CVE-2024-45229", + "sourceIdentifier": "support@hackerone.com", + "published": "2024-09-20T19:15:16.080", + "lastModified": "2024-09-20T19:35:05.807", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. \r\n\r\nCurrently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance." + } + ], + "metrics": { + "cvssMetricV30": [ + { + "source": "support@hackerone.com", + "type": "Secondary", + "cvssData": { + "version": "3.0", + "vectorString": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "HIGH", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 6.6, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 0.7, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-306" + } + ] + } + ], + "references": [ + { + "url": "https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9", + "source": "support@hackerone.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-454xx/CVE-2024-45489.json b/CVE-2024/CVE-2024-454xx/CVE-2024-45489.json index 5c135fb79ba..5ec9505a516 100644 --- a/CVE-2024/CVE-2024-454xx/CVE-2024-45489.json +++ b/CVE-2024/CVE-2024-454xx/CVE-2024-45489.json @@ -2,17 +2,56 @@ "id": "CVE-2024-45489", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-20T17:15:15.060", - "lastModified": "2024-09-20T17:15:15.060", + "lastModified": "2024-09-20T19:15:16.330", "vulnStatus": "Received", "cveTags": [], "descriptions": [ { "lang": "en", - "value": "Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however, it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context." + "value": "Arc before 2024-08-26 allows remote code execution in JavaScript boosts. Boosts that run JavaScript cannot be shared by default; however (because of misconfigured Firebase ACLs), it is possible to create or update a boost using another user's ID. This installs the boost in the victim's browser and runs arbitrary Javascript on that browser in a privileged context. NOTE: this is a no-action cloud vulnerability with zero affected users." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", + "type": "Secondary", + "description": [ + { + "lang": "en", + "value": "CWE-284" + } + ] } ], - "metrics": {}, "references": [ + { + "url": "https://arc.net/blog/CVE-2024-45489-incident-response", + "source": "cve@mitre.org" + }, { "url": "https://kibty.town/blog/arc/", "source": "cve@mitre.org" diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45591.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45591.json index a812076c13c..290f059a007 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45591.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45591.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45591", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-10T16:15:21.340", - "lastModified": "2024-09-10T17:43:14.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:55:54.657", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 5.3, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.9, + "impactScore": 1.4 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-862" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -55,22 +85,63 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "1.8", + "versionEndExcluding": "15.10.9", + "matchCriteriaId": "83FA206B-6FB4-403A-867D-9CA434ACE9D6" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", + "versionStartIncluding": "16.0.0", + "versionEndExcluding": "16.3.0", + "matchCriteriaId": "E76E1D62-00AC-4BE0-9225-D520A520BA7B" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] }, { "url": "https://jira.xwiki.org/browse/XWIKI-22052", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Exploit", + "Issue Tracking", + "Patch", + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45592.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45592.json index f314ba97a01..3d812017940 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45592.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45592.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45592", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-10T16:15:21.550", - "lastModified": "2024-09-18T20:15:03.483", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:57:05.323", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "REQUIRED", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.1, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 2.8, + "impactScore": 2.7 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -51,18 +71,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:damienharper:auditor-bundle:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0.0", + "versionEndExcluding": "5.2.6", + "matchCriteriaId": "EB369F3E-71BC-4291-9F37-2B316612F401" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/DamienHarper/auditor-bundle/commit/42ba2940d8b99467de0c806ea5655cc1c6882cd1", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/DamienHarper/auditor-bundle/commit/e7deb377fa89677d44973b486d26d6a7374233ae", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/DamienHarper/auditor-bundle/security/advisories/GHSA-78vg-7v27-hj67", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45593.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45593.json index 42de8b19d06..0bd6ca2db9f 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45593.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45593.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45593", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-10T16:15:21.760", - "lastModified": "2024-09-10T17:43:14.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:57:55.573", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-22" + } + ] + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -51,14 +81,39 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:nixos:nix:*:*:*:*:*:*:*:*", + "versionStartIncluding": "2.24.0", + "versionEndExcluding": "2.24.6", + "matchCriteriaId": "423F7CD7-8C2C-4133-947F-8F42F5F7CECD" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/NixOS/nix/commit/eb11c1499876cd4c9c188cbda5b1003b36ce2e59", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/NixOS/nix/security/advisories/GHSA-h4vv-h3jq-v493", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-455xx/CVE-2024-45595.json b/CVE-2024/CVE-2024-455xx/CVE-2024-45595.json index b2bac42e201..9fb7515aa4c 100644 --- a/CVE-2024/CVE-2024-455xx/CVE-2024-45595.json +++ b/CVE-2024/CVE-2024-455xx/CVE-2024-45595.json @@ -2,8 +2,8 @@ "id": "CVE-2024-45595", "sourceIdentifier": "security-advisories@github.com", "published": "2024-09-10T16:15:21.970", - "lastModified": "2024-09-10T17:43:14.410", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T19:59:02.963", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 9.8, + "baseSeverity": "CRITICAL" + }, + "exploitabilityScore": 3.9, + "impactScore": 5.9 + }, { "source": "security-advisories@github.com", "type": "Secondary", @@ -41,8 +61,18 @@ }, "weaknesses": [ { - "source": "security-advisories@github.com", + "source": "nvd@nist.gov", "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, + { + "source": "security-advisories@github.com", + "type": "Secondary", "description": [ { "lang": "en", @@ -51,18 +81,45 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:man:d-tale:*:*:*:*:*:*:*:*", + "versionEndExcluding": "3.14.1", + "matchCriteriaId": "8D13C5E8-29D1-4532-88C1-826651CDA34E" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/man-group/dtale#custom-filter", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Product" + ] }, { "url": "https://github.com/man-group/dtale/commit/b6e30969390520d1400b55acbb13e5487b8472e8", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/man-group/dtale/security/advisories/GHSA-pw44-4h99-wqff", - "source": "security-advisories@github.com" + "source": "security-advisories@github.com", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-466xx/CVE-2024-46654.json b/CVE-2024/CVE-2024-466xx/CVE-2024-46654.json new file mode 100644 index 00000000000..527aac9ae56 --- /dev/null +++ b/CVE-2024/CVE-2024-466xx/CVE-2024-46654.json @@ -0,0 +1,21 @@ +{ + "id": "CVE-2024-46654", + "sourceIdentifier": "cve@mitre.org", + "published": "2024-09-20T19:15:16.473", + "lastModified": "2024-09-20T19:15:16.473", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "A stored cross-site scripting (XSS) vulnerability in the Add Scheduled Task module of Maccms10 v2024.1000.4040 allows attackers to execute arbitrary web scripts or HTML via a crafted payload." + } + ], + "metrics": {}, + "references": [ + { + "url": "https://github.com/magicblack/maccms10/issues/1183", + "source": "cve@mitre.org" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46719.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46719.json index 47c4b25f66e..06dd983c9b6 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46719.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46719.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46719", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.357", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:21:49.963", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,144 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: usb: typec: ucsi: Se corrige la desreferencia del puntero nulo en el seguimiento ucsi_register_altmode comprueba IS_ERR para el puntero alt y trata NULL como v\u00e1lido. Cuando CONFIG_TYPEC_DP_ALTMODE no est\u00e1 habilitado, ucsi_register_displayport devuelve NULL, lo que provoca una desreferencia del puntero NULL en el seguimiento. En lugar de devolver NULL, llame a typec_port_register_altmode para registrar el modo alternativo de DisplayPort como un modo no controlable cuando CONFIG_TYPEC_DP_ALTMODE no est\u00e1 habilitado." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "B1C17E9C-479F-4AE4-8344-B7A213DE3E83" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.109", + "matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.50", + "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3aa56313b0de06ce1911950b2cc0c269614a87a9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3b9f2d9301ae67070fe77a0c06758722fd7172b7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7e64cabe81c303bdf6fd26b6a09a3289b33bc870", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8095bf0579ed4906a33f7bec675bfb29b6b16a3b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/99331fe68a8eaa4097143a33fb0c12d5e5e8e830", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/99516f76db48e1a9d54cdfed63c1babcee4e71a5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b4243c05d7e3db0bdbf9124e6fa59b4ca7c807ae", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46720.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46720.json index 9eacd1f02dc..37f2d537057 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46720.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46720.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46720", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.420", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:22:04.693", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,102 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: corrige la desreferenciaci\u00f3n despu\u00e9s de la comprobaci\u00f3n nula; comprueba la secci\u00f3n del puntero antes de usarla." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.109", + "matchCriteriaId": "EFD3BACD-EA1D-4437-A135-A3E7A761F54F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.50", + "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/00b9594d6310eb33e14d3f07b54866499efe0d50", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/0aad97bf6d0bc7a34a19f266b0b9fb2861efe64c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1b73ea3d97cc23f9b16d10021782b48397d2b517", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b1f7810b05d1950350ac2e06992982974343e441", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46721.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46721.json index 6bece31b1b5..1cea4702e3f 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46721.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46721.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46721", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.480", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:22:46.637", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,158 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: apparmor: se corrige la posible desreferencia del puntero NULL. profile->parent->dents[AAFS_PROF_DIR] podr\u00eda ser NULL solo si su padre se crea a partir de __create_missing_ancestors(..) y 'ent->old' es NULL en aa_replace_profiles(..). En ese caso, debe devolver un c\u00f3digo de error y el c\u00f3digo, -ENOENT representa su estado de que la ruta de su padre a\u00fan no existe. ERROR: desreferencia de puntero NULL del n\u00facleo, direcci\u00f3n: 0000000000000030 PGD 0 P4D 0 PREEMPT SMP PTI CPU: 4 PID: 3362 Comm: apparmor_parser No contaminado 6.8.0-24-generic #24 Nombre del hardware: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 RIP: 0010:aafs_create.constprop.0+0x7f/0x130 C\u00f3digo: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 000000000000000 RBX: 00000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 00000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000000 R12: ffffffff82baac10 R13: 000000000000000 R14: 0000000000000000 R15: 0000000000000000 FS: 00007be9f22cf740(0000) GS:ffff88817bc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000030 CR3: 0000000134b08000 CR4: 00000000000006f0 Seguimiento de llamadas: ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? page_fault_oops+0x99/0x1b0 ? kernelmode_fixup_or_oops+0xb2/0x140 ? __bad_area_nosemaphore+0x1a5/0x2c0 ? aafs_create.constprop.0+0x7f/0x130 ? aafs_create.constprop.0+0x51/0x130 __aafs_profile_mkdir+0x3d6/0x480 aa_replace_profiles+0x83f/0x1270 actualizaci\u00f3n_pol\u00edtica+0xe3/0x180 carga_perfil+0xbc/0x150 ? __x64_sys_openat+0x55/0xa0 ? syscall_salir_al_modo_usuario+0x86/0x260 ksys_write+0x73/0x100 __x64_sys_write+0x19/0x30 x64_sys_call+0x7e/0x25c0 do_syscall_64+0x7f/0x180 entry_SYSCALL_64_after_hwframe+0x78/0x80 RIP: 0033:0x7be9f211c574 C\u00f3digo: c7 00 16 00 00 00 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 80 3d d5 ea 0e 00 00 74 13 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 54 c3 0f 1f 00 55 48 89 e5 48 83 ec 20 48 89 RSP: 002b:00007ffd26f2b8c8 EFLAGS: 00000202 ORIG_RAX: 0000000000000001 RAX: ffffffffffffffda RBX: 00005d504415e200 RCX: 00007be9f211c574 RDX: 0000000000001fc1 RSI: 00005d504418bc80 RDI: 0000000000000004 RBP: 0000000000001fc1 R08: 0000000000001fc1 R09: 0000000080000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00005d504418bc80 R13: 0000000000000004 R14: 00007ffd26f2b9b0 R15: 00007ffd26f2ba30 M\u00f3dulos vinculados en: snd_seq_dummy snd_hrtimer qrtr snd_hda_codec_generic snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_seq_midi snd_seq_midi_event snd_rawmidi snd_seq snd_seq_device i2c_i801 snd_timer i2c_smbus qxl snd soundcore drm_ttm_helper lpc_ich ttm joydev leds de entrada serio_raw mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs qemu_fw_cfg tablas_ip tablas_x autofs4 hid_generic usbhid hid ahci libahci psmouse virtio_rng xhci_pci xhci_pci_renesas CR2: 0000000000000030 ---[ fin de seguimiento 000000000000000 ]--- RIP: 0010:aafs_create.constprop.0+0x7f/0x130 C\u00f3digo: 4c 63 e0 48 83 c4 18 4c 89 e0 5b 41 5c 41 5d 41 5e 41 5f 5d 31 d2 31 c9 31 f6 31 ff 45 31 c0 45 31 c9 45 31 d2 c3 cc cc cc cc <4d> 8b 55 30 4d 8d ba a0 00 00 00 4c 89 55 c0 4c 89 ff e8 7a 6a ae RSP: 0018:ffffc9000b2c7c98 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 000000000000041ed RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffc9000b2c7cd8 R08: 0000000000000000 R09: 0000000000000000 R10: 0000 ---truncado---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.19.322", + "matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.109", + "matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.50", + "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/09b2d107fe63e55b6ae643f9f26bf8eb14a261d9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3dd384108d53834002be5630132ad5c3f32166ad", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/52338a3aa772762b8392ce7cac106c1099aeab85", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/59f742e55a469ef36c5c1533b6095a103b61eda8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/730ee2686af0d55372e97a2695005ff142702363", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8d9da10a392a32368392f7a16775e1f36e2a5346", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c49bbe69ee152bd9c1c1f314c0f582e76c578f64", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e3c7d23f7a5c0b11ba0093cea32261ab8098b94e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46722.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46722.json index c725da31f33..b26956c38d7 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46722.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46722.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46722", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.547", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:23:11.930", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,158 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige la advertencia de lectura fuera de los l\u00edmites de mc_data. Advertencia clara de que la lectura mc_data[i-1] puede estar fuera de los l\u00edmites." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.19.322", + "matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.109", + "matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.50", + "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/2097edede72ec5bb3869cf0205337d392fb2a553", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/310b9d8363b88e818afec97ca7652bd7fe3d0650", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/345bd3ad387f9e121aaad9c95957b80895e2f2ec", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/51dfc0a4d609fe700750a62f41447f01b8c9ea50", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/578ae965e8b90cd09edeb0252b50fa0503ea35c5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5fa4df25ecfc7b6c9006f5b871c46cfe25ea8826", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b862a0bc5356197ed159fed7b1c647e77bc9f653", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d0a43bf367ed640e527e8ef3d53aac1e71f80114", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46723.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46723.json index c32c39fe425..19f7212b955 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46723.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46723.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46723", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.610", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:30:30.117", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,158 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: se corrige la advertencia de lectura fuera de los l\u00edmites de ucode. Advertencia clara de que la lectura ucode[] puede estar fuera de los l\u00edmites." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.19.322", + "matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.109", + "matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.50", + "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/0bef65e069d84d1cd77ce757aea0e437b8e2bd33", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/23fefef859c6057e6770584242bdd938254f8ddd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5f09fa5e0ad45fbca71933a0e024ca52da47d59b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/82ac8f1d02886b5d8aeb9e058989d3bd6fc581e2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8944acd0f9db33e17f387fdc75d33bb473d7936f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8981927ebc6c12fa76b30c4178acb462bab15f54", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e789e05388854a5436b2b5d8695fdb864c9bcc27", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f2b7a9f3839e92f43559b2795b34640ca8cf839f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46724.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46724.json index ad27247aee6..83fb861b7a8 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46724.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46724.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46724", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.673", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:30:58.980", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrige la lectura fuera de los l\u00edmites de df_v1_7_channel_number. Verifique el rango fb_channel_number para evitar el error de lectura fuera de los l\u00edmites de la matriz." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "2C67534D-8BBC-4069-8DEA-62295B16358C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.109", + "matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.50", + "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/32915dc909ff502823babfe07d5416c5b6e8a8b1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/45f7b02afc464c208e8f56bcbc672ef5c364c815", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/725b728cc0c8c5fafdfb51cb0937870d33a40fa4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d768394fa99467bcf2703bde74ddc96eeb0b71fa", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/db7a86676fd624768a5d907faf34ad7bb4ff25f4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f9267972490f9fcffe146e79828e97acc0da588c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46725.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46725.json index e4931b32f1a..0379f521b82 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46725.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46725.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46725", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.733", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:40:42.753", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,130 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amdgpu: Se corrige la advertencia de escritura fuera de los l\u00edmites Verifique el valor del tipo de anillo para corregir la advertencia de escritura fuera de los l\u00edmites" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-787" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "2C67534D-8BBC-4069-8DEA-62295B16358C" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.109", + "matchCriteriaId": "790F505A-7933-48F1-B038-380A8BC5C153" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.50", + "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/130bee397b9cd52006145c87a456fd8719390cb5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/919f9bf9997b8dcdc132485ea96121e7d15555f9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a60d1f7ff62e453dde2d3b4907e178954d199844", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/be1684930f5262a622d40ce7a6f1423530d87f89", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c253b87c7c37ec40a2e0c84e4a6b636ba5cd66b2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/cf2db220b38301b6486a0f11da24a0f317de558c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46726.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46726.json index 8a555e9ead0..0596243c06c 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46726.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46726.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46726", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T07:15:03.787", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:36:27.070", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,102 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/amd/display: garantizar que el c\u00e1lculo del \u00edndice no se desborde [POR QU\u00c9 Y C\u00d3MO] Aseg\u00farese de que el c\u00e1lculo de vmid0p72_idx, vnom0p8_idx y vmax0p9_idx nunca se desborde ni supere el tama\u00f1o de la matriz. Esto soluciona 3 problemas OVERRUN y 1 INTEGER_OVERFLOW informados por Coverity." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-190" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.1.109", + "matchCriteriaId": "EFD3BACD-EA1D-4437-A135-A3E7A761F54F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.50", + "matchCriteriaId": "A56A0460-B122-44D6-B0E6-26CE9C891536" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.9", + "matchCriteriaId": "F4469C96-A86B-4CC3-B2D5-C21B6B72641B" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3dc6bb57dab36b38b7374af0ac916174c146b6ed", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/733ae185502d30bbe79575167b6178cfb6c5d6bd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8e2734bf444767fed787305ccdcb36a2be5301a2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d705b5869f6b1b46ad5ceb1bd2a08c04f7e5003b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46735.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46735.json index 04031b9aba8..9f4ac57a531 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46735.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46735.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46735", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.057", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:35:53.967", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,23 +15,133 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ublk_drv: se corrige la desreferencia de puntero NULL en ublk_ctrl_start_recovery() Cuando se env\u00edan dos comandos UBLK_CMD_START_USER_RECOVERY, el primero establece 'ubq->ubq_daemon' en NULL, y el segundo activa WARN en ublk_queue_reinit() y posteriormente un problema de desreferencia de puntero NULL. Arr\u00e9glelo agregando la comprobaci\u00f3n en ublk_ctrl_start_recovery() y regrese inmediatamente en caso de cero 'ub->nr_queues_ready'. ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000028 RIP: 0010:ublk_ctrl_start_recovery.constprop.0+0x82/0x180 Call Trace: ? __die+0x20/0x70 ? page_fault_oops+0x75/0x170 ? exc_page_fault+0x64/0x140 ? asm_exc_page_fault+0x22/0x30 ? ublk_ctrl_start_recovery.constprop.0+0x82/0x180 ublk_ctrl_uring_cmd+0x4f7/0x6c0 ? pick_next_task_idle+0x26/0x40 io_uring_cmd+0x9a/0x1b0 io_issue_sqe+0x193/0x3f0 io_wq_submit_work+0x9b/0x390 io_worker_handle_work+0x165/0x360 io_wq_worker+0xcb/0x2f0 ? finish_task_switch.isra.0+0x203/0x290 ? finish_task_switch.isra.0+0x203/0x290 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_io_wq_worker+0x10/0x10 ret_from_fork_asm+0x1a/0x30 " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.1", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "FD34EEF6-E0F8-42D6-BF92-8EB851A6ADEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/136a29d8112df4ea0a57f9602ddf3579e04089dc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7c890ef60bf417d3fe5c6f7a9f6cef0e1d77f74f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ca249435893dda766f3845c15ca77ca5672022d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e58f5142f88320a5b1449f96a146f2f24615c5c7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46737.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46737.json index 5b0b0df9f74..2a41275d623 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46737.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46737.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46737", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.167", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:35:34.700", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,175 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: nvmet-tcp: corrige el fallo del kernel si falla la asignaci\u00f3n de comandos Si la asignaci\u00f3n de comandos falla en nvmet_tcp_alloc_cmds(), el kernel se bloquea en nvmet_tcp_release_queue_work() debido a una desreferencia de puntero NULL. nvmet: no se pudo instalar la cola 0 cntlid 1 ret 6 No se puede manejar la desreferencia de puntero NULL del kernel en la direcci\u00f3n virtual 000000000000008 Corrija el error estableciendo queue->nr_cmds en cero en caso de que nvmet_tcp_alloc_cmd() falle." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.0", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "92F559E9-40A5-457C-B86A-9503685E3433" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/03e1fd0327fa5e2174567f5fe9290fe21d21b8f4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/489f2913a63f528cfe3f21722583fb981967ecda", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/50632b877ce55356f5d276b9add289b1e7ddc683", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5572a55a6f830ee3f3a994b6b962a5c327d28cb3", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6c04d1e3ab22cc5394ef656429638a5947f87244", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7957c731fc2b23312f8935812dee5a0b14b04e2d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/91dad30c5607e62864f888e735d0965567827bdf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46738.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46738.json index ec776f2a8d7..359c72646de 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46738.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46738.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46738", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.233", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:35:04.373", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,189 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: VMCI: Arreglar el use after free al eliminar un recurso en vmci_resource_remove() Al eliminar un recurso de vmci_resource_table en vmci_resource_remove(), la b\u00fasqueda se realiza utilizando el identificador del recurso comparando los campos de contexto y recurso. Sin embargo, es posible crear dos recursos con diferentes tipos pero el mismo identificador (mismo contexto y campos de recurso). Al intentar eliminar uno de los recursos, es posible que vmci_resource_remove() no elimine el deseado, pero el objeto a\u00fan se liberar\u00e1 como en el caso del tipo de datagrama en vmci_datagram_destroy_handle(). vmci_resource_table a\u00fan mantendr\u00e1 un puntero a este recurso liberado, lo que conduce a una vulnerabilidad de use after free. ERROR: KASAN: use after free en vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [en l\u00ednea] ERROR: KASAN: use after free en vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffff88801c16d800 por la tarea syz-executor197/1592 Seguimiento de llamadas: __dump_stack lib/dump_stack.c:88 [en l\u00ednea] dump_stack_lvl+0x82/0xa9 lib/dump_stack.c:106 print_address_description.constprop.0+0x21/0x366 mm/kasan/report.c:239 __kasan_report.cold+0x7f/0x132 mm/kasan/report.c:425 kasan_report+0x38/0x51 mm/kasan/report.c:442 vmci_handle_is_equal include/linux/vmw_vmci_defs.h:142 [en l\u00ednea] vmci_resource_remove+0x3a1/0x410 drivers/misc/vmw_vmci/vmci_resource.c:147 vmci_qp_broker_detach+0x89a/0x11b9 drivers/misc/vmw_vmci/vmci_queue_pair.c:2182 ctx_free_ctx+0x473/0xbe1 controladores/misc/vmw_vmci/vmci_context.c:444 kref_put include/linux/kref.h:65 [en l\u00ednea] vmci_ctx_put controladores/misc/vmw_vmci/vmci_context.c:497 [en l\u00ednea] vmci_ctx_destroy+0x170/0x1d6 controladores/misc/vmw_vmci/vmci_context.c:195 vmci_host_close+0x125/0x1ac controladores/misc/vmw_vmci/vmci_host.c:143 __fput+0x261/0xa34 fs/file_table.c:282 task_work_run+0xf0/0x194 kernel/task_work.c:164 tracehook_notify_resume include/linux/tracehook.h:189 [en l\u00ednea] exit_to_user_mode_loop+0x184/0x189 kernel/entry/common.c:187 exit_to_user_mode_prepare+0x11b/0x123 kernel/entry/common.c:220 __syscall_exit_to_user_mode_work kernel/entry/common.c:302 [en l\u00ednea] syscall_exit_to_user_mode+0x18/0x42 kernel/entry/common.c:313 do_syscall_64+0x41/0x85 arch/x86/entry/common.c:86 entry_SYSCALL_64_after_hwframe+0x6e/0x0 Este cambio garantiza que el tipo tambi\u00e9n se verifique al eliminar el recurso de vmci_resource_table en Eliminaci\u00f3n de recursos vmci()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "3.9", + "versionEndExcluding": "4.19.322", + "matchCriteriaId": "1B6A6B56-FE16-446C-B46F-327CF8A46124" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/00fe5292f081f8d773e572df8e03bf6e1855fe49", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/39e7e593418ccdbd151f2925fa6be1a616d16c96", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/48b9a8dabcc3cf5f961b2ebcd8933bf9204babb7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6c563a29857aa8053b67ee141191f69757f27f6e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b243d52b5f6f59f9d39e69b191fb3d58b94a43b1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b9efdf333174468651be40390cbc79c9f55d9cce", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/ef5f4d0c5ee22d4f873116fec844ff6edaf3fa7d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f6365931bf7c07b2b397dbb06a4f6573cc9fae73", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46739.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46739.json index 5a2528cc18d..2a07a3b508a 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46739.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46739.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46739", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.293", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:34:29.957", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,189 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: uio_hv_generic: Corrija la desreferencia del puntero NULL del kernel en hv_uio_rescind. Para los canales de bus de VM principales, el puntero primary_channel siempre es NULL. Este puntero solo es v\u00e1lido para los canales secundarios. Adem\u00e1s, la devoluci\u00f3n de llamada rescind est\u00e1 destinada solo para los canales principales. Corrija la desreferencia del puntero NULL recuperando el device_obj del padre para el canal principal." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.16", + "versionEndExcluding": "4.19.322", + "matchCriteriaId": "23702FC4-962D-4C8E-BA6D-35481A6737BC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/1d8e020e51ab07e40f9dd00b52f1da7d96fec04c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/2be373469be1774bbe03b0fa7e2854e65005b1cc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3005091cd537ef8cdb7530dcb2ecfba8d2ef475c", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3d414b64ecf6fd717d7510ffb893c6f23acbf50e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/928e399e84f4e80307dce44e89415115c473275b", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/de6946be9c8bc7d2279123433495af7c21011b99", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f38f46da80a2ab7d1b2f8fcb444c916034a2dac4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fb1adbd7e50f3d2de56d0a2bb0700e2e819a329e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46740.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46740.json index c9c989ad4aa..f45bdd8f178 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46740.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46740.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46740", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.377", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:34:08.163", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,175 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: binder: fix UAF caused by offsets overwrite Los objetos Binder se procesan y copian individualmente en el b\u00fafer de destino durante las transacciones. Tambi\u00e9n se copian todos los datos sin procesar entre estos objetos. Sin embargo, esta copia de datos sin procesar carece de una comprobaci\u00f3n de fuera de los l\u00edmites. Si los datos sin procesar superan el tama\u00f1o de la secci\u00f3n de datos, la copia sobrescribe la secci\u00f3n de compensaciones. Esto finalmente desencadena un error que intenta desenrollar los objetos procesados. Sin embargo, en este punto, las compensaciones utilizadas para indexar estos objetos ahora est\u00e1n da\u00f1adas. El desenrollado con compensaciones da\u00f1adas puede resultar en disminuciones de nodos arbitrarios y conducir a su liberaci\u00f3n prematura. Otros usuarios de dichos nodos se quedan con un puntero colgante que activa un use after free. Este problema se hace evidente en el siguiente informe de KASAN (recortado): ===================================================================== ERROR: KASAN: slab-use-after-free en _raw_spin_lock+0xe4/0x19c Escritura de tama\u00f1o 4 en la direcci\u00f3n ffff47fc91598f04 por la tarea binder-util/743 CPU: 9 UID: 0 PID: 743 Comm: binder-util No contaminado 6.11.0-rc4 #1 Nombre del hardware: linux,dummy-virt (DT) Rastreo de llamadas: _raw_spin_lock+0xe4/0x19c binder_free_buf+0x128/0x434 binder_thread_write+0x8a4/0x3260 binder_ioctl+0x18f0/0x258c [...] Asignado por la tarea 743: __kmalloc_cache_noprof+0x110/0x270 binder_new_node+0x50/0x700 binder_transaction+0x413c/0x6da8 binder_thread_write+0x978/0x3260 binder_ioctl+0x18f0/0x258c [...] Liberado por la tarea 745: kfree+0xbc/0x208 binder_thread_read+0x1c5c/0x37d4 binder_ioctl+0x16d8/0x258c [...] ======================================================================= Para evitar este problema, verifiquemos que la copia de datos sin procesar est\u00e9 dentro de los l\u00edmites de la secci\u00f3n de datos." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4.226", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "F0B6E199-279F-4F92-B463-C5F87E230BCE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.10.157", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "D93C7D07-3360-4012-AFCB-4F16A83F0753" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15.17", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "DC1E2D56-0897-4435-BC25-739B04462E13" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.17", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "BBF34251-254C-4A5B-A072-3C3A93781706" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/109e845c1184c9f786d41516348ba3efd9112792", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/1f33d9f1d9ac3f0129f8508925000900c2fe5bb0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3a8154bb4ab4a01390a3abf1e6afac296e037da4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4df153652cc46545722879415937582028c18af5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4f79e0b80dc69bd5eaaed70f0df1b558728b4e59", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5a32bfd23022ffa7e152f273fa3fa29befb7d929", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/eef79854a04feac5b861f94d7b19cbbe79874117", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46741.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46741.json index c3f57d46285..fc5dbf3b0d5 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46741.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46741.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46741", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.430", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:33:27.960", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,119 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: misc: fastrpc: Fix double free of 'buf' in error path smatch Warning: drivers/misc/fastrpc.c:1926 fastrpc_req_mmap() error: double free of 'buf' En la ruta de error fastrpc_req_mmap(), el b\u00fafer fastrpc se libera en fastrpc_req_munmap_impl() si la anulaci\u00f3n del mapa se realiza correctamente. Pero al final, hay una llamada incondicional a fastrpc_buf_free(). Por lo tanto, el caso anterior activa la doble liberaci\u00f3n del b\u00fafer fastrpc." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-415" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/bfc1704d909dc9911a558b1a5833d3d61a43a1f2", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e8c276d4dc0e19ee48385f74426aebc855b49aaf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f77dc8a75859e559f3238a6d906206259227985e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46742.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46742.json index 91d7f53799f..270ba7a9419 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46742.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46742.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46742", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.480", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:32:34.303", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,108 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb/server: se corrige la posible eliminaci\u00f3n de referencia nula de lease_ctx_info en smb2_open(). La eliminaci\u00f3n de referencia nula de lease_ctx_info ocurrir\u00e1 cuando (req_op_level == SMB2_OPLOCK_LEVEL_LEASE) y parse_lease_state() devuelvan NULL. Corrija esto verificando si 'lease_ctx_info' es NULL. Adem\u00e1s, elimine los par\u00e9ntesis redundantes en parse_durable_handle_context()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "D4954ED0-8229-4D57-B4B3-CB5154734977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/07f384c5be1f8633b13f0a22616e227570450bc6", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/3b692794b81f2ecad69a4adbba687f3836824ada", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4e8771a3666c8f216eefd6bd2fd50121c6c437db", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46743.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46743.json index c65f1be6419..c15d9459d60 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46743.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46743.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46743", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.540", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:32:11.827", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,173 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: of/irq: Evitar lecturas fuera de los l\u00edmites de direcciones de dispositivos en el recorrido del mapa de interrupciones Cuando se invoca of_irq_parse_raw() con una direcci\u00f3n de dispositivo menor que el nodo padre de la interrupci\u00f3n (de la propiedad #address-cells), KASAN detecta la siguiente lectura fuera de los l\u00edmites al completar la tabla de coincidencia inicial (dyndbg=\"func of_irq_parse_* +p\"): OF: of_irq_parse_one: dev=/soc@0/picasso/watchdog, index=0 OF: parent=/soc@0/pci@878000000000/gpio0@17,0, intsize=2 OF: intspec=4 OF: of_irq_parse_raw: ipar=/soc@0/pci@878000000000/gpio0@17,0, size=2 OF: -> addrsize=3 ====================================================================== ERROR: KASAN: slab-out-of-bounds en of_irq_parse_raw+0x2b8/0x8d0 Lectura de tama\u00f1o 4 en la direcci\u00f3n ffffff81beca5608 por la tarea bash/764 CPU: 1 PID: 764 Comm: bash Tainted: GO 6.1.67-484c613561-nokia_sm_arm64 #1 Nombre del hardware: Unknown Unknown Product/Unknown Product, BIOS 2023.01-12.24.03-dirty 01/01/2023 Rastreo de llamadas: dump_backtrace+0xdc/0x130 mostrar_pila+0x1c/0x30 dump_stack_lvl+0x6c/0x84 imprimir_informe+0x150/0x448 kasan_informe+0x98/0x140 __asan_load4+0x78/0xa0 de_irq_parse_raw+0x2b8/0x8d0 de_irq_parse_one+0x24c/0x270 analizar_interrupciones+0xc0/0x120 de_fwnode_add_links+0x100/0x2d0 fw_devlink_parse_fwtree+0x64/0xc0 dispositivo_add+0xb38/0xc30 de_dispositivo_add+0x64/0x90 of_platform_device_create_pdata+0xd0/0x170 of_platform_bus_create+0x244/0x600 of_platform_notify+0x1b0/0x254 blocking_notifier_call_chain+0x9c/0xd0 __of_changeset_entry_notify+0x1b8/0x230 __of_changeset_apply_notify+0x54/0xe4 of_overlay_fdt_apply+0xc04/0xd94 ... La direcci\u00f3n con errores pertenece al objeto en ffffff81beca5600 que pertenece al cach\u00e9 kmalloc-128 de tama\u00f1o 128 La direcci\u00f3n con errores se encuentra 8 bytes dentro de la regi\u00f3n de 128 bytes [ffffff81beca5600, ffffff81beca5680) La direcci\u00f3n con errores pertenece a la p\u00e1gina f\u00edsica: p\u00e1gina:00000000230d3d03 refcount:1 mapcount:0 mapping:0000000000000000 \u00edndice:0x0 pfn:0x1beca4 cabeza:00000000230d3d03 orden:1 composite_mapcount:0 composite_pincount:0 indicadores: 0x8000000000010200(slab|head|zone=2) sin procesar: 800000000010200 0000000000000000 muerto000000000122 ffffff810000c300 sin procesar: 000000000000000 0000000000200020 00000001ffffffff 0000000000000000 p\u00e1gina volcada porque: kasan: mal acceso detectado Estado de la memoria alrededor de la direcci\u00f3n con errores: ffffff81beca5500: 04 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5580: fc fc fc fc fc fc fc fc fc >ffffff81beca5600: 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffffff81beca5680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffffff81beca5700: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc ==================================================================== OF: -> \u00a1entendido! Evite la lectura fuera de los l\u00edmites copiando la direcci\u00f3n del dispositivo en un b\u00fafer de tama\u00f1o suficiente." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.19.322", + "matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/7ead730af11ee7da107f16fc77995613c58d292d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8ff351ea12e918db1373b915c4c268815929cbe5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9d1e9f0876b03d74d44513a0ed3ed15ef8f2fed5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b739dffa5d570b411d4bdf4bb9b8dfd6b7d72305", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/baaf26723beab3a04da578d3008be3544f83758f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/bf68acd840b6a5bfd3777e0d5aaa204db6b461a9", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d2a79494d8a5262949736fb2c3ac44d20a51b0d8", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/defcaa426ba0bc89ffdafb799d2e50b52f74ffc4", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46747.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46747.json index 1e367ef7acb..3e33da0b92e 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46747.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46747.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46747", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.790", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:31:19.190", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,39 +15,178 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: HID: cougar: fix slab-out-of-bounds La lectura en cougar_report_fixup report_fixup para el teclado para juegos Cougar 500k no verificaba que el tama\u00f1o del descriptor del informe fuera correcto antes de acceder a \u00e9l." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 7.1, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.2 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-125" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "4.19.322", + "matchCriteriaId": "29162FB8-5FA4-4DC4-86CE-5EB0CAEEF2F3" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "4.20", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "6265A402-9C3C-438F-BFC5-4194B2568B85" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/30e9ce7cd5591be639b53595c95812f1a2afdfdc", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/34185de73d74fdc90e8651cfc472bfea6073a13f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/48b2108efa205f4579052c27fba2b22cc6ad8aa0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/890dde6001b651be79819ef7a3f8c71fc8f9cabf", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/a6e9c391d45b5865b61e569146304cff72821a5d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e239e44dcd419b13cf840e2a3a833204e4329714", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e4a602a45aecd6a98b4b37482f5c9f8f67a32ddd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fac3cb3c6428afe2207593a183b5bc4742529dfd", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46749.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46749.json index 8dbf874d9ad..6a9056170e8 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46749.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46749.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46749", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:03.893", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:45:43.483", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,88 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: Bluetooth: btnxpuart: corrige la desreferencia de puntero nulo en btnxpuart_flush() Esto agrega una verificaci\u00f3n antes de liberar rx->skb en las funciones flush y close para manejar el bloqueo del kernel observado al eliminar el controlador despu\u00e9s de que falla la descarga de FW o antes de que se complete la descarga de FW. dmesg log: [ 54.634586] No se puede manejar la desreferencia del puntero NULL del n\u00facleo en la direcci\u00f3n virtual 0000000000000080 [ 54.643398] Informaci\u00f3n de aborto de memoria: [ 54.646204] ESR = 0x0000000096000004 [ 54.649964] EC = 0x25: DABT (EL actual), IL = 32 bits [ 54.655286] SET = 0, FnV = 0 [ 54.658348] EA = 0, S1PTW = 0 [ 54.661498] FSC = 0x04: error de traducci\u00f3n de nivel 0 [ 54.666391] Informaci\u00f3n de aborto de datos: [ 54.669273] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 54.674768] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 54.674771] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 54.674775] pgtable del usuario: p\u00e1ginas de 4k, VA de 48 bits, pgdp=0000000048860000 [ 54.674780] [0000000000000080] pgd=000000000000000, p4d=0000000000000000 [ 54.703880] Error interno: Ups: 0000000096000004 [#1] PREEMPT SMP [ 54.710152] M\u00f3dulos vinculados en: btnxpuart(-) superposici\u00f3n fsl_jr_uio caam_jr caamkeyblob_desc caamhash_desc caamalg_desc crypto_engine authenc libdes crct10dif_ce polyval_ce polyval_generic snd_soc_imx_spdif snd_soc_imx_card snd_soc_ak5558 snd_soc_ak4458 error de seguridad de caam snd_soc_fsl_micfil snd_soc_fsl_spdif snd_soc_fsl_sai snd_soc_fsl_utils imx_pcm_dma gpio_ir_recv rc_core Fusible sch_fq_codel [ 54.744357] CPU: 3 PID: 72 Comm: kworker/u9:0 No contaminado 6.6.3-otbr-g128004619037 #2 [ 54.744364] Nombre del hardware: Placa EVK FSL i.MX8MM (DT) [ 54.744368] Cola de trabajo: hci0 hci_power_on [ 54.757244] pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 54.757249] pc : kfree_skb_reason+0x18/0xb0 [ 54.772299] lr : btnxpuart_flush+0x40/0x58 [btnxpuart] [54.782921] sp: ffff8000805ebca0 [54.782923] x29: ffff8000805ebca0 x28: ffffa5c6cf1869c0 x27: ffffa5c6cf186000 [54.782931] x26: 852400 x25: ffff377b848523c0 x24: ffff377b845e7230 [ 54.782938] x23: ffffa5c6ce8dbe08 x22: ffffa5c6ceb65410 x21: 00000000ffffff92 [ 54.782945] ffffa5c6ce8dbe98 x19: ffffffffffffffac x18: ffffffffffffffff [ 54.807651] x17: 0000000000000000 x16: ffffa5c6ce2824ec x15: ffff8001005eb857 [ 54.821917] x14: 0000000000000000 x13: ffffa5c6cf1a02e0 x12: 0000000000000642 [ 54.821924] x11: 0000000000000040 x10: ffffa5c6cf19d690 x9: ffffa5c6cf19d688 [ 54.821931] x8 : ffff377b86000028 x7 : 0000000000000000 x6 : 0000000000000000 [ 54.821938] x5 : ffff377b86000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 54.843331] x2 : 0000000000000000 x1 : 0000000000000002 x0 : ffffffffffffffac [ 54.857599] Rastreo de llamadas: [ 54.857601] kfree_skb_reason+0x18/0xb0 [ 54.863878] btnxpuart_flush+0x40/0x58 [ 54.863888] hci_dev_open_sync+0x3a8/0xa04 [ 54.872773] hci_power_on+0x54/0x2e4 [ 54.881832] proceso_uno_trabajo+0x138/0x260 [ 54.881842] subproceso_trabajador+0x32c/0x438 [ 54.881847] kthread+0x118/0x11c [ 54.881853] ret_from_fork+0x10/0x20 [ 54.896406] C\u00f3digo: a9be7bfd 910003fd f9000bf3 aa0003f3 (b940d400) [ 54.896410] ---[ fin de seguimiento 0000000000000000 ]---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "D4954ED0-8229-4D57-B4B3-CB5154734977" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/013dae4735d2010544d1f2121bdeb8e6c9ea171e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/056e0cd381d59a9124b7c43dd715e15f56a11635", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/c68bbf5e334b35b36ac5b9f0419f1f93f796bad1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46791.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46791.json index 89770eb3083..ce86a5185eb 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46791.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46791.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46791", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.067", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:21:19.457", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,31 +15,161 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: can: mcp251x: soluciona el bloqueo si se produce una interrupci\u00f3n durante mcp251x_open La funci\u00f3n mcp251x_hw_wake() se llama con el mutex mpc_lock retenido y desactiva el controlador de interrupciones para que no se puedan procesar interrupciones mientras se activa el dispositivo. Si ya se produjo una interrupci\u00f3n, esperar a que se complete el controlador de interrupciones provocar\u00e1 un bloqueo porque intentar\u00e1 adquirir el mismo mutex. CPU0 CPU1 ---- ---- mcp251x_open() mutex_lock(&priv->mcp_lock) request_threaded_irq() mcp251x_can_ist() mutex_lock(&priv->mcp_lock) mcp251x_hw_wake() deshabilitar_irq() <-- bloqueo Utilice deshabilitar_irq_nosync() en su lugar porque el controlador de interrupciones hace todo mientras mantiene el mutex, por lo que no importa si todav\u00eda se est\u00e1 ejecutando." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3a49b6b1caf5cefc05264d29079d52c99cb188e0", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/513c8fc189b52f7922e36bdca58997482b198f0e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/7dd9c26bd6cf679bcfdef01a8659791aa6487a29", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8fecde9c3f9a4b97b68bb97c9f47e5b662586ba7", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/e554113a1cd2a9cfc6c7af7bdea2141c5757e188", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f7ab9e14b23a3eac6714bdc4dba244d8aa1ef646", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46795.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46795.json index dddd4baacc8..fd1e6b93f52 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46795.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46795.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46795", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.280", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:21:04.067", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,27 +15,147 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ksmbd: anular la marca de enlace de una conexi\u00f3n reutilizada Steve French inform\u00f3 de un error de desreferencia de puntero nulo de la librer\u00eda sha256. cifs.ko puede enviar solicitudes de configuraci\u00f3n de sesi\u00f3n en una conexi\u00f3n reutilizada. Si se utiliza una conexi\u00f3n reutilizada para vincular la sesi\u00f3n, conn->binding puede seguir siendo verdadero y generate_preauth_hash() no establecer\u00e1 sess->Preauth_HashValue y ser\u00e1 NULL. Se utiliza como material para crear una clave de cifrado en ksmbd_gen_smb311_encryptionkey. ->Preauth_HashValue provoca un error de desreferencia de puntero nulo de crypto_shash_update(). ERROR: desreferencia de puntero NULL del kernel, direcci\u00f3n: 0000000000000000 #PF: acceso de lectura del supervisor en modo kernel #PF: error_code(0x0000) - p\u00e1gina no presente PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 8 PID: 429254 Comm: kworker/8:39 Nombre del hardware: LENOVO 20MAS08500/20MAS08500, BIOS N2CET69W (1.52 ) Cola de trabajo: ksmbd-io handle_ksmbd_work [ksmbd] RIP: 0010:lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? show_regs+0x6d/0x80 ? __die+0x24/0x80 ? error_p\u00e1gina_oops+0x99/0x1b0 ? error_direcci\u00f3n_usuario+0x2ee/0x6b0 ? error_p\u00e1gina_exc+0x83/0x1b0 ? error_p\u00e1gina_exc+0x27/0x30 ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? lib_sha256_base_do_update.isra.0+0x11e/0x1d0 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] ? __pfx_sha256_transform_rorx+0x10/0x10 [sha256_ssse3] _sha256_update+0x77/0xa0 [sha256_ssse3] sha256_avx2_update+0x15/0x30 [sha256_ssse3] crypto_shash_update+0x1e/0x40 hmac_update+0x12/0x20 crypto_shash_update+0x1e/0x40 generar_clave+0x234/0x380 [ksmbd] generar_clave_de_cifrado_smb3+0x40/0x1c0 [ksmbd] ksmbd_gen_smb311_clave_de_cifrado+0x72/0xa0 [ksmbd] __pfx_kthread+0x10/0x10 ret_from_fork+0x44/0x70 ? __pfx_kthread+0x10/0x10 ret_de_fork_asm+0x1b/0x30 " } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-476" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.15", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "EA943118-D4CB-4C23-A051-06993A503CC8" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/41bc256da7e47b679df87c7fc7a5b393052b9cce", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/4c8496f44f5bb5c06cdef5eb130ab259643392a1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/78c5a6f1f630172b19af4912e755e1da93ef0ab5", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/93d54a4b59c4b3d803d20aa645ab5ca71f3b3b02", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/9914f1bd61d5e838bb1ab15a71076d37a6db65d1", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46796.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46796.json index 7d10c31dee8..7d5a5e6ea95 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46796.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46796.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46796", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.340", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:20:35.837", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,119 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: smb: cliente: se corrige la doble colocaci\u00f3n de @cfile en smb2_set_path_size() Si se llama a smb2_compound_op() con un @cfile v\u00e1lido y se devuelve -EINVAL, debemos llamar a cifs_get_writable_path() antes de volver a intentarlo ya que la referencia de @cfile ya fue descartada por la llamada anterior. Esto corrige el siguiente error de KASAN al ejecutar fstests generic/013 contra Windows Server 2022: CIFS: Intentando montar //w22-fs0/scratch ejecutar fstests generic/013 a las 2024-09-02 19:48:59 ====================================================================== ERROR: KASAN: slab-use-after-free en detach_if_pending+0xab/0x200 Escritura de tama\u00f1o 8 en la direcci\u00f3n ffff88811f1a3730 por la tarea kworker/3:2/176 CPU: 3 UID: 0 PID: 176 Comm: kworker/3:2 No contaminado 6.11.0-rc6 #2 Nombre del hardware: PC est\u00e1ndar QEMU (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 01/04/2014 Cola de trabajo: cifsoplockd cifs_oplock_break [cifs] Seguimiento de llamadas: dump_stack_lvl+0x5d/0x80 ? detach_if_pending+0xab/0x200 print_report+0x156/0x4d9 ? detach_if_pending+0xab/0x200 ? __virt_addr_valid+0x145/0x300 ? __phys_addr+0x46/0x90 ? detach_if_pending+0xab/0x200 kasan_report+0xda/0x110 ? detach_if_pending+0xab/0x200 detach_if_pending+0xab/0x200 timer_delete+0x96/0xe0 ? __pfx_timer_delete+0x10/0x10 ? rcu_is_watching+0x20/0x50 try_to_grab_pending+0x46/0x3b0 __cancel_work+0x89/0x1b0 ? __pfx___cancel_work+0x10/0x10 ? kasan_save_track+0x14/0x30 cifs_close_deferred_file+0x110/0x2c0 [cifs] ? __pfx_cifs_close_deferred_file+0x10/0x10 [cifs] ? __pfx_down_read+0x10/0x10 cifs_oplock_break+0x4c1/0xa50 [cifs] ? __pfx_cifs_oplock_break+0x10/0x10 [cifs] ? tipo_bloqueo_retenido+0x85/0xf0 ? marcar_bloqueos_retenidos+0x1a/0x90 proceso_una_obra+0x4c6/0x9f0 ? encontrar_bloqueo_retenido+0x8a/0xa0 ? __pfx_proceso_una_obra+0x10/0x10 ? bloqueo_adquirido+0x220/0x550 ? __lista_agregar_v\u00e1lido_o_informe+0x37/0x100 subproceso_trabajador+0x2e4/0x570 ? __pfx_kthread+0x10/0x10 ret_de_la_bifurcaci\u00f3n+0x31/0x60 ? Asignado por la tarea 1118: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 cifs_new_fileinfo+0xc8/0x9d0 [cifs] cifs_atomic_open+0x467/0x770 [cifs] lookup_open.isra.0+0x665/0x8b0 path_openat+0x4c3/0x1380 do_filp_open+0x167/0x270 do_sys_openat2+0x129/0x160 __x64_sys_creat+0xad/0xe0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Liberado por la tarea 83: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70 poison_slab_object+0xe9/0x160 __kasan_slab_free+0x32/0x50 kfree+0xf2/0x300 process_one_work+0x4c6/0x9f0 worker_thread+0x2e4/0x570 kthread+0x17f/0x1c0 ret_from_fork+0x31/0x60 ret_from_fork_asm+0x1a/0x30 \u00daltima creaci\u00f3n de trabajo potencialmente relacionado: kasan_save_stack+0x30/0x50 __kasan_record_aux_stack+0xad/0xc0 insert_work+0x29/0xe0 __queue_work+0x5ea/0x760 queue_work_on+0x6d/0x90 _cifsFileInfo_put+0x3f6/0x770 [cifs] smb2_compound_op+0x911/0x3940 [cifs] smb2_set_path_size+0x228/0x270 [cifs] cifs_set_file_size+0x197/0x460 [cifs] cifs_setattr+0xd9c/0x14b0 [cifs] notificar_cambio+0x4e3/0x740 hacer_truncar+0xfa/0x180 vfs_truncar+0x195/0x200 __x64_sys_truncar+0x109/0x150 hacer_syscall_64+0xbb/0x1d0 entrada_SYSCALL_64_despu\u00e9s_hwframe+0x77/0x7f" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.6.32", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "C4FD2594-8BAC-4DC6-B031-962920000AEC" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.9", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "2CB7114B-59C6-4708-AE2C-B7C2D0BA0FA2" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/5a72d1edb0843e4c927a4096f81e631031c25c28", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/762099898309218b4a7954f3d49e985dc4dfd638", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f9c169b51b6ce20394594ef674d6b10efba31220", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46797.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46797.json index ddbad89e33e..5bfe07268eb 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46797.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46797.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46797", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.403", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:18:18.093", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,19 +15,119 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: powerpc/qspinlock: Se corrige el bloqueo en la cola MCS Si se produce una interrupci\u00f3n en queued_spin_lock_slowpath() despu\u00e9s de que incrementamos qnodesp->count y antes de que se inicialice node->lock, otra CPU podr\u00eda ver valores de bloqueo obsoletos en get_tail_qnode(). Si el valor de bloqueo obsoleto coincide con el bloqueo en esa CPU, entonces escribimos en el puntero \"siguiente\" del qnode incorrecto. Esto provoca un bloqueo ya que la CPU anterior, una vez que se convierte en la cabeza de la cola MCS, girar\u00e1 indefinidamente hasta que su puntero \"siguiente\" sea establecido por su sucesor en la cola. Al ejecutar stress-ng en una LPAR compartida de 16 n\u00facleos (16EC/16VP), se producen bloqueos ocasionales similares a los siguientes: $ stress-ng --all 128 --vm-bytes 80% --aggressive \\ --maximize --oomable --verify --syslog \\ --metrics --times --timeout 5m watchdog: CPU 15 Hard LOCKUP ...... NIP [c0000000000b78f4] queued_spin_lock_slowpath+0x1184/0x1490 LR [c000000001037c5c] _raw_spin_lock+0x6c/0x90 Seguimiento de llamadas: 0xc000002cfffa3bf0 (no confiable) _raw_spin_lock+0x6c/0x90 bloqueo_de_rq_de_spin_sin_formato_anidado.parte.135+0x4c/0xd0 pendiente_programa_de_programaci\u00f3n_pendiente+0x60/0x1f0 __vaciado_cola_de_funciones_de_llamada_smp+0x1dc/0x670 smp_ipi_demux_relajado+0xa4/0x100 acci\u00f3n_ipi_muxed_xive+0x20/0x40 __controlador_evento_irq_percpu+0x80/0x240 control_evento_irq_percpu+0x2c/0x80 control_percpu_irq+0x84/0xd0 control_irq_gen\u00e9rico+0x54/0x80 __do_irq+0xac/0x210 __do_IRQ+0x74/0xd0 0x0 do_IRQ+0x8c/0x170 interrupci\u00f3n_de_hardware_virt_com\u00fan+0x29c/0x2a0 --- interrupci\u00f3n: 500 en ruta_lenta_bloqueo_de_giro_en_cola+0x4b8/0x1490 ...... NIP [c0000000000b6c28] ruta_lenta_bloqueo_de_giro_en_cola+0x4b8/0x1490 LR [c000000001037c5c] _bloqueo_de_giro_en_cola+0x6c/0x90 --- interrupci\u00f3n: 500 0xc0000029c1a41d00 (no confiable) _bloqueo_de_giro_en_cola+0x6c/0x90 futex_wake+0x100/0x260 do_futex+0x21c/0x2a0 sys_futex+0x98/0x270 system_call_exception+0x14c/0x2f0 system_call_vectored_common+0x15c/0x2ec El siguiente flujo de c\u00f3digo ilustra c\u00f3mo se produce el interbloqueo. Para abreviar, supongamos que ambos bloqueos (A y B) est\u00e1n en conflicto y llamamos a la funci\u00f3n queued_spin_lock_slowpath(). CPU0 CPU1 ---- ---- spin_lock_irqsave(A) | spin_unlock_irqrestore(A) | spin_lock(B) | | | ? | id = qnodesp->count++; | (Tenga en cuenta que nodes[0].lock == A) | | | ? | Interrupci\u00f3n | (sucede antes de \"nodes[0].lock = B\") | | | ? | spin_lock_irqsave(A) | | | ? | id = qnodesp->count++ | nodes[1].lock = A | | | ? | Cola de la cola MCS | | spin_lock_irqsave(A) ? | Cabecera de la cola MCS ? | CPU0 es la cola anterior ? | Girar indefinidamente ? (hasta que \"nodes[1].next != NULL\") prev = get_tail_qnode(A, CPU0) | ? prev == &qnodes[CPU0].nodes[0] (como qnodes ---truncados---" } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "NONE", + "integrityImpact": "NONE", + "availabilityImpact": "HIGH", + "baseScore": 5.5, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.8, + "impactScore": 3.6 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-667" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/734ad0af3609464f8f93e00b6c0de1e112f44559", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/d84ab6661e8d09092de9b034b016515ef9b66085", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/f06af737e4be28c0e926dc25d5f0a111da4e2987", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-467xx/CVE-2024-46798.json b/CVE-2024/CVE-2024-467xx/CVE-2024-46798.json index f4c04c88c51..c902891e769 100644 --- a/CVE-2024/CVE-2024-467xx/CVE-2024-46798.json +++ b/CVE-2024/CVE-2024-467xx/CVE-2024-46798.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46798", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-09-18T08:15:06.463", - "lastModified": "2024-09-20T12:30:51.220", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:17:50.763", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -15,35 +15,175 @@ "value": "En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: ASoC: dapm: Corregir UAF para el objeto snd_soc_pcm_runtime Cuando se usa el kernel con la siguiente configuraci\u00f3n adicional, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONFIG_FRAME_WARN=4096 el kernel detecta que snd_pcm_suspend_all() accede a un objeto 'snd_soc_pcm_runtime' liberado cuando el sistema est\u00e1 suspendido, lo que conduce a un error de use after free: [ 52.047746] ERROR: KASAN: use after free en snd_pcm_suspend_all+0x1a8/0x270 [ 52.047765] Lectura de tama\u00f1o 1 en la direcci\u00f3n ffff0000b9434d50 por la tarea systemd-sleep/2330 [ 52.047785] Seguimiento de llamadas: [ 52.047787] dump_backtrace+0x0/0x3c0 [ 52.047794] show_stack+0x34/0x50 [ 52.047797] dump_stack_lvl+0x68/0x8c [ 52.047802] print_address_description.constprop.0+0x74/0x2c0 [ 52.047809] kasan_report+0x210/0x230 [ 52.047815] __asan_report_load1_noabort+0x3c/0x50 [ 52.047820] snd_pcm_suspend_all+0x1a8/0x270 [ 52.047824] snd_soc_suspend+0x19c/0x4e0 La funci\u00f3n snd_pcm_sync_stop() tiene una comprobaci\u00f3n NULL en 'substream->runtime' antes de realizar cualquier acceso. Por lo tanto, siempre debemos establecer 'substream->runtime' en NULL cada vez que lo ejecutamos con kfree()." } ], - "metrics": {}, + "metrics": { + "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "LOCAL", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 7.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 1.8, + "impactScore": 5.9 + } + ] + }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-416" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.4", + "versionEndExcluding": "5.4.284", + "matchCriteriaId": "6ACBB349-F6C0-4395-8228-F0758C99886A" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.5", + "versionEndExcluding": "5.10.226", + "matchCriteriaId": "864FC17C-501A-4823-A643-6F35D65D8A97" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.11", + "versionEndExcluding": "5.15.167", + "matchCriteriaId": "043405A4-25FE-45D4-A7BB-2A0C3B7D17C1" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "5.16", + "versionEndExcluding": "6.1.110", + "matchCriteriaId": "6B1A95FC-7E7E-428B-BB59-F76640C652AE" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.2", + "versionEndExcluding": "6.6.51", + "matchCriteriaId": "E4529134-BAC4-4776-840B-304009E181A0" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", + "versionStartIncluding": "6.7", + "versionEndExcluding": "6.10.10", + "matchCriteriaId": "ACDEE48C-137A-4731-90D0-A675865E1BED" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc1:*:*:*:*:*:*", + "matchCriteriaId": "8B3CE743-2126-47A3-8B7C-822B502CF119" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc2:*:*:*:*:*:*", + "matchCriteriaId": "4DEB27E7-30AA-45CC-8934-B89263EF3551" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc3:*:*:*:*:*:*", + "matchCriteriaId": "E0005AEF-856E-47EB-BFE4-90C46899394D" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc4:*:*:*:*:*:*", + "matchCriteriaId": "39889A68-6D34-47A6-82FC-CD0BF23D6754" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc5:*:*:*:*:*:*", + "matchCriteriaId": "B8383ABF-1457-401F-9B61-EE50F4C61F4F" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:o:linux:linux_kernel:6.11:rc6:*:*:*:*:*:*", + "matchCriteriaId": "B77A9280-37E6-49AD-B559-5B23A3B1DC3D" + } + ] + } + ] + } + ], "references": [ { "url": "https://git.kernel.org/stable/c/3033ed903b4f28b5e1ab66042084fbc2c48f8624", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/5d13afd021eb43868fe03cef6da34ad08831ad6d", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/6a14fad8be178df6c4589667efec1789a3307b4e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/8ca21e7a27c66b95a4b215edc8e45e5d66679f9f", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/993b60c7f93fa1d8ff296b58f646a867e945ae89", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/b4a90b543d9f62d3ac34ec1ab97fc5334b048565", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] }, { "url": "https://git.kernel.org/stable/c/fe5046ca91d631ec432eee3bdb1f1c49b09c8b5e", - "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46918.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46918.json index fb3e3588e6f..272d360fa9d 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46918.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46918.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46918", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-15T20:15:02.390", - "lastModified": "2024-09-17T16:35:26.513", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:14:23.897", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "HIGH", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 4.9, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 1.2, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -39,14 +59,50 @@ } ] }, + "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "CWE-863" + } + ] + } + ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:misp:misp:*:*:*:*:*:*:*:*", + "versionEndExcluding": "2.4.198", + "matchCriteriaId": "3D77A5E8-3E54-4F32-9888-521C71F53A1F" + } + ] + } + ] + } + ], "references": [ { "url": "https://github.com/MISP/MISP/commit/3a5227d7b3d4518ac109af61979a00145a0de6fa", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] }, { "url": "https://github.com/MISP/MISP/compare/v2.4.197...v2.4.198", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Patch" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-469xx/CVE-2024-46938.json b/CVE-2024/CVE-2024-469xx/CVE-2024-46938.json index f5ca0e7d532..b0cbde3471c 100644 --- a/CVE-2024/CVE-2024-469xx/CVE-2024-46938.json +++ b/CVE-2024/CVE-2024-469xx/CVE-2024-46938.json @@ -2,8 +2,8 @@ "id": "CVE-2024-46938", "sourceIdentifier": "cve@mitre.org", "published": "2024-09-15T22:15:09.830", - "lastModified": "2024-09-17T15:35:10.980", - "vulnStatus": "Awaiting Analysis", + "lastModified": "2024-09-20T18:15:10.590", + "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [ { @@ -17,6 +17,26 @@ ], "metrics": { "cvssMetricV31": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "NONE", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "NONE", + "availabilityImpact": "NONE", + "baseScore": 7.5, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 3.9, + "impactScore": 3.6 + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -40,6 +60,16 @@ ] }, "weaknesses": [ + { + "source": "nvd@nist.gov", + "type": "Primary", + "description": [ + { + "lang": "en", + "value": "NVD-CWE-noinfo" + } + ] + }, { "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", @@ -51,10 +81,46 @@ ] } ], + "configurations": [ + { + "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sitecore:experience_commerce:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0", + "versionEndIncluding": "10.4", + "matchCriteriaId": "ECEBBC2F-E760-4813-ACD5-32D6BB579B19" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sitecore:experience_manager:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0", + "versionEndIncluding": "10.4", + "matchCriteriaId": "FA9161FD-6A0A-4CF5-908D-2EA3C4D05B22" + }, + { + "vulnerable": true, + "criteria": "cpe:2.3:a:sitecore:experience_platform:*:*:*:*:*:*:*:*", + "versionStartIncluding": "8.0", + "versionEndIncluding": "10.4", + "matchCriteriaId": "8441881C-0793-49C8-8D8D-1BFF0D62E03F" + } + ] + } + ] + } + ], "references": [ { "url": "https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003408", - "source": "cve@mitre.org" + "source": "cve@mitre.org", + "tags": [ + "Vendor Advisory" + ] } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-470xx/CVE-2024-47061.json b/CVE-2024/CVE-2024-470xx/CVE-2024-47061.json new file mode 100644 index 00000000000..b99c471fd04 --- /dev/null +++ b/CVE-2024/CVE-2024-470xx/CVE-2024-47061.json @@ -0,0 +1,64 @@ +{ + "id": "CVE-2024-47061", + "sourceIdentifier": "security-advisories@github.com", + "published": "2024-09-20T19:15:16.550", + "lastModified": "2024-09-20T19:15:16.550", + "vulnStatus": "Received", + "cveTags": [], + "descriptions": [ + { + "lang": "en", + "value": "Plate is a javascript toolkit that makes it easier for you to develop with Slate, a popular framework for building text editors. One longstanding feature of Plate is the ability to add custom DOM attributes to any element or leaf using the `attributes` property. These attributes are passed to the node component using the `nodeProps` prop. It has come to our attention that this feature can be used for malicious purposes, including cross-site scripting (XSS) and information exposure (specifically, users' IP addresses and whether or not they have opened a malicious document). Note that the risk of information exposure via attributes is only relevant to applications in which web requests to arbitrary URLs are not ordinarily allowed. Plate editors that allow users to embed images from arbitrary URLs, for example, already carry the risk of leaking users' IP addresses to third parties. All Plate editors using an affected version of @udecode/plate-core are vulnerable to these information exposure attacks via the style attribute and other attributes that can cause web requests to be sent. In addition, whether or not a Plate editor is vulnerable to cross-site scripting attacks using attributes depends on a number of factors. The most likely DOM attributes to be vulnerable are href and src on links and iframes respectively. Any component that spreads {...nodeProps} onto an or